Thank you for visiting our website www.bluebirdoptimization.com and for your interest in our business. With the aim of offering you the highest possible degree of transparency, we inform you in the following about the nature, scope and purpose of the collection, processing and use of personal data that arise in the context of the use of our website. You can access the General Data Protection Regulation (hereinafter referred to as "GDPR") as a complete document here.
Content
1. Definitions of terms
2. Controller according to Article 4 No. 7 GDPR
3. Legal basis of data processing
4. Retention of data / deletion of data
5. Disclosure of personal data
6. Collection of personal data
6.1 Exclusively informational use of our website
6.2 Contact via e-mail
6.3 Contact form
7. Tally
8. Webflow
8.1 Hosting
8.1.1 Fastly
8.1.2 Amazon CloudFront
8.2 Cloudflare
8.3 webflow.com
8.4 Legal basis
9. Your rights
10. Right of objection
11. Data security
The following terms that we use within our privacy policy are defined within Art. 4 GDPR. This is only an excerpt from Art. 4 GDPR. You can view all definitions in the GDPR (available here).
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Third party is a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity (Art. 4 No. 18 GDPR).
Tim Varelmann
Starenweg 13
48429 Rheine
Germany
Phone: +49 152 25216986
E-mail: tim@bluebirdoptimization.com
You can find our complete imprint here:
https://www.bluebirdoptimization.com/imprint
For each processing described within our privacy policy, we will inform you of the corresponding legal basis on which the processing is carried out. A distinction is made here between the following groups of cases in which processing is lawful:
Within the processing described in our privacy policy, we will inform you of the corresponding storage period or the times of deletion or blocking of data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for the storage is no longer given. Storage may take place beyond the defined periods if legal regulations to which we are subject (e.g., § 147 AO, § 247 HGB) stipulate a different storage period.
Following the storage period, the personal data will be deleted or blocked, unless further storage is required by us by a specific legal basis. In addition, storage beyond the specified period is possible in the event of a (possible) legal dispute with you or other legal proceedings.
If your personal data is passed on, you will be informed accordingly at the relevant point in our data protection declaration. If your personal data is transferred outside the European Economic Area and thus to so-called third countries, you will be informed accordingly at the relevant point in our data protection declaration. In principle, we will only transfer personal data to third countries where an adequate level of protection has been confirmed by the EU Commission or where we can ensure careful handling of the personal data on the basis of contractual agreements or other suitable guarantees.
In the following, we will inform you about the collection of personal data (such as name, e-mail address, address or user behaviour). The provision of the data is neither legally nor contractually required. You are neither legally nor contractually obligated to provide the data. Please note, however, that without providing the data from item 6.1, the use of our website is not possible. Automated decision-making including profiling according to Art. 22 para. 1 and para. 4 GDPR does not take place on our website.
If you do not register on our website (for example, in the form of a newsletter) or otherwise transmit data to us (for example, by using a contact form), only those personal data are collected that are transmitted by your browser to our server. This is data that is technically necessary for us to provide you with the website for viewing while ensuring a secure and stable display. This is the following information, which is derived from a log file line:
The legal basis for the collection of the listed data results from Art. 6 para. 1 lit. f GDPR. We have a legitimate interest to ensure an error-free connection setup and a comfortable use of our website as well as to analyse the system stability and security and to use the data for further administrative purposes.
When contacting us via the e-mail address provided in section 2 or other e-mail addresses of our business published on our website, your e-mail address as well as other contact data available within your e-mail (e.g., your name or your telephone number) will be stored by us in order to process your request. This data will be deleted immediately as soon as further storage is no longer necessary. If there are legal retention periods with regard to the data, the deletion of the data will be replaced by a corresponding restriction of the processing. The legal basis for processing the data results from Art. 6 para. 1 lit. b GDPR or from Art. 6 para. 1 lit. f GDPR, depending on the reason for sending the e-mail, i.e., it is either for the purpose of processing the contract concluded with you and fulfilling our (pre-)contractual obligations or is based on our legitimate interest in contacting people interested in our service.
When contacting us through the contact form available on our website, the contact data you provide will be stored and processed by us in order to process your request. The legal basis for processing the data results from Art. 6 para. 1 lit. b GDPR or from Art. 6 para. 1 lit. f GDPR, depending on the reason for contacting us, i.e., it is either for the purpose of processing the contract concluded with you and fulfilling our (pre-)contractual obligations or is based on our legitimate interest in contacting prospective customers of our service.
For occasional surveys hosted on this website, we use surveys provided by the company Tally, registered at August van Lokerenstraat 71, 9050 Ghent (Belgium) (hereinafter referred to as “Tally”). We have entered into an order processing agreement with the company which contains the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (available in English here). Tally's privacy policy is available here: https://tally.so/help/privacy-policy. The legal basis for data processing within the meaning of the above is Article 6 para. 1 lit. b GDPR.
Our website is hosted by the company Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103 (hereinafter referred to as "Webflow"). At the same time, Webflow provides the content management system for our website. We have entered into an order processing agreement with the company which contains the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (available in English here). Webflow's global privacy policy is available here: https://webflow.com/legal/privacy. The privacy policy for the EU and Switzerland is available here: https://webflow.com/legal/eu-privacy-policy.
Webflow hosts our website using the Content Delivery Networks of the US companies Fastly Inc. and Amazon Web Services, Inc. A Content Delivery Network is a network of spatially distributed, possibly interconnected servers. The server used is always the one closest to the respective user of the website. The CDN used here includes servers in North America and parts of Europe. For more information, please visit the following Webflow page: https://webflow.com/blog/what-to-look-for-in-a-web-hosting-service.
