GDPR Policy

Effective: May 15, 2026

This GDPR Policy explains how Best Gold Company complies with the European Union General Data Protection Regulation (GDPR), the UK GDPR, and similar data protection laws in the European Economic Area (EEA), United Kingdom, and Switzerland. It complements our general Privacy Policy.

Who this applies to

This policy applies to visitors who are residents of the EEA, the United Kingdom, or Switzerland, and to anyone whose personal data we process under the GDPR or UK GDPR. If you are outside those jurisdictions, the general Privacy Policy still applies to you, plus any local privacy law in your home jurisdiction (for example, the California Consumer Privacy Act).

Data controller

For the purposes of the GDPR, Best Gold Company is the data controller for personal data collected through https://bestgold.company. Editorial direction is provided by Tim Schmidt. For any data protection request or question, the contact point is [email protected].

Personal data we process

We try to collect as little personal data as possible. The categories we process are:

  • Contact form submissions. If you write to us through a contact form, we receive the name, email address, and message you submit.
  • Server log data. Our hosting provider records standard web server data when you visit, including IP address, user agent (browser type and version), pages visited, referring URL, and timestamps.
  • Analytics data. A website analytics provider records aggregate visit data including pages viewed, time on page, referring URL, and an anonymized version of your IP address. We do not connect this analytics data to a personal identity.
  • Affiliate attribution data. When you click an outbound affiliate link, the link redirector may set a short-lived cookie that lets us reconcile referrals with the destination company. This data is identifier-only and is not linked to your name or email unless you also submit it through a form.

We do not collect financial account information, Social Security numbers, government identifiers, or sensitive special categories of personal data through this website.

Lawful basis for processing

Under the GDPR, every processing activity must have a lawful basis. The bases we rely on are:

  • Legitimate interests (Article 6(1)(f)). Operating and securing the site, understanding aggregate traffic patterns through analytics, attributing affiliate referrals, and protecting the site against fraud and abuse. We have balanced these interests against your rights and freedoms and consider them appropriate in the context of an editorial publication.
  • Consent (Article 6(1)(a)). Where we set non-essential cookies through a consent banner (where applicable), or where you actively submit information through a form, the lawful basis is your consent. You can withdraw consent at any time.
  • Compliance with a legal obligation (Article 6(1)(c)). Where applicable, to comply with tax, accounting, anti-fraud, or other legal obligations.

Your rights under the GDPR

If you are in the EEA, the UK, or Switzerland, you have the following rights regarding personal data we hold about you:

  • Right of access. You can ask us to confirm whether we process your personal data and to provide a copy of that data.
  • Right to rectification. You can ask us to correct inaccurate personal data, or to complete incomplete personal data.
  • Right to erasure (“right to be forgotten”). You can ask us to delete personal data in certain circumstances, including when the data is no longer needed for the purpose it was collected.
  • Right to restriction of processing. You can ask us to pause processing of your personal data in certain circumstances, for example while a rectification request is being resolved.
  • Right to data portability. Where processing is based on consent or on a contract and is carried out by automated means, you can ask to receive your data in a structured, commonly used, machine-readable format.
  • Right to object. You can object to processing that is based on legitimate interests, including objections to direct marketing (Best Gold Company does not engage in direct marketing to visitors).
  • Right not to be subject to a decision based solely on automated processing. We do not make automated decisions with legal or similarly significant effects about visitors.
  • Right to withdraw consent. Where processing is based on consent, you can withdraw consent at any time without affecting prior lawful processing.

How to exercise your rights

To exercise any of the rights above, send a request to [email protected]. Please include enough information for us to identify the data you are asking about and to verify your identity. We will respond within one month, in line with GDPR timelines. If a request is complex or we receive a large number of requests, we may extend that period by up to two further months and will let you know if we do.

There is no fee for a reasonable request. If a request is manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or decline the request, as permitted by Article 12(5).

Right to lodge a complaint

You have the right to lodge a complaint about our processing of your personal data with the data protection supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement, or with the supervisory authority in the United Kingdom or Switzerland as applicable.

We would appreciate the chance to address your concern first by contacting us at [email protected], but you are not required to contact us before lodging a complaint with a supervisory authority.

International data transfers

Best Gold Company is operated from the United States. When you visit the site or contact us, personal data may be transferred to and processed in the United States, where data protection laws differ from those in the EEA, the United Kingdom, and Switzerland. Where required, we rely on appropriate safeguards for international transfers, including Standard Contractual Clauses adopted by the European Commission and, where applicable, the UK Data Bridge or equivalent mechanisms.

Data retention

We keep personal data only as long as we need it for the purpose it was collected. Contact form messages remain in our email system for the duration of the correspondence and up to two years thereafter. Server logs and analytics data follow the retention defaults of our hosting and analytics providers. Affiliate attribution cookies expire on the schedule described in our Cookie Policy.

Children

Best Gold Company is intended for adult retirement investors and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

We may update this GDPR Policy from time to time. When we do, we update the Effective date at the top.

Contact

Data protection questions, GDPR requests, and complaints can be sent to [email protected]. We will respond as quickly as we can.