Data Protection Regulation.

We, BLUBERRIES GmbH, Stetten 4, 83123 Amerang as the data controller for the website www.bluberries.de pursuant to Art. 4 No. 7 EU GDPR (hereinafter “we”), are pleased to provide you with information through this data protection statement as to whether and to what extent your personal data is processed when visiting the website at this domain. In addition, we also hereby provide you information on your rights and identify relevant contacts. This information applies to the domain specified above as well as to other websites that we host online if these are explicitly referenced in this statement.

Personal data includes all information that identifies you individually, e.g. name, address, email address, IP address, data about website use.

This website may contain links to websites outside of BLUBERRIES, to which this data protection statement does not apply. In case you leave this website, please make sure to check the data protection statement of the websites outside of BLUBERRIES.

A. Definition of terms used

Our data protection statement aims to be clear and understandable for everybody. Usually, in a data protection statement the official terms of the EU General Data Protection Regulation (GDPR) are utilised. The official definitions of terms can be found in Art. 4 GDPR.

B. Data Protection Officer and responsible place for data protection

1. Responsible place within the meaning of data protection

BLUBERRIES GmbH
Stetten 4, D-83123 Amerang
datenschutz@bluberries.de

2. You can contact our data protection officer via:

Mail: datenschutzbeauftragter@datenschutzexperte.de
Website: www.datenschutzexperte.de

C. Processing of personal data from informational use based on legitimate interests, Art. 6(1) lit. f) GDPR

In case of purely informational use of our website, which means when you do not register, log in or otherwise transmit any additional information to us, we initially collect and process only the personal data that your browser and your internet provider transmit to our server. This involves data that is needed for technical reasons in order to display the website and to ensure the security and stability of our site.

Specifically, this is the shortened and thus anonymous IP address (the reduction excludes person-specific identifiers and thus, a personal relationship), the website, the site you last visited (referrer), the websites belonging to BLUBERRIES that you visited, the names of the retrieved files, the date and time of the retrieval, the operating system and version of browser installed on your PC. We also store the aforementioned data in log files. This occurs in order to ensure that the website functions properly. In addition, we use the data to improve our online presence and to ensure its security. However, none of the afore mentioned data is stored together with other personal information. Log files are stored for a maximum of 7 days.

  • Technical data (shortened and hence anonymised IP address; date; time of the request; content of the request, i.e. specific site and files you might have accessed; access status/http status code);
  • Time zone difference to Greenwich Mean Time (GMT); amount of data transferred respectively; website from which the request originated;
  • Operating system/browser data (operating system, GUI, browser, language and version of the browser software)

For the website to operate properly and to fulfil our own obligations, we forward your data to our service providers and in turn receive data from them. This is also applicable if you contact us in the ways specified by us or use other offers on our website.

We also save your personal data in the so called local storage. meaning we use the saving capacity of your browser. Local storage is an industry-standard technology that allows a website or app to store and retrieve data on a person’s computer, mobile phone or other device. This helps to facilitate the user experience of blueberries.de. Third parties or other websites cannot access this data. A combination of other types of data and local storage data is not happening.

Furthermore, some tracking tools save information and entries in the local storage. The according data protection notes can be found in the section on tracking tools. These data help to analyse and interpret the browsing behaviour of the visitors of www.bluberries.de and will not be used for commercial purposes.

E. Data Recipients and Data Sources

  1. Categories of data recipients

Within the scope allowed by law (as previously described), we relay personal data to companies in our group as well as to external service providers:

  • IT service providers, for the purpose of maintaining our IT infrastructure
  • Public agencies where justified on a case-by-case basis (e.g. national insurance carriers, financial authorities, police, public prosecutor’s office, regulatory agencies)
  1. Data Sources

We process personal data that we obtain from you within the context of our user and business relationships. Where necessary in order to provide our services, we process personal data that we have collected within the context of your use of our website. Further, we process personal data we get from search engines or analytics providers.

G. Retention period or criteria in determining retention period.

Where purely informational use is involved (see Item A.), we retain the designated personal data for as long as necessary to provide services or for use. It is deleted once the respectively designated purpose has been achieved.

Data stored in log files is deleted within a maximum of 7 days. In addition, personal data stored in log files is also anonymised.

If there are statutory or contractual retention periods (e.g. where a user or contractual relationship is involved), we are obligated to retain the data until expiration of this period. We delete the relevant data following expiry or discontinuation of relevant obligations arising from statutory retention periods stipulated by commercial and tax law (see §§ 147 General Tax Code (AO) and 257 Commercial Code (HGB)).
We retain your data for marketing purposes until you object to its use, withdraw your consent or such use is no longer legally permitted.

We retain your other data only as long as we need it to fulfil the specific purpose for which it was collected (e.g. fulfilment or conclusion of contract) and delete it once it ceases to be needed for that purpose.

