Data Protection Statement.

We, BLUBERRIES GmbH, Stetten 4, 83123 Amerang as the data controller for the website bluberries.de pursuant to Art. 4 No. 7 EU GDPR (hereinafter “we”), are pleased to provide you with information through this data protection statement as to whether and to what extent your personal data is processed when visiting the website at this domain. In addition, we also hereby provide you information on your rights and identify relevant contacts. This information applies to the domain specified above as well as to other websites that we host online if these are explicitly referenced in this statement.

Personal data includes all information that identifies you individually, e.g. name, address, email address, IP address, data about website use.

This website may contain links to websites outside of BLUBERRIES, to which this data protection statement does not apply. In case you leave this website, please make sure to check the data protection statement of the websites outside of BLUBERRIES.

 

A. Processing of personal data from informational use based on legitimate interests, Art. 6(1) lit. f) GDPR

In case of purely informational use of our website, which means when you do not register, log in or otherwise transmit any additional information to us, we initially collect and process only the personal data that your browser and your internet provider transmit to our server. This involves data that is needed for technical reasons in order to display the website and to ensure the security and stability of our site.

Specifically, this is the shortened and thus anonymous IP address (the reduction excludes person-specific identifiers and thus, a personal relationship), the website, the site you last visited (referrer), the websites belonging to BLUBERRIES that you visited, the names of the retrieved files, the date and time of the retrieval, the operating system and version of browser installed on your PC. We also store the aforementioned data in log files. This occurs in order to ensure that the website functions properly. In addition, we use the data to improve our online presence and to ensure its security. However, none of the afore mentioned data is stored together with other personal information. Log files are stored for a maximum of 7 days.

  • Technical data (shortened and hence anonymised IP address; date; time of the request; content of the request, i.e. specific site and files you might have accessed; access status/http status code);
  • Time zone difference to Greenwich Mean Time (GMT); amount of data transferred respectively; website from which the request originated;
  • Operating system/browser data (operating system, GUI, browser, language and version of the browser software)

In order for the website to operate properly and to fulfil our own obligations, we forward your data to our service providers and in turn receive data from them. This is also applicable if you contact us in the ways specified by us or use other offers on our website.

We also save your personal data in the so called local storage. meaning we use the saving capacity of your browser. Local storage is an industry-standard technology that allows a website or app to store and retrieve data on a person’s computer, mobile phone or other device. This helps to facilitate the user experience of blueberries.de. Third parties or other websites cannot access this data. A combination of other types of data and local storage data is not happening.

Furthermore, some tracking tools save information and entries in the local storage. The according data protection notes can be found in the section on tracking tools. These data help to analyse and interpret the browsing behaviour of the visitors of bluberries.de and will not be used for commercial purposes.

 

B. Use of cookies based on legitimate interests, Article 6(1) letter a) GDPR

In addition to the data previously specified, when you visit our website, so-called “cookies” are saved to your computer. Cookies are small text files that are saved to a browser on your computer and are used by the entity that placed them there (i.e. us) to obtain certain information. Cookies cannot run programmes or place viruses on your computer. They serve generally to make the website more effective and user friendly.

When you visit our website for the first time or if no cookie is detected on your device, you will be notified of our use of cookies. In addition, we obtain your consent for storing certain cookies. You will find further explanations under J.

We use both transient and persistent cookies; the scope and functionality of each is described below:

1. Transient Cookies

Transient cookies are automatically deleted when you close your browser. This includes in particular session cookies. These store a so-called session ID, through which different requests of your browser can be assigned to the common session and make your surfing experience on our website a more pleasant one for you. Session cookies can be used to recognise your computer when you return to our website. Session cookies are automatically deleted when you close your browser.

2. Persistent Cookies

Persistent cookies are automatically deleted after a specified period, which can differ from one cookie to another. You can delete the cookies at any time using the security settings in your browser. At no time will personal data be stored in a cookie.

Most browsers are pre-set to automatically accept cookies. However, you can disable the storage of cookies or set your browser to notify you before storing cookies. Users who do not accept cookies may not be able to access certain areas of our websites.


Important:

You may configure your browser however you like so that it, for example, refuses to accept third-party cookies or any cookies. You should be aware, however, that such refusal may potentially prevent you from accessing all the website’s features or the site may not display at all.


