blu Gruppe

blu Gruppe has realized an efficient business model that facilitates first-class services, high employee motivation and an excellent cost structure. An ongoing intensive communication and cooperation with our subsidiaries is highly emphasized. The services of blu Gruppe focus on IT consulting and solutions for corporate functions within large companies and corporations, mainly in the fields of Finance, Automotive, Healthcare, Telco and IT.

blu Eye GmbH

blu Professionals GmbH

blu Systems GmbH


blu Gruppe AG

Privacy Policy

How long do we store your data?

Unless a more specific storage period has been specified within this data policy, your personal data will remain with us until the purpose or legal basis for the data processing no longer applies. If you assert a justified request for deletion or withdraw consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Data collection on our website

When you visit our website, information is automatically sent to our website server by the browser type used on your terminal device. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automatic deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the file accessed
  • Website from which the access was made
  • Browser type used and, if applicable, the operating system of your computer as well as the name of your access provider

The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection of the website
  • Ensuring comfortable use of the website
  • Evaluation of system security and stability
  • Error analysis
  • for further administrative purposes

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

The legitimate interest for this processing is as follows: The integrity and security of the website, which is carried out by Security through the collection of logs, in particular IP addresses, in order to detect the possible abuse at an early stage and to be able to take measures to reduce the damage.

Your personal data is stored with our provider, with whom a data processing agreement within the meaning of Art. 28 GDPR has been concluded.


For security reasons, our website uses SSL encryption. This protects transmitted data and prevents it from being read by unauthorised third parties.

You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol, which is recognisable in your browser line on the left.


In order to make the use of our website more attractive, user-friendly and effective, we use cookies. These are small text files that are stored on your device and contain information about the websites you visit. Cookies do not damage your computer and do not contain viruses.

By making appropriate changes to your browser settings, you can be informed about the setting of cookies and decide individually whether to accept them or generally exclude them, as well as arrange for the automatic deletion of cookies when closing the browser window. By deactivating cookies, you may not be able to use all the functions of our website.

Cookies used

blugruppe.comhas_js (end of session)This cookie detects whether Javascript is enabled on client side.

Data Transfer to the US and other third countries

We use tools from companies based in the US or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Contacting the Company

You have the option of contacting us at any time. We would like to provide you with the following information:

General contact options

As general contact media you have the following options

  • via post,
  • via telephone
  • via fax or
  • via email.

To process your contact request, we will have to store your communication data (e.g., telephone number, email address) and identification data (e.g., name, address).

The legal basis of Art. 6 (1) (b) GDPR applies here, only if the contact is based on the initiation of a contract, the implementation of an existing contractual relationship or the amendment of a contractual relationship.

For all other cases of contact, the processing is based on the legitimate interest according to Art. 6 (1) (f) GDPR of the company.

The legitimate interest for this processing is as follows: As a company, we pursue the economic interests of individualisation and optimisation of our products, which are declared as economic factors of the company.

Microsoft Teams

We use Microsoft Teams, a service of the Microsoft Corporation, to conduct telephone and video conferences, online meetings, or online seminars. If online meetings or online seminars are to be recorded, we will inform you of this before they begin and – where necessary – ask for your (verbal) consent. If you do not wish to be recorded, you can leave the online meeting or seminar. The following personal data may be processed in the process:

  • User details: Display name, email address, profile picture (optional), preferred language.
  • Meeting metadata: e.g., date, time, meeting ID, phone number, location.
  • Text, audio, and video data: You may have the opportunity to use the chat function in an online meeting or seminar. In this case, the text entries you make are processed to display them.

The scope of the data depends on the information you provided before or during participation in the online meeting or seminar.

The transfer of data to the US is based on the standard contractual clauses of the EU Commission in accordance with Art. 46 (2) (1) (c) GDPR. These can be classified as appropriate safeguard for the protection of the transfer and processing of personal data outside the EU.

In the context of the online meeting, we rely on the legal basis of Art. 6 (1) (b) GDPR.

During the online meeting, the login names of all participants and the generated communication content are displayed and can be viewed by the other participants in the online meeting. The communication content is stored for documentation purposes. If necessary, the online meeting is recorded and made available to the participants afterwards.

In the context of online seminars, we rely on the legal basis of Art. 6 (1) (f) GDPR, our legitimate interest lies in an appealing design of our online seminar.

During the online seminar, the login names of all participants and the generated communication content are displayed and can be viewed by the other participants in the online seminar. The communication content is stored for documentation purposes. If necessary, the online seminar will be recorded and made available to the participants afterwards.

Data processing for events (online and presence)

The data processing is carried out for the purpose of registration, receipt, organization, implementation, and quality assurance of the event, as well as for distribution of information on further events. Photos or video recordings made at the event may be processed for the purpose of public relations and may be published on the internet or in our publications.

This data processing is carried out on the basis of Art. 6 (1) (b) GDPR and on the basis of Art. 6 (1) (f) GDPR. The processing serves the public relations work of the company and thus also serves the competitiveness of the company. Our legitimate interest follows from the purposes of data collection listed above, and we also rely on the economic interest of the company in this context.

If you have given us your consent to the processing of photos and video recordings for the above-mentioned purposes, the data processing takes place on the basis of Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future.

Recipients of the data

Your personal data will only be disclosed internally to fulfil the above mentioned purposes or to comply with legal obligations.

