Share this page on:

Privacy Policy

Data Protection Information

We appreciate your interest in our company and our products and services.

In the following Data Protection Statement, we would like to inform you of which personal data we collect, process and, if applicable, transfer, as well as the scope and purpose thereof, when you visit our website. This also applies to the services and offers accessible via the website.

Where this website contains links to the external sites of other providers, you leave our website when you follow these links. The providers of these linked sites are solely responsible for compliance with legal data protection provisions on them.

Data protection principles

The protection of your privacy and the security of all commercial data are very important to us and we take them into consideration in our business processes. Data protection and information security are part of our company policy.

We place great importance on protecting your personal data and only process it in compliance with the laws and regulations of the Federal Republic of Germany and superordinate European legal requirements, including the EU General Data Protection Regulation (GDPR) and other applicable national laws. Your personal data is processed within the scope described below for the purposes explained. This means that we only use your personal data if this is explicitly permitted by data protection laws or you have already given us consent.

Data security

We have taken substantial technical and organisational security precautions to protect your data managed by us against manipulation, loss, destruction or access by unauthorized persons or unauthorized disclosure. This includes ensuring that only authorized persons have access to your personal data and only to the extent necessary for the purposes stated. Our security processes are reviewed regularly and adapted to state of the art. 

Definition of terms

The EU General Data Protection Regulation uses specific terms, which are defined in Article 4, e.g. personal data, processing, pseudonymisation, controllers, processors, recipients, third parties and consent.

Name and contact details of the controller

Website: www.gk-graphite.com

Graphit Kropfmühl GmbH/AMG Mining GmbH
Langheinrichstrasse 1
94051 Hauzenberg
Germany
Phone: +49 8586 609-0
Email: info@gk-graphite.com

Website: www.graphit-bbw.de

Graphit Kropfmühl Besucherbergwerk gGmbH
Langheinrichstrasse 1
94051 Hauzenberg
Germany
Phone: +49 8586 609-147
E-Mail: info@graphit-bbw.de 

For questions regarding data protection and to assert your rights as a data subject, please contact our data protection team. 
E-Mail: datenschutz@gk-graphite.com

Name and address of the data protection officer

Dr. Eddie Kohfeldt
Langheinrichstraße 1
94051 Hauzenberg
Germany
Phone: 08586 609-0
Email: datenschutz@gk-graphite.com

General information on the processing of personal data

Scope of the processing

We process personal data to provide a website with various contents and functions and for the offer or the provision and billing of our business services and products.

Purposes of the processing

The purposes of the processing of personal data lie in conducting the business of the controller and all associated secondary business.

Legal basis for the processing

Personal data is solely processed based on currently applicable legal principles.

  • The legal basis for processing personal data that is necessary for the performance of a contract to which the data subject is party is Article 6 (1)(b) GDPR. This also applies for processing operations that are necessary for the implementation of pre-contractual measures.
  • If the processing is necessary to safeguard a legitimate interests of our company or a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6 (1)(f) GDPR is the legal basis for the processing.
  • When we obtain consent from the data subject for processing of personal data, Article 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR (for special categories of personal data) are the legal basis.
  • When the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1)( c) GDPR is the legal basis.
  • If the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6 (1)(d) GDPR is the legal basis.
  • If data is transferred to third countries, this is done either based on an adequacy decision of the European Union (Art. 45 GDPR), based on suitable guarantees (Art. 46 GDPR) or based on Art. 49 (1)(b) if this is necessary for the fulfillment of the contract. 

Statutory or contractual duties to provide personal data

There may be statutory or contractual requirements for you to provide personal data under certain circumstances, or it may be necessary to do so in order to enter into a contract.

You may be obliged to provide personal data to us when entering into contracts. Failure to provide the personal data could mean it is not possible to enter into the contract with you.

Transfer of personal data

We only share your personal data with third parties when

  • it is necessary for the initiation or execution of an existing contract with you.
  • it is necessary for the protection of our legitimate interests or those of a third party, unless such interests are overridden by your (the data subject’s) interests or fundamental rights and freedoms requiring the protection of personal data.
  • we are legally required to do so.
  • it is necessary for the enforcement of our claims and rights.
  • we receive requests from official institutions (e.g. supervisory authorities or law enforcement authorities, when transfer is necessary for the prevention of threats to public security and order and the prosecution of criminal offences).


However, in the case of such transfer, the personal data may only be used by the recipients for the respective purpose.

Involvement of external service providers

We are not specialists in everything. That is why we use service providers to support us in some areas of our business activity, e.g.

  • Data centers/cloud services to securely run our services
  • IT service providers to maintain our infrastructure
  • IT developers to develop our applications
  • IT service provider for business applications (ERP-, CRM-, Al-aaplications)
  • Agencies and printers to send out email information or printed information


We have entered into the legally required contracts for order processing that specifically state what the service provider may do with which data. In particular, the use of the data for the service provider's own purposes and disclosure to third parties are excluded. In these contracts, service providers are placed under obligation to comply with the applicable data protection regulations.

Data erasure and storage period

Personal data will be erased or made unavailable as soon as the purpose of storage ceases to apply. By way of derogation, data may be stored for longer if this is provided for by the European or national legislator in Union regulations, laws or other rules to which the controller is subject (e.g. obligations to provide evidence, retention periods) or if consent has been given.

The data will be erased or blocked if a storage period prescribed by the aforementioned standards expires, unless there is a justified need for further storage of the data.

Details on the processing of personal data
 

Operation of the website and creation of log files

Use of cookies

Contact via contact form, email and telephone

Processing of business contacts

Making a reservation for the Visitor Mine (https://graphit-bbw.de)

Use of third-party extensions

When you make an application with us

Social Media


Your rights as a data subject

If your personal data is processed, you are a data subject in accordance with GDPR and you have the following rights against the controller:

Right of information

You can request confirmation from us on whether and which personal data concerning you will be processed by us .

Right to rectification

You have a right to rectification and/or completion if the processed personal data concerning you is incorrect or incomplete.

Right to erasure (“Right to be forgotten”)

You can request the personal data concerning you to be erased immediately and the controller is obliged to erase this data immediately where certain grounds apply.

Right to restriction of processing

Under certain circumstances, you can request restriction of processing of personal data concerning you (e.g. by making it unavailable for use or temporarily removing it from the website, if it is published there).

Right to information

If you have enforced the right to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing.

Right to data portability

You have the right to receive personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to have the data transmitted directly to another controller, if this is technically feasible and does not adversely affect the rights and freedoms of others.

Right to object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is performed in accordance with Article 6 (1)(e) or (f) GDPR.

Right to withdraw the legal data protection declaration of consent

You have the right to withdraw your legal data protection declaration of consent at any time. The withdrawal of consent will not affect the lawfulness of processing carried out based on the consent prior to withdrawal.

Automated decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similar significantly affects you.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority.

How to exercise your rights:

You can exercise these rights by contacting us by email at datenschutz@gk-graphite.com or by writing to the data controller. 

If necessary, we may request additional information required to confirm your identity, e.g. a photocopy of an identity card. 

Your requests will be processed immediately, usually within one month. If circumstances require it, the processing time may be extended by further two months. 

Changes to data protection information

We reserve the right to adapt this data protection declaration when new services are introduced or changed so that they always comply with current legal requirements. When you return to our website, the current version will apply.


Kropfmühl, March 2025