Data Protection
Information according to Art. 13 GDPR for business partners:
We appreciate your visit to our website www.goldenbeanstore.com and your interest in our company. The protection of your personal data is important to us. Personal data is information about personal or factual circumstances of an identified or identifiable natural person. This includes e.g., legal name, address, phone number and date of birth, but also all other data that can be related to an identifiable person.
Since personal data enjoy special legal protection, they are only collected by us insofar as this is necessary for the provision of our website and the provision of our services. The following section describes what personal information we collect during your visit to our website as we use them.
Our data protection practice is in accordance with the legal regulations, in particular those of the Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and the EU General Data Protection Regulation (GDPR). We will only collect, process and save your personal data insofar as this is necessary for the functional provision of this website and our content and services, as well as for processing inquiries and, if necessary, for processing orders / contracts, but only if there is one legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR or any other legal basis exists. Your data will only be used for further purposes precisely defined in the consent, e.g., if you have previously given your consent separately. for sending advertising information by newsletter.
1 Responsible Within the Meaning of Art. 4 No. 7 GDPR
Responsible within the meaning of the GDPR and other national data protection laws of Member states as well as other data protection regulations is:
Golden Bean Gare Sarl
26, Place de la Gare
L-1616 Luxembourg
E-mail: goldenbean@live.com
2 Name and Address of the Data Protection Officer
Golden Bean Gare SarL
Felipe Carrillo / Data Protection Officer
Golden Bean Gare Sarl
26, Place de la Gare
L-1616 Luxembourg
E-mail: fcarrillo@goldenbean.lu
3 Provision of the Website and Creation of Log Files
Each time you visit our website, our system automatically collects data and Information from the computer system of the calling computer. The following data are used collected:
3.1 Extent of the processing of the data
(1) Information about the browser type and the version used
(2) The operating system of the access device
(3) The IP address of the access device
(4) Date and time of access
(5) Websites and resources (images, files, other page content) that are available on our Website.
(6) Websites from which the user’s system accessed our website (referrer tracking)
This data is stored in the log files of our system. A storage of this data together with personal data of a specific user does not take place, so that individual site visitors are not identified.
3.2 Legal basis for Processing Personal Data
Article 6 (1) (f) GDPR (legitimate interest). Our legitimate interest is to ensure that the purpose described below is achieved.
3.3 Purpose of Data Processing
Logging takes place to maintain the compatibility of our website for as many visitors as possible and to combat abuse and eliminate faults. For this, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems and / or errors in the functionality of our website. In addition, we use the data to optimize the website and to generally ensure the security of our information technology systems.
3.3.1 Duration of Storage
The technical data mentioned will be deleted as soon as they are no longer needed to ensure the compatibility of the website for all visitors, but no later than 3 months after our website has been accessed.
3.3.2 Opposition and Removal Option
The options for objection and removal are based on the general regulations on the right to object and the right to cancellation under data protection law described below in this data protection declaration.
4 Special Functions of the Website
Our site offers you various functions that we collect, process and store personal data when you use them. In the following we explain what happens to this data.:
4.1 Form for Newsletter Registration
4.1.1 Scope of the Processing of Personal Data
The data you entered when you registered for the newsletter.
4.1.2 Legal Basis for Processing Personal Data
Art. 6 Paragraph 1 lit. a GDPR (tacit consent)
4.1.3 Purpose of Data Processing
The data recorded in the registration mask of our newsletter will only be used by us for sending our newsletter, in which we will inform you about all our services and our news. We will send you a send confirmation email with a link that you need to click in order to complete the newsletter registration (double opt-in).
4.1.4 Data Storage Duration
You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link included in every newsletter. Your data will be deleted immediately after you unsubscribe. Likewise, if your registration is not completed, we will immediately delete your data. We reserve the right to delete without giving reasons and without prior or subsequent information.
4.1.5 Possibility of Objection and Removal
The possibility of objection and removal options are based on the following in this data protection declaration outlined general data protection regulations right of objection and right to cancellation.