F. Data transfer to a third country

In addition to the data transfers to third countries as already described above, data is also transferred to countries outside the European Union and the European Economic Area (“third countries”) in the context of the administration, development and operation of IT systems. When doing so, the following must be observed:

Transfer is in principle permissible because the requirements allowing for such transfer under law have been satisfied or you have given your consent to the transfer of the data and special conditions exist for transfer to a third country. Specifically, the data importer guarantees an adequate level of data protection in accordance with standard EU clauses for the transfer of personal data to data processors in third countries. You can find a copy of the standard contract clauses stipulated by the EU Commission online at:

http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32010D0087

In some cases the required data security is secured by the certification of the contract party via the EU-US Privacy Shield, which you can see via: https://www.privacyshield.gov/.

Alternatively, you can get these from us (see contact details).

H. Use of cookies based on legitimate interests, Article 6 (1) letter a) GDPR

In addition to the data previously specified, when you visit our website, so-called “cookies” are saved to your computer. Cookies are small text files that are saved to a browser on your computer and are used by the entity that placed them there (i.e. us) to obtain certain information. Cookies cannot run programmes or place viruses on your computer. They serve generally to make the website more effective and user friendly.

When you visit our website for the first time or if no cookie is detected on your device, you will be notified of our use of cookies. In addition, we obtain your consent for storing certain cookies. You will find further explanations under C. When issuing the initial Cookie Notice and obtaining your consent, we refer to this Privacy Policy.

We use both transient and persistent cookies; the scope and functionality of each is described below:

  1. Transient Cookies

Transient cookies are automatically deleted when you close your browser. This includes in particular session cookies. These store a so-called session ID, through which different requests of your browser can be assigned to the common session and make your surfing experience on our website a more pleasant one for you. Session cookies can be used to recognise your computer when you return to our website. Session cookies are automatically deleted when you close your browser.

  1. Persistent Cookies

Persistent cookies are automatically deleted after a specified period, which can differ from one cookie to another. You can delete the cookies at any time using the security settings in your browser. At no time will personal data be stored in a cookie.

Most browsers are pre-set to automatically accept cookies. However, you can disable the storage of cookies or set your browser to notify you before storing cookies. Users who do not accept cookies may not be able to access certain areas of our websites.

I. Use of Web Analytics

  1. Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (“Google“). Google Analytics employs cookies that are saved to your computer and enable analysis of your use of the website. The information generated by the cookie on your use of this website is in general transmitted to a server in the US and stored there. Through IP anonymisation on this website, however, your IP address is first truncated by Google within the member countries to the European Union or in other signatories of the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the US and truncated there.

Use of IP address

Computers and devices connected to the Internet are assigned a unique number called an IP address. Because these numbers are typically assigned in country-based blocks, an IP address can often be used to identify the country (state or city) that connects to the Internet using a particular computer. Google Analytics captures the IP addresses of website visitors. This allows website owners to analyse which parts of the world their visitors come from. This method is known as geo-targeting by IP addresses.

The actual IP address information will not be shared with Google Analytics customers by Google Analytics. In addition, the IP masking method is used: Website owners who use Google Analytics can set it to use only part of the data for geo-targeting instead of the entire IP address. Website owners generally have access to the IP addresses of their website visitors, regardless of the use of Google Analytics.

The data collected through Google Analytics will be stored for a period of 50 months.

We use Google Analytics to analyse use of and to periodically make improvements to our website. Using the statistics acquired thereby, we are able to improve our website and make it more attractive to you as a user. For those exceptional circumstances in which personal data is transmitted to the US, Google has agreed to be subject to the EU-US Privacy Shield
https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1) p. 1 lit. f GDPR.

Information about third-party providers: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of Use: http://www.google.com/analytics/terms/de.html
Overview of Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html
as well as the data protection statement: http://www.google.de/intl/de/policies/privacy.

  1. Google Maps

Parts of our website use the Google Maps services. This allows us to display interactive maps, directly integrated into the website, and enables you to comfortably use the map feature. These services are provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA („Google“). By visiting our website, Google receives the information that you visited the relevant sub-page on our website. The data mentioned in Section 3 of this data privacy statement will also be transmitted. This happens regardless of whether you are logged in with a Google account, or whether no such account exists. If you are logged in on Google, the data is directly associated with your account. If you do not wish any such association with your Google profile, log out before using the button.

Google stores your data as user profiles and uses them for advertising, market research and/or customization of their website. This kind of analysis occurs especially (even for users that are not logged in) in order to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right to object against the creation of these user profiles, for the exertion of which you have to contact Google.

We use Google Maps in order to provide an appealing, comfortable design of our website and additionally it has the purpose to increase the findability of the named places. Legal basis for the use of Google Maps is Art. 6 (1) sent. 1 lit. f GDPR. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. Further information about the purpose and extent of the data collection and the processing of your data by the plug-in provider is available in the privacy policy of the provider.

