Your contact person as the Controller within the meaning of the European Data Protection Regulation (“EU GDPR”) and other national data protection laws of the member states as well as other data protection regulations is:

blendingbits GmbH; Prehnsfelder Weg 4; 24537 Neumünster

E-Mail: [email protected]
(hereinafter referred to as “we”, “us” or “our”)

As a service provider, the protection of your personal data has the highest priority. Please contact our data protection officer directly with any questions you may have on the subject of data protection and data security at our company.

e-mail: [email protected]

a) Scope

As a matter of principle, we only process your personal data insofar as this is necessary to provide a functional website and our content and services.

In doing so, we process your personal data in the context of our website on the basis of consent. An exception applies in those cases in which the processing of your personal data is permitted by legal regulations or on the basis of our overriding legitimate interest.

b) Legal basis

Insofar as we obtain your consent for the processing of personal data, Art. 6 (1) lit. a GDPR serves as our legal basis.

When processing personal data that is necessary for the fulfillment of a contract with you (e.g. service contract data protection officer), Art. 6 (1) lit. b GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which we are subject, Art. 6 (1) lit. c GDPR serves as our legal basis.

In the event that vital interests of you or another person make it necessary for us to process personal data, Art. 6 (1) lit. d GDPR serves as our legal basis.

If the processing of your personal data is necessary to protect a legitimate interest of us or a third party and your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) f GDPR serves as our legal basis.

c) Duration

Your personal data will be deleted as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. In this case, your personal data will be blocked.

You have the following rights with respect to us:

a) Right to access your data

You have a right to access your data about whether and which of your personal data is processed by us. In this case, we will additionally inform you about

• (1) the purpose of processing;
• (2) the categories of data;
• (3) the recipients of your personal data;
• (4) the planned duration or the criteria for the planned duration;
• (5) your other rights;
• (6) unless your personal data has been provided to us by you: All available information about its source;
• (7) if applicable: the existence of automated decision-making and information about the logic involved, the scope and the intended effects of the processing.

b) Right to rectification

You have a right to rectification and/or to completion of your personal data if your personal data processed by us is inaccurate or incomplete.

c) Right to restriction of processing

You have a right to restrict processing, provided that

• (1) we are verifying the accuracy of your personal data that we process;
• (2) the processing of your personal data is unlawful;
• (3) you need your personal data processed by us for legal prosecution after the purpose has ceased to exist;
• (4) you have objected to the processing of your personal data and we are reviewing this objection.

d) Right to erasure

You have a right to erasure, provided that

• (1) we no longer need your personal data for its original purpose;
• (2) you withdraw your consent and there is no further legal basis for processing your personal data;
• (3) you object to the processing of your personal data and – unless it is direct marketing – there are no overriding reasons for further processing;
• (4) the processing of your personal data is unlawful;
• (5) the deletion of your personal data is required by law;
• (6) your personal data was collected as a minor for information society services.

e) Right to notification

If you have exercised your right to rectification, erasure or restriction of processing, we will notify all recipients of your personal data of this rectification, erasure of the data or restriction of processing.

f) Right to data portability

You have a right to receive your personal data processed by us on the basis of consent or for the performance of a contract in a structured, common and machine-readable format and to transfer it to another controller. If technically feasible, you have the right to have us transfer this data directly to another controller.

g) Right to object

You have the right to object to the processing of your personal data in case of special reasons. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing.

In case of processing of your personal data for direct marketing purposes, you have the right to object at any time.

h) Right to revoke consent

You have the right to revoke any consent given to us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

i) Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority if you consider that the processing of your personal data by us infringes the EU GDPR.

The supervisory authority for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
https://datenschutz.hessen.de/

If you have any questions, please do not hesitate to contact our data protection officer.

a) Provision of the website and creation of log files

Description and Scope

In the context of providing our website, we process your personal data to enable delivery of our website to your computer. For this purpose, some of your personal data must be stored for the duration of a session.

Web hosting is provided on our behalf by Hosteurope GmbH. You can find all information about data protection here: https://www.hosteurope.de/AGB/Datenschutzerklaerung/

We also temporarily store your personal data in log files to ensure the functionality of our website and the security of our IT systems. No other processing of your personal data in log files takes place.

The following personal data may be processed by us in the course of calling up the website:

• IP address anonymized (IPv4 without last 3 digits, IPv6 without last 6 blocks)
• Page that was accessed
• Browser type and version

Legal basis

Legitimate interest, Art. 6 (1) lit. f GDPR

Purpose

Delivery of our website to your browser / functionality of our website and security of our IT systems. Our legitimate interest also lies in the aforementioned purpose.

