We are very pleased about your interest in Blueble, our website at www. Blueble.com and our Services. Data protection is of a particularly high priority for Blueble and the processing of your personal data when using our website and web application (hereinafter “website’) is always done in accordance with the UK`s Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). If you are using our iOS and Android mobile application, please refer to our App Privacy Policy.
As the controller Equinox Digital Ltd. of 2nd floor, 51 Oxford St, London, W1D 2EF trading as Blueble (hereinafter “Blueble”, “we”, “us” or “our”) has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed.
Principles of data processing
We process users' personal data only in compliance with the relevant data protection regulations. User data is only processed if the following legal permissions exist:
· in order to provide our contractual services and online services
· processing is required by law
· with your consent
· on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f) GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes, and collecting access data and using third-party services).
The above legal bases are set out as follows:
· Consent Art. 6 para. 1 lit. a. and Art. 7 GDPR
· Processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b) GDPR
· Processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c) GDPR
· Processing to protect our legitimate interests Art. 6 para. 1 lit. f) GDPR
Purposes of use of personal data and legal basis
a) Log Files
We only collect and process access data that your internet browser automatically transmits to us for technical reasons in order to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents: Your session data (usage behaviour, length of stay, which links were clicked on, etc.), your abbreviated and unabbreviated IP address, your browser version, your operating system, your website-specific settings, your cookie IDs, your pixel IDs. This data does not allow any direct inference to your person and is processed to improve our website offer and to defend against attempted attacks on our web server. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your device.
b) Cookies and similar technologies
For the processing of personal data using cookies and similar technologies on our website, please refer to our Cookie Policy, which is part of this privacy policy. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a functional, secure and user-friendly website. As well as Art. 6 para. 1 lit. a) GDPR your consent in case you agree to our use of cookies.
c) Contact, enquiry and request forms
Enquiries via our contact, enquiry and request forms may include your name, address, e-mail address, the subject of your contact and your message. We process and store the personal data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
d) Newsletter
When registering for our newsletter, you are required to provide your email address. Insofar as you have given us your consent to data processing when registering for the newsletter, we process and store the personal data provided when registering for the newsletter exclusively for the purpose of providing the newsletter and informing you about Blueble, services and/or promotions in accordance with the newsletter you have subscribed to. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future.
e) Registration
If you register on our website, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form for the purposes stated below. The entry of your data is encrypted so that third parties cannot read your data when it is entered.
The basis for this storage is our legitimate interest in communicating with interested users according to Art. 6 para. 1 lit. f GDPR and, in the case of contracts, also the storage of contract data according to Art. 6 para. 1 lit. b GDPR.
Your data will remain stored for as long as the registration lasts, in particular the storage is still necessary for the fulfilment/execution of the contract, for legal prosecution by us or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).
f) Profile
As a registered user, you have the opportunity to create a user profile with just a few clicks and details. If you make use of the option, the relevant profile data you provide will be transferred to your profile. Of course, you can change the information at any time via the settings in your profile. When creating a profile, you can submit personal data. You have choices about the information on your profile. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.
The basis for this storage is our legitimate interest in communicating with interested users according to Art. 6 para. 1 lit. f GDPR, in the case of contracts, also the storage of contract data according to Art. 6 para. 1 lit. b GDPR.
g) Purchases
When ordering services, it is necessary, among other things, to provide your name, e-mail address and postal address and, if applicable, your payment data. We process the personal data provided when you place an order solely for the purpose of providing you with the ordered service. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.
h) Direct marketing in the context of a customer relationship
We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 (1) (b) GDPR or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, quotation, and advertising purposes, Blueble is entitled to contact you for these purposes via the communication channels you have ticked in this consent.
i) Data transfer for contract fulfilment
In order to fulfil the contract, Blueble passes on your data to the respective payment service provider when you place an order. Depending on which payment service provider you select in the order process we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
j) Reviews
Within your review you may be able to display certain information, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. Content and data are publicly viewable. You have choices about the information on your review. You don’t have to provide additional information on your review. It’s your choice whether to include sensitive information on your review and to make that sensitive information public. Please do not post or add personal data in your review that you would not want to be available. The legal basis for the storage is our legitimate interest.
k) Business relationships
In the course of our business activities, we mainly process identification data and contact data, namely customers/business partners or their employees, representatives. In addition, the payment and delivery data of customers/business partners or personal data of other natural persons are processed (identification data, contact data, descriptive data relating to their ownership) if they are liable for the obligations of our customers/business partners.
The purpose of processing the above personal data is to negotiate and execute the relevant contract, to secure and enforce obligations, to conduct business communications and correspondence or to comply with legal obligations (tax returns, money laundering or compliance with international sanctions).
We process personal data obtained directly from users/business partners or from publicly available sources.
