Privacy policy

Effective Date: July 12, 2025

GoldBoosting GmbH (“GoldBoosting,” “we,” “us,” or “our”) respects the rights of its users and is committed to protecting your privacy and the confidentiality of your personal data (“personal data”). We assume full responsibility for the secure and lawful processing of your data.

This Privacy Policy explains how we collect, store, process, share, and protect your personal data – in accordance with applicable German data protection laws, particularly the General Data Protection Regulation (GDPR).

This Privacy Policy applies exclusively to data collection on the website www.goldboosting.com and the associated platform services. It does not extend to external websites that may be linked on our site.

By creating a user account (“GoldBoosting Profile”) or using our website and services, you consent to the collection and use of your personal data as described in this Privacy Policy and our General Terms and Conditions (hereinafter “User Agreement”).

If you have any questions, you may contact our support team at support@goldboosting.com or via the live chat on our website.

GoldBoosting GmbH collects personal data from its users on a voluntary basis and strictly in accordance with applicable data protection laws, particularly the GDPR.

Depending on how you use and interact with our platform, we may collect the following types of data:

To create a user account (GoldBoosting Profile):

– Email address or social network login

To verify a user as a seller:

– First and last name

Other personal data:

– Age

– Phone number

Technical data during use of our website and services:

– Device characteristics and technical parameters

– IP address and geolocation data

– Cookies transmitted by your browser

– Error event logs

– Activity data on the website

– Browser type, language settings, access time, and the referring URL

We may also receive data from third-party services, e.g., for email newsletter delivery.

Payment Information:

To process secure transactions and fulfill our role as an intermediary under the User Agreement, we reserve the right to store limited payment information, including:

– Payment amount

– Transaction date and reference number

– Contact information necessary for payment matching

For proper payment processing, the following data may also be temporarily and securely stored:

– Name and surname

– Payment method (e.g., credit card number, expiration date, PAN – Primary Account Number)

We never store full authentication credentials (such as CVV codes) and fully comply with PCI DSS standards and the data protection requirements of the GDPR.

Details regarding the storage of payment information can be found in our separate Payment Credentials Storage Agreement.

Verification in Case of Account Conflicts or Support Requests:

If users lose access to their accounts or a dispute arises with other users, our support team may request a copy of an official ID (e.g., identity card, driver’s license, passport) to verify account ownership and access authorization.

Age Restriction:

Our services are intended only for persons aged 18 and older.

Minors may only use our platform with written consent from a parent or legal guardian and, if necessary, additional proof.

If we become aware that personal data from minors has been collected without proper consent, we will delete such data without delay.

GoldBoosting GmbH processes your personal data exclusively in accordance with applicable data protection laws, in particular the GDPR.

Our processing activities are based on three legal grounds: contractual obligations, user consent, and legitimate interests.

According to the GDPR, all data processing is based on a clearly defined legal basis.

2.1. Processing to Fulfill Contractual Obligations

When you create a user account and use our services, we process your personal data to fulfill our contractual obligations.

This includes:

– Registration and management of your account: Enabling use of all website functions

– Payment and transaction processing: Ensuring proper handling of payments and transactions

– Customer support: Responding to inquiries, handling complaints, and supporting dispute resolution

This processing is necessary to provide the services described in our User Agreement.

2.2. Processing Based on Your Consent

For processing activities that go beyond what is required contractually, we obtain your explicit consent.

This may include:

– Sending information about our products, services, and offers

– Personalized advertising (including profiling) via trusted partners

– Conducting market research, surveys, giveaways, or promotional campaigns

– Developing and inviting users to marketing initiatives

– Attracting new customers, subscribers, or partners

– Promoting our economic interests within the legally permissible scope

– Any other purpose you have explicitly agreed to

All consents are recorded separately and for specific purposes.

You may revoke your consent at any time or object to processing for marketing purposes – either via an unsubscribe link or by emailing support@goldboosting.com.

2.3. Processing Based on Legitimate Interests

In certain cases, we process personal data to protect our legitimate interests, provided these do not override your fundamental rights and freedoms.