4.1.5.1 Evaluation Function
- Scope of the processing of personal data
The data you entered in the form fields.
- Legal basis for processing personal data
Art. 6 (1) (a) GDPR (tacit consent)
- Purpose of Data Processing
Acceptance and publication of your review on our website – and if you can explicitly agree – also on the internet platforms of our rating service providers.
- Storage Duration
Your rating will be saved and published indefinitely. We reserve the right to delete without giving reasons and without prior or subsequent information.
- Objection and Removal Option
The options for objection and removal are based on the general regulations on the right to object and the right to cancellation under data protection law described below in this data protection declaration.
4.1.5.2 Login Area
- Scope of the Personal Data Processing
The registration and login data you have entered with us.
- Legal Basis for Personal Data Processing
Art. 6 (1) (a) GDPR (tacit consent)
- Purpose of Data Processing
You have the option of using a separate login area on our website. If you have forgotten your password or your username for this area, it is possible to have this data sent to you again after entering your contact details (email address). As part of the use of the login area usage data will only be used by us to combat abuse and fault elimination or to maintain functionality collected, stored and processed. It is used for other purposes or data is passed on to third parties.
- Duration of storage
The data collected will be stored for as long as you have a user account with us to chat. The data that were saved as part of the ‘Forgot username or password’ function are only used to resend forgotten access data.
- Opposition and removal option
The objection and removal options are based on the following in this data protection declaration outlined general data protection regulations right of objection and right to cancellation.
4.1.5.3 Contact Form
- Scope of the Personal Data Processing
The data you have entered in our contact forms.
- Legal basis for Personal Data Processing
Art. 6 para. 1 letter a GDPR (tacit consent)
- Purpose of Data Processing
The data recorded via our contact form or via our contact forms we will only use it to process the specific contact request that is generated by the contact form is received.
- Storage Duration
Once your request has been processed, the data collected will be deleted immediately, provided that there are no statutory retention periods.
- Objection and Removal Option
The options for objection and removal are based on the general regulations on the right to object and the right to cancellation under data protection law described below in this data protection declaration.
5 Automatic Credit Check and Scoring
Automatic identity and credit check when selecting the payment method “PayPal via PayPal Plus “,” Direct Debit via PayPal Plus “,” Credit Card via PayPal Plus “or” PayPal Plus invoice “:
5. 1 Scope of the Personal Data Processing
If you choose “PayPal via PayPal Plus”, “Direct Debit via PayPal Plus”, “Credit Card via PayPal Plus” or “PayPal Plus Invoice” as the payment method, we will forward your personal customer data collected during the order process to the company PayPal (Europe) S.à rl et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal Plus”). If you give your consent, the following are data affected by the data transfer: first and last name, street, house number, zip code, city, date of birth, telephone number, as well as the data related to your order.
5. 2 Legal Basis for Processing Personal Data
Art. 6 (1) (b) GDPR (implementation of pre-contractual measures)
5. 3 Purpose of Data Processing
PayPal Plus carries out a credit check if you choose one of the following payment methods: “PayPal via PayPal Plus”, “Credit Card via PayPal Plus”, “Direct Debit via PayPal Plus” or “PayPal Plus Invoice”. Mathematical-statistical procedures are used to assign a rating with regard to the probability of default calculate (so-called calculation of a scoring value). PayPal Plus bases its decision on the provision of the respective payment methods on the calculated scoring value. The calculation of a scoring value is based on recognized scientific procedures. Reference is also made to PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
5.4 Duration of Storage
We will save the relevant data for processing the payment as long as it is for the execution of the transaction is necessary. As far as the data is legal are subject to retention obligations, the deletion takes place after the retention obligation expires.
The duration of the storage of the data by PayPal results from the data protection declaration from PayPal:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
5.5 Objection and Removal Option
The options for objection and removal are based on the general regulations on the right to object and the right to cancellation under data protection law described below in this data protection declaration.
