Privacy Policy

Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can be used to personally identify you. Detailed information on data protection can be found in the privacy policy below.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information about the data controller” in this privacy policy.

How do we collect your data?

On the one hand, your data is collected when you provide it to us, for example by entering information into a contact form.

Other data is automatically collected — or collected after you give consent — by our IT systems when you visit the website. This mainly includes technical data (e.g., browser type, operating system, time of access). The collection of this data occurs automatically as soon as you enter the website.

What do we use your data for?

Some data is collected to ensure that the website functions properly. Other data may be used to analyze user behavior. If contracts can be initiated or concluded through this website, the transmitted data is also processed for offers, orders, or other business-related requests.

What rights do you have regarding your data?

You have the right to receive free information at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time for the future. You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Additionally, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding these and other questions on the subject of data protection.

Analysis tools and third-party tools

When visiting this website, your browsing behavior may be statistically analyzed. This happens mainly using analytics programs. Detailed information can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

Hetzner

Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

You can find details in Hetzner’s privacy policy: https://www.hetzner.com/legal/privacy-policy

Use of Hetzner is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested (e.g., for storing cookies or device information), processing is based on Art. 6(1)(a) GDPR and §25(1) TDDDG. Consent can be revoked at any time.

Data processing agreement

We have concluded a data processing agreement (DPA) with Hetzner. This contract ensures that Hetzner processes personal data of our website visitors only in accordance with our instructions and in compliance with GDPR.

3. General information and mandatory disclosures

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your data confidentially and in accordance with legal data protection regulations as well as this privacy policy.

When using this website, various personal data is collected. Personal data is any data that can identify you personally. This privacy policy explains what data we collect and what we use it for, and how and for what purpose this happens.

We point out that data transmission over the internet (e.g., communication via e-mail) can have security gaps. Complete protection of data from third-party access is not possible.

Information about the data controller

The data controller responsible for processing on this website is:

G2C Trading GmbH
Klusblick 3
38820 Halberstadt
Phone: +49 (0)15560302670
E-mail: info@g2ctrading.de

The data controller is the natural or legal person who decides, alone or jointly with others, on the purposes and means of processing personal data.

Data Protection Officer

For questions regarding data protection, you can contact our Data Protection Officer:

E-mail: datenschutz@g2ctrading.de

Competent Supervisory Authority

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for our company is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Phone: +49 (0)511 120-4500
Fax: +49 (0)511 120-4599
E-mail: poststelle@lfd.niedersachsen.de
Website: https://lfd.niedersachsen.de

Storage duration and specific retention periods

Unless a more specific storage period is stated in this privacy policy, personal data remains stored until the purpose for processing no longer applies. If you request deletion or revoke consent, your data will be deleted unless legal retention obligations (e.g., tax laws) prevent deletion.

We apply the following specific retention periods:

  • Server log files: 7 days — deleted automatically thereafter
  • Contact form inquiries: 3 years after the last communication — to handle potential follow-up inquiries and for documentation purposes
  • Newsletter data: Until unsubscription — data is deleted upon cancellation of the newsletter subscription
  • Contract-related data: 10 years — in accordance with German commercial law (§ 257 HGB) and tax law (§ 147 AO)
  • Invoice and accounting data: 10 years — as required by German commercial and tax law

Legal basis for data processing on this website

We process your personal data:

  • based on your consent — Art. 6(1)(a) GDPR / Art. 9(2)(a) GDPR (special categories)
  • when necessary for contract fulfillment — Art. 6(1)(b) GDPR
  • when required by law — Art. 6(1)(c) GDPR
  • based on legitimate interest — Art. 6(1)(f) GDPR

Details are given in the relevant sections of this policy.

Recipients of personal data

We may share data with external service providers if necessary to fulfill contracts, due to legal obligations, based on legitimate interest, or with valid legal grounds. When using processors, data is only shared based on a processing agreement.

Revocation of consent

You may revoke previously granted consent at any time. The legality of processing performed prior to the revocation remains unaffected.