Examples include:

– Collecting outstanding payments and enforcing claims

– Improving user experience through website analytics

– Retaining order and communication history to suggest relevant content

– Ensuring website security and preventing fraud

– Targeted advertising based on website activity and interests

You have the right to object to this processing at any time—especially in the case of direct marketing—by emailing support@goldboosting.com.

2.4. Sharing Personal Data with Third Parties

GoldBoosting GmbH shares your personal data only to the extent necessary and based on a valid legal basis—either to fulfill contracts, comply with legal obligations, protect legitimate interests, or with your explicit consent.

Categories of recipients may include:

– Partner companies (under data processing agreements pursuant to Art. 28 GDPR)

– Payment processors (e.g., Stripe, PayPal, Klarna): Name, email, IP address, transaction data, etc.

– Identity & KYC services (e.g., Sumsub): Verification of IDs, address data, geolocation, etc.

– Analytics providers (e.g., Google Analytics, Hotjar): Anonymized usage data

– Advertising platforms (e.g., Google Ads, Facebook Ads): Cookie-based pseudonymous data

– CRM and support systems (e.g., Salesforce, Intercom): Customer service data

– Marketing automation tools (e.g., Maestra): Campaign delivery and analysis

– Fraud prevention (e.g., Sift): Behavioral analysis to detect fraudulent activity

– Infrastructure monitoring (e.g., Datadog): Logging and server performance

– Internal communication tools (e.g., Slack): Support coordination

– Automation platforms (e.g., Make/Celonis): Process integration

– Online forms (e.g., Jotform): For applications, support, or data deletion requests under Art. 17 GDPR

– Internal tools (e.g., Retool): Temporary internal data handling and user administration

We enter into binding data processing agreements (DPAs) with all service providers in accordance with Art. 28 GDPR.

For data transfers to third countries, we ensure appropriate safeguards under Chapter V of the GDPR, particularly through Standard Contractual Clauses (SCCs).

Note: If a third-party provider fails to meet GDPR requirements, cooperation is suspended until full compliance is ensured.

2.5. Consent & Objection for Marketing

Data sharing for marketing, analytics, or advertising purposes occurs only with your explicit consent.

You may withdraw this consent at any time, without affecting the lawfulness of processing prior to withdrawal.

To revoke your consent, simply email support@goldboosting.com.

Further details on cookies and tracking are provided in our separate Cookie Policy on the website.

2.6. Technical and Service-Related Communication

GoldBoosting GmbH may send you technically necessary messages (e.g., order confirmations, password resets, policy updates) as required to operate our services.

These communications do not require separate consent.

Marketing messages are sent only with your prior consent, which may be revoked at any time.

All communications fully comply with the GDPR and clearly distinguish between required service messages and optional promotional content.

We regularly review the compliance of our communications with data protection law.

GoldBoosting GmbH collects and processes personal data only in clearly defined cases as part of your use of our website and services:

Website Visits:

When you visit our website, we automatically collect your IP address to prevent fraud, enhance security, and ensure technical functionality. These data are stored for a maximum of 9 months to fulfill regulatory obligations (e.g., in payment processing).

Account Creation and Updates:

When registering or updating your user account (“GoldBoosting Profile”), we collect:

– Your email address

– Your username

– Your social media profile (if using social login)

Chat Communication:

Messages exchanged via our online chat are stored to:

– Ensure the quality of service mediation

– Monitor compliance with our platform rules

– Provide support in the event of disputes

Orders and Payments:

Placing an order usually requires no personal data beyond those provided during account creation. Depending on the selected payment method, additional information may be required, e.g.:

– QIWI: phone number

– VISA/MasterCard (via Stripe, emerchantpay): full name, address, country, city, phone number, postal code

GoldBoosting GmbH only stores payment data necessary for secure transaction handling, including:

– First and last name

– Masked card number

– Expiration date

– Primary Account Number (PAN)

Security codes (CVV/CVC) are never stored.

