Blutsgeschwister GmbH
Data Protection Statement
1. Introductory Remarks
Thank you for your interest in our business. We take data protection seriously.
Fundamentally, you can use our website without providing any personal data. If you would like to make use of our business website, we may need to process your personal data.
The processing of personal data (e.g. name, address, email address or telephone number of the person concerned) is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the current country-specific data protection regulations.
As data controllers, we have implemented numerous technical and organisational measures to ensure that as far as possible there are no gaps regarding the protection of the personal data processed through our website. However, there can, fundamentally, be security gaps whenever data is transferred over the internet. Therefore, 100% protection cannot be guaranteed. As a result, you can instead communicate your personal data to us by other means, such as by telephone.
2. Name and contact data of the Responsible Person and the Data Protection Officer
a) Responsible Person
The Responsible Person for the purposes of the General Data Protection Regulation and other national data protection legislation in the Member States, as well as data protection laws elsewhere is:
Blutsgeschwister GmbH
Kreuzbergstrasse 28
10965 Berlin
Germany
Tel.: +49 (0)30 - 5557181-91
Email: service@blutsgeschwister.de
Website: www.blutsgeschwister.de
b) Data Protection Officer
The contact details for the Data Protection Officer of the Responsible Person are as follows:
datenschutz nord GmbH
Branch Berlin-Charlottenburg
Kurfürstendamm 212
10719 Berlin
E-Mail: office@datenschutz-nord.de
3. Collection and storing of personal data; types and purposes of personal data use
a) Visiting our website
Fundamentally, you can use our website without having to disclose your identity. If you wish to use our website purely to get information, and so do not register with us or otherwise transfer information to us, the browser on your device will automatically send information to the server for our website. This information will be stored temporarily in a log file and then automatically deleted after 30 days. Where these log files need to be stored for a longer period of time as evidence, they are exempted from deletion until the specific situation has finally been clarified, and this information can be, on a case by case basis, passed to investigative authorities. The following information is collected and saved until the automatic deletion, without requiring your input:
- The IP-Adresse of the accessing computer;
- Date and time of access;
- Name and URL of the accessed file;
- Website through which it was accessed (referrer URL);
- The browser used and if necessary, the operating system of your computer, as well as the name of your access provider; and
- The volume of data transferred.
We process the data described below for the following purposes:
- To guarantee that a smooth connection to our website is established;
- To guarantee that our website is comfortable to use;
- To investigate faults and for reasons of security;
- To protect and defend our rights;
- To evaluate the system security and stability; and also
- For other administrative purposes.
The legal basis for the processing of data is Article 6(1)(f) of the GDPR. Our legitimate interest for the collection of data follows from the purposes itemised above. We never use the data collected to draw any conclusions about you as an individual.
Furthermore, we use cookies and other technologies (hereinafter “cookies“)
when you visit our website. Further information is available under point 5 of this data protection statement.
b) Other functions and offers on our website
Besides using our website for purely informational purposes, you may wish to use some of our other services. These services will generally require you to enter additional personal data, which we use to deliver that particular service and to which the aforementioned principles of data processing apply.
Sometimes, we use external service providers when processing your data. We have carefully selected and authorised these providers and they abide by our policies.
Furthermore, we may pass on your personal data to a third party, in circumstances where we are offering you the opportunity to take part in special offers, competitions, the conclusion of a contract, or similar services that we are offering jointly with our partners. You can find out more information about this at the point that you supply your personal data, or further down in the description of that offer.
Where the registered office of our service provider or partner is based in a country outside the European Economic Area (EEA), we will explain the implications of this in the description of the offer.
c) Withdrawing or objecting to the use of your personal data
1. THE RIGHT TO WITHDRAW
If you have granted consent for the processing of your data as per Article 6(1)(a) of the GDPR, you may withdraw this consent at any time. Once you have informed us, this withdrawal affects the legitimacy of processing your personal data.