C. Use of cookies based on your consent, Article 6(1) letter a) GDPR

In addition to the aforementioned use of cookies to operate our website, you have consented to the use of the following cookies for the purpose of personalised advertising, you are able to inform yourself or opt-out of these cookies in section "J. Use of Web Analytics".

 

D. Contact via e-mail or contact form

When you contact us by email, we store the data you provide (your email address, where applicable your name and telephone number) in order to reply to your query. We delete the data accrued in this manner once it is no longer needed or restrict its processing where statutory retention requirements apply.

 

E. Data Recipients and Data Sources

1. Categories of data recipients

Within the scope allowed by law (as previously described), we relay personal data to companies in our group as well as to external service providers:

  • IT service providers, for the purpose of maintaining our IT infrastructure
  • Public agencies where justified on a case-by-case basis (e.g. national insurance carriers, financial authorities, police, public prosecutor’s office, regulatory agencies)

2. Data Sources

We process personal data that we obtain from you within the context of our user and business relationships. Where necessary in order to provide our services, we process personal data that we have collected within the context of your use of our website. Further, we process personal data we get from search engines or analytics providers.

 

F. Data transfer to a third country

In addition to the data transfers to third countries as already described above, data is also transferred to countries outside the European Union and the European Economic Area ("third countries") in the context of the administration, development and operation of IT systems. When doing so, the following must be observed:

Transfer is in principle permissible because the requirements allowing for such transfer under law have been satisfied or you have given your consent to the transfer of the data and special conditions exist for transfer to a third country. Specifically, the data importer guarantees an adequate level of data protection in accordance with standard EU clauses for the transfer of personal data to data processors in third countries. You can find a copy of the standard contract clauses stipulated by the EU Commission online at:

http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32010D0087

In some cases the the required data security is secured by the certification of the contract party via the EU-US Privacy Shield, which you can see via: https://www.privacyshield.gov/.

Alternatively, you can get these from us (see contact details).

 

G. Retention period or criteria in determining retention period.

Where purely informational use is involved (see Item A.), we retain the designated personal data for as long as necessary to provide services or for use. It is deleted once the respectively designated purpose has been achieved.

Data stored in log files is deleted within a maximum of 7 days. In addition, personal data stored in log files is also anonymised.

If there are statutory or contractual retention periods (e.g. where a user or contractual relationship is involved), we are obligated to retain the data until expiration of this period. We delete the relevant data following expiry or discontinuation of relevant obligations arising from statutory retention periods stipulated by commercial and tax law (see §§ 147 General Tax Code (AO) and 257 Commercial Code (HGB)).
We retain your data for marketing purposes until you object to its use, withdraw your consent or such use is no longer legally permitted.

We retain your other data only as long as we need it to fulfil the specific purpose for which it was collected (e.g. fulfilment or conclusion of contract) and delete it once it ceases to be needed for that purpose.

 

H. Your rights

You may request information from us at any time regarding the data stored about you and you may request the correction of this data in the event it contains errors. In addition, you can direct a complaint at any time to a regulatory authority. For us, the Bayerische Landesamt für Datenschutzaufsicht, PO Box 606, 91511 Ansbach, Germany, is responsible. 


Request for restriction

In addition, you may also request restrictions be placed on processing, the portability of the data you provided us in a machine-readable format or the deletion of your data – provided it is no longer needed. Moreover, you have the right to object to the use of your data on the basis of public or legitimate interests at any time.

BLUBERRIES GmbH

Balanstraße 55

81541 Munich

E-Mail: Datenschutz@bluberries.de 


It is imperative that we retain the data collected in our log files in order to ensure the functioning of the website. Therefore, there is no right to object to the processing of this information.


Withdrawal

If we process your data on the basis of your consent, you may withdraw this consent with future effect at any time. Upon receipt of your withdrawal of consent, we cease processing your data for the purpose for which consent was granted. Please direct your withdrawal of consent or revocation of your consent to the commercial use of your data to:

BLUBERRIES GmbH

Balanstraße 55

81541 Munich

E-Mail: Datenschutz@bluberries.de 


In addition, you can direct a complaint at any time to a regulatory authority. For us, the Bayerische Landesamt für Datenschutzaufsicht, PO Box 606, 91511 Ansbach, Germany, is responsible. Alternatively, you may also approach the regulatory authority with jurisdiction at your location.