As far as the purpose allows, the following entities within the blu Gruppe AG may access your personal data:

  • blu BEYOND GmbH
  • blu Professionals GmbH
  • blu Systems GmbH
  • blu Eye GmbH

All relevant employees are obligated to maintain the confidentiality of your data. As a matter of principle, we do not pass on your personal data externally unless we are legally permitted to do so, or we have your consent. Should we use a service provider in the sense of a processor, we will still be responsible for the protection of your personal data. All processors are contractually obliged to treat your personal data confidentially and to process it only in the context of providing the specified service.

No automated individual decision-making procedures pursuant to Art. 22 GDPR or other profiling measures within the meaning of Art. 4 No. 4 GDPR take place.

Your personal data will only be processed within the European Union. There will be no transfer outside the Union. Should this become necessary, we will inform you in advance and ensure all necessary measures to maintain an appropriate level of data protection.

Legislators have issued many retention periods, which we observe with the utmost care in order to comply with these obligations. In general, we only store your personal data for as long as it is permitted by the defined purpose or as is required by law for reasons of proof.

Data Processing through Social Media

We maintain publicly accessible profiles on social networks. The individual social networks used by us can be found below.

Social networks such as Facebook, Twitter, etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered.

In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.

Please also note that we are not able to track all processing procedures on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

The analysis processes initiated by the social networks may be based on different legal grounds, which must be stated by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (access, rectification, erasure, restriction of processing, data portability and objection) both against us and against the operator of the respective social media platform (e.g., Facebook).

Please note that despite the joint responsibility with the social media platform operators, we do not have full influence on the data processing operations of the social media platform. Our options are largely determined by the corporate policy of the respective operators.

Duration of Data storage

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, withdraw your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular, retention periods – remain unaffected.

We have no influence on the duration of the data storage of your data, which is stored by the operators of the social media platforms for their own purposes. For details, please contact the operators of the social media platforms directly (e.g., in their privacy policy, see below).

Used social media platforms in detail


We use the functions of XING on our website, which are provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

Each time our website is accessed, a connection to XING servers is established. As far as we are aware, no personal data is stored in the process; in particular, there is no evaluation of usage behaviour and IP addresses are not stored.

You can find more information on data protection and the XING Share button in the XING privacy policy here:


We use the functions of LinkedIn on our website, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you would like to deactivate these advertising cookies, use the following link: The data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: and

For more information, see LinkedIn’s privacy policy:

Rights of the data subject

Right to access

In accordance with Art. 15 GDPR, you have the right to request information about your personal data that we process. This right includes information about:

  • the purposes of processing,
  • the categories of personal data,
  • the recipients or categories of recipients to whom your data has been or will be disclosed
  • the planned storage period, or at least the criteria for determining the storage period,
  • the existence of a right to rectification, erasure, restriction of processing or objection,
  • the existence of a right of appeal to a supervisory authority,
  • the origin of your personal data, if it has not been collected by us, or
  • the existence of automated decision-making processes, including profiling, and, if applicable, meaningful information about its details.

Right to rectification

In accordance with Art. 16 GDPR, you have the right to rectification and/or completion, if your processed personal data is incorrect or incomplete, without delay.

Right to erasure

Pursuant to Art. 17 GDPR, you have the right to request that we erase your personal data without undue delay, unless further processing is necessary for one of the following reasons:

  • the personal data is still necessary for the purposes for which it was collected or otherwise processed,
  • for the exercise of the right of freedom of expression and information,
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
  • for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR,
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously prejudice the achievement of the objectives of that processing, or
  • for the establishment, exercise, or defence of legal claims.

Right to the restriction of processing

According to Art. 18 GDPR, you may request the restriction of the processing of your personal data under the following conditions:

  • You dispute the accuracy of your personal data,
  • The processing is unlawful, and you oppose the erasure of the personal data,
  • We no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defence of legal claims, or
  • You object to the processing pursuant to Art. 21 (1) GDPR.

Right to notification

If you have requested the rectification or erasure of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

Right to data portability

We grant you the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format.

You also have the right to request the transfer of this data to a third party if the processing is carried out with the aid of automated procedures and is based on consent pursuant to Art. 6 (1) (a) GDPR, Art. 9 (2) (a) GDPR or Art. 6 (1) (b) GDPR.

Right to withdraw consent

In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. In the future, we may no longer continue the data processing based on your revoked consent.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority pursuant to Art. 77 GDPR. This depends on the federal state of your residence, your work, or the alleged violation. A list of the supervisory authorities (for the non-public sector) with address can be found at:

Our responsible supervisory authority is:

The Data Protection Authority for the German state of Bavaria (BayLDA)

P.O. Box 1349

91504 Ansbach


Online complaint form:

Right to object

If we process your personal data based on a legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing pursuant to Art. 21 GDPR if you can demonstrate special reasons for this. These grounds may arise from your particular situation or be directed against direct marketing. In the latter case, you have a general right of objection, which must be implemented by us without any indication of the specific situation. You can send your right of objection or revocation directly by email to

Automated individual decision-making including Profiling

Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing including profiling which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision:

  1. is necessary for the conclusion or performance of a contract between the data subject and the controller,
  2. is authorized by Union or Member State law to which the controller is subject, and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject; or
  3. with the explicit consent of the data subject.

For the cases mentioned in 1 and 3, we take measures to safeguard your rights and freedoms as well as your legitimate interests, which at least include the right to obtain human intervention on our part, to express your point of view and to contest the decision.

Amendment and Updating

In the process of updating, changes may be made to our data policy from time to time. If changes are made to this policy, we will mark them for you.

This data policy is dated 14th of September 2022