Close

Join a new food movement and stay involved.

I agree to my personal data being used to receive promotional emails and know that I can revoke it at any time.

Privacy Policy

a large billboard on the side of a building

Thank you for visiting our website. In this Policy, we would like to inform you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Controller

Responsible for the processing of personal data, during the visit of this website, is:

Bluu GmbH
Schönhauser Allee 176, Haus 21
10119 Berlin

E-Mail: contact@bluu.bio

Data Protection Officer

You can reach our data protection officer as follows:

datenschutz nord GmbH
Branch office Berlin
Kurfürstendamm 212
10719 Berlin

E-Mail: office@datenschutz-nord.de

Usage Data

When you visit our website, our web server temporarily evaluates usage data. We use the usage data for statistical purposes to improve the quality of our website. We also use this information to enable you to call up our website, to control and administer our systems and to improve the design of the website. These purposes pursued by us represent at the same time the legitimate interest within the meaning of Art. 6 (1) (f) GDPR. This data consists of the following data categories:

  • the name and address of the requested content,
  • the date and time of the query,
  • of the transferred data volume,
  • the access status (content transferred, content not found),
  • the description of the used web browser and operating system,
  • the referral link, which indicates from which page you reached ours.

In addition, we store the full IP address transmitted by your web browser for a strictly limited period of seven days in the interest of being able to detect, limit and eliminate attacks on our websites. After this period, we delete or anonymize the IP address.

Data Security

We take technical and organizational measures to protect your data as comprehensively as possible from unwanted access. These measures include encryption procedures on our web pages. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption.

You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Cookies

We use cookies on our website. Cookies are small text files that can be stored and read in the Internet browser or by the Internet browser on the user's computer system. They allow information to be retained for a certain period of time and identify the visitor's computer. This simplifies navigation and makes our website more user-friendly. Cookies also help us to identify particularly popular areas of our website. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

Some cookies are required to use our website. We do not use these cookies for analysis, tracking or advertising purposes. In some cases, these cookies only contain information about certain settings and are not personal. They may also be necessary to enable user navigation, security and implementation of the site. We use these cookies on the basis of § 25 (2) No. 2 TTDSG and Art. 6 (1) (f) GDPR, based on our legitimate interest in being able to offer basic website functions to ensure the maintenance of functionality 

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the appropriate browser setting and prevent the setting of new cookies. Please note that our web pages may then not be displayed and some functions may no longer be technically available.

We do not use technically unnecessary cookies on our website.

Contact form

You may contact us via our contact form. In order to use our contact form, we first require the data marked as mandatory.

The legal basis for this processing is Art. 6 (1) (f) GDPR in order to respond to your request. 

In addition, you can decide for yourself whether you would like to provide us with further information. This information is provided voluntarily and is not mandatory for contacting us. We process the information you provide voluntarily on the basis of your consent.

Your data will only be processed to respond to your enquiry. We delete your data if it is no longer required and there are no legal retention obligations in conflict to that. Usually this is the case 7 days after handling the request.

Concerning the processing according to Art. 6 (1) (f) GDPR, you have the right to object at any time. You can also withdraw your consent to the processing of the data you provided voluntarily at any time. To do so, please contact this e-mail adress: contact@bluu.bio.

Newsletter registration and delivery

You can order a newsletter on our website. Please note that we require certain data (at least your e-mail address) for suscribing to our newsletter.

The newsletter will only be sent to you, if you have given us your explicit consent. Once you have ordered our newsletter, you will receive a confirmation e-mail to the e-mail address you provided (so-called double opt-in). You can withdraw your consent at any time. You can easily withdraw your consent, for example, by clicking on the unsubscribe link in every newsletter.

As part of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or the confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 (1) (f) GDPR and in the legitimate interest of being able to account for the lawfulness of the newsletter delivery.

Application

You can apply for open positions via our application tool. Your data will be forwarded to the persons responsible for the application process. All parties involved will treat your application documents confidentiality. We process the data that you disclose to us as part of your application for the purpose of applicant selection. The legal basis for this data processing is § 26 (1) sentence 1 of the German Federal Data Protection Act (decision on the establishment of an employment relationship).

After completion of the selection process, the information you provided for the specific selection process and the documents sent will be deleted after six months at the latest, unless we have concluded an employment contract with you. In the event that we may also consider your application for other or future job postings, we ask you to indicate this in your application. With your explicit consent, we will process your data on the basis of Art. 6 (1) (a) GDPR (consent). You can revoke your consent at any time with effect for the future. The data processing that took place until the revocation remains lawful. Irrespective of a possible revocation, we will delete your data two years after inclusion in the applicant pool. If you are listed in the applicant pool as an intern, your data will be deleted one year after inclusion in the applicant pool.

Google Fonts

For the uniform display of fonts, our website uses web fonts integrated locally via our server, which are provided by Google. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. A data transfer to Google does not take place with this form of integration of the web fonts. The data processing is carried out for the optimal presentation of the website. This purpose pursued by us also represents the legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

Storage Period

Unless otherwise specified, we will delete your personal data if they are no longer required for the relevant processing purposes and no legal retention obligations oppose deletion.

Data Processors

We transfer your data to service providers who support us in the operation of our websites and related processes. These service providers are usually data processors within the meaning of Art. 28 GDPR. Our service providers are strictly bound by contracts and our instructions. These are service providers of the following categories:

  • Hosting service provider/cloud service provider for the operation of our servers
  • Service provider for IT security/IT support
  • E-mail service provider for sending e-mails in connection with our contractual services
  • Distribution of our e-mail newsletter

The service providers are required to comply with the current data protection regulations. All processors have been carefully selected and are only given access to your data to the scope and for the period of time required to provide the services.

The servers of some service providers used by Bluu GmbH are located in the USA and other countries outside the European Union. Companies in these countries are regulated by data protection laws that do not generally protect personal data to the same level as it is the case in the member states of the European Union. If your data is processed in a country that does not have a recognized high level of data protection like the European Union, we ensure that the level of data protection is secured as far as possible by using contractual regulations or other recognized instruments. 

Many US companies offer a secure level of data protection in the USA with certification in accordance with the Data Privacy Framework. With data recipients in the USA that are not certified in accordance with the Data Privacy Framework, we conclude the standard data protection clauses adopted by the EU Commission for the processing of personal data in third countries.

Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:​​

Right of access by the data subject (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to be informed of this personal data and to receive the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement without delay.

Right to erasure (Art. 17 GDPR)

You have the right to obtain the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of our examination.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, or to request that this data be transferred to a third party.

Right to withdraw consent (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. This right may be asserted in particular with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 (1) 1 f GDPR (data processing for the purpose of our legitimate interests) or on the basis of Art. 6 (1) 1 e GDPR (data processing for the purpose of protecting public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or if data is still needed for the establishment, exercise or defence of legal claims.

Asserting your rights

Unless otherwise described above, please contact us to assert your rights. You will find our contact details in our imprint.