Data Protection
Data Protection Notice
This website is made available to you for use under the joint responsibility of the three companies blu Systems GmbH, blu Eye GmbH, and blu Guard GmbH. The jointly responsible parties have defined in an agreement which of them assumes obligations under the applicable data protection law. If statements are made concerning we/us, these refer to all joint controllers. Otherwise, explicit reference is made to any deviations.
We take the protection of your private data very seriously and want you to feel comfortable when visiting our website. The protection of your privacy when processing personal data is an important concern for us, which we consider in our business processes. This data protection notice explains how personal data is collected, processed, and used during and after your use of our website, what types of data this concerns, why such data is collected, with whom it is shared, and what rights you have in this regard.
Please read this note carefully.
Explanation of terms
We have designed our data protection notice by the principles of the GDPR, see Art. 5 GDPR. However, if there are any uncertainties regarding the use of terms, you can view the relevant definitions here.
Name and address of the responsible party
blu Systems GmbH
Legal representatives: Florian Forster, Rüdiger Veitl
Keltenring 11
82041 Oberhaching
Deutschland
Telefon: +49-89-919-290-540
E-Mail: info@blusystems.de
Website: https://www.thebluexperience.de
blu Eye GmbH
Legal representatives: Florian Forster, Rüdiger Veitl
Keltenring 11
82041 Oberhaching
Deutschland
Telefon: +49 (0)89 9192 9054 0
E-Mail: info@blueye.de
Website: https://www.thebluexperience.de
blu Guard GmbH
Legal representatives: Florian Forster, Rüdiger Veitl, Torsten Enk
Keltenring 11
82041 Oberhaching
Deutschland
Telefon: +49 (0)89 9192 9054 0
E-Mail: info@bluguard.de
Website: https://www.thebluexperience.de
Data Protection Officer for Each of the Controllers
blu Systems GmbH
Datenschutzbeauftragter
Keltenring 11
82041 Oberhaching
Deutschland
Telefon: +49 (0)89 9192 9056 0
E-Mail: dsb@blusystems.de
Website: https://www.thebluexperience.de
Speicherdauer und Löschung
Soweit innerhalb dieses Datenschutzhinweises keine speziellere Speicherdauer genannt wurde, verbleiben Ihre personenbezogenen Daten bei uns, bis der Zweck oder die Rechtsgrundlage für die Datenverarbeitung entfallen. Wenn Sie ein berechtigtes Löschersuchen geltend machen oder eine Einwilligung zur Datenverarbeitung widerrufen, werden Ihre Daten gelöscht, sofern wir keine anderen rechtlich zulässigen Gründe für die Speicherung Ihrer personenbezogenen Daten haben (z. B. steuer- oder handelsrechtliche Aufbewahrungsfristen), im letztgenannten Fall erfolgt die Löschung nach Fortfall dieser Gründe.
Bereitstellung der Website und Erstellung von Log Files
Beim Besuch unserer Website werden, durch den auf Ihrem Endgerät eingesetzten Browser, automatisch Informationen an den Server unserer Website gesendet. Diese Informationen werden temporär in einem Logfile gespeichert. Folgende Informationen werden dabei ohne Ihr Zutun erfasst und bis zur automatisierten Löschung gespeichert:
- IP-Adresse des anfragenden Rechners
- Datum und Uhrzeit des Zugriffs
- Name und URL der abgerufenen Datei
- Website, von der aus der Zugriff erfolgt
- verwendeter Browser und ggf. das Betriebssystem Ihres Rechners sowie der Name Ihres Access-Providers
Die genannten Daten werden durch uns zu folgenden Zwecken verarbeitet:
- Gewährleistung eines reibungslosen Verbindungsaufbaus der Website
- Gewährleistung einer komfortablen Nutzung
Storage duration and deletion
Unless a more specific storage period has been specified in this data protection notice, your personal data will remain with us until the purpose or legal basis for the data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.