Right to object (Art. 21 GDPR)

YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON ART. 6(1)(E OR F) GDPR, INCLUDING PROFILING.

If you object to direct marketing, your data will no longer be used for this purpose.

Right to file a complaint

In case of GDPR violations, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for our company is listed above.

Right to data portability

You have the right to receive data processed based on consent or contract in a machine-readable format or have it transmitted to another controller.

SSL/TLS encryption

For security, this site uses SSL/TLS encryption. A secure connection is indicated by “https://” and the lock symbol in the browser address bar.

Objection to unsolicited advertising emails

We object to the use of published contact data for sending unsolicited advertising. Legal action may be taken in case of spam.

4. Data collection on this website

Cookies and Cookie Consent (Complianz)

Our website uses cookies. Cookies are small data packets stored on your device. Session cookies are automatically deleted after your visit; permanent cookies remain stored until manually deleted.

Some cookies originate from third parties (third-party cookies), e.g., to integrate external services.

Cookie Consent Management

We use the Complianz plugin to manage cookie consent on our website. This tool displays a cookie banner when you first visit our website, allowing you to give or refuse consent for different categories of cookies.

Complianz stores your consent preferences in a cookie on your device. This cookie does not contain any personal data and merely stores which cookie categories you have accepted or rejected. The legal basis for processing this data is Art. 6(1)(c) GDPR (legal obligation to obtain and document consent) and § 25 TDDDG.

You can change your cookie preferences at any time by clicking on the cookie settings link in the footer of our website or by clearing your browser cookies.

Required cookies are stored based on Art. 6(1)(f) GDPR. If consent is required, processing is based on Art. 6(1)(a) GDPR and §25(1) TDDDG.

You can configure your browser to manage cookies. Some website functions may be restricted when disabling cookies.

Server log files

The website provider automatically collects technical data such as:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname
  • Time of server request
  • IP address

This data is processed based on Art. 6(1)(f) GDPR to ensure proper functioning and optimization of the website. Server log files are automatically deleted after 7 days.

Contact form

When submitting inquiries, data entered (including contact data) will be stored to process the request. Data is not shared without consent. Storage is based on Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR; consent may also apply. Contact form data is retained for 3 years after the last communication.

Contact by email, phone, fax

The data provided in your inquiry will be stored and processed to handle your request. This is based on Art. 6(1)(b) or Art. 6(1)(f) GDPR. Data is retained for 3 years after the last communication, unless longer retention is required for contractual or legal purposes.

Registration on this website

If you register, entered data is used to provide requested services. Required fields must be completed. Stored data remains until you request deletion.

Comment function

When commenting, saved data includes:

  • Comment text
  • Time of creation
  • Username (if not anonymous)
  • IP address

This is to allow action in case of violations (e.g., insults). Storage is based on consent Art. 6(1)(a) GDPR.

5. Social media

Social media plug-ins (Facebook, X/Twitter, Instagram, Pinterest, TikTok, etc.) are integrated using the Shariff solution, meaning data is transmitted only after you activate the button.

Details for each platform follow in the full text — including joint controller arrangements and data transfer to third countries.

6. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively to send the requested information and do not pass it on to third parties.

The processing of the data entered into the newsletter subscription form is based solely on your consent (Art. 6(1)(a) GDPR). You can revoke the consent given for the storage of the data, the e-mail address, and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

The data you provide to subscribe to the newsletter will be stored until you unsubscribe. Upon unsubscription, your data will be deleted from the newsletter distribution list. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest according to Art. 6(1)(f) GDPR. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to this storage if your interests override our legitimate interest.

7. Plugins and Tools

YouTube

This website integrates videos from the YouTube platform. The provider of the service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our pages that includes a YouTube video, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited.

Furthermore, YouTube may store various cookies or use comparable recognition technologies (e.g., device fingerprinting) on your device. In this way, YouTube may receive information about visitors to this website. This information is used, among other purposes, to compile video statistics, improve user experience, and prevent fraud attempts. The collected data is also processed within the Google advertising network.