All payment processing is carried out exclusively via certified providers in accordance with the GDPR and PCI DSS standards.

After Purchase:

To fulfill specific services (e.g., game boosting), we store additional game-related information such as:

– Server names

– Character or account names

These data are used solely for service delivery and are secured in compliance with the GDPR.

Identity Verification, Fraud Prevention, and KYC:

To comply with legal requirements (e.g., AML and KYC regulations), we may process the following:

– Full name

– Date of birth

– Contact information

– Biometric data (e.g., facial image during verification)

– IP address and geolocation data

– Official ID documents (e.g., identity card, passport)

Such data are processed exclusively via GDPR-compliant third-party providers such as Sumsub and Sift, with safeguards ensured through Standard Contractual Clauses (SCCs).

Online Forms (e.g., Jotform):

For applications, verifications, service processing, or GDPR deletion requests, we collect personal data through secure forms (e.g., via Jotform):

– First and last name

– Username

– Email address, phone number

– Messenger contacts (WhatsApp, Telegram, Discord, etc.)

– Date of birth

– ID document copies (e.g., passport, national ID card)

All data is processed strictly according to GDPR, including data processing agreements (DPAs) and SCCs.

Marketing & Analytics (with consent only):

With your explicit consent, we process personal data for:

– Advertising purposes

– User behavior analysis

– Website and campaign optimization

Processed data may include:

– IP address

– Cookies

– Device and browser identifiers

– Usage behavior (e.g., click paths, dwell time)

Service providers include: Maestra, Mixpanel, Hotjar, Google Analytics, Facebook Ads, Bing Ads, Red Tracker, etc. – all under GDPR-compliant agreements and data protections.

Technical Infrastructure & Security:

To ensure system stability, security, and performance, we process technical data such as:

– IP address

– Browser information

– Technical logs

– Session data

This processing is carried out via trusted providers like Datadog, who implement certified security standards and SCCs.

Booster Data (Sellers):

For verification, payout, and service execution, we collect seller-related personal data such as:

– Name, address, date of birth

– Contact details (email, WhatsApp, Telegram, Skype, Discord)

– ID verification documents (e.g., passport copy)

– Payment data (only as necessary)

Processing is done solely for contract fulfillment, payouts, fraud prevention, and compliance with legal obligations.

Data Processing in Promotional Campaigns:

As part of marketing campaigns or promotions, we may collect additional data for participation tracking, such as:

– Promo codes

– Campaign registration

– User interactions

These data are shared only with trusted partners such as Maestra or Mixpanel and are subject to the same security standards as regular data processing.

Data Controller ("Controller"):

GoldBoosting GmbH

Meininger Straße 24

98597 Breitungen

Germany

Email: support@goldboosting.com

All data are processed and stored in accordance with German law and the General Data Protection Regulation (GDPR). GoldBoosting GmbH acts as the data controller within the meaning of Art. 4(7) GDPR.

Your personal data is stored and processed on secure servers operated by GoldBoosting GmbH, located at Meininger Straße 24, 98597 Breitungen, Thuringia, Germany (HRB 523356).

Data is hosted on servers within the European Union, specifically at a data center in Frankfurt am Main (Germany) operated by a ISO 27001-certified provider.

For further details about third-party providers and data sharing, please refer to Section 2.4 ("Sharing of Personal Data with Third Parties") of this Privacy Policy.

GoldBoosting GmbH implements strict technical and organizational measures to protect your data from unauthorized access, loss, manipulation, or destruction. This includes:

– Encryption technologies (TLS/SSL)

– Firewalls

– Access restrictions

– Regular security audits

In the event of a security breach, we will notify you in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), as described in the section “Notification of Data Breaches” below.

In addition to processing within Germany, data may also be processed in other EU or EEA countries when cooperating with trusted third-party service providers (see Section 2.4).

International data transfers outside the EEA are conducted exclusively under legal safeguards, in particular Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

Your personal data may – where necessary – be transferred to and processed in countries outside the European Economic Area (EEA). This primarily concerns trusted service providers based in the United States or other third countries.

