We very much appreciate your interest in our company. Data protection plays a vital role in the management of blink.it GmbH & Co. KG. The use of blink.it GmbH & Co. KG’s internet pages generally do not require any personal data.
Nevertheless, if a user wishes to use particular services provided by our company or via our website, it may be necessary to process personal data. Processing always occurs in accordance with the General Data Protection Regulation (GDPR).
1.2 For the terms used, such as "personal data" or their "processing," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3 The personal data of users processed within the context of this online offer include stock data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the websites of our online offer visited, interest in our products), and content data (e.g., entries in the contact form).
1.4 The term 'user' shall cover all categories of data subjects, be it our business partners, customers, interested parties, or any other visitor to our online offer. Terms used in this text, such as "user," should be understood as being non-gender-specific.
1.5 We process personal data of users only in compliance with the relevant data security regulations. Consequently, user data will only be processed if statutory permission has been granted, i.e., if data processing is necessary for the provision of our contractual services (e.g., processing of orders) and online services, or is required by law, or the user's consent has been obtained, or because of our legitimate interests (i.e., interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Article 6(1) point (f) GDPR, in particular in measuring reach, setting up profiles for advertising and marketing purposes, collecting access data as well as for the use of third-party services).
1.6 We wish to point out that the legal grounds for consent are Article 6(1) point (a) and Article 7 GDPR, the legal grounds for processing for the fulfillment of our services and implementation of contractual measures are Article 6(1) point (b) GDPR, the legal grounds for processing for the fulfillment of our legal obligations are Article 6(1) point (c) GDPR, and the legal grounds for the processing to safeguard our legitimate interests are Article 6(1) point (f) GDPR.
2.1 In order to ensure that the provisions of the data protection laws are observed and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we have adopted state-of-the-art organizational, contractual and technical security measures.
2.2 Such security measures include, in particular, the encrypted transmission of data between your browser and our server.
3.1 Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if required for contractual purposes, e.g., based on Article 6(1) point (b) GDPR, or based on legitimate interests in the economical and effective operation of our business according to Article 6(1) point (f) GDPR.
3.2 If we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data under the relevant statutory provisions.
4.1 We process stock data (e.g., name, email address, contact data of users) and contract data (e.g., services used, names of contact persons, payment information) to perform our contractual obligations and services under Article 6(1) point (b) GDPR.
4.2 Users can register for a free trial period (30 days) of the blink.it App at https://www.blink.it/en/ or request a test account using a form provided on our website. Within the scope of registration, the required mandatory data will be communicated to the users. User accounts are not public and cannot be indexed by search engines. Users who do not wish to continue using their test accounts beyond the trial period (continuing on to the paid service) will have their personal data, related to the user account, deleted, subject to the storage of such data being necessary for reasons of commercial or tax law under Article 6(1) point (c) GDPR. It is the individual users' responsibility to back up their data before the end of the trial period. We are entitled to irreversibly delete all user data stored during the trial period.
4.3 Data provided by the user during the free trial period will be stored and processed on servers of Amazon Web Services Inc., based in Frankfurt am Main (Germany).
4.4 We process usage data (e.g., the visited websites of our online offer, interest in our products) and content data (e.g., entries into the contact form or user profile) for advertising within a user profile in order to present users with, e.g., product information based on the services they have used so far.
5.1 When contacting us (via contact form or email), the user's details are processed based on Article 6(1) point (b) GDPR in order to manage the contact request and its resolution.
5.2 Personal data provided by you through a contact request or direct business relationship will be processed and maintained by our company's staff with the help of a customer relationship management system (CRM system). The CRM system currently used is provided by our partner HubSpot Inc. (hereafter HubSpot), 25 First Street, 2nd Floor Cambridge, MA 02141, USA.
Data transmitted to HubSpot will solely be used to establish and maintain the desired contact. No data will be passed on or distributed to third parties.
HubSpot is certified under the "EU - U.S. Privacy Shield Framework" and is subject to TRUSTe's Privacy Seal and the "U.S. - Swiss Safe Harbor" framework.
6.1 If users leave comments or other contributions (e.g., in our blog at https://www.blink.it/blog), their IP addresses will be stored based on our legitimate interests under Article 6(1) point (f) GDPR.
6.2 This is done for our protection in the event that comments and contributions contain illegal content (such as insults, prohibited political propaganda). As we may ourselves be held liable for such comments or contributions, we have a legitimate interest in the contributor's identity.
7.1 Pursuant to our legitimate interests under Article 6(1) point (f) GDPR, we collect data about every access to the server on which this service is hosted (so-called server log files). Such access data include the name of the accessed website, file, the date and time of access, the transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and requesting provider.