Provision of the website and creation of log files
When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:
- The IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- The website from which the access is made
- Browser used and, if applicable, the operating system of your computer and the name of your access provider
The mentioned data is processed by us for the following purposes
- Ensuring a smooth connection to the website
- Ensuring convenient use of the website
- Evaluation of system security and stability
- Error analysis
- For further administrative purposes
The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected to draw conclusions about your person.
Das berechtigte Interesse für diese Verarbeitung ist wie folgt: Die Integrität und Sicherheit der Website, welche durch die Security durch die Erhebung von Logs insbesondere IP-Adressen durchgeführt wird, um einen möglichen Missbrauch frühzeitig zu erkennen und Maßnahmen zur Schadensreduzierung ergreifen zu können. (Ergibt für mich keinen Sinn, daher nicht übersetzt);
Your personal data is stored by our provider, with whom an order processing contract within the meaning of Art. 28 GDPR has been concluded.
SSL encryption
For security reasons, our website uses SSL encryption. This protects transmitted data and prevents it from being read by unauthorized third parties.
You can recognize an encrypted connection by the fact that the address line of the browser changes from
“http://” to “https://” and by the lock symbol in your browser line on the left.
Cookies
We use cookies to make the use of our website more attractive, user-friendly, and effective. These are small text files that are stored on your end device and contain information about the websites you have visited. Cookies do not damage your computer and do not contain viruses.
By making changes to your browser settings, you can be informed about the setting of cookies and decide individually whether to accept them or generally exclude them, as well as arrange the automatic deletion of cookies when the browser window is closed. If you deactivate cookies, you may not be able to use all the functions of our website.
Table:
blusystems.de
PHPSESSID (Session duration)
This cookie is used to store the unique browser ID to recognize the website visitor.
blusystems.de
real_cookie_banner-v:2_-blog:1* (1 year)
This cookie is used to store the cookie settings of the website visitor.
k50052.coveto.de
AMA_91838a75a84429ee7c8a35f1b7e095c4 (Session duration)
This cookie is used to store the session identifier for associating uploaded files.
k50052.coveto.de
i18nLocale (Session duration)
This cookie is used to detect the geographical location of the website visitor to display relevant job advertisements.
.coveto.de
coveto_domain (Session duration)
This cookie is used for recognizing the website visitor and the settings made.
Data transfer to the USA and other third countries
We also use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We draw your attention to the fact that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be excluded that US authorities (e.g. secret services) may process, evaluate, and permanently store your data on US servers for surveillance purposes. We do not have influence on these processing activities.
etracker
We use the services of etracker GmbH (Erste Brunnenstr. 1, 20459 Hamburg, www.etracker.com) on our website to analyze usage data. We do not use cookies for web analysis by default. If we use analysis and optimization cookies, we obtain your explicit consent separately in advance. If this is the case and you give your consent, cookies are used to enable a statistical analysis of the reach of this website, to measure the success of our online marketing measures and test procedures, e.g. to test and optimize different versions of our online offering or its components. The cookies used by etracker do not contain any information that enables a user to be identified.
etracker collects data, characteristics, and activities of the users of our website. The types of personal data may include IP addresses, user IDs, device IDs, and email addresses.
The data generated with etracker is processed and stored by etracker on our behalf exclusively in Germany and is therefore subject to strict German and European data protection laws and standards. etracker has been independently audited, certified, and awarded the ePrivacyseal data protection seal of approval in this regard. In addition, we have signed an order processing contract with etracker.
The legal basis for processing is Art. 6 para. 1 lit. f) GDPR (legitimate interest). Our concern with the meaning of the GDPR is the optimization of our online services and our website. Since the privacy of our visitors is important to us, the data that may allow a reference to a person, such as the IP address, login, or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, merging with other data, or disclosure to third parties takes place.
You can revoke your consent to the described data processing at any time by using the slider control on the website. The revocation has no negative consequences.
Further information on data protection at etracker can be found here.