GoldBoosting GmbH ensures that all international data transfers comply with the requirements of the General Data Protection Regulation (GDPR). Appropriate safeguards are applied, in particular:

Conclusion of Standard Contractual Clauses (SCCs) with the respective service providers

Implementation of additional technical security measures (e.g., encryption)

Careful selection and regular review of providers

If no adequate level of data protection exists in the recipient country, data will only be transferred if additional guarantees are in place or the data subject has provided explicit consent.

To encourage interaction between users, the following data may be publicly displayed on the GoldBoosting GmbH website:

Your username (nickname)

Your rating (e.g., star rating)

Reviews written by other users

Total number of your transactions and your success rate

Additional notes:

Any further information in your user profile or details shared with a service provider (booster) as part of an order will remain confidential and will not be publicly displayed.

You are solely responsible for any personal data you choose to disclose in publicly accessible areas. Please note that publishing sensitive information such as phone numbers or email addresses may lead to suspension of your user account (see Terms of Use).

All message traffic between buyers and sellers via the platform is protected by appropriate technical safeguards. Nevertheless, we advise you to exercise caution when sharing personal information.

GoldBoosting GmbH is committed to the highest standards in protecting your personal data, fully in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Our security framework includes the following measures:

Secure data storage: All data is automatically processed and stored on protected servers within the EU.

Restricted access: Only authorized employees of GoldBoosting GmbH have access to personal data as part of their work duties.

Technical safeguards: We utilize encryption technologies, firewalls, and regular security and risk assessments.

Employee training: All staff receive regular training on the secure handling of personal data.

Payment security: All transactions are processed exclusively via certified payment providers (e.g., Stripe, PayPal). GoldBoosting GmbH does not store sensitive payment data such as CVV codes.

Disclaimer:

Despite all protective measures, if unauthorized access to personal data should occur, GoldBoosting GmbH will take all legally required steps to minimize damage and inform affected users. Liability for damages caused by third parties – such as payment providers – is excluded, as payment processing is handled exclusively by certified external providers.

In accordance with the GDPR, the following rights are granted to data subjects in relation to GoldBoosting GmbH, Meininger Straße 24, 98597 Breitungen, Thuringia, Germany (HRB 523356):

8.1. Right of Access:

You may request information at any time about whether and which personal data we store about you and for what purpose.

8.2. Right to Rectification:

You have the right to correct or complete inaccurate or incomplete personal data.

8.3. Right to Restrict Processing:

You can request that the processing of your data be restricted, e.g., in the case of objections to direct marketing.

8.4. Right to Erasure ("Right to Be Forgotten"):

You have the right to request the full deletion of your data, provided that no legal retention obligations apply (e.g., commercial or tax documentation requirements).

8.4.1. Exercising the Right to Erasure Under Art. 17 GDPR:

To exercise this right, please use our online deletion form. For identity verification, we require:

Full name

Current contact information

A copy of a valid ID document (e.g., identity card or passport)

Once the complete documentation is received, we will review your request within 30 days. Incomplete requests may require further documentation.

8.5. Right to Data Portability:

You may request that we provide your personal data in a structured, commonly used, and machine-readable format for transfer to another service provider.

8.6. Right to Object:

You may object to the processing of your data for purposes of direct marketing, market research, or profiling at any time.

8.7. Right to Object to Automated Decision-Making:

You have the right not to be subject to automated decisions (e.g., scoring or profiling) if these have legal effects or significantly affect you.

8.8. Right to File a Complaint with a Supervisory Authority:

If you believe that the processing of your data violates the GDPR, you may lodge a complaint with the competent supervisory authority. For GoldBoosting GmbH, this is:

Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI)

P.O. Box 90 04 55

99107 Erfurt

Phone: +49 361 57 311 2900

Email: poststelle@datenschutz.thueringen.de

Website: www.tlfdi.de

8.9. Right to Withdraw Consent:

If data processing is based on your consent, you may revoke it at any time with effect for the future. Please contact our support at:

support@goldboosting.com

8.10. Abusive Requests:

In accordance with Art. 12(5) GDPR, GoldBoosting GmbH reserves the right to reject obviously unfounded or excessive requests or to charge a reasonable processing fee.

