Online Data Protection Policy
I. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Republic of Cyprus and the other EU member states as well as of other data protection regulations is[1]:
KM Bluebridge Limited (hereinafter «BlueBridge»)
50 Spyrou Kyprianou Avenue,
Irida Tower 3, Floor 5, 6057 Larnaca, Cyprus
E-mail: E.hello@bluebridgelimited.com
Website: https://bluebridgelimited.com
II. Provision of the Website and Preparation of Log Files
1. Description and Extent of the Data Processing
Every time the BlueBridge website is accessed, the system automatically records data and information from the computer system of the accessing computer.
The following data is collected:
(1) Information about the browser type and the version used
(2) The operating system of the user
(3) The internet service provider of the user
(4) The user’s IP address
(5) Date and time of the accesss
(6) Websites from which the user’s system reached our website
(7) Websites which were accessed by the user’s system via our website
This data is also stored in the log files of BlueBridge’s system. This data is not stored with the other personal data of the user
2. Legal Basis for the Data Processing
Art. 6 para. 1 f GDPR is the legal basis for the temporary storage of the data and log files.
3. Purpose of the Data Processing
The temporary storage by the system of the IP address is necessary in order to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must continue to be stored for the duration of the session.
The purpose of the storage in log files is to secure the proper functioning of the website. Moreover, the data helps to optimize the website and to ensure that the information technology systems of BlueBridge are secure. There is no evaluation of the data for marketing purposes.
These purposes provide the legitimate interest of BlueBridge in the data processing according to art. 6 para. 1 GDPR.
4. Period of Storage
The data is erased as soon as it is no longer necessary for achieving the purpose for which it was collected. In the case of the collection of data for delivering the website, this is the case when the respective session is terminated.
In the case of the storage of data in the log files, this is usually the case after seven days at the latest, but a longer storage time is possible. In this case the user’s IP address are erased or alienated, so that it is no longer possible to assign them to the accessing client.
5. Possibilities of Objection and Removal
The recording of the data for the provision of the website and the storage of the data in the log files is essential for the operation of the website. The user has no possibility to object to this.
III. Use of Cookies
1. Description and Extent of the Data Processing
The BlueBridge website uses cookies. Cookies are text files which are stored on the internet browser and in the user’s computer system by the internet browser. If a user visits a website, a cookie can be stored in the user’s operating system. This cookie contains a particular string of characters which makes a clear identification of the browser possible when the website is visited again.
BlueBridge employs cookies in order to make the BlueBridge website more user-friendly. Some elements of the BlueBridge website make it necessary for the accessing browser to be identifiable even after a change of internet page.
The following data is stored and transmitted in the cookies:
(1) Language settings
(2) Articles in a «shopping basket»
(3) Log in information
BlueBridge also uses cookies on the website which facilitate analysis of the user‘s internet surfing behavior.
The following data can be transmitted in this way:
(1) The search terms entered
(2) The frequency of site calls
(3) Use of website functions
The user data collected in this way is recorded by technical means in pseudonymous form. An assignment of the data to the user accessing the site is therefore no longer possible. The data is not stored together with other personal data of the user.
When visiting the BlueBridge website the users are informed about the employment of cookies for the purposes of analysis and their attention is drawn to this Online Data Protection Policy. In this connection the user is asked to accept or customize (including decline) the cookies/cookie settings.
2. Legal Basis for the Data Processing
Art. 6 para. 1 f GDPR is the legal basis for the processing of personal data using cookies.
3. Purpose of the Data Processing
The objective of using the necessary cookies is to make the use of websites easier for the user. Some functions of our website cannot be offered without employing cookies because they rely on the browser being recognized even after a change of internet page.
Cookies are required here for the following applications:
(1) Taking over language settings
(2) Memorizing search terms
The user data collected by means of the necessary cookies is not used to create user profiles. The analysis cookies are employed for the purposes of improving the quality of the BlueBridge website and its contents. The analysis cookies make it possible to find out how the website is used and BlueBridge can continually improve its offering.
These purposes provide our legitimate interest in the processing of personal data according to art. 6 para. 1 f GDPR.
4. Period of Storage, Possibilities of Objection and Removal
The cookies are stored on the user’s computer and transmitted by the user to the BlueBridge website. The user therefore has complete control over the use of cookies. By changing the settings on the internet browser the user can deactivate or limit the transmission of cookies. Cookies which are already stored can be deleted at any time. This can also be doe automatically. If cookies are deactivated for the BlueBridge website, it may no longer be possible for all functions of the website to be used to the full extent.
