This privacy policy informs you in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) and Section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG) about the nature, scope and purpose of the processing of personal data when using this website. The legally binding version of this privacy policy is the German version available at www.goba.de/datenschutz.
This privacy policy refers exclusively to the processing of personal data in connection with the use of this website. For the processing of personal data within the scope of our business relationships (e.g. preparation and execution of orders, supplier and applicant data), separate data protection notices apply, which we will provide to you on request or in the course of the respective business relationship.
1. Controller
The controller within the meaning of the GDPR and other national data protection laws of the Member States of the European Union is:
GOBA Gotthardt Isolierteile GmbH
Silcherstr. 55 + 59
D-73666 Baltmannsweiler
Germany
Authorised representative (Managing Director): Joachim Hauler
Phone: +49 7153 9439-0
Fax: +49 7153 9439-20
Email: verkauf@goba.de
2. Data Protection Officer
We have appointed the following external data protection officer:
Rechtsanwalt Norbert Pfrenger, MSc. (IT)
Kronprinzstraße 30
70173 Stuttgart, Germany
Phone: +49 711 229314-0
Fax: +49 711 229314-10
Email: norbert@pfrenger.legal
Website: www.pfrenger.legal
For any questions regarding data protection, the exercise of your rights as a data subject or other data protection related matters, you may contact our data protection officer directly or the controller named above.
3. General Information on Data Processing
3.1 Scope of Processing of Personal Data
As a matter of principle, we only process personal data of our users to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly takes place only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
3.2 Legal Basis for the Processing
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis.
For the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis.
3.3 Data Erasure and Storage Duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
4. Provision of the Website and Creation of Server Log Files
4.1 Description and Scope of Data Processing
Every time our website is accessed, our system automatically records data and information from the computer system of the accessing computer. The following data is collected:
- IP address of the user (truncated where technically feasible)
- Date and time of access
- URL accessed and HTTP status code
- Volume of data transferred
- Referrer URL (the previously visited page)
- Browser used and its version
- Operating system used
This data is stored in the log files of our hosting service provider. This data is not stored together with other personal data of the user.
4.2 Legal Basis and Purpose
The legal basis for the temporary storage of the data is Art. 6 (1) lit. f GDPR. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files takes place to ensure the functionality of the website, to guarantee the security of our IT systems and to protect our website against attacks (e.g. DDoS attacks). These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.
4.3 Duration of Storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of the storage of data in log files, this is the case after no more than 30 days. Further storage is possible, in which case the IP addresses of the users are deleted or anonymised so that an assignment to the calling client is no longer possible.
5. Hosting
Our website is hosted on the platform of Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA (hereinafter „Vercel"). When you visit our website, Vercel processes various log data (including your IP address, access time, accessed URL). For details, please refer to Vercel's privacy policy at: https://vercel.com/legal/privacy-policy.
This website is delivered, where possible, via Vercel's edge locations within the European Union (Frankfurt). A transfer of personal data to the United States cannot be entirely excluded, however. Vercel Inc. is certified under the EU-US Data Privacy Framework (DPF) (see the Data Privacy Framework list of the U.S. Department of Commerce), so that any transfer takes place on the basis of the adequacy decision of the European Commission of 10 July 2023 (Art. 45 GDPR). Should the adequacy decision be revoked or restricted in the future, the data transfer will be based subsidiarily on the Standard Contractual Clauses of the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021 (Art. 46 (2) lit. c GDPR). In addition, we have concluded a data processing agreement with Vercel pursuant to Art. 28 GDPR.
The legal basis for the use of Vercel is Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable, fast and secure presentation of our website.
6. Contact
6.1 Contact Form
A contact form is available on our website which can be used for electronic contact. If a user makes use of this option, the data entered into the input mask is transmitted to us and stored. This data is:
- Email address
- Content of your message
- Date and time of submission
- Your IP address at the time of submission (for abuse prevention)
For the processing of the data, your consent is obtained during the sending process and a reference is made to this privacy policy.
The transmission of the form data to us is encrypted via HTTPS/TLS. The delivery of the message to our mailbox is carried out via the email service of our hosting provider for the domain goba.de (Strato AG, Pascalstraße 10, 10587 Berlin, Germany) over an encrypted SMTP connection (STARTTLS/SSL).