Webflow hosts our website using the Content Delivery Network of the US company Fastly Inc. 475, Brannan St. #300, San Francisco, CA 94107. You can access the company's privacy policy here: https://www.fastly.com/privacy/.
Webflow hosts our website using the Content Delivery Network of the US company Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109. The CDN is called Amazon CloudFront. You can access the company's imprint here: https://aws.amazon.com/de/impressum/?nc1=f_cc. The company's privacy notice can be accessed here: https://aws.amazon.com/privacy/
To ensure cross-browser compatibility, so that the modern functionality of Webflow pages is also available in older browsers that do not natively support it, JavaScript is integrated on the part of Webflow using the CDN Cloudflare. The operator of the CDN is the company Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107. The privacy policy of the company can be found here: https://www.cloudflare.com/privacypolicy/
Furthermore, there is a connection to the domain webflow.com. This domain belongs to the company Webflow. Images and other assets that are integrated into our website are hosted there. This domain of the company Webflow is also hosted via the CDNs Fastly and Amazon CloudFront.
The legal basis for data processing within the meaning of the above is Article 6 para. 1 lit. b GDPR. In addition, a transfer of data to the USA and thus to a so-called unsafe third country within the meaning of the GDPR takes place in sections 8.1. - 8.3. The data transfer is nevertheless permissible. The legal basis for this lies in Art. 46 para. 1, para. 2 lit. c GDPR (standard contractual clauses) or in Art. 49 para. 1 lit. b GDPR and thus in the fulfilment of a contract between us and you as a user or in the need to carry out pre-contractual measures. For the USA, there is currently neither an EU adequacy decision nor other suitable guarantees. The protection of your data cannot be guaranteed in the destination country USA. In the USA, there is currently no level of data protection equivalent to that in the EU. Therefore, the transfer is associated with corresponding risks. In particular, there are no guarantees that your transmitted data will not be accessed by government authorities. For example, it cannot be ruled out that U.S. authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA) and/or on the basis of the so-called CLOUD Act (Clarifying Lawful Overseas Use of Data Act). In this context, we expressly point out that you as an EU citizen have no effective legal protection against the processing of your data by US authorities.
Below we clarify your rights under the GDPR. You can access the GDPR as a complete document here.
You have the right to obtain confirmation from us as to whether or not personal data relating to you is being processed. If the answer is in the affirmative, in addition to the right to access the personal data, you have a right to information about the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients to whom your personal data have been disclosed or will be disclosed in the future (in particular in the case of recipients in third countries or international organisations), the storage period or criteria for determining the storage period, the existence of a right to rectify or erase the personal data concerning you or the right to restrict processing on our part, as well as about the existence of a right to object to such processing, the existence of a right to lodge a complaint with a supervisory authority, any available information about the source of the data (in the event that it was not collected by us), the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.
You have the right to obtain from us without undue delay the rectification of inaccurate
personal data concerning you. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right to obtain from us the erasure of personal data concerning you without undue delay. However, according to Art. 17 para. 3 GDPR, this right does not exist if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest in the field of public health, for archiving purposes in the public interest or for the establishment, exercise or defence of legal claims.
You have the right to obtain from us the restriction of processing of your personal data if you contest the accuracy of your personal data (the restriction applies here for the period that enables us to check the accuracy), the processing of your personal data is unlawful and you oppose its erasure and request the restriction of their use instead, we no longer need your personal data for the processing purposes, but you need it to establish, exercise or defend legal claims or you object to the processing pursuant to Art. 21 (1) GDPR (the restriction applies here as long as it has not yet been determined whether our legitimate reasons outweigh yours).
You have the right to obtain from us the personal data concerning you in a structured, commonly used and machine-readable format, as well as to have it transmitted to another controller without hindrance from us (or to request that it be transferred directly from us to another controller, if this is technically feasible), if the processing by us was based on consent or a contract or was carried out with the help of automated processes.
You have the right to withdraw your consent at any time with effect for the future, so that the data processing based on the consent can no longer be continued in the future, but the lawfulness of the processing based on consent before its withdrawal is not affected.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. As a rule, you can contact the supervisory authority of your habitual residence, your place of work or the place of the alleged infringement. For more information, please visit the website of the Federal Commissioner for Data Protection and Freedom of Information.
In addition to the aforementioned rights, you also have the right to object at any time with future effect to the processing of your personal data which is carried out on the basis of the performance of a task carried out in the public interest or in the exercise of official authority (Article 6 para. 1 lit. e GDPR) or for the protection of legitimate interests on our part (Article 6 para. 1 lit. f GDPR), provided that there are grounds for doing so which arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In the case of processing of your personal data for the purpose of direct marketing or profiling, where there is a link to direct marketing, you have a general right to object without having to provide reasons based on your particular situation. In the event of an objection, we will immediately cease processing the personal data for these purposes. To exercise your right of revocation or objection, simply send an e-mail to: tim@bluebirdoptimization.com
Our website uses the encryption and communication protocol TLS 1.3 (Transport Layer Security). Through the TLS certificate used by us and issued by a certification authority, we enable an encrypted data exchange between web browser and web server, whereby sensitive data cannot be read by third parties. We use the procedure with the highest encryption level that your browser supports, which is usually 256-bit encryption. The higher the bit number, the longer the key and the better the protection against third parties.