Blueberry Systems
Get In Touch

Privacy Policy

We take the protection of your personal data very seriously. We always handle your personal data confidentially and in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the supplementary Federal Data Protection Act (BDSG).

Where personal data (for example name, address or email address) is collected on our pages, this is done to provide you with a functional website as well as our content and services. The processing of personal data is carried out in accordance with Art. 6 GDPR, generally on the basis of consent, to fulfil a contract, to carry out pre-contractual measures or to safeguard legitimate interests.

The collected data is generally not disclosed to third parties. However, to handle certain offers, services and service delivery we make use of external service providers with whom contractual agreements have been made to ensure the protection of your personal data and your rights as a data subject.

Hosting (Vercel)

Our website is provided via Vercel Inc. Data transfers to the USA may occur based on Standard Contractual Clauses (SCCs).

Legal basis: Art. 6 (1) (f) GDPR.

1. Who is the controller responsible for data processing and whom can I contact?

Controller:

Blueberry Systems

https://blueberry-systems.com/

Marienthaler Str. 145

20535 Hamburg

Phone: 04037415446

Email: hello@blueberry-systems.com

If you have questions about the collection, processing or use of your personal data, for information, rectification, restriction or deletion of data, as well as the revocation of consent that has been granted or an objection to a specific use of data, please contact:

Data Protection Officer

Sebastian Behrendt

Marienthaler Str. 145

20535 Hamburg

Phone: 04037415446

Email: sebastian@blueberry-systems.com

2. Which sources and data do we use?

We process personal data that we collect from you when you visit our site or that we receive from you in the course of placing an order in our webshop and that are necessary for delivering or performing the ordered goods or services.

We also process personal data which we lawfully receive from service providers for processing services or from other third parties (e.g. from payment service providers such as PayPal or credit card companies to select an authorised payment method in the online shop), insofar as this is necessary to process the order.

We process the following relevant personal data in individual areas:

2.1 Use of the website

When you visit our websites we process usage data and metadata such as device information or the anonymised IP addresses of the visitors and users of our online offering. We anonymise IP addresses by removing the last segment so that no reference to your person can be made.

3. For what purposes do we process your data and on which legal basis?

We process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other legal provisions, e.g. for initiating and executing a contract.

3.1 To fulfil contractual obligations (Art. 6 (1) (b) GDPR)

The processing of your personal data (Art. 4 no. 2 GDPR) takes place to fulfil a contract with you or to examine the establishment of a contractual relationship.

Enquiries via our contact form on the website can be used to carry out pre-contractual measures. The details you provide in the enquiry form, including the contact details you provide there, are stored by us for the purpose of processing the enquiry and in the event of follow-up questions. After your enquiry has been processed, we delete the data unless they have to be retained for reasons of traceability, ongoing customer care or applicable statutory retention periods.

3.2 Within the scope of balancing interests (Art. 6 (1) (f) GDPR)

Where necessary, we process your data beyond the fulfilment of the contract to safeguard legitimate interests of us or third parties. The following processing operations are carried out:

  • The use of certain payment methods in the online shop (direct debit, credit card) is handled by a service provider. As part of these services a prior credit check for fraud prevention may be carried out by the service provider. The service is provided by:
    • First Data GmbH for the processing of direct debit and credit card payments
    Please use the information provided by the listed provider for detailed information on how your data is used.
  • Transfer of customer and payment data in the event of payment defaults to debt collection companies commissioned by the controller.
  • Postal advertising to inform you about new products or promotions (special prices etc.).
  • If you have given your consent in the online shop to email advertising, sending you information about new products or promotions by email.
  • Information about news in approval procedures or significant changes to our shop or web presence.
  • Information in the interest of the security of your data with us.
  • Transfer of data within the corporate group to ensure the processing of orders and services in the context of order placement.
  • Evaluation of information when using the websites:

    • Cookies: When you visit one of our websites, we may store information in the form of a cookie on your device (e.g. laptop, tablet, smartphone). Cookies are small text files that are sent by a web server to your browser and stored on your device. The cookie contains information related to the specific device that is used. This does not mean that we immediately become aware of your identity.