If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

Further information on how user data is handled can be found in YouTube’s privacy policy:
https://policies.google.com/privacy?hl=de

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Any company certified under the DPF is committed to upholding these data protection standards. More information is available here:
https://www.dataprivacyframework.gov/participant/5780

Google Maps

This site uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With this service we can display interactive maps directly on our website. To use the functions of Google Maps, your IP address must be stored. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

If Google Maps is activated, Google may use Google Fonts for uniform display of fonts. When calling Google Maps, your browser loads the required web fonts into your browser cache to display text and fonts correctly.

The use of Google Maps is in the interest of presenting our online offerings in an appealing manner and ensuring easy location of the places indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is performed exclusively based on Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent may be revoked at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details are available here:
https://privacy.google.com/businesses/gdprcontrollerterms/
and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

More information on how Google handles user data is available here:
https://policies.google.com/privacy?hl=de

The company is certified under the EU-US Data Privacy Framework (DPF). More information:
https://www.dataprivacyframework.gov/participant/5780

8. Data Transfers to Third Countries

Some of the third-party services we use are based outside the European Economic Area (EEA), particularly in the United States. When we use such services, your personal data may be transferred to these third countries.

Legal safeguards for data transfers

We only transfer data to third countries where an adequate level of data protection is ensured through one of the following mechanisms:

  • EU-US Data Privacy Framework (DPF): For US-based companies certified under the DPF, the European Commission has issued an adequacy decision recognizing an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): We use EU Commission-approved Standard Contractual Clauses with service providers in third countries to ensure appropriate data protection safeguards.
  • Your consent: In some cases, data transfers are based on your explicit consent (Art. 49(1)(a) GDPR).

Services involving third-country transfers:

  • Google services (YouTube, Google Maps): Data may be transferred to the USA. Google LLC is certified under the EU-US Data Privacy Framework.
  • Social media platforms: When you interact with social media buttons, data may be transferred to servers in the USA or other countries. Specific safeguards are detailed in each service’s section above.

You can request information about specific data transfers by contacting us at datenschutz@g2ctrading.de.

9. Data Breach Procedures

In accordance with Art. 33 and Art. 34 GDPR, we have implemented procedures to detect, report, and investigate personal data breaches.

Our procedures include:

  • Detection and assessment: We maintain security monitoring to detect potential data breaches and assess their scope and severity.
  • Notification to supervisory authority: If a data breach is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority (Die Landesbeauftragte für den Datenschutz Niedersachsen) within 72 hours of becoming aware of the breach.
  • Notification to affected individuals: If a data breach is likely to result in a high risk to your rights and freedoms, we will inform you directly without undue delay, describing the nature of the breach and the measures we are taking.
  • Documentation: We document all data breaches, including their effects and the remedial actions taken.

If you become aware of a potential data breach involving your personal data or our systems, please contact us immediately at datenschutz@g2ctrading.de.

10. WordPress Plugin-Specific Data Processing

Our website uses WordPress as a content management system along with various plugins that may process personal data:

Complianz – Cookie Consent Management

We use Complianz to manage cookie consents as required by GDPR and TDDDG. This plugin stores your consent preferences locally in a cookie. It does not transmit personal data to third parties. Legal basis: Art. 6(1)(c) GDPR.

Contact Form Plugins

Contact forms on our website collect the data you voluntarily provide (typically name, email, and message content). This data is stored in our WordPress database and may be sent to us via email. Data is retained for 3 years after the last communication. Legal basis: Art. 6(1)(b) GDPR (contract initiation) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

Security Plugins

We may use security plugins that log access attempts and IP addresses to protect our website from attacks. This data is processed based on Art. 6(1)(f) GDPR (legitimate interest in website security).

Caching and Performance Plugins

We use caching to improve website performance. These plugins may store cached versions of pages but do not collect additional personal data.

Last updated: April 2026