The processing of the above personal data will only be carried out for as long as it is necessary to fulfil the purpose(s) for which it was collected. In principle, this data is only processed for the duration of the contractual relationship or for the duration of the statutory retention periods. However, due to our legitimate interest (legal defence, collection of debts, etc.) or due to legal obligations, the data may partly be processed beyond this period.
The legal basis for the aforementioned processing of personal data is the conclusion or fulfilment of a contract, the fulfilment of legal obligations or our legitimate interest (Art. 6 para.1 lit. b, c and f GDPR).
l) Administration, financial accounting, office organisation, contact management
We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.
In this context, we disclose or transfer data to consultants, such as legal advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information on suppliers and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.
Data processing for the purpose of fraud prevention and optimisation of our payment processes
Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimisation of our payment processes (e.g., invoicing, processing of contested payments, accounting support). This serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion or object to its processing, please do so within your user account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
Transfer of personal data
Blueble will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions.
Blueble is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for Blueble pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by Blueble process your data exclusively in accordance with our instructions. Blueble remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Blueble 's legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).
Blueble will not sell, rent, or otherwise transfer your personal data to third parties. We will transfer your data to third parties if you have consented to this in accordance with Art. 6 (1) (a) GDPR, or in the following cases:
Blueble may engage other companies and individuals in certain cases to fulfil its obligations to its customers on its behalf. This may involve sharing your data with these third parties in order to provide solutions or services to you. Examples include customer service, payment data processing and marketing support. In these cases, data is transferred to such service providers and contractors (such as payment service providers, advertising providers, technical service providers) for the purpose of fulfilling the contract in accordance with Art. 6 (1) (b) GDPR.
It goes without saying that Blueble ensures that the respective service provider guarantees data security before passing on personal data. Blueble will therefore only commission companies that can guarantee secure and proper data processing based on their qualifications and their technical and organisational capabilities.
Storage and retention
Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or - if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period (typically 6 years). We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us.
Blueble is entitled to process your personal data insofar as this is necessary to fulfil legal obligations. For this purpose, Blueble may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required by Art. 6 (1) (c) GDPR for compliance with a legal obligation to which we are subject. Blueble is further entitled to process personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of Blueble, its employees or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests of Blueble pursuant to Art. 6 (1) (f) GDPR. Insofar as the disclosure of health data is necessary for the assertion of claims or the defence against claims, the related data processing is based on Art. 9 (2) f) GDPR.
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defence and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest.
The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.
SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g., SSL) via HTTPS.
International transfers
Our main operations are based in the UK and your personal information is generally processed, stored and used in global data centres of Amazon (AWS). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the UK and the EEA.
Where we need to transfer your data outside the UK or the EEA, we will use one of the following safeguards:
• The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
• Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA.
Automated decision-making
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Blueble.
Social Media
Social Media Presences
We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.
Social Media Plugins
Social media plugins normally result in every visitor to a page being immediately recorded by these services with their IP address and their further browsing behaviour being logged. This can happen even if you do not click the button.
To prevent this, we use the Shariff method. This means that our social media buttons only establish direct contact between the social network and you when you click on the respective share button. You can thus publish our content on social networks without them being able to create complete surf profiles. The Shariff method is already used by many websites to protect their users.
But at the latest when you call up the social media platform, your data will be processed there. The social media platform will usually store cookies on your device or even save your usage behaviour to your account, especially if you are logged in yourself. The social media platform can use your data to analyse your user behaviour and use it for (interest-based) advertising. This may result in advertisements being displayed to you inside and outside the social media platform.
Social Media Links
We refer to our offered social media presences with links. Unlike social media plugins, links do not lead to the social media platform finding out about your visit when you call up our site. However, like any link, they will lead to your data being processed by the social media platform at the latest when you click on the link. As a rule, the social media platform will save cookies on your device or even save your usage behaviour to your account, especially if you are logged in yourself. The social media platform can use your data to analyse your user behaviour and use it for (interest-based) advertising. This may result in advertisements being displayed to you inside and outside the social media platform.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g., if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.
Google Analytics
We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymised by means of IP anonymisation so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en.
Facebook Remarketing
Within our website, so-called "Facebook pixels" of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), are used. With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our offer as a target group for the display of advertisements, so-called "Facebook ads". Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our website. This means that with the help of the Facebook pixel we want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
You can object to the collection by the Facebook pixel and use of your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/.
Your Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them.
· information about the processing of your personal data.
· obtain access to the personal data held about you.
· ask for incorrect, inaccurate or incomplete personal data to be corrected.
· request that personal data be erased when it’s no longer needed or if processing it is unlawful.
· object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
· request the restriction of the processing of your personal data in specific cases.
· receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
· request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
· You also have the right in this case to express your point of view and to contest the decision
· Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.
We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
Security and confidentiality
To ensure the security and confidentiality of the personal data we collect on the Website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal information, we take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration or destruction and to ensure its availability.
Personal information and children
The services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
Changes
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.