6 Web Tracker – Statistical Analysis of Visits to this Website
We collect, process and save when you visit this website or individually. The website files contain the following data:
- IP address, website from which the file was accessed
- name of the file,
- date and time of the call
- amount of data transferred and
- message about the success of the retrieval (so-called web log).
We use this access data exclusively in non-personalized form for the constant improvement of our internet offer and to statistical purposes.
We also use the following web trackers to evaluate visits to this website one:
6.1 Google Analytics
6.1.1 Scope of the Personal Data Processing
We use the web tracking service of the company Google LLC, 1600 on our site (Amphitheater Park in 94043 Mountain View, USA, hereinafter: Google Analytics). Google Analytics uses cookies that are stored on your computer for web tracking and an analysis of the use of our website and your surfing behavior enable (so-called tracking). We carry out this analysis on the basis of the Google Analytics tracking service in order to continuously optimize our website and make it more accessible. When using our website, data as, in particular, your IP address and user activities are transferred to the server of Google LLC and outside of the European Union, e.g. processed and saved in the USA.
The EU Commission has determined that an adequate level of data protection can exist in the USA if the data processing company has submitted to the US-EU Privacy Shield Agreement and data export to the USA has been made permissible in this way. By activating IP anonymization within Google Analytics tracking codes of this website, your IP address will be used by Google Analytics before transfer anonymized. This website uses a Google Analytics tracking code, which has been extended by the operator gat._anonymizeIp(), to allow only an anonymous collection of IP addresses (so-called IP masking).
6.1.2 Legal Basis for Personal Data Processing
Article 6 (1) (a) GDPR (consent), either when registering with Google (opening a Google account and accepting the data protection information implemented there) or, if you have not registered with Google, by explicitly giving your consent when opening it our page.
6.1.3 Purpose of Data Processing
Google will use this information on our behalf to evaluate your visit to this website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google LLC.
6.1.4 Data Storage Duration
Google will store the data relevant to the provision of web tracking for as long as it is necessary to fulfill the web service booked. The data collection and storage take place anonymously. If there is a personal reference, the data will be deleted immediately, unless it is subject to any statutory retention requirements. In any case, the data will be deleted after the retention period has expired.
6.1.5 Opposition and Removal Option
You can prevent the collection and forwarding of personal data to Google (especially your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser and installing a script blocker in your browser (you can find this at www.noscript.net or www.ghostery.com) or activate the “Do Not Track” setting in your browser. You can also prevent Google from collecting the data generated by the Google cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the following link:
Download-Seite für das Browser-Add-on zur Deaktivierung von Google Analytics
Download and install the available browser plug-in. You can find the security and data protection principles of Google Analytics at:
http://www.google.com/intl/de/analytics/learn/privacy.html
7 Integration of External Web Services and Processing of Data Outside the EU
On our website, we use active Java Script content from external providers, so-called web services. By accessing our website, these external providers may receive personal information about your visit to our website. Processing of data outside the EU may be possible. You can prevent this from happening by a installing a JavaScript blocker such as the browser plug-in ‘NoScript’ www.noscript.net) or deactivate Java-Script in your browser. This can lead to functional restrictions on the websites that you visit.
7.1 External Web Services
7. 1.1 Google
Our website uses a web service provided by Google LLC (1600 Amphitheater Parkway, 94043 Mountain View, hereinafter: Google). We use this data to ensure the full functionality of our website. In this regard, your browser transfer personal data to Google, if necessary. Legal basis for the data processing is Art. 6 Paragraph 1 lit. f GDPR. The legitimate interest is one error-free functioning of the website.). Google has certified itself as part of the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list The deletion of the data occurs as soon as the purpose for which it was collected, has been fulfilled. Further information on handling the transferred data can be found in the privacy policy of:
Google: https://www.google.com/intl/de/policies/privacy/.
You can prevent the collection and processing of your data by Google by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this, e. g. at www.noscript.net or www.ghostery. com).