7.2 For security reasons (e.g., for the investigation of abuse or fraud), log file information will be stored for a maximum of seven (7) days before being deleted. Data requiring further storage for evidential purposes are excluded from deletion until final clarification of the particular incident.
8.3 Users who do not wish cookies to be stored on their computers are asked to disable the corresponding settings in their browsers' system preferences. Stored cookies may be deleted according to the system preferences of the respective browser used. An opt-out from cookies may result in functional limitations of the online offer.
9.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3 Google will use such information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website, and to provide us with further services associated with the use of this website and the Internet. From the processed data, pseudonymous user profiles of users may be created.
9.4 As part of the advertising services provided by Google and its partners, we use Google Analytics to display ads only to those users who have shown an interest in our online services or share certain characteristics (e.g., interest in particular topics or products determined by the websites visited) that we submit to Google (so-called "remarketing" or "Google Analytics Audiences"). By using remarketing audiences, we also seek to ensure that our advertisements match users' potential interest instead of causing annoyance.
9.5 We solely use Google Analytics with IP anonymization enabled. That is, Google shortens the users' IP addresses in member states of the European Union or other countries which are members of the Agreement on the European Economic Area. Only under exceptional circumstances can the full IP address be transferred to a Google server in the USA and shortened there.
9.6 The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by configuring their browser software accordingly. Users may also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of these data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
9.7 Further information on Google's use of data, settings, and objection options can be found on Google's websites at https://policies.google.com/technologies/partner-sites?hl=en ("How Google Uses Information from Sites or Apps that Use Our Services"), https://policies.google.com/technologies/ads?hl=en ("Data use for advertising"), and https://adssettings.google.com/authenticated?hl=en ("Make the ads you see more useful to you").
10.1 Based on our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offer under Article 6(1) point (f) GDPR), we use the marketing and remarketing services (in short "Google Marketing Services") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
10.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3 Google Marketing Services allows us to display advertisements for and on our website in a more targeted manner in order to only present ads to users that potentially match their interests. For example, should a user be presented with ads for products that he/she has been interested in on other websites, this is referred to as "remarketing." For this purpose, a code generated by Google is executed directly by Google upon accessing our and other websites on which Google Marketing Services are active, and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are embedded into the website. With this technology, an individual cookie, i.e., a small file, is stored on the user's device (other, similar technologies may be used instead). Such cookies may be placed by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This cookie file records the websites the user has visited, what content he/she is interested in and which offers he/she has clicked on, along with the technical information about the browser and operating system, the referring websites, the time of the visit and other information related to the use of the online offer. IP addresses of users are also collected. In the context of Google Analytics, we would like to state that IP addresses within member states of the European Union or other countries, which are members of the Agreement on the European Economic Area, are shortened and are only in exceptional cases transferred in full to a Google server in the USA to be shortened there. Furthermore, the IP address will not be combined with the user's data within Google's other offers. Google may, however, combine the above-mentioned information with information from other sources. Subsequently, when the user visits other websites, the ads tailored to his/her interests may be presented to him/her.
10.4 Users' data are processed pseudonymously within the framework of Google Marketing Services. That is, Google does not, for example, store and process the name or email address of a user but processes the relevant data in a cookie-based manner within pseudonymous user profiles. From Google's perspective, ads are not managed and displayed for a specifically identified person, but the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly permitted Google to process the data without using pseudonymization. The information collected about users by Google Marketing Services will be transmitted to Google and stored on Google's servers in the USA.
10.5 The online advertising program "Google AdWords" is one of the services we use as part of the Google Marketing Services. In Google AdWords, each AdWords customer receives a different "conversion cookie." Thus, cookies cannot be traced through the websites of AdWords customers. Information collected by such cookies serves to compile conversion statistics for those AdWords customers who have opted for conversion tracking. AdWords customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. They will not, however, receive any information that can be used to identify users’ identities.
10.8 We may likewise use the "Google Optimizer" service. Google Optimizer lets us understand how some changes on a web page (e.g., changes of the input fields or the design) affect us by employing "A/B-testings." For such test purposes, cookies will be stored on users' devices. Thereby, only pseudonymous data of the users are processed.
10.9 Furthermore, we may use the "Google Tag Manager" to integrate and manage Google Analytics and Google Marketing Services into our website.
10.11. If you wish to opt-out of interest-based advertising via Google Marketing Services, you may do so by using the preference and opt-out options provided by Google: https://www.google.com/ads/preferences.
