blu Gruppe has realized an efficient business model that facilitates first-class services, high employee motivation and an excellent cost structure. An ongoing intensive communication and cooperation with our subsidiaries is highly emphasized. The services of blu Gruppe focus on IT consulting and solutions for corporate functions within large companies and corporations, mainly in the fields of Finance, Automotive, Healthcare, Telco and IT.
How long do we store your data?
Unless a more specific storage period has been specified within this data policy, your personal data will remain with us until the purpose or legal basis for the data processing no longer applies. If you assert a justified request for deletion or withdraw consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
Data collection on our website
When you visit our website, information is automatically sent to our website server by the browser type used on your terminal device. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automatic deletion:
The aforementioned data is processed by us for the following purposes:
The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
The legitimate interest for this processing is as follows: The integrity and security of the website, which is carried out by Security through the collection of logs, in particular IP addresses, in order to detect the possible abuse at an early stage and to be able to take measures to reduce the damage.
Your personal data is stored with our provider, with whom a data processing agreement within the meaning of Art. 28 GDPR has been concluded.
For security reasons, our website uses SSL encryption. This protects transmitted data and prevents it from being read by unauthorised third parties.
You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol, which is recognisable in your browser line on the left.
By making appropriate changes to your browser settings, you can be informed about the setting of cookies and decide individually whether to accept them or generally exclude them, as well as arrange for the automatic deletion of cookies when closing the browser window. By deactivating cookies, you may not be able to use all the functions of our website.
Data Transfer to the US and other third countries
We use tools from companies based in the US or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Contacting the Company
You have the option of contacting us at any time. We would like to provide you with the following information:
General contact options
As general contact media you have the following options
To process your contact request, we will have to store your communication data (e.g., telephone number, email address) and identification data (e.g., name, address).
The legal basis of Art. 6 (1) (b) GDPR applies here, only if the contact is based on the initiation of a contract, the implementation of an existing contractual relationship or the amendment of a contractual relationship.
For all other cases of contact, the processing is based on the legitimate interest according to Art. 6 (1) (f) GDPR of the company.
The legitimate interest for this processing is as follows: As a company, we pursue the economic interests of individualisation and optimisation of our products, which are declared as economic factors of the company.
We use Microsoft Teams, a service of the Microsoft Corporation, to conduct telephone and video conferences, online meetings, or online seminars. If online meetings or online seminars are to be recorded, we will inform you of this before they begin and – where necessary – ask for your (verbal) consent. If you do not wish to be recorded, you can leave the online meeting or seminar. The following personal data may be processed in the process:
The scope of the data depends on the information you provided before or during participation in the online meeting or seminar.
The transfer of data to the US is based on the standard contractual clauses of the EU Commission in accordance with Art. 46 (2) (1) (c) GDPR. These can be classified as appropriate safeguard for the protection of the transfer and processing of personal data outside the EU.
In the context of the online meeting, we rely on the legal basis of Art. 6 (1) (b) GDPR.
During the online meeting, the login names of all participants and the generated communication content are displayed and can be viewed by the other participants in the online meeting. The communication content is stored for documentation purposes. If necessary, the online meeting is recorded and made available to the participants afterwards.
In the context of online seminars, we rely on the legal basis of Art. 6 (1) (f) GDPR, our legitimate interest lies in an appealing design of our online seminar.
During the online seminar, the login names of all participants and the generated communication content are displayed and can be viewed by the other participants in the online seminar. The communication content is stored for documentation purposes. If necessary, the online seminar will be recorded and made available to the participants afterwards.
Data processing for events (online and presence)
The data processing is carried out for the purpose of registration, receipt, organization, implementation, and quality assurance of the event, as well as for distribution of information on further events. Photos or video recordings made at the event may be processed for the purpose of public relations and may be published on the internet or in our publications.
This data processing is carried out on the basis of Art. 6 (1) (b) GDPR and on the basis of Art. 6 (1) (f) GDPR. The processing serves the public relations work of the company and thus also serves the competitiveness of the company. Our legitimate interest follows from the purposes of data collection listed above, and we also rely on the economic interest of the company in this context.
If you have given us your consent to the processing of photos and video recordings for the above-mentioned purposes, the data processing takes place on the basis of Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future.