7.1.2 Google Video
Our website uses a web service provided by Google LLC (1600 Amphitheater Parkway, 94043 Mountain View hereinafter: Google Video). We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Google Video. Legal basis for data processing is Art. 6 Paragraph 1 lit. f GDPR. The legitimate interest is one error-free functioning of the website. Google Video has certified itseld as part of the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list). The deletion of the data takes place as soon as the purpose for which it was collected has been fulfilled. More information about the handling of the transferred data can be found in Google’s privacy policy:
https://www.google.com/intl/de/policies/privacy/. You can capture as well as the
You can prevent the collection and processing of your data by Google Video by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this, e. g. at www.noscript.net or www.ghostery. com).
7.1.3 Google Maps
A web service provided by Google LLC (1600 Amphitheater Parkway, 94043 Mountain View, hereinafter: Google Maps) is loaded unto our website. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Google Maps. Legal basis for data processing is Art. 6 Paragraph 1 lit. f GDPR. The legitimate interest is one error-free functioning of the website. Google Maps has certified itself as part of the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list). The deletion of the data takes place as soon as the purpose for which it was collected has been fulfilled. More information about the handling of the transferred data can be found in Google’s privacy policy:
Maps: https://www.google.com/intl/de/policies/privacy/
You can prevent the collection and processing of your data by Google Maps by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this, e. g. at www.noscript.net or www.ghostery. com).
7.1.4 Google APIs
A web service provided by Google LLC (1600 Amphitheater Parkway, 94043 Mountain View, hereinafter: Google Apis) is loaded onto our website. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Google APIs. Legal basis for the data processing is Art. 6 Paragraph 1 lit. f GDPR. The legitimate interest is one error-free functioning of the website. Google-Apis has certified itself as part of the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list). The deletion of the data takes place as soon as the purpose for which it was collected has been fulfilled. You can find more information on handling the transferred data in Google’s privacy policy:
ReCaptcha: https://www.google.com/intl/de/policies/privacy/.
You can prevent the collection and processing of your data by Google ReCaptcha by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this, e. g. at www.noscript.net or www.ghostery. com
7.1.5 PayPalObjects
A web service provided by PayPal Europe S.à r.l. et Cie, S.C.A.(22-24 Boulevard Royal, 2449 Luxembourg, hereinafter: PayPalObjects) is loaded onto our website. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to PayPalObjects. Legal basis for data processing is Article 6 (1) lit. f GDPR. The legitimate interest is one error-free functioning of the website. The deletion of the data takes place as soon as the purpose for which it was collected has been fulfilled. More information about the handling of the transferred data can be found in the privacy policy of PayPalObjects:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.
You can prevent the collection and processing of your data by PayPalObjects, by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this e.g. at www.noscript.net or www.ghostery.com).
7.1.6 Youtube
A web service provided by Google LLC (1600 Amphitheater Parkway, 94043 Mountain View, hereinafter: Youtube) is loaded onto or website. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to YouTube. Legal basis for the data processing is Art. 6 Paragraph 1 lit. f GDPR. The legitimate interest is one error-free functioning of the website. Youtube has certified itself within the framework of the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list). The deletion of the data takes place as soon as the purpose for which it was collected has been fulfilled. Further information on handling the transferred data can be found in the privacy policy of Youtube:
https://www.google.de/intl/de/policies/privacy/.
You can prevent the collection and processing of your data by Youtube by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this e.g. at www.noscript.net or www.ghostery.com)
8 Information on the Use of Cookies
8.1 Scope of the Personal Data Processing
We use cookies on various pages to enable the use of certain functions of our website. “Cookies” are small files which are stored on a user’s computer. These text files contain pairs of (key, data). Once the cookies have been read by the code on the server client computer, the data can be retrieved and used to customized the web page appropriately.
8.2 Legal Basis for Personal Data Processing
Art. 6 Paragraph 1 lit. f GDPR. (legitimate interest). Our legitimate interest lies in maintaining the full functionality of our website, increasing usability and enabling a more individualized approach to customers. We are only able to identify individual site visitors with the help of cookie technology if the site visitor has given us the relevant personal data beforehand on the basis of separate consent.