11.1 Based on our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6(1) point (f) GDPR), we use Facebook Social Plugins ("plugins") of the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Such plugins may display interaction elements or content (e.g., videos, graphics or text contributions) and are either recognizable by one of the Facebook logos (white "f" on a blue tile, the terms "Like," "Gefällt mir" or a "thumbs up" sign) or marked with the addition "Facebook Social Plugin." A list and the appearance of the Facebook Social Plugins can be obtained from https://developers.facebook.com/docs/plugins/.
11.2 Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
11.3 If a user invokes a function of an online offer that contains such a plugin, his/her device will establish a direct connection with Facebook servers. The plugin's content is transmitted by Facebook directly to the user's device and integrated into the online offer by it. User profiles may be created from the processed data. We have no control over the extent of the data that Facebook collects with the help of this plugin. Therefore, we inform the users to the best of our knowledge.
11.4 By integrating the plugins, Facebook receives the information that a user has visited the corresponding page of the online offer. Provided the user is logged in to Facebook, Facebook can assign the visit to the user's Facebook account. As you interact with the plugins, e.g., by pressing the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a Facebook member, it is still possible for Facebook to find their IP address and store it. According to Facebook, an anonymized IP address only is stored in Germany.
11.6 In case a user is a Facebook member and does object to Facebook collecting data about him/her using this online offer and linking it with his/her membership data stored on Facebook, he/she must log out of Facebook and delete his/her cookies before using our online offer. Further settings and objections to the use of data for advertising are possible within the Facebook profile settings https://www.facebook.com/settings?tab=ads, through the US site https://www.aboutads.info/choices/, or the EU site https://www.youronlinechoices.com/. These settings are platform-independent, meaning that they are applied to all devices, such as desktop computers or mobile devices.
12.1 Based on our legitimate interests in the analysis, optimization and economic operation of our online offer and for such purposes, we use a so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), on our online offer.
12.2 Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
12.3 By using Facebook Pixel, Facebook can identify visitors to our online offer as a target group to display ads (so-called "Facebook Ads"). We use Facebook Pixel to display Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online services or who share certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we submit to Facebook (so-called "custom audiences"). By using Facebook Pixel, we also seek to ensure that our advertisements match the potential interests of users instead of causing annoyance. Facebook Pixel also allows us to track the effectiveness of Facebook Ads for statistical and market research purposes by tracking whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion").
12.4 A Facebook Pixel is embedded directly by Facebook when you visit our websites and store a so-called cookie, i.e., a small file, on your device. If you log in to Facebook afterward or visit Facebook while logged in, the visit to our online offer will be logged in your profile. The data collected about you are anonymous to us, so we cannot determine the user's identity. However, the information is stored and processed by Facebook so that a connection to the respective user profile is possible and may be used by Facebook and for its market research and advertising purposes. Any data that we might send to Facebook for comparison will be encrypted locally on the browser and only then sent to Facebook via a secure HTTPS connection. The sole purpose is to compare the data with data encrypted by Facebook.
12.5 By using Facebook Pixel, we also use the additional function "advanced matching." This involves transmitting (encrypted) data such as telephone numbers, email addresses, or Facebook IDs of users to Facebook to form target groups ("Custom Audiences" or "Look-Alike Audiences"). Further information on "advanced matching": https://www.facebook.com/business/help/611774685654668).
12.6 Likewise, based on our legitimate interests, we use the "Custom Audiences from File" procedure of the social network Facebook, in which case the email addresses of newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine recipients of our Facebook ads. We seek to ensure that the ads are only displayed to users interested in our information and services.
12.7 The processing of the data by Facebook occurs within the framework of Facebook's Data Use Policy. General information on the display of Facebook Ads can be found in the Facebook Data Usage Policy: https://www.facebook.com/policy.php. For more specific information and details about the Facebook Pixel and how its works, please visit the Facebook help section: https://www.facebook.com/business/help/742478679120153.
12.8 You may object to the Facebook Pixel data collection and the use of the data to display Facebook Ads. To control what types of ads are presented to you within Facebook, you can go to the following Facebook page and follow the instructions for usage-based advertising settings: https://www.facebook.com/ds/preferences/entry_product_settings. These settings are platform-independent, meaning that they are applied to all devices, such as desktop computers or mobile devices.
13.1 blink.it GmbH & Co. KG uses HubSpot (HubSpot Inc., 25 First Street, 2nd Floor Cambridge, MA 02141, USA). Hubspot is an integrated software solution covering various aspects of our online offering.
These include, among others:
13.2 The registration service allows visitors to our website to learn more about our company, download content, and provide their contact details and other demographic information. This information and the contents of our website are stored on servers of our software partner HubSpot. They can be used by us to contact our website visitors and to determine which of our company’s services may be of interest to them.