2. RIGHT TO OBJECT
Provided that your personal data is being processed based on legitimate interests as per Article 6(1)(f) of the GDPR, you have the right, as per Article 21 of the GDPR, to raise an objection to the processing of your personal data, where grounds for this exist, either arising from your particular circumstances or from an objection to direct marketing. If it is the latter, you have a general right to object without making reference to a particular situation that we have carried out.
If you wish to make use of your right to withdraw or object, simply email us at: service@blutsgeschwister.de
d) Contacting us
You can use our website to contact our customer services for all your questions about online orders, invoices or returns. When you make contact with us, if it is necessary for the processing of your request, we may record personal data such as your name, email address and telephone number. This data is stored and used purely for the purposes of responding to your request, and more specifically to establish contact and for the related technical administration. The legal basis for this data processing, where it concerns a service provision and no contract arises from it, is our legitimate interest to respond to your concern as well as to market and improve our products and services, provided that this is carried out in accordance with the requirements of data protection regulations and competition law, as per Article 6(1)(f) of the GDPR. If that contact leads to you performing a transaction, then the additional legal basis for the data processing is Article 6(1)(b).
e) Ordering through our website — Data processing registrations and processing contracts
You can order from our website as a guest, or you can register as a customer for future orders. The advantage of registering with us is that for future orders, you can simply log into our online shop directly using your email address and password, without needing to enter your contact details again. Your personal data will be entered into an input mask and then transferred to us and stored.
When you place an order with us, both for guest orders as well as registrations for the online shop, we initially collect the following data:
- Title, first name, surname;
- A current email address;
- Address;
- Telephone number (landline and/or mobile).
The collection of this data is:
- To identify you as our customer;
- To be able to process, fulfil and settle your order;
- To correspond with you;
- For invoicing purposes;
- For the settling of any existing liability claims, as well as the enforcement of any claims against you;
- To ensure the technical administration of our website;
- For the management of our customer information.
This data processing is part of the ordering process and/or is necessary as per Article 6(1)(b) of GDPR for the named purposes of processing your order and the mutual fulfilment of obligations that arise from the sales agreement. Additionally, we may pass your payment data to our payment services providers. The legal basis for this is also Article 6(1)(b).
Moreover, we can process the data provided by you to provide you with technical information by email, or to let you know about more interesting products from our range, since this promotional marketing follows from our justifiable interests in Article 6(1)(f) GDPR for a simple and cost-effective approach to our registered customers, while taking into consideration the stringent requirements of Section 7 para. 3 of German unfair competition law.
4. Transfer of data
a) General information
aa) Transfer to a third party inside the European Union
We will only transfer your personal data to those third parties who require it for the fulfilment of particular legitimate purposes.
Where our assigned external service providers receive personal data for these purposes, we make sure that when we select our partners that appropriate technical and organisational measures have been implemented, and the necessary agreements are concluded, so that the processing is carried out in line with the current data protection regulations and the protection of the rights of the individual person concerned can be guaranteed.
In light of this, we will only transfer your personal data to third parties, other than the service providers named below under b), if:
- You have explicitly given your consent for this as per Article 6(1)(a) of the GDPR;
- The transfer is necessary as per Article 6(1)(f) of the GDPR for the enforcement, exercise or defence of a legal claim, and there is no reason to assume that you have a dominant legitimate interest regarding the transfer of your data;
- There exists a legal obligation for the transfer as per Article 6(1)(c) of the GDPR;
- This is legally permissible and is required as per Article 6(1)(b) of the GDPR for the processing of contractual relationships with you.
bb) TRANSFERS TO THIRD COUNTRIES
Personal data will only be transferred to a third country or an international organisation if we inform you of this, and the conditions of Article 44 ff of the GDPR are met.
A country is designated to be a third country if it is outside the European Economic Area (EEA), where GDPR does not directly apply. A third country is deemed to be insecure, if the EU Commission has not enacted any adequate arrangements for this country as per Article 45(1) of the GDPR, for which it is has been confirmed that there is reasonable protection for personal data in that country.