Duration

2 Weeks

Possibility of objection and removal

The processing of your personal data to provide the website and the storage of your personal data in log files is mandatory for the operation of our website. Consequently, there is no possibility for you to object.

b) Necessary cookies

Description and Scope

This website is delivered using a CDN via our webhosting provider Hosteurope GmbH. You can find all information about data protection here: https://www.hosteurope.de/AGB/Datenschutzerklaerung/. These cookies are used for the purposes of the creation of log files (see a) Provision of the website and creation of logfiles)

There are two technically necessary cookies in use:

• _tccl_visit
• _tccl_visitor

Legal basis

Legitimate interest, Art. 6 (1) lit. f GDPR

Purpose

Delivery of our website to your browser / functionality of our website and security of our IT systems. Our legitimate interest also lies in the aforementioned purpose.

Duration

Until cleared by your browser.

Possibility of objection and removal

You may block and remove the cookies using your browser settings. Functionality of the website may no longer be guaranteed, if removed.

c) Contact and contact form

Description and Scope

In the context of contacting you or your usage of our contact form, we process your personal data that you send us by e-mail or telephone.

The following personal data may be processed by us in the context of contacting you:

• first name
• last name
• adress
• e-mail adress
• phone number
• Any message content you send to us

Legal basis

Legitimate interest, Art. 6 (1) lit. f GDPR and/or Consent, Art. 6 (1) lit. a GDPR

Purpose

Processing of your request, contact for the purposes of pre-sales, sales and client care measures. Our legitimate interest also lies in the aforementioned purpose.

Duration

Until the complete processing of your request. In the context of pre-contractual measures or contractually until the end of the contract period or until consent is revoked.

Possibility of objection and removal

You have the option to object to the processing of your personal data in the context of contacting or being contacted by us for the future at any time. In this case, however, we will not be able to further process your request. All personal data stored in the course of contacting you will be deleted in this case, unless legal retention periods prevent deletion. In this case, your personal data will be blocked until the end of the retention periods.

d) reCAPTCHA v3

Description and Scope

In the context of contacting you or your usage of our contact form, we use reCAPTCHA v3 to protect us from malicious actors and automated spam. Attackers use contact forms to attempt social engineering attacks wherein employees are targeted for data extraction. To ensure the safety and security of the data of our clients and reduce the risk of human error in handling contact form messages, we rely on reCAPTCHA v3 to filter down and prevent such attacks.

reCAPTCHA v3 is a service by Google Ireland Limited. Here are their full privacy policy and terms of service.

The following personal data may be processed by reCAPTCHA v3 to verify you are a human trying to contact us:

• IP address
• Resources loaded, including styles or images
• User Google account information
• Behavior, like scrolling on a page, moving the mouse, clicking on links, time spent completing forms, and typing patterns
• Browser history
• CSS information
• Browser plug-ins 
• Cookies

Legal basis

Legitimate interest, Art. 6 (1) lit. f GDPR.

Purpose

Protection of our employees from malicious messages such as social engineering attacks, phishing, etc.

Duration

reCAPTCHA tokens expire after two minutes.

Possibility of objection and removal

We require the use of reCAPTCHA v3 to protect our company and employees. However, you may setup your browser to reject and block google related cookies and services by using browser extensions or defining a cookie policy.

a) Data Subject inquiries

Description and Scope

In the context of data subject inquiries, we process your personal data if you exercise your data subject rights pursuant to Art. 15 et seq. GDPR. We process the contact data you provide in this context solely for the purpose of responding to your data subject inquiry and subsequently documenting the lawful processing of data subject submissions as part of our accountability.

The following personal data may be processed by us in the course of contacting you:

• first name
• last name
• adress
• e-mail adress
• phone number
• offer information
• contract information

Legal basis

Legal obligation, Art. 6 (1) lit. c in conjunction with. Art. 12 et seq. GDPR

Purpose

Legally compliant processing of your data protection request

Duration

After the expiration of 3 years from the end of the respective operation.

Possibility of objection and removal

You have the option to object to the processing of your personal data in the context of the processing of data subject submissions for the future at any time. In this case, however, we will not be able to further process your data protection request.

The documentation of the legally compliant processing of the respective data subject input is mandatory for us. Consequently, there is no possibility for you to object.

b) Legal defense and enforcement

Description and Scope

In the context of legal defense and enforcement, we process your personal data if you make a legal claim against us or if we legally assert claims and rights against you.

The following personal data may be processed by us in the course of contacting you:

• first name
• last name
• adress
• offer information
• contract information
• Any other personal data necessary for legal defense or enforcement.

Legal basis

Legitimate interest, Art. 6 (1) lit. f GDPR

Purpose

Defense against unjustified claims / Legal enforcement and assertion of claims and rights. Our legitimate interest also lies in the aforementioned purposes.

Duration

After the respective process has become legally effective.

Possibility of objection and removal

The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement. Consequently, there is no possibility for you to object.

Only those offices and departments receive personal data that need them to fulfill the aforementioned purpose. In the context of the technical provision of communication channels, invoice processing, etc., we sometimes use different service providers. These can be, for example:

• Hosteurope GmbH (Webhosting, e-mail)
• Drillisch Online GmbH (Phone)
• Financial Institutes
• Internet Service Providers
• Lawyers and Courts

There is no transfer of your personal data to third countries. Third countries are countries that are outside the European Union (EU) or the European Economic Area (EEA).