8. 3 Purpose of Data Processing
The cookies are set by our website to ensure the full functionality of our website and improve usability. In addition, cookie technology enables us to identify individual visitors using pseudonyms, e. g. an individual, arbitrary ID, recognizable, so that it is possible for us to offer more individual services.
8.4 Data Storage Duration
Our cookies are stored until they are deleted in your browser or when it is a session cookie until the session has expired.
8. 5 Objection and Removal Option
You can set your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide whether to accept cookies on a case-by-case basis or accept cookies in principle. Cookies can be used for different purposes, e.g. to recognize that your PC has already been connected to our website (permanent cookies) or to save recently viewed offers (session cookies). We use cookies to offer you increased user comfort. In order to use our convenience functions, we recommend that you allow cookies for our website. The options for objection and removal are otherwise based on the general provisions on the right to object and cancellation under data protection law described below in this data protection.
9 Data Security and Data Protection at E-mails
Your personal data are protected by technical and organizational measures during collection, storage and processing so that they are not accessible to third parties. In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or post for information with a high level of confidentiality.
9.1 Automatic E-mail Archiving
•9.1.1 Scope of the Personal Data Processing
We expressly point out that our mail system has an automated archiving process. All incoming and outgoing e-mails are hereby auditable digitally archived.
9.1.2 Legal Basis for Personal Data Processing
Article 6 (1) (f) GDPR (legitimate interest). Our legitimate interest consists in compliance with tax and commercial law requirements (e.g. §§ 146, 147 AO).
9.1.3 Purpose of Data Processing
The purpose of archiving is to comply with tax and commercial law requirements (e.g. §§ 146, 147 AO).
9.1.4 Data Storage Duration
The storage of our mail communication takes place until the expiry of tax law and retention obligations under commercial law. The retention period can be up to 10 years.
9.1.5 Handling of Applications
We also point out that we only consider applications as PDF files. Zipped (WinZip, WinRAR, 7Zip, etc.) files are filtered out by our security systems and therefore not delivered. We disregard applications in Word file format and other file formats and delete them unread. Please note that unencrypted application documents sent by e-mail can be opened to third parties before they reach our IT systems. We assume that we are allowed to answer unencrypted application emails as well. If you do not want this, please tell use your application email.
10 Revocation of Consent, Data Information and Change Requests, Deletion & Blocking of Data
You have the right to free information about your stored data at appropriate intervals, as well as the right to correct, block or delete your data at any time. Your data will be deleted by us upon first request, unless there are legal regulations to the contrary. You can revoke permission given to us to use your personal data at any time.
You can send data and suggestions at any time to the following address:
Goldn Bean SàrL
26, Place de la Gare
L-1616 Luxembourg
E-Mail : goldenbean@live com
Tel .: +352 28 79 39 39
11 Right to Data Portability
You have the right to receive the data, relate with your person and which you have transmitted to us, in a structured, common and machine-readable format. You can also request that we transmit this data to a third party, immediately on your first instruction, as far as the processing is based on consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract according to. Art. 6 para. 1 lit. b GDPR and the processing is carried out by us as part of automated data processing. When exercising this right of data portability, you also have the right to have the personal data relating to you transmitted directly from one person responsible to another, insofar as this is technically feasible. This must not impair the freedoms and rights of other people will. The right to data portability does not apply to the processing of personal data, which is necessary for the performance of a task that is in the public interest or in public authority is exercised, which has been transferred to the responsible person.
12 Right of appeal to the Supervisory Authority in Accordance with Art. 77 para. 1 GDPR
If you suspect that your data is being processed unlawfully on our side, you can of course request a judicial clarification of the problem at any time. Regardless of this, you have the option of contacting a supervisory authority. You can order the supervisory authority to the above locations The supervisory authority to which the complaint was made, will then inform you of the status and the outcoming, including the possibility of a judicial legal remedy according to Art. 78 GDPR.
