Privacy Policy

Last updated: 1st January 2026

Introduction

goldstream GmbH ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website goldstream.world, use our services, or otherwise interact with us. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

Data Controller

goldstream GmbH is the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws. Our contact details are provided in the contact information section below.

Data Collection

The data we collect from you may include the following categories of personal information:

  • Contact Information: Name, email address, telephone number, postal address
  • Professional Information: Company name, job title, business contact details
  • Financial Information: Information related to your financial situation, investment objectives, and risk tolerance (when providing advisory services)
  • Technical Information: IP address, browser type, device information, website usage data
  • Communication Records: Records of correspondence and communications with goldstream
  • Marketing Preferences: Your preferences regarding marketing communications

How We Use Your Information

We use the information we collect about you for various purposes, including to provide our financial advisory services and communicate with you effectively. The legal bases for processing and how we use your data include:

  • Service Provision: To provide financial advisory services, process transactions, and manage client relationships (Legal basis: Contract performance)
  • Communication: To respond to inquiries, provide customer support, and send service-related communications (Legal basis: Contract performance and legitimate interests)
  • Legal Compliance: To comply with regulatory requirements and legal obligations in the financial services sector (Legal basis: Legal obligation)
  • Website Operation: To operate and maintain our website, improve user experience, and ensure security (Legal basis: Legitimate interests)
  • Marketing: To send promotional materials and marketing communications, where you have consented (Legal basis: Consent)
  • Business Operations: For internal business purposes, including analytics, risk management, and service improvement (Legal basis: Legitimate interests)

Data Sharing and Disclosure

We may share your personal information in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our business and providing services to you
  • Regulatory Authorities: With financial regulators, law enforcement, or other authorities when required by law or regulation
  • Professional Advisors: With our legal, accounting, or other professional advisors in connection with our business operations
  • Business Transfers: In connection with any merger, acquisition, or sale of our business or assets

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. The specific retention periods depend on the type of information and the purposes for which it is used. For financial advisory services, we typically retain client information for a minimum of seven years after the end of the client relationship, or as required by applicable financial services regulations. Website usage data and marketing information may be retained for shorter periods unless you have consented to longer retention for marketing purposes.

Your Rights

Under the GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request that we correct any inaccurate or incomplete personal data
  • Right to Erasure: You can request that we delete your personal data in certain circumstances
  • Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain situations
  • Right to Data Portability: You can request that we transfer your data to another organisation in certain circumstances
  • Right to Object: You can object to our processing of your personal data in certain situations
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw your consent at any time

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month, though this may be extended in complex cases.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and provide personalised services. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection. However, please note that no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission, to protect your personal data in accordance with GDPR requirements.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately so we can take appropriate action.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:

goldstream GmbH

Bahnhofstraße 148

60844 Frankfurt, Hesse, Germany

Email: privacy@goldstream.world

Phone: +49 697767676

Registration Number: HRB742905

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable data protection laws. In Germany, the relevant supervisory authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or your local state data protection authority.