Google Fonts
Um Inhalte auf unserer Website browserübergreifend korrekt und grafisch ansprechend darzustellen, verwenden wir auf unserer Website Google Fonts von der Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Irland.
Wir haben die verwendeten Schriftarten lokal auf der Website eingebunden und es wird keine Verbindung mit den Google-Servern aufgebaut. Hier werden keine personenbezogenen Daten von Ihnen erhoben und übermittelt. Wenn Sie Fragen zum Datenschutz von Google haben, können Sie sich hier (Achtung: wenn Sie diesen Link betätigen, werden Sie auf die Webseite von Google Inc. weitergeleitet) informieren.
Contact with the company
You can contact us at any time. We would like to provide you with the following information:
General contact options
As general contact media, you can contact us
- by post,
- by telephone,
- by fax or
- by e-mail.
To be able to process your contact request, we will need to store your communication data (e.g. telephone number, e-mail address) and identification data (e.g. name, address).
The legal basis of Art. 6 para. 1 lit. b) GDPR only applies if the contact is based on the initiation of a contract, or the performance of an existing contractual relationship, or the amendment of a contractual relationship.
In all other cases of contact, the processing is based on the legitimate interest of the company under Art. 6 para. 1 lit. f) GDPR.
The legitimate interest for this processing is as follows: As a company, we pursue the economic interests of individualizing and optimizing our products, which are declared as economic factors of the company.
Scheduling appointments with FindTime
We use the Outlook add-in FindTime to simplify the scheduling of meetings and telephone calls. Appointment suggestions are created and sent by e-mail. The recipients can select or vote for suitable appointments as well as a preferred date. The appointment with the highest approval rating is then sent and booked as a meeting request. This involves processing the first name, surname, email address, and time zone.
The data is stored in our IT systems (Microsoft Exchange). Your data is also stored on the servers of our service provider, Microsoft Corporation. After 90 days at the latest, your data will be automatically and completely deleted from there. We store your data for a maximum period of 6 years (by retention periods under tax and commercial law)
Data processing is carried out based on Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in setting targeted and customer service-oriented appointments.
You have the right to revoke your consent to data processing at any time.
We only transfer your data to third parties if we are legally able to do so or have received your consent.
Your data will be passed on to our external service provider, Microsoft Corporation, which supports us in data processing within the framework of order processing by Art. 28 GDPR strictly by instructions and with which we have signed an order processing contract.
Microsoft Corporation is an IT service provider in the USA. As a suitable guarantee for the legality of the data transfer, we have concluded EU standard contractual clauses with the processor by Art. 46 para. 2 lit. c) GDPR.
Service management platform 4me
To provide our support services, we use the cloud application of the manufacturer 4me Inc, 555 Bryant Street #156 Palo Alto, CA 94301 USA based on our legitimate interest Art. 6 para. 1 sentence 1 lit. f) GDPR. Your first and last name, your email address, and your business telephone number are managed here so that tickets can be processed.
The processing of personal data in connection with the service management platform serves the purpose of providing an effective way to contact and communicate with our support team and to manage, process, and resolve incoming support cases. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected (completion of the support case) and storage is no longer required, including about the relevant statutory periods (in particular warranty claims) for the services provided in this context.
You have the right to object to data processing at any time. We only transfer your data to third parties if we are legally able to do so or have received your consent. Your data will be passed on to our external service provider, 4me Inc., which supports us in data processing within the framework of order processing by Art. 28 GDPR with which we have concluded an order processing contract. 4me Inc. is an IT service provider from the USA. As a suitable guarantee for the legality of the data transfer, we have concluded EU standard contractual clauses with the processor by Art. 46 para. 2 lit. c) GDPR. Further data protection provisions can be found here Privacy Policy – 4me.
Document processing within the framework of cooperative collaboration
We can share and edit documents with you as part of the cooperative collaboration. The Microsoft file repositories (SharePoint and OneDrive) are used for this purpose.