The transmission of Flash cookies cannot be stopped via the browser settings, but by changing the settings of the Flash Player.
IV. Newsletter
1. Description and Extent of the Data Processing
The BlueBridge website offers the possibility of subscribing to a newsletter free of charge. When registering for the newsletter, the data from the registration input mask are transmitted to BlueBridge.
In addition, the following data is collected on registration:
(1) IP address of the computer used for access
(2) Date and time of the registration
The user’s consent is obtained for processing the data within the framework of the registration process and attention is drawn to this Online Data Protection Policy.
No data is passed on to third parties in connection with the data processing for the dispatch of newsletters. The data is exclusively used for the dispatch of newsletters.
2. Legal Basis for the Data Processing
Art. 6 para. 1 a GDPR is the legal basis for the processing of data following registration for the newsletter by the user, provided that consent has been obtained.
3. Purpose of the Data Processing
The user’s e-mail address is obtained with the object of sending the newsletter to the user.
The collection of further personal data within the framework of the registration process has the purpose of preventing misuse of the services or of the e-mail address used.
4. Period of Storage, Possibilities of Objection and Removal
The data is erased as soon as it is no longer necessary for achieving the purpose for which it was collected.
Thus the user’s e-mail address will be stored as long as the newsletter subscription is active.
The other personal data collected within the framework of the registration process will generally be erased after a period of seven days.
The newsletter subscription can be cancelled at any time by the user concerned. A corresponding link for this purpose can be found in every newsletter.
V. Registration and Signing up to Webinars
1. Description and Extent of the Data Processing
On its website, BlueBridge offers the user the possibility to register with BlueBridge by giving personal data and for signing up to webinars.
Here, the data is entered in an input mask and transmitted to BlueBridge and stored. The data is not passed on to third parties. The following data is collected within the framework of the registration process: At the time of registration the following data is additionally stored:
(1) The user’s IP address
(2) Date and time of the registration
(3) Surname, first name, title
(4) E-mail address
(5) Language
The user’s consent for processing this data is obtained within the framework of the registration process.
2. Legal Basis for the Data Processing
Art. 6 para. 1 a GDPR is the legal basis for the processing of the data, provided that the user’s consent has been obtained.
If the registration has the purpose of fulfilling a contract to which the user is a contracting party or of taking steps prior to entering into a contract, the additional legal basis for the processing of the data is art. 6 para. 1 b GDPR.
3. Purpose of the Data Processing
A registration of the user is necessary to prepare certain contents and services on the BlueBridge website and for the user to be able to join a webinar.
A registration of the user is necessary for the fulfillment of a contract with the user or for taking steps prior to entering into a contract.
4. Period of Storage, Possibilities of Objection and Removal
The data is erased as soon as it is no longer necessary for achieving the purpose for which it was collected.
In respect of the data collected during the registration process, this is the case when the registration with the BlueBridge website is cancelled or amended.
In respect of the data collected during the registration process for the fulfillment of a contract or for taking steps prior to entering into a contract, this is the case when the data is no longer necessary for the implementation of the contract. After conclusion of the contract there may still be a necessity to store personal data, in order to meet contractual or statutory obligations.
The user has the possibility of cancelling the registration at any time. The user can have the stored data concerning the respective user amended at any time..
VI. Contact Form and E-Mail Contact
1. Description and Extent of the Data Processing
There is a contact form on the BlueBridge website which can be used for making contact electronically. If a user makes use of this possibility, the data entered in the input mask is transmitted to BlueBridge and stored.
This data is:
(1) The user’s IP address
(2) Date and time of the registration
(3) Surname, first name, title
(4) E-mail address
(5) Language
The user’s consent for the processing of the data is obtained within the framework of sending in the contact form, and attention is drawn to this Online Data Protection Policy.
Alternatively, contact can be made via the e-mail address provided by the user. In this case, the user’s personal data transmitted with the e-mail is stored.
No data is passed on to third parties in this connection. The data is used exclusively for the preparation of the conversation.
2. Legal Basis for the Data Processing
Art. 6 para. 1 a GDPR is the legal basis for the processing of the data, provided that the user’s consent has been obtained.
The legal basis for the processing of the data which is transmitted in the course of sending an e-mail is art. 6 para. 1 f GDPR. If the e-mail contact is aiming at the conclusion of a contract, the additional legal basis for the processing is art. 6 para. 1 b GDPR.
3. Purpose of the Data Processing
The processing of the personal data from the input mask only serves the purposes of facilitating contact. Where contact is made by e-mail, this constitutes the required legitimate interest in the data processing.