Recipients of the data
Your personal data will only be disclosed internally to fulfil the above mentioned purposes or to comply with legal obligations.
As far as the purpose allows, the following entities within the blu Gruppe AG may access your personal data:
All relevant employees are obligated to maintain the confidentiality of your data. As a matter of principle, we do not pass on your personal data externally unless we are legally permitted to do so, or we have your consent. Should we use a service provider in the sense of a processor, we will still be responsible for the protection of your personal data. All processors are contractually obliged to treat your personal data confidentially and to process it only in the context of providing the specified service.
No automated individual decision-making procedures pursuant to Art. 22 GDPR or other profiling measures within the meaning of Art. 4 No. 4 GDPR take place.
Your personal data will only be processed within the European Union. There will be no transfer outside the Union. Should this become necessary, we will inform you in advance and ensure all necessary measures to maintain an appropriate level of data protection.
Legislators have issued many retention periods, which we observe with the utmost care in order to comply with these obligations. In general, we only store your personal data for as long as it is permitted by the defined purpose or as is required by law for reasons of proof.
Data Processing through Social Media
We maintain publicly accessible profiles on social networks. The individual social networks used by us can be found below.
Social networks such as Facebook, Twitter, etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered.
In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
The analysis processes initiated by the social networks may be based on different legal grounds, which must be stated by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (access, rectification, erasure, restriction of processing, data portability and objection) both against us and against the operator of the respective social media platform (e.g., Facebook).
Please note that despite the joint responsibility with the social media platform operators, we do not have full influence on the data processing operations of the social media platform. Our options are largely determined by the corporate policy of the respective operators.
Duration of Data storage
The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, withdraw your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular, retention periods – remain unaffected.
Used social media platforms in detail
We use the functions of XING on our website, which are provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Each time our website is accessed, a connection to XING servers is established. As far as we are aware, no personal data is stored in the process; in particular, there is no evaluation of usage behaviour and IP addresses are not stored.
We use the functions of LinkedIn on our website, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you would like to deactivate these advertising cookies, use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. The data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa? and https://www.linkedin.com/legal/l/eu-sccs.
Rights of the data subject
Right to access
In accordance with Art. 15 GDPR, you have the right to request information about your personal data that we process. This right includes information about:
Right to rectification
In accordance with Art. 16 GDPR, you have the right to rectification and/or completion, if your processed personal data is incorrect or incomplete, without delay.
Right to erasure
Pursuant to Art. 17 GDPR, you have the right to request that we erase your personal data without undue delay, unless further processing is necessary for one of the following reasons:
Right to the restriction of processing
According to Art. 18 GDPR, you may request the restriction of the processing of your personal data under the following conditions:
Right to notification
If you have requested the rectification or erasure of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.
Right to data portability
We grant you the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format.
You also have the right to request the transfer of this data to a third party if the processing is carried out with the aid of automated procedures and is based on consent pursuant to Art. 6 (1) (a) GDPR, Art. 9 (2) (a) GDPR or Art. 6 (1) (b) GDPR.
Right to withdraw consent
In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In the future, we may no longer continue the data processing based on your revoked consent.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority pursuant to Art. 77 GDPR. This depends on the federal state of your residence, your work, or the alleged violation. A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.
Our responsible supervisory authority is:
The Data Protection Authority for the German state of Bavaria (BayLDA)
P.O. Box 1349
Online complaint form: https://www.lda.bayern.de/de/beschwerde.html.
Right to object
If we process your personal data based on a legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing pursuant to Art. 21 GDPR if you can demonstrate special reasons for this. These grounds may arise from your particular situation or be directed against direct marketing. In the latter case, you have a general right of objection, which must be implemented by us without any indication of the specific situation. You can send your right of objection or revocation directly by email to email@example.com.
Automated individual decision-making including Profiling
Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing including profiling which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision:
For the cases mentioned in 1 and 3, we take measures to safeguard your rights and freedoms as well as your legitimate interests, which at least include the right to obtain human intervention on our part, to express your point of view and to contest the decision.
Amendment and Updating
In the process of updating, changes may be made to our data policy from time to time. If changes are made to this policy, we will mark them for you.
This data policy is dated 14th of September 2022