The services are provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
We can grant you access to certain documents on the file repositories to edit documents together. For this purpose, you will receive an e-mail for the shared document and will be asked for the relevant access data. Your first name, surname, and e-mail address will be processed. This data is also stored on Microsoft’s servers. We will store your data for a maximum of 6 years (by retention periods under commercial law).
Data processing is carried out based on Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in high-quality cooperative collaboration.
Your data will only be transmitted to third parties if we are legally able to do so, are obliged to do so for legal reasons, or if we have your consent.
You have the right to object to this data processing at any time.
Your data will be passed on to our external service provider, Microsoft Corporation, which supports us in data processing within the framework of order processing by Art. 28 GDPR strictly in accordance with instructions and with which we have concluded an order processing contract.
Microsoft Corporation is an IT service provider in the USA. As a suitable guarantee for the legality of the data transfer, we have concluded EU standard contractual clauses with the processor by Art. 46 para. 2 lit. c) GDPR. You can find Microsoft’s privacy policy here: https://privacy.microsoft.com/de-de/privacystatement
Digital signature with DocuSign
We use the DocuSign signature platform, a service provided by DocuSign Germany GmbH, c/o Bird & Bird LLP, Maximiliansplatz 22, 80333 Munich.
DocuSign offers the possibility to sign documents digitally or electronically in a legally compliant manner. For this purpose, your first and last name, your address, your e-mail address, your IP address, location data, date, and time, and the signature you use are processed.
The corresponding contract is uploaded to DocuSign and a secure link is sent to you by e-mail. You can fill in your details in the fields marked for this purpose and sign the document. As a result, the document is marked with the date, time, and other details in a legally compliant manner and stored in DocuSign.
We base this processing on the legal basis of Art. 6 para. 1 lit. b) GDPR (fulfillment of contract or implementation of pre-contractual measures).
We only transfer your personal data internally to persons who are necessary for the fulfillment of the contract. External transmission only takes place to the processor DocuSign, with whom we have concluded an order processing contract.
During processing, DocuSign may transfer your data to the USA and other third countries, subject to applicable laws. DocuSign has introduced binding internal data protection rules (Binding Corporate Rules) to ensure the protection of your data during a transfer. You can find out more about DocuSign’s binding corporate rules here: https://www.docusign.com/trust/privacy/bcrp-privacy-codeund https://www.docusign.com/trust/privacy/bcrc-csb-code. You can find further data protection regulations from DocuSign here: https://www.docusign.de/de-de/datenschutzerklaerung/datenschutz/
We store your data for the legally specified and necessary period of 10 years. DocuSign automatically deletes your data 120 days after the conclusion of the respective contract.
Whistleblowing with Compliance Cloud
We use the SaaS solution “Compliance Cloud” from Akarion AG to comply with the EU Whistleblower Directive. The product is hosted directly by the service provider, with whom we have concluded a data processing agreement. The solution is provided within the EU and data is therefore not transferred to third countries.
Anonymized submission of a report:
You have the option of submitting a report anonymously. If you submit an anonymized report, please make a note of the ticket ID when completing the submission to find out the status or clarify any open questions.
Non-anonymized submission of a tip:
If you submit a non-anonymized report, you must enter your first and last name and your e-mail address. Your personal data will be processed by Art. 6 para. c) GDPR. The processing is carried out for to establish contact and receive personalized status messages. Should there be a change of purpose in the context of this processing, we will agree this with you in advance.
We store your submitted information for 3 years after completion of all related measures.
TeamViewer
As part of our customer support, we use the remote maintenance software TeamViewer, provided by TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen.
In the context of customer support, we may use TeamViewer. Here you allow us to share your screen view and, if necessary, take control. A secure connection is established via the TeamViewer Germany GmbH servers, which allows us to access your device. The shared screen view allows us to view all the information available on it. It is in your own interest to close all irrelevant programs, documents, etc. before participating in a TeamViewer session.