The current adequacy decision of the EU Commission has determined that since the new EU-US data protection framework (EU-U.S. Data Privacy Framework (DPF)) came into effect, the USA, as a GDPR third country, now has an appropriate level of data protection if the receiving US company has successfully completed the DPF certification process. The large US companies we use (Meta (Facebook, Instagram, WhatsApp), Google, Microsoft) have already achieved DPF certification, so do not need to implement additional data protection measures. The US companies we use that have not yet been certified have ongoing contractual clauses in place that meet the DPF regulations and so ensure a level of data protection that corresponds to Art. 46 of the GDPR.
If you only activate ‘technically necessary cookies’, the transfer of data described above does not take place.
We will tell you when and how we transfer your personal data to the USA or to other insecure third countries. We will only transfer your personal data, if:
- The receiver provides an adequate guarantee for the protection of personal data as per Article 46 of the GDPR;
- You have explicitly given your consent to the transfer, after we have informed you of the risks in relation to Article 49(1)(a) of the GDPR;
- The transfer is necessary for the fulfilment of contractual obligations between you and us; or
- Another exception from Article 49 of the GDPR applies.
Guarantees that meet the requirements of Article 46 of the GDPR can be called standard contractual clauses. In these standard contractual clauses, the receiver of the data ensures that the data will be sufficiently protected and so guarantees a level of protection comparable to the GDPR.
b) Transfer of data for order processing
A transfer of your personal data from us to a third party for the order processing is exclusively carried out for the purposes of the service partners concerned with implementing the contract: for example, transfers to logistics companies to whom the delivery has assigned, and transfers to the payment service providers who are processing payments. Where your personal data is transferred to a third party, the amount of data transferred is kept to a bare minimum. The legal basis for this transfer of data is always Article 6(1)(b) of the GDPR.
aa) Transfer of personal data to shipping providers
If the delivery of the goods is undertaken by a transport service provider who will coordinate the delivery dates and in particular where they supply delivery notifications, we will pass on your email address as per Article 6(1)(a) of the GDPR before the shipment of the goods, for the purposes of coordinating a delivery date and particularly for the delivery notification, provided that you have granted explicit consent for this during the ordering process. Otherwise, we will only pass on the names of the recipients and the delivery address to the transport service provider as per Article 6(1)(b) of the GDPR, for the purposes of the delivery. This transfer is only carried out insofar as it is necessary for the shipment of the goods.
bb) Use of payment providers
Your payment data will be transmitted to the respective payment service provider, depending on the payment method you have selected. The legal basis for payment processing is Art. 6 (1) sentence 1 lit. b GDPR, as well as Art. 6 (1) sentence 1 lit. a GDPR if you have given your consent. The processing of your personal data is necessary for the performance of the contract with you, while the choice of payment method is entirely up to you. Responsibility for your payment data lies with the payment service provider. Information in particular about the entity responsible at the payment service providers, the contact details of their data protection officers, and the categories of personal data processed by the payment service providers can be found at the respective internet addresses listed below.
When paying by credit card or Sofortüberweisung (instant transfer), we transmit your payment data as part of the payment process to the payment service provider BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany, www.bspayone.com (hereinafter “BS PAYONE”). The credit card details you enter on shop.blutsgeschwister.de are received directly and in encrypted form by BS PAYONE. BS PAYONE stores and processes only those personal data necessary for providing the respective service.Depending on the selected payment method, the following data may in particular be processed during the payment transaction: IBAN, card number, security code, as well as other transaction data (e.g., date/time of the transaction, payment amount). BS PAYONE is PCI DSS certified and therefore meets the highest requirements for the secure handling and storage of credit card data.
For the payment methods PayPal and Sofortüberweisung, no payment information is stored on the servers of Blutsgeschwister GmbH. If you select the Sofortüberweisung payment method, payment processing takes place via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we transmit the information you provided during the order process together with details of your order. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is transferred solely for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary for this purpose.
Further information on SOFORT’s data protection provisions can be found at: https://www.klarna.com/sofort/privacy-policy. Additional information on data protection can also be found in the PAYONE privacy policy: https://www.payone.com/privacy/.