      This information helps us automatically recognise you next time you visit our websites and to make navigation easier. Cookies allow us, for example, to adapt a website to your interests or to save your password so that you do not have to enter it again on every visit.

      If you do not want us to recognise your computer, you can set your browser to inform you about the placement of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies in certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

    • Server log files: Each time the website accessible at www.blueberry-systems.com is visited, data is automatically collected and processed. The following data is collected in order to ensure a smooth connection to the website, to compile visitor statistics regarding the use of this website, to improve the website and to ensure system security and stability:

      • Date and page view of the URL visited by the visitor
      • URL that the visitor previously visited (referrer URL)
      • Browser used
      • Operating system used
      • IP address of the requesting computer

      The data is anonymised by removing the last digits of the IP address.

      Only in the event of errors when accessing the page are these data stored without anonymisation for 7 days and automatically deleted afterwards.

3.3 Based on your consent (Art. 6 (1) (a) GDPR)

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter (double opt-in procedure). We use these data exclusively to send the requested information. Processing is carried out via a service provider for email marketing in accordance with Art. 28 GDPR within the framework of a data processing agreement.

You can revoke the consent given for the storage of the data, the email address and its use for sending the newsletter at any time with future effect, for example via the “unsubscribe” link in the newsletter. For reasons of traceability we store your opt-in data. For documentation purposes the email address, IP address, date, time, the declaration of consent and information about the communication received are stored for 6 months.

4. Who receives my data?

Within the company, those units receive your data that need it to fulfil contractual obligations to process orders and to perform services.

To handle some processes for service provision, your data must be passed on, e.g. to registration offices or service partners of zula24.de. To process payments in the online shop, it is necessary to forward the data to payment service providers.

In the event of non-payment of services and product orders, personal data may in individual cases need to be passed on to debt collection companies.

Other recipients of data may be those entities for which you have given us your consent to transmit data.

The collection of personal data and their transmission to authorised state institutions and authorities take place only within the framework of the applicable laws or if we are required to do so by a court decision. Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with data protection regulations.

5. Are my data transmitted to a third country or an international organisation?

A transfer of data to third countries (states outside the European Economic Area – EEA) can take place in the context of the use of social plug-ins and analytics tools from Facebook, Google and other providers. Further information can be found in section 12 of this notice.

6. How long are my data stored?

We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations.

As soon as storage of the data is no longer required to carry out further processes and no statutory retention periods exist, the data will be deleted.

To fulfil contractual obligations we process and store your personal data for handling the service or purchase process as well as data required for processing complaints and warranty matters for up to 24 months.

To fulfil commercial and tax law retention obligations certain data and information are stored for up to ten years.

Further information on storage periods in other processes can be found in section 3.

7. What data protection rights do I have?

Within the statutory requirements you have the following rights:

  • pursuant to Art. 15 GDPR to obtain information about your personal data processed by us. In particular you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been disclosed or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if they were not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about its details;
  • pursuant to Art. 16 GDPR to immediately request the correction of inaccurate or completion of your personal data stored with us;
  • pursuant to Art. 17 GDPR to request the deletion of your personal data stored with us unless processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;
  • pursuant to Art. 18 GDPR to request the restriction of processing of your personal data insofar as the accuracy of the data is contested by you, the processing is unlawful but you oppose its erasure and we no longer need the data, but you require them for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller;
  • pursuant to Art. 7 (3) GDPR to revoke your consent once given to us at any time. As a consequence we may no longer continue the data processing that was based on this consent for the future; and
  • pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

8. Right to object

8.1 Right to object on a case-by-case basis

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data at any time, provided there are reasons relating to your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

8.2 Right to object to processing for direct marketing purposes

In individual cases we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for such advertising purposes. You have a general right to object which will be implemented by us without indicating a particular situation.