The other personal data processed during the sending in of the contact form have the purpose of preventing misuse of the contact form and ensuring that the information technology systems of BlueBridge are secure.
4. Period of Storage, Possibilities of Objection and Removal
The data is erased as soon as it is no longer necessary for achieving the purpose for which it was collected. In respect of the personal data from the input mask of the contact form and the data which was sent by e-mail, this is the case when the respective conversation with the user comes to an end. The conversation has come to an end when it is apparent from the circumstances that the relevant facts have been definitively clarified.
The personal data additionally collected during the sending in of the contact form will be erased after a period of seven days at the latest.
The user can revoke his consent to the processing of personal data at any time. If the user makes contact with
BlueBridge by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
In this case all personal data which were stored in the course of the contact will be erased.
VII. Web Analysis
1. Extent of the Processing of Personal Data
On its website BlueBridge uses the open source software tool Matomo (formerly PIWIK) for analyzing the user‘s internet surfing behavior. The software places a cookie on the user’s computer (for cookies, see above). If pages of our website are accessed, the following data is stored:
(1) Two bytes of the IP address of the accessing system of the user
(2) The accessed website
(3) The website from which the user reached the accessed website (referrer)
(4) The sub-pages which were accessed from the accessed website
(5) The length of the visit to the website
(6) The frequency of the access to the website
The software runs exclusively on the servers of the BlueBridge website. Storage of the personal data of the user only takes place there. Data is not passed on to third parties.
The software is set in such a way that the IP addresses are not stored completely, but that 2 bytes of the IP address is masked (example: 192.168.xxx.xxx). An assignment of the shortened IP address to the accessing computer is thus no longer possible.
The BlueBridge website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics employs so-called cookies, text files which are stored on the computer of the user and which facilitate an analysis of the use of the website by the user. The information about the use of this website by the user which is generated by the cookie is generally transferred to a server of Google in the USA and stored there. Should the IP anonymization on this website be activated, IP address of the user is previously shorthened by Google within member states of the European Union or in other states being parties to the Agreement European Economic Area.
It is only in exceptional cases that the full IP address is transferred to a server of Google in the USA and shortened there. Google will use this information to evaluate the use of the website by the user, to prepare reports about the website activities for the website owners and to provide further services connected of the website and the internet. Google will also transfer this information to third parties if necessary, with the use provided that this is required by law or that third parties process this data on behalf of Google. The IP address transmitted by the user’s browser under Google Analytics will not be joined up with other data of Google.
The user can prevent the installation of the cookies by a corresponding setting of his browser software; however, BlueBridge draws the user’s attention to the fact that the user cannot then use all the functions of this website to the full extent. By using this website the user declares that he or she consents to the processing of the data about the user collected by Google in the manner described above and for the purpose stated above.
2. Legal Basis for the Processing of Personal Data
Art. 6 para. 1 f GDPR E is the legal basis for the processing of the personal data of the users.
3. Purpose of the Data Processing
The processing of the user’s personal data enables BlueBridge to make an analysis of the user‘s internet surfing behavior. By evaluating the collected data, BlueBridge is in a position to compile information about the use of the individual components of the BlueBridge website. This helps BlueBridge continually to improve the website and its user-friendliness. These purposes provide the legitimate interest in the processing of data according to art. 6 para. 1 f GDPR. Due to the anonymization of the IP address, the user’s interest in the protection of his or her personal data is taken sufficiently into account.
4. Period of Storage, Possibilities of Objection and Removal
The data is erased as soon as BlueBridge no longer requires it for record-keeping purposes. This is the case after seven days at the latest.
Cookies are stored on the user’s computer and transmitted to the internet page of BlueBridge. The user therefore also has complete control over the use of cookies. By changing the settings in the internet browser, the user can deactivate or limit the transfer of cookies. Cookies which are already stored can be erased at any time. This can also be done automatically. If cookies are deactivated for the BlueBridge website, it may no longer be possible for all functions of the website to be used to the full extent.
Further information about the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/.
VIII. Rights of the Data Subject
If personal data concerning you is processed, you are a data subject within the meaning of the GDPR and entitled to exercise the following rights against the controller:
1. Right of Access
The user can demand a confirmation from the controller as to whether personal data concerning the user is processed by BlueBridge.
