Thank you for visiting our website. In this Policy, we would like to inform you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
Responsible for the processing of personal data, during the visit of this website, is:
Schönhauser Allee 176, Haus 21
Data Protection Officer
You can reach our data protection officer as follows:
datenschutz nord GmbH
Branch office Berlin
When you visit our website, our web server temporarily evaluates usage data. We use the usage data for statistical purposes to improve the quality of our website. We also use this information to enable you to call up our website, to control and administer our systems and to improve the design of the website. These purposes pursued by us represent at the same time the legitimate interest within the meaning of Art. 6 (1) (f) GDPR. This data consists of the following data categories:
- the name and address of the requested content,
- the date and time of the query,
- of the transferred data volume,
- the access status (content transferred, content not found),
- the description of the used web browser and operating system,
- the referral link, which indicates from which page you reached ours.
In addition, we store the full IP address transmitted by your web browser for a strictly limited period of seven days in the interest of being able to detect, limit and eliminate attacks on our websites. After this period, we delete or anonymize the IP address.
We take technical and organizational measures to protect your data as comprehensively as possible from unwanted access. These measures include encryption procedures on our web pages. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption.
You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.
Some cookies are required to use our website. We do not use these cookies for analysis, tracking or advertising purposes. In some cases, these cookies only contain information about certain settings and are not personal. They may also be necessary to enable user navigation, security and implementation of the site. We use these cookies on the basis of § 25 (2) No. 2 TTDSG and Art. 6 (1) (f) GDPR, based on our legitimate interest in being able to offer basic website functions to ensure the maintenance of functionality
We do not use technically unnecessary cookies on our website.
You may contact us via our contact form. In order to use our contact form, we first require the data marked as mandatory.
The legal basis for this processing is Art. 6 (1) (f) GDPR in order to respond to your request.
In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not mandatory for contacting us. We process the information you provide voluntarily on the basis of your consent.
Your data will only be processed to respond to your enquiry. We delete your data if it is no longer required and there are no legal retention obligations in conflict to that. Usually this is the case 7 days after handling the request.
Concerning the processing according to Art. 6 (1) (f) GDPR, you have the right to object at any time. You can also withdraw your consent to the processing of the data you provided voluntarily at any time. To do so, please contact this e-mail adress: email@example.com.
Newsletter registration and delivery
You can order a newsletter on our website. Please note that we require certain data (at least your e-mail address) for suscribing to our newsletter.
The newsletter will only be sent to you, if you have given us your explicit consent. Once you have ordered our newsletter, you will receive a confirmation e-mail to the e-mail address you provided (so-called double opt-in). You can withdraw your consent at any time. You can easily withdraw your consent, for example, by clicking on the unsubscribe link in every newsletter.
As part of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or the confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 (1) (f) GDPR and in the legitimate interest of being able to account for the lawfulness of the newsletter delivery.
You can apply for open positions via our application tool. Your data will be forwarded to the persons responsible for the application process. All parties involved will treat your application documents confidentiality. We process the data that you disclose to us as part of your application for the purpose of applicant selection. The legal basis for this data processing is § 26 (1) sentence 1 of the German Federal Data Protection Act (decision on the establishment of an employment relationship).
After completion of the selection process, the information you provided for the specific selection process and the documents sent will be deleted after six months at the latest, unless we have concluded an employment contract with you. In the event that we may also consider your application for other or future job postings, we ask you to indicate this in your application. With your explicit consent, we will process your data on the basis of Art. 6 (1) (a) GDPR (consent). You can revoke your consent at any time with effect for the future. The data processing that took place until the revocation remains lawful. Irrespective of a possible revocation, we will delete your data two years after inclusion in the applicant pool. If you are listed in the applicant pool as an intern, your data will be deleted one year after inclusion in the applicant pool.
For the uniform display of fonts, our website uses web fonts integrated locally via our server, which are provided by Google. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. A data transfer to Google does not take place with this form of integration of the web fonts. The data processing is carried out for the optimal presentation of the website. This purpose pursued by us also represents the legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
Unless otherwise specified, we will delete your personal data if they are no longer required for the relevant processing purposes and no legal retention obligations oppose deletion.
We transfer your data to service providers who support us in the operation of our websites and related processes. These service providers are usually data processors within the meaning of Art. 28 GDPR. Our service providers are strictly bound by contracts and our instructions. These are service providers of the following categories:
- Hosting service provider/cloud service provider for the operation of our servers
- Service provider for IT security/IT support
- E-mail service provider for sending e-mails in connection with our contractual services
- Distribution of our e-mail newsletter
The service providers are required to comply with the current data protection regulations. All processors have been carefully selected and are only given access to your data to the scope and for the period of time required to provide the services.
The servers of some service providers used by Bluu GmbH are located in the USA and other countries outside the European Union. Companies in these countries are regulated by data protection laws that do not generally protect personal data to the same level as it is the case in the member states of the European Union. If your data is processed in a country that does not have a recognized high level of data protection like the European Union, we ensure that the level of data protection is secured as far as possible by using contractual regulations or other recognized instruments.
Many US companies offer a secure level of data protection in the USA with certification in accordance with the Data Privacy Framework. With data recipients in the USA that are not certified in accordance with the Data Privacy Framework, we conclude the standard data protection clauses adopted by the EU Commission for the processing of personal data in third countries.
Your rights as a data subject
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right of access by the data subject (Art. 15 GDPR)
You have the right to obtain confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed of this personal data and to receive the information specified in Art. 15 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement without delay.
Right to erasure (Art. 17 GDPR)
You have the right to obtain the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of our examination.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request that this data be transferred to a third party.
Right to withdraw consent (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. This right may be asserted in particular with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.
Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6 (1) 1 f GDPR (data processing for the purpose of our legitimate interests) or on the basis of Art. 6 (1) 1 e GDPR (data processing for the purpose of protecting public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or if data is still needed for the establishment, exercise or defence of legal claims.
Asserting your rights
Unless otherwise described above, please contact us to assert your rights. You will find our contact details in our imprint.