You will also find more information about your rights in this regard, as well as configuration options for the protection of your privacy: https://www.google.com/intl/en/policies/privacy/

J. Social Media

  1. Use of Social Media Plug-ins

(a) We currently make use of the following social media plug-ins: Xing, LinkedIn. We use the so-called two-click approach. That means, when you visit our site, no personal data is initially transmitted to the plug-in provider. You can identify the plug-in provider by the first letter or logo on the label on the box. We provide you the opportunity to communicate directly with the plug-in provider using the button. Only when you activate the marked field by clicking on it will the plug-in provider be informed that you have accessed our online services on the website. According to Facebook, the IP address is anonymised on Facebook immediately after collection. Therefore, by activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (for US providers: in the US). As the plug-in provider acquires the data primarily via cookies, we recommend you delete all cookies using the security settings on your browser before clicking on the greyed-out box.

(b) We have no influence over either data collection or data processing operations, nor are we familiar with the full scope of data collection, the purposes of collection or retention periods. We also have no information on deletion of the collected data by the plug-in provider.

(c) The plug-in provider stores data collected about you as a user profile and uses it for the purpose of advertising, market research and/or appropriate design of its website. This utilisation occurs in particular (including for users who are not logged in) in presenting appropriate advertising and to inform other social network users of your activities on our website. You are entitled to object to the creation of this user profile; to do so you must contact the respective plug-in provider. Using the plug-in we offer you the opportunity to interact with the social network and other users so that we can improve our site and design it so as to make it more attractive to you. The legal basis for the use of plug-ins is Art. 6(1) p. 1 lit. f GDPR.

(d) Data transfer occurs independently of whether or not you have an account with the plug-in provider and are logged in. When you are logged into the plug-in provider, the data collected from us is assigned directly to your account with the plug-in provider. When you press the activated button and, for example, link to the website, the plug-in provider also stores this information and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, particularly before activating the button in order to avoid this sort of association to your profile with the plug-in provider.

(e) You can find additional information on the purpose and scope of data collection and its processing by the plug-in provider in the following data protection statements by these providers. There you will also find additional information regarding your rights and configuration options for safeguarding your personal privacy.

(f) Addresses for the respective plug-in providers, together with their data protection statements:

Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany; https://privacy.xing.com/de.

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

 

K. Your rights

Below you can find information on which rights the GDPR offers you against the processor of your personal data. In addition, you can direct a complaint at any time to a regulatory authority. For us, the Bayerische Landesamt für Datenschutzaufsicht, PO Box 606, 91511 Ansbach, Germany, is responsible.

The right of access by the data subject (Art. 15 GDPR). The right to request information about your personal data processed by us pursuant to Art. 15 GDPR. In particular, you can ask for information on the processing purposes, the category of personal data, the categories of recipients to whom your data can or has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the source of data, if not collected from us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about details.

The right to rectification (Art. 16 GDPR). The right, in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or all personal data stored by us.

The right to erasure (Art. 17 GDPR). The right to demand the deletion of your personal data stored with us, according to Art. 17 GDPR, as far as the processing for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of the public interest or for the assertion, exercise or defence of legal claims is required.

The right to restriction of processing (Art. 18 GDPR). You have the right to require limitation of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject their deletion and we no longer need the data, but you need this for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

The right of access by the data subject (Art. 20 GDPR). You have the right to obtain your personal information provided to us in a structured, common, and machine-readable format or to request transmission to another person in charge.

The right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You can contact the supervisory authority of our federal state (named above) or the ones at your place of residence or work place.

The right to withdraw consent at any time (Art. 7, para. 3 GDPR). You have the right to withdraw your consent to the processing of data at any time with future effect. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing cannot be based on a legal basis for processing without opt-in. The revocation of consent does not affect the legality of the processing carried out based on the consent until the revocation.

The right to object (Art. 21 GDPR).
If your personal data are processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons that arise from your situation. Insofar as the opposition is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of specifying a particular situation.

If you would like to exercise your right of revocation or objection, please send an e-mail to datenschutz@bluberries.de.

L. Changes of the data protection statement

We reserve the right to change and/or update this data protection statement under consideration of the existing data protection regulations. This way we can fit it to current legal requirements and consider updates of our services, e.g. introduction of new services. For your visit of this website the respective current version applies.

Effective: 24.01.2019

Wir verwenden Cookies, um Inhalte und Anzeigen zu personalisieren, Funktionen für soziale Medien anbieten zu können und die Zugriffe auf unsere Website zu analysieren. Außerdem geben wir Informationen zu Ihrer Verwendung unserer Website an unsere Partner für soziale Medien, Werbung und Analysen weiter. Unsere Partner führen diese Informationen möglicherweise mit weiteren Daten zusammen, die Sie ihnen bereitgestellt haben oder die sie im Rahmen Ihrer Nutzung der Dienste gesammelt haben. Sie geben Einwilligung zu unseren Cookies, wenn Sie unsere Website weiterhin nutzen.