Where such processing takes place, the user can demand information from the controller about the following:
(1) The purposes for which the personal data is processed;
(2) The categories of personal data which are processed;
(3) The recipients and/or the categories of recipient to whom the personal data concerning the user has been or will be disclosed;
(4) The envisaged period for which the personal data concerning the user will be stored or, in case concrete information is not possible here, the criteria for determining the duration of the storage;
(5) The existence of a right to rectification or erasing of the personal data concerning the user, of a right to restriction of the processing by the controller or a right of objection against this processing;
(6) The existence of a right of appeal to a supervisory authority;
(7) All available information about the origin of the data, where the personal data is not collected from the data subject;
(8) The existence of a decision based on automated processing including profiling according to art. 22 paras. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the consequences and the intended effects of such processing for the data subject.
The user has the right to demand information as to whether the personal data concerning the user is transferred to a third country or an international organization. In this case, the user can demand to be informed about the appropriate safeguards according to art. 46 GDPR in connection with the transfer.
2. Right to Rectification
The user has a right to obtain from the controller rectification and/or completion, provided that the processed personal data concerning the user is inaccurate or incomplete. The controller has to make the rectification without delay.
3. Right to Restriction of Processing
The user can demand the restriction of the processing of the personal data concerning the user where one of the following applies:
(1) If the user contests the accuracy of the personal data concerning him or her, for a period enabling the controller to verify the accuracy of the personal data;
(2) The processing is unlawful and the user opposes the erasing of personal data and requests the restriction of its use instead;
(3) The controller no longer needs the personal data for the purposes of the processing, but it is required by the user for the establishment, exercise or defense of legal claims; or
(4) The user has objected to processing pursuant to art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing of the personal data concerning the user has been restricted, such data shall - with the exception of storage - only be processed with the user’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.
A user who has obtained restriction of processing pursuant to the above will be informed by the controller before the restriction of processing is lifted.
4. Right to Erase
a) Obligation to erase
The user has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;.
(2) The user withdraws consent on which the processing is based according to art. 6 para. 1 a or art. 9 para. 2 a GDPR, and there is no other legal ground for the processing.
(3) The user objects to the processing pursuant to art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the user objects to the processing pursuant to art. 21 para. 2 GDPR.
(4) The personal data concerning the user has been unlawfully processed.
(5) The personal data concerning the user has to be erased for compliance with a legal obligation under Swiss law, European Union law or member state law to which the controller is subject.
(6) The personal data concerning the user has been collected in relation to the offer of information society services referred to in art. 8 para. 1 GDPR.
b) Information to Third Parties
Where the controller has made the personal data concerning the user public and is obliged to erase the personal data pursuant to art. 17 para. 1 GDPR, the controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the user as data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
c) Exceptions
There is no right to erase to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Swiss law, law of the European Union or member states to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
(3) for the establishment, exercise or defense of legal claims
5. Right to Notification
Where the user has exercised the right to rectification, erasure or restriction of processing towards the controller, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning the user has been disclosed, unless this proves impossible or involves disproportionate effort.
The user has the right to be informed by the controller about those recipients.
6. Right to Data Portability
The user has the right to receive the personal data concerning the user which the user has provided to a controller, in a structured, commonly used and machine-readable format. The user further has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
(1) the processing is based on consent pursuant to art. 6 para.1 a or art. 9 para. 2 a GDPR or on a contract pursuant to art. 6 para. 1 b GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, the user further has the right to have the personal data transmitted directly from one controller to another, where technically feasible. This further right may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to a processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to Object
The user has the right to object, on grounds relating to the user’s particular situation, at any time to processing of personal data concerning the user which is based on art. 6 para. 1 e or art. 6 para. 1 f GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning the user unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or for the establishment, exercise or defense of legal claims.
Where personal data is processed for direct marketing purposes, the user has the right to object at any time to processing of personal data concerning the user for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the user objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the user may exercise his or her right to object by automated means using technical specifications.
8. Right to Withdraw Consent
The user has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
The user has the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning the user or similarly significantly affects the user. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between the user and the controller,
(2) is authorized by Swiss law or by law of European Union or member states to which the controller is subject and these legal provisions lay down suitable measures to safeguard the user’s rights and freedoms and legitimate interests or
(3) is based on the user’s explicit consent.
However, these decisions may not be based on special categories of personal data referred to in art. 9 para. 1 GDPR, unless art. 9 para. 2 a or art. 9 para. 2 g GDPR apply and suitable measures to safeguard the user’s rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the controller will implement suitable measures to safeguard the user’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, the user has the right to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, the place of work or the place of the alleged infringement if the user considers that the processing of personal data relating to the user infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to art. 78 GDPR.
[1] The term "GDPR" shall also encompass other national data protection laws of the Republic of Cyprus and the other EU member states as well as of other data protection regulations.