8.3 Recipient of an objection

The objection can be sent informally to:

Sebastian Behrendt

Blueberry Systems

Marienthaler Str. 145

20535 Hamburg

Phone: 04037415446

Email: info@blueberry-systems.com

9. Am I obliged to provide data?

In the context of ordering products or services as well as general enquiries you only have to provide those personal data that are necessary to process the desired service or that we are legally obliged to collect in this context. All other information is provided voluntarily. Without the provision of the minimally required data we will generally not be able to process or handle your order / service / information request / enquiry.

10. Is there automated decision-making including profiling?

We do not use profiling processes with automated individual decision-making ourselves. However, as part of payment processing scoring by service providers is possible (see section 3.2).

11. Protection of children and young people

Our offering is generally not directed at persons under 18 years of age. We therefore do not request personal data from children and young people, do not collect it and do not pass it on to third parties. Without the consent of parents or legal guardians, children and young people should not transmit personal data to us.

12. Web analytics tools / tracking / social media

12.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) lit. f GDPR). Google uses cookies. The information generated by the cookie about the use of the online offering by users is generally transferred to a Google server and stored there. It cannot be ruled out that these servers are operated outside the European Union.

Google is certified under the Privacy Shield agreement and thus offers a guarantee of complying with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering and to provide us with further services associated with the use of this online offering and internet usage. Pseudonymous user profiles of the users can be created from the processed data.

Google Analytics is configured so that the collected data is deleted after 14 months.

We only use Google Analytics with IP anonymisation enabled. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; in addition, users can prevent the collection of the data generated by the cookie and related to their use of the online offering by Google as well as the processing of this data by Google by downloading and installing the browser plugin available at http://tools.google.com/dlpage/gaoptout?hl=de.

12.2 Google re/marketing services

We use the marketing and remarketing services (short “Google marketing services”) of Google Ireland Limited (“Google”) on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) lit. f GDPR).

Google is certified under the Privacy Shield agreement and thus offers a guarantee of complying with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

The Google marketing services allow us to display targeted advertisements for and on our website so that users are shown only adverts that potentially correspond to their interests. If a user is shown ads for products for which the user has shown interest on other websites, this is referred to as “remarketing”. For these purposes when our and other websites on which Google marketing services are active are accessed, Google immediately executes a Google code and so-called marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user has visited, which content the user is interested in and which offers the user has clicked on, furthermore technical information on the browser and operating system, referring websites, visit time as well as further information on the use of the online offering. The IP address of the users is also recorded, whereby we communicate that the IP address is shortened within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases fully transferred to a Google server and shortened there. The IP address is not combined with the user’s data within other Google offerings. The above information may also be combined by Google with such information from other sources. When the user subsequently visits other websites, adverts tailored to the user’s interests can be displayed.

The data of the users are processed within the Google marketing services pseudonymously. That means Google does not store and process the name or email address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. From Google’s perspective the adverts are therefore not managed and displayed for a specifically identified person but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected via Google marketing services about the users is transmitted to Google and stored on Google’s servers.

The Google marketing services we use include, among others, the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can thus not be tracked across the websites of AdWords customers. The information obtained with the help of the cookie serves to create conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information by which users can be personally identified.

We can integrate advertisements from third parties on the basis of the Google marketing service “AdSense”. AdSense uses cookies that enable Google and its partner websites to display ads based on users’ visits to this website or other websites on the internet.

We may also use the “Google Tag Manager” to integrate and manage Google analytics and marketing services on our website.

Further information on data use for marketing purposes by Google can be found on the overview page www.google.com/policies/technologies/ads, and Google’s privacy policy is available at www.google.com/policies/privacy.

If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.

13. Data security

The website is protected by technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. During your visit to the website we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. As a rule this is 256-bit encryption. If your browser does not support 256-bit encryption, we fall back to 128-bit v3 technology. You can tell whether an individual page of our internet presence is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. Despite regular controls a complete protection against all risks is not possible. Nevertheless, our security measures are continuously improved in line with technological developments.

Last updated: 06.07.2025