8.11. Notice for U.S. Consumers:

The services of GoldBoosting GmbH are intended exclusively for users within the EU or EEA. Therefore, the provisions of the California Consumer Privacy Act (CCPA) do not apply.

Users of the GoldBoosting GmbH website may publish content or share links to external resources, provided these comply with our Terms of Use. To safeguard personal data, our customer support team monitors compliance and removes content or links that pose a security risk.

Please note: While we review submitted content for potential risks, no further moderation is conducted after approval for listings, auctions, or chat communications.

By interacting with or publishing external content, you acknowledge that GoldBoosting GmbH is not affiliated with these external websites and does not endorse their content or practices. We assume no liability for damages, data loss, or security issues resulting from the use of external links or third-party websites. Always check the privacy and security policies of such websites before sharing personal information.

In the event of a data breach or unauthorized access to personal data, GoldBoosting GmbH will promptly notify all affected users and the competent supervisory authority in accordance with Articles 33 and 34 of the GDPR. We will immediately initiate an investigation and mitigation measures and implement further security improvements if necessary. Affected users will receive all relevant information and recommendations to help protect their data as quickly as possible.

To protect your account, we recommend the following:

Use a strong and unique password and update it regularly.

Activate two-factor authentication (2FA) if available.

Keep your login credentials strictly confidential.

Notify our customer support immediately if you suspect unauthorized access.

While GoldBoosting GmbH implements comprehensive technical security measures, it is also your responsibility to maintain the security of your account.

With your explicit consent, GoldBoosting GmbH may use your personal data to send you targeted advertisements or marketing communications. You have the right to object to this use at any time or to revoke your consent.

You can opt out by clicking the unsubscribe link in our emails or by contacting our customer support at:

support@goldboosting.com

Revoking your consent does not affect the receipt of service-related communications (e.g., order confirmations), which are necessary to fulfill contractual obligations.

GoldBoosting GmbH uses cookies, web beacons, and similar technologies to enhance the functionality of the website, analyze user behavior, and provide personalized content and advertisements.

Cookies are small text files stored on your device to maintain sessions, store preferences, or improve usability. You can manage or disable cookies via your browser settings. Please note, however, that doing so may restrict certain website features.

For detailed information, refer to our separate Cookie Policy.

We retain personal data only as long as necessary to fulfill the intended purposes or to comply with legal retention requirements. Afterward, the data is securely deleted or anonymized.

Specific retention periods:

Account-related information: During active account usage and up to 12 months after deactivation.

Transaction data: Up to 5 years, in compliance with tax and commercial regulations.

Communication data (e.g., chat logs): Up to 3 years after your last interaction with our support team.

GoldBoosting GmbH reserves the right to amend or update this privacy policy at any time to reflect changes in services, internal processes, or legal requirements. Unless a specific effective date is stated, significant changes take effect 30 days after publication on this page.

We will inform you of such changes in a timely manner via email, notices on our website, or the online chat. Continued use of our services after the changes take effect constitutes your acceptance of the updated policy.

We remain committed to safeguarding your privacy and maintaining transparency in the processing of your personal data.

If you have questions, concerns, or requests regarding this privacy policy or the processing of your personal data, you can contact our customer service at any time:

Email: legal@goldboosting.com

Postal Address:

GoldBoosting GmbH

Meininger Straße 24

98597 Breitungen

Thuringia, Germany

If your concerns regarding our compliance with data protection laws remain unresolved, you have the right to file a complaint with the relevant supervisory authority:

Thuringian State Commissioner for Data Protection and Freedom of Information

P.O. Box 90 04 55

99107 Erfurt

https://www.tlfdi.de

Email: poststelle@datenschutz.thueringen.de

Phone: +49 (0)361 57 3112900