The legal basis for this processing, if a contractual agreement exists, is Art. 6 para. 1 lit. b) GDPR (fulfillment of the contract). If there is no contractual agreement, we rely on the legal basis of Art. 6 para. 1 lit. a) GDPR (consent). By using the remote maintenance software, you consent to the processing.
The processing takes place exclusively to fulfill the support service. Your data will not be used for any other purposes and will not be transmitted to third parties.
The transfer of data to TeamViewer Germany GmbH takes place through the order processing relationship, which we have secured with an order processing contract by Art. 28 GDPR.
You can find more information on data protection by TeamViewer here: https://www.teamviewer.com/de/datenschutzinformation/ and https://www.teamviewer.com/de/datenschutzinformation/#teamviewer-core-privacy-notice.
Microsoft Teams
We use Microsoft Teams, a service provided by Microsoft Corporation, to conduct telephone and video conferences, online meetings, and/or online seminars. If online meetings/online seminars are to be recorded, we will inform you before the start of the online meeting/online seminar and – if necessary – ask for your (verbal) consent. If you do not wish to be recorded, you can leave the online meeting/online seminar. The following personal data may be processed:
- User information: display name, e-mail address, profile picture (optional), preferred language
- Meeting metadata: e.g. date, time, meeting ID, telephone number, location
- Text, audio, and video data: You may have the option of using the chat function in an online meeting/online seminar. In this case, the data you enter will be processed to display it in the online meeting/online seminar.
The scope of the data depends on the information you have provided before or during participation in the online meeting/online seminar.
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission under Art. 46 para. 2 lit. c) GDPR.
The legal basis for the processing of personal data during online meetings is Art. 6 para. 1 lit. b) GDPR.
During the online meeting, the login names of all participants and the generated communication content are displayed and can be viewed by the other participants in the online meeting. The communication content is saved for documentation purposes. If necessary, the online meeting is recorded and subsequently made available to the participants.
The legal basis for the processing of online seminars is Art. 6 para. 1 lit. f) GDPR; our legitimate interest lies in the appealing design of our online seminar.
During the online seminar, the login names of all participants and the generated communication content are displayed and can be viewed by the other participants in the online seminar. The communication content is saved for documentation purposes. If necessary, the online seminar will be recorded and made available to the participants afterward.
Trustpilot
As a follow-up to our services, e.g. after completion of a project, you will receive an e-mail from us to survey customer satisfaction. The dispatch and the associated forwarding of your professional e-mail address to Trustpilot A/S (Denmark) takes place within the framework of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization of our service quality. We would like to point out that your rating can be viewed publicly on the platform https://de.trustpilot.com, which is why you can also submit an anonymized rating if you wish.
If you have not submitted a review within 30 days of receiving the email from Trustpilot, your email address will be automatically deleted after this time. If you submit a review, your e-mail address will be stored for 3 years.
Within Trustpilot, the information provided by the company Trustpilot A/S applies, which you can view at the following link: https://de.legal.trustpilot.com/for-businesses/business-privacy-policy
We have signed an order processing contract with the company by Art. 28 GDPR, in which we oblige Trustpilot A/S to protect our customers’ data and not to pass it on to third parties.
Handling of applicant data
We offer you the opportunity to apply for a job with us (by e-mail, post, or via an application form). In the following, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that your data will be collected, processed, and used by applicable data protection law and all other statutory provisions and that your data will be treated confidentially.
If you send us an application, we will process your personal data associated with it (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship.
The website’s job board offers you the opportunity to apply directly for an advertised position using an application form. If you apply to us via the application form on the website, your personal data will automatically be sent to the coveto applicant management system (provider is coveto ATS GmbH Frankenstr. 45, 63667 Nidda). We have signed an order processing agreement with the provider of the system. An e-mail notification of a new application is sent to our recruiters, which only contains the first and last name of the applicant and a link to the application received in the system.