Through the payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands (hereinafter “Mollie”), we offer payments in our online shop via credit card, Apple Pay, Google Pay, Twint, and Klarna.
If you choose to pay via credit card, Apple Pay, Google Pay, Twint, or Klarna, the following personal data will be transmitted to and processed by Mollie:
- Your payment details (e.g., bank account number or credit card number)
- Your IP address
- In some cases, your first and last name
- In some cases, your address details
- In some cases, information about the product you purchased from us
- Other personal data you actively provide, for example through correspondence or by telephone.
Further information on data processing when using the payment service provider Mollie can be found in the corresponding privacy policy: https://www.mollie.com/de/privacy
When paying via PayPal or PayPal Express, both payment services of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg), all PayPal transactions are subject to the PayPal Privacy Policy. You can find it here: https://www.paypal.com/de/legalhub/paypal/privacy-full.
payolution GmbH (a company of Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany, https://www.unzer.com/de)
If you select “purchase on account” and – where offered – “payment in instalments,” processing takes place via the payment service provider payolution GmbH, Stiege 1 / 5th floor, Columbusplatz 7–8, 1100 Vienna, Austria. After conclusion of the purchase contract, we assign the payment claim against you to payolution GmbH. In the course of the order process, you consent to the transfer of your personal data to payolution GmbH for the purpose of identity and credit checks as well as contract processing.
The privacy notice of payolution GmbH for end customers, in which payolution GmbH acts as the controller for the processing of your personal data, can be found here: https://a.storyblok.com/f/118211/x/36efb2d796/datenschutz-payolution-gmbh-endkunden-21122021.pdf.
The supplementary privacy notice of payolution GmbH for purchase on account, regarding their processing of your personal data as controller, can be found here.
When making a purchase on account and – where offered – by instalment payment, we transmit the required personal information (first name, last name, address, email address, telephone number, date of birth, IP address, gender) together with the data necessary to execute the transaction (items, invoice amount, interest, instalments, due dates, total amount, invoice number, tax amount, currency, order date and time) to payolution GmbH as well as to Bank Frick & Co AG, Landstrasse 14, 9496 Balzers, Liechtenstein, to whom we assign our purchase price claim against you.
For the purpose of deciding on the purchase of the claim, the aforementioned companies carry out a credit check as independent controllers. The legal basis for our transmission is our legitimate interest in economic protection when offering these payment methods, as well as compliance with our civil-law obligations to provide the necessary information to the purchaser of the claim (Art. 6 (1) sentence 1 lit. f GDPR). Our interests are compelling when these payment methods are chosen, since otherwise no credit check and therefore no claim purchase would be possible. For this reason, an objection to this data processing (Art. 21 (1) GDPR) is not possible if you wish to continue using these payment methods; however, you may choose another payment method.
Klarna: When selecting the payment method "Klarna Invoice," the processing is carried out via the payment service provider Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). General information about Klarna can be found here. In this process, personal data of yours is transmitted to Klarna.
The personal data transmitted to Klarna generally includes your first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, as well as other data necessary for processing an invoice purchase. Also required for processing the purchase contract are those personal data that are connected with the respective order. In particular, this may include the exchange of payment information, such as bank account details, card number, expiry date and CVC code, quantity of items, item numbers, data regarding goods and services, prices and tax information, details of previous purchasing behavior, or other information concerning your financial situation.
The transmission of data is primarily intended for identity verification, payment administration, and fraud prevention. We will transmit personal data to Klarna especially where there is a legitimate interest in doing so. The personal data exchanged between us and Klarna will be passed on by Klarna to credit reference agencies. This transfer serves the purpose of identity and credit checks.
Klarna also shares personal data with affiliated companies (Klarna Group), service providers, or subcontractors, insofar as this is necessary to fulfill contractual obligations or where the data is to be processed on behalf of Klarna. To decide on the initiation, execution, or termination of a contractual relationship, Klarna collects and uses data and information regarding your previous payment behavior as well as probability values for your future behavior (so-called scoring). The calculation of scoring values is carried out on the basis of scientifically recognized mathematical-statistical methods.