 

I. Data Protection Officer

You can contact our data protection officer via:

BLUBERRIES GmbH

Data Protection Officer

Balanstraße 55

81541 Munich

E-Mail: Datenschutz@bluberries.de

 

J. Use of Web Analytics

1. Google Analytics

  1. This website uses Google Analytics, a web analysis service from Google Inc. (“Google“). Google Analytics employs cookies that are saved to your computer and enable analysis of your use of the website. The information generated by the cookie on your use of this website is in general transmitted to a server in the US and stored there. Through IP anonymisation on this website, however, your IP address is first truncated by Google within the member countries to the European Union or in other signatories of the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the US and truncated there.
  2. Use of IP address -  Computers and devices connected to the Internet are assigned a unique number called an IP address. Because these numbers are typically assigned in country-based blocks, an IP address can often be used to identify the country (state or city) that connects to the Internet using a particular computer. Google Analytics captures the IP addresses of website visitors. This allows website owners to analyse which parts of the world their visitors come from. This method is known as geo-targeting by IP addresses.
  3. The actual IP address information will not be shared with Google Analytics customers by Google Analytics. In addition, the IP masking method is used: Website owners who use Google Analytics can set it to use only part of the data for geo-targeting instead of the entire IP address. Website owners generally have access to the IP addresses of their website visitors, regardless of the use of Google Analytics.
  4. The data collected through Google Analytics will be stored for a period of 50 months.
  5. We use Google Analytics to analyse use of and to periodically make improvements to our website. Using the statistics acquired thereby, we are able to improve our website and make it more attractive to you as a user. For those exceptional circumstances in which personal data is transmitted to the US, Google has agreed to be subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1) p. 1 lit. f GDPR.
  6. Information about third-party providers: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of Use: http://www.google.com/analytics/terms/de.html
Overview of Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html
as well as the data protection statement: http://www.google.de/intl/de/policies/privacy.

 

K. Social Media

1. Use of Social Media Plug-ins

  1. We currently make use of the following social media plug-ins: Google+ and Xing. We use the so-called two-click approach. That means, when you visit our site, no personal data is initially transmitted to the plug-in provider. You can identify the plug-in provider by the first letter or logo on the label on the box. We provide you the opportunity to communicate directly with the plug-in provider using the button. Only when you activate the marked field by clicking on it will the plug-in provider be informed that you have accessed our online services on the website. According to Facebook, the IP address is anonymised on Facebook immediately after collection. Therefore, by activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (for US providers: in the US). As the plug-in provider acquires the data primarily via cookies, we recommend you delete all cookies using the security settings on your browser before clicking on the greyed-out box.
  2. We have no influence over either data collection or data processing operations, nor are we familiar with the full scope of data collection, the purposes of collection or retention periods. We also have no information on deletion of the collected data by the plug-in provider.
  3. The plug-in provider stores data collected about you as a user profile and uses it for the purpose of advertising, market research and/or appropriate design of its website. This utilisation occurs in particular (including for users who are not logged in) in presenting appropriate advertising and to inform other social network users of your activities on our website. You are entitled to object to the creation of this user profile; to do so you must contact the respective plug-in provider. Using the plug-in we offer you the opportunity to interact with the social network and other users so that we can improve our site and design it so as to make it more attractive to you. The legal basis for the use of plug-ins is Art. 6(1) p. 1 lit. f GDPR.
  4. Data transfer occurs independently of whether or not you have an account with the plug-in provider and are logged in. When you are logged into the plug-in provider, the data collected from us is assigned directly to your account with the plug-in provider. When you press the activated button and, for example, link to the website, the plug-in provider also stores this information and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, particularly before activating the button in order to avoid this sort of association to your profile with the plug-in provider.
  5. You can find additional information on the purpose and scope of data collection and its processing by the plug-in provider in the following data protection statements by these providers. There you will also find additional information regarding your rights and configuration options for safeguarding your personal privacy.
  6. Addresses for the respective plug-in providers, together with their data protection statements:

Google Inc., 1600 Amphitheatre Parkway, Mountainview, California 94043, USA;

https://policies.google.com/technologies/partner-sites?hl=en
Google has agreed to be subject to the EU-US Privacy Shield,

https://www.privacyshield.gov/EU-US-Framework

Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany;

https://privacy.xing.com.

 

Effective: 08.06.2018