The legal basis for this is Art. 6 para. 1 lit. b) GDPR (general contract initiation). Your personal data will only be passed on within our company to employees who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems to implement the employment relationship based on Art. 6 para. 1 lit. b) GDPR.
If we are unable to offer you a job, you reject a job offer or you withdraw your application, we will store your application documents for 6 months from the end of the process. After 6 months, the data will be deleted, and the physical application documents destroyed. The retention serves as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.
Inclusion in our applicant pool
If we do not make you a job offer, you may have the opportunity to join our applicant pool. In the event of inclusion, all documents and information from the application will be transferred to the applicant pool to contact you in case of suitable vacancies.
Inclusion in the applicant pool takes place exclusively based on your express consent (Art. 6 para. 1 lit. a) GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.
We use the coveto system for our application management. The provider is coveto ATS GmbH, Frankenstr. 45 63667 Nidda, with whom we have concluded an order processing contract.
Data processing for events (online and in person)
Data processing is carried out for the purpose of registration, acceptance, organization, implementation, and quality assurance of the event as well as the distribution of information on further events. Photos or video recordings made at the event may be processed for the purpose of public relations and, if applicable, published on the Internet or in our publications.
Data processing is carried out based on Art. 6 para. 1 lit. b) GDPR and based on Art. 6 para. 1 lit. f) GDPR. The processing serves the public relations work of the company and therefore also serves the competitiveness of the company. Our legitimate interest follows from the purposes for data collection listed above, and we also rely on the economic interest of the company in this context.
If you have given us your consent to process photos and video recordings for the above-mentioned purposes, the data processing takes place based on Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.
Recipients of the data
Your personal data will only be passed on internally to fulfill the stated purposes or to fulfill legal obligations.
To the extent permitted by the purpose, the following companies within the blu Group may have access to your personal data:
blu Systems GmbH
blu Eye GmbH
blu Guard GmbH
blu BEYOND GmbH
blu Professionals GmbH
All responsible employees are obliged to maintain the confidentiality of your data. Your personal data will not be passed on externally unless there is legal permission to do so or we have your consent to do so. If we use a service provider in the sense of order processing, we nevertheless remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service.
There are no automated individual decision-making procedures by Art. 22 GDPR or other profiling measures within the meaning of Art. 4 No. 4 GDPR.
Your data will only be processed within the European Union. Data will not be transferred outside the Union. Should this become necessary, we will inform you of this in advance and ensure that all necessary measures are taken to maintain an appropriate level of data protection.
The legislator has issued a large number of retention periods, which we observe with the utmost care in order to comply with these obligations. In this context, we generally only store your personal data for as long as this is permitted by the defined purpose or as required by law for reasons of proof.
Data processing through social networks
We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. buttons or advertising banners). Visiting our social media presence triggers numerous data protection-relevant processing operations.
In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media presence is intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.
The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a) GDPR).
Controller and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).
Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the company policy of the respective provider.
Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.
We do not have influence on the storage period of your data that is stored by the operators of social networks for their purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Social networks in detail
Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Meta, the data collected is also transferred to the USA and other third countries.
We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
Instagram
We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to the provider, the data collected is also transferred to the USA and other third countries. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: https://privacycenter.instagram.com/policy/, https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.
Xing
We use the functions of the XING network on our website, which are offered by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Each time our website is accessed, a connection to XING servers is established. To the best of our knowledge, no personal data is stored, in particular, there is no evaluation of usage behavior and IP addresses are not stored.
You can find more information on data protection and the XING Share button in XING’s privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung.
LinkedIn
We use the functions of the LinkedIn network on our website, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate these advertising cookies, please use the following link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://de.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
You can find more information in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
Google Maps
Our website uses a Google Maps link to our location to enable visitors to find us quickly. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When Google Maps is used, Google also collects, processes, and uses data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google privacy policy: https://policies.google.com/privacy?hl=de&gl=de
The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in making our location easy to find.