6.2 Legal Basis
The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an enquiry is Art. 6 (1) lit. f GDPR. If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
6.3 Purpose of Data Processing
The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
6.4 Duration of Storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form's input mask and data sent by email, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter has been conclusively clarified. Statutory retention obligations, in particular commercial and tax law obligations under § 257 HGB and § 147 AO (six or ten years respectively), remain unaffected.
6.5 Right to Object and Removal
The user has the option at any time to revoke their consent to the processing of personal data. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted in this case.
7. Cookies and Comparable Technologies
Our website uses exclusively technically necessary cookies within the meaning of Section 25 (2) no. 2 TDDDG. These are absolutely necessary to provide the telemedia service expressly requested by you. Consent pursuant to Section 25 (1) TDDDG is not required for this.
Specifically, we use the following cookie:
- goba_cookie_consent: Stores your decision regarding the cookie notice so that it is not displayed to you again. Storage duration: 180 days. Legal basis: Art. 6 (1) lit. f GDPR in conjunction with Section 25 (2) no. 2 TDDDG (legitimate interest in documenting your choice and in a functional website).
We do not currently use tracking, marketing or analytics cookies. Should we use such technologies in the future, we will obtain your prior express consent in accordance with Section 25 (1) TDDDG and will supplement this privacy policy accordingly.
You can also prevent cookies from being set at any time in your browser settings or delete cookies that have already been set. Please note that the full functionality of this website may not be guaranteed in this case.
8. Web Fonts
We use the „IBM Plex Sans" font on our website. The font files are delivered locally from our server (or the server of our hosting provider Vercel) and are not reloaded from an external third-party provider such as Google Fonts. When you visit our website, no connection is therefore established to Google servers. No personal data is transmitted to Google or other third parties in this context.
9. Structured Data (Schema.org)
In order to improve the findability of our content in search engines, we embed structured data on our pages in accordance with the schema.org specifications as JSON-LD. This data contains exclusively publicly accessible company information (name, address, contact details, product and service descriptions). No personal data of our users is processed as a result.
10. External Links
Our website may contain links to third-party websites (such as LinkedIn). We have no influence on the content and data processing of these linked sites. Merely setting a link does not yet transfer any personal data to third parties. Data is only transmitted to the respective provider once the user clicks on the link and thus leaves our website. Please inform yourself about the privacy policies of the respective providers.
11. Rights of the Data Subject
If personal data is processed by you, you are a data subject within the meaning of the GDPR and the following rights apply to you vis-à-vis the controller:
11.1 Right of Access (Art. 15 GDPR)
You may request confirmation from us as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from us about the information listed in Art. 15 (1) GDPR.
11.2 Right to Rectification (Art. 16 GDPR)
You have a right to rectification and/or completion vis-à-vis the controller, provided that the personal data processed concerning you is incorrect or incomplete. The controller must make the correction without delay.
11.3 Right to Restriction of Processing (Art. 18 GDPR)
Under the conditions set out in Art. 18 GDPR, you may request the restriction of the processing of personal data concerning you.
11.4 Right to Erasure (Art. 17 GDPR)
You may request that we delete personal data concerning you without delay if one of the reasons listed in Art. 17 (1) GDPR applies and the processing is not necessary under Art. 17 (3) GDPR (e.g. for compliance with a legal obligation or for the establishment, exercise or defence of legal claims).
11.5 Right to Notification (Art. 19 GDPR)
If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of the processing, unless this proves to be impossible or involves a disproportionate effort.
11.6 Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, provided that the conditions of Art. 20 (1) GDPR are met.
11.7 Right to Object (Art. 21 GDPR)
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) lit. e or f GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
11.8 Right to Withdraw Consent (Art. 7 (3) GDPR)
You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the time of withdrawal.
11.9 Automated Decision-Making in Individual Cases including Profiling (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. Such automated decision-making does not take place on our website.
11.10 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstraße 10a
70173 Stuttgart, Germany
Phone: +49 711 615541-0
Email: poststelle@lfdi.bwl.de
Website: www.baden-wuerttemberg.datenschutz.de
12. Data Security
We use the widely used TLS (Transport Layer Security) procedure during your visit to the website, in conjunction with the highest level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or padlock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
13. Currency and Amendment of this Privacy Policy
This privacy policy is currently valid and was last updated in May 2026. Due to the further development of our website and offers thereon or due to amended legal or official requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed out by you at any time on the website at www.goba.de/en/privacy-policy.
Last updated: May 2026