13.3 HubSpot is certified under the "EU - U.S. Privacy Shield Framework" and is subject to TRUSTe's Privacy Seal and the "U.S. - Swiss Safe Harbor" framework.
14.1 On our website, users are given the opportunity to subscribe to our company's newsletter. The input mask used for this purpose shows which personal data are transmitted to the data controller when ordering the newsletter. With the following information, we would like to inform you about the contents of our newsletter, registration, dispatch, and statistical evaluation procedure as well as your rights of objection. By subscribing to our newsletter, you confirm your agreement with the receipt and procedures described.
14.2 Newsletter content: We send newsletters, emails, and other electronic notifications containing advertising information (hereafter "newsletters") solely with the recipients’ consent or a legal permission. Provided that in the context of a registration to the newsletter, its contents are specifically described, they are decisive for the approval of the users. Besides, our newsletters contain information about our products, offers, promotions, and our company.
14.3 Double-opt-in and logging: The registration for our newsletter occurs in a so-called double-opt-in procedure. After registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with a foreign email address. Newsletter registrations are logged to provide proof of the registration process according to statutory requirements. This includes storing the login and confirmation time as well as the IP address. Changes to your data stored by the data processor are also logged.
14.4 Data processor: Newsletters are sent via HubSpot (see point 13).
14.5 Newsletters from blink.it GmbH & Co. KG contain so-called tracking pixels. A tracking pixel is a thumbnail image embedded in such emails sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, the blink.it GmbH & Co. KG can recognize whether and when an email was opened, and which links contained in the email were invoked by the data subject.
Such personal data collected via tracking pixels, embedded in the newsletters, are stored and evaluated by the data controller to optimize the newsletter dispatch and to better adapt the content of future newsletters to the interests of the data subject. These personal data will not be passed on to third parties.
14.6 The use of the data processor, the performance of statistical surveys and analyses, and the recording of the subscription are based on our legitimate interests under Article 6(1) point (f) GDPR. Our interest is directed toward using a user-friendly and secure newsletter system that serves our business interests and meets the users' expectations.
14.7 Termination/Revocation: You may terminate the receipt of our newsletter (i.e., revoke your consent) at any time. Thereby, your consent to its mailing and the statistical analyses by the data processor concurrently expire; no separate cancelation of the mailing or the statistical evaluation is currently possible. A link to cancel the newsletter can be found at the end of each newsletter. If a user has registered for the newsletter only and canceled this registration, their personal data will be deleted.
15.1 Based on our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offer under Article 6(1) point (f) GDPR), we use the content or service offerings from third parties within our online offering to integrate their content and services, such as videos or fonts (hereafter uniformly referred to as "content"). Doing so always presupposes that the Third-Party Providers of such content are aware of the users' IP address since, without it, they would not be able to send the content to the users’ browsers. The IP address is therefore required to display this content. We make every effort to use only those contents whose respective providers solely use the IP address to deliver the contents. Third parties might also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through "pixel tags," information, such as visitor traffic on these website pages, can be evaluated. The pseudonymous information may further be stored in cookies on the user's device and may contain, among other things, technical information of the browser and operating system, the referring websites, visiting time, and other details regarding the use of our online offer or may be linked to such information from other sources.
15.2 The following description offers an overview of Third-Party Providers and their contents, including links to their privacy policies, which contain further information on the processing of data and, in some cases already mentioned here, the possibility to object (“opt-out”):
16.1 Upon request and free of charge, users have the right to receive information about the personal data we have stored about them.
16.2 Users also have the right of correction of inaccurate data, restriction of processing, and deletion of their personal data, if applicable, to exercise their rights to data portability and, in case of suspected unlawful processing, to complain with the relevant supervisory authority.
16.3 Users may also revoke their consent on principle with effect in the future.
17.1 Data stored by us will be deleted as soon as they are no longer required for their intended purpose, and no legal retention obligations prevent their deletion. In the event that user data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. That is, the data is blocked and not processed for other purposes. This applies, for example, to user data that must be stored for commercial or tax law reasons.
17.2 Pursuant to legal requirements, the retention period is six (6) years under §257(1) of the German Commercial Code (such as commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers) and ten (10) years under §147(1) of the German Fiscal Code (such as books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation).
Users may object to the future processing of their personal data at any time in accordance with the legal requirements. The objection may, in particular, be made against processing for direct marketing purposes.
Verantwortlicher im Sinne der Datenschutz-
Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other regulations of a data protection nature are the:
blink.it GmbH & Co. KG
Tel.: +49 6151 392169-0