You have the right to revoke your consent to the handling of personal data at any time with Klarna. Such revocation does not affect personal data that must necessarily be processed, used, or transmitted for (contractual) payment processing.
The applicable data protection provisions of Klarna can be found at: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
You can also use "Manage tracking settings" on the footer of our website to withdraw your consent at any time, either for a particular tracking technology category or for individual services, or instead use the consent withdrawal option for the respective service. In each case, this will affect your future use of the service. .
b) Types of tracking technology
The cookies used on our website can originate from us or from third-party providers.
Within our company, we will only pass on your personal data to those places and persons, who require this data to fulfil their contractual and legal obligations or to pursue our legitimate interests. No individual decisions, in the sense of Article 22 of the GDPR, are made.
The following four categories of cookies are used: namely technically necessary, functional, statistical and marketing cookies.
The following information explains these different categories::
- Technically necessary cookies
These cookies are necessary for technical reasons: to enable the optimal navigation and operation of our website. They ensure the proper operation of the essential functions of our website (e.g. the shopping basket function, meaning that the items in your shopping basket remain saved while you continue shopping). Furthermore, these cookies serve to save the particular inputs and settings that you have made, so that you do not need to constantly repeat them. When you visit and use our website, you must always keep these cookies activated. Without technically necessary cookies our website either cannot be used, or only in a restricted way. The legal basis for the use of technically necessary cookies is Section 25 para. 2 of the Telecommunications-Telemedia Data Protection Act (abbreviated in German to TTDSG). You can find out from the respective service which legal basis they are using each time for the processing for personal data, based on the data protection regulations.
- Functional cookies
We use functional cookie technology to add more functions to our website. This upgrades our website, meaning that it gets better and more user friendly. These cookies can be blocked without the navigation and operation of the website being affected. The legal basis for the use of functional cookies is Section 25 para. 1 of the Telecommunications-Telemedia Data Protection Act (abbreviated in German to TTDSG), meaning that you have given your consent. You can find out from the respective service which legal basis they are using each time for the processing for personal data, based on the data protection regulations.
- Statistical Cookies
We use these cookie and tracking technologies to analyse the use of our website. It is how we gather device and access data, and this information optimises our website. These cookies only contain anonymous or pseudonymous information and are only used for the purposes of improving our website and to find out what interests our users, as well as measuring how effective our advertisements are. Statistical cookies can be blocked without the navigation and operation of our website being affected. The legal basis for the use of statistical cookies is Section 25 para. 1 of the Telecommunications-Telemedia Data Protection Act (abbreviated in German to TTDSG), meaning that you have given your consent. You can find out from the respective service which legal basis they are using each time for the processing for personal data, based on the data protection regulations.
- Marketing Cookies
We and our advertising partners (including social media platforms such as Google, Facebook and Instagram) use marketing cookie and tracking technologies to show you personalised adverts. It also helps us show you personalised adverts that match your interests on other websites (called retargeting). Marketing cookies can be blocked without the navigation and operation of our website being affected. It is possible that the advertisements are not personalised at times. The legal basis for the use of statistical cookies is Section 25 para. 1 of the Telecommunications-Telemedia Data Protection Act (abbreviated in German to TTDSG), meaning that you have given your consent. You can find out from the respective service which legal basis they are using each time for the processing for personal data, based on the data protection regulations.
6. Using your data for direct advertising
a) Newsletter
With your consent, you can subscribe to our newsletter, through which we inform you about our current interesting offers. The goods and services being promoted are specified in the consent declaration.
For newsletter registration, we use the so-called double opt-in procedure. This means that after you register, we send an email to the email address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted. In addition, we store the IP addresses used by you as well as the time of registration and confirmation. The purpose of this procedure is to provide proof of your registration and, if necessary, to clarify any possible misuse of your personal data.
The only mandatory information for receiving the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6 (1) sentence 1 lit. a GDPR.
You can revoke your consent to receiving the newsletter at any time and unsubscribe. You may declare your revocation by