File sharing solution from Dracoon
To enable secure data transfer for you, we use a highly secure file-sharing solution from the company Dracoon GmbH (Dracoon GmbH Gelgenbergstr. 2a 93053 Regensburg). For you to log in to the system, we need to enter your first and last name, your e-mail address, and your telephone number. This data is required so that authentication on the system is possible.
We therefore base the processing on Art. 6 para. 1 lit. f) GDPR. As a company, we have an overriding legitimate interest in the context of network and information security by Recital. 49 GDPR.
The personal data is stored and processed within the EU and a transfer to unsafe third countries can be excluded.
As soon as you no longer require access to the file-sharing solution, we will delete your personal data from the system. Data collected as part of log management is automatically deleted after 4 weeks.
You can find more information about Dracoon’s file-sharing solution at: https://www.Dracoon.com/de/home
Rights of the data subject
Right to information
By Art. 15 GDPR, you have the right to request information about your personal data that we process. This right includes information about
- the purposes of the processing,
- the categories of personal data,
- the recipients or categories of recipients to whom your data has been or will be disclosed
- the planned storage period or at least the criteria for determining the storage period
- the existence of a right to rectification, erasure, restriction of processing, or objection
- the existence of a right to lodge a complaint with a supervisory authority
- the origin of your personal data if it was not collected by us, or
- the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details.
Right to rectification
By Art. 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data stored by us.
Right to Erasure
By Art. 17 GDPR, you have the right to demand that we erase your personal data without undue delay unless further processing is necessary for one of the following reasons:
- the personal data are still necessary for the purposes for which they were collected or otherwise processed,
- for exercising the right of freedom of expression and information
- for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest, or the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health by 9 UAbs. 2 lit. h) and i) and Art. 9 UAbs. 3 GDPR,
- for archiving purposes in the public interest, scientific, or historical research purposes, or statistical purposes by 89 UAbs. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise, or defense of legal claims
Right to restriction
By Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons
- You contest the accuracy of your personal data,
- the processing is unlawful and you oppose the erasure of the personal data
- We no longer need the personal data for processing, but you need it for the establishment, exercise, or defense of legal claims, or
- You object to the processing by 21 UAbs. 1 DSGVO.
Right to information
If you have requested the rectification or erasure of your personal data or a restriction of processing by Art. 16, Art. 17 para. 1 and Art. 18 GDPR, we will inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.
Right to transmission
We grant you the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format.
You also have the right to request the transfer of this data to a third party, provided that the processing is carried out using automated procedures and is based on consent under Art. 6 para. 1 lit. a) GDPR, Art. 9 para. 2 lit. a) GDPR or Art. 6 para. 1 lit. b) GDPR.
Right of revocation
By Art. 7 (3) GDPR, you have the right to withdraw your consent to us at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In the future, we may no longer continue the data processing based on your withdrawn consent.
Right to complain
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority under Art. 77 GDPR. This depends on the federal state of your place of residence, your work, or the alleged infringement. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Our competent supervisory authority is:
Bavarian State Office for Data Protection Supervision (BayLDA)
P.O. Box 1349
91504 Ansbach
Germany
Online complaint form: https://www.lda.bayern.de/de/beschwerde.html.
Right to object
If we process your personal data based on a legitimate interest by Art. 6 (1) (f) GDPR, you have the right to object to this processing by Art. 21 GDPR if you can prove special reasons for this. These grounds may arise from your particular situation or be directed against direct advertising. In the latter case, you have a general right to object, which must be implemented by us without specifying the particular situation. You can send your right of objection or revocation directly by email to dsb@blusystems.de.
Automated decision in individual cases including profiling
By Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.
However, this does not apply if the decision
- is necessary for the conclusion or performance of a contract between the data subject and the controller
- is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
- is done with the explicit consent of the data subject.
In the cases referred to in 1 and 3, we will take measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.
Changes and updates
In the course of updating, there may always be changes to our data protection notice. If changes are made to this notice, we will mark them for you.
The data protection notice was created on 29.06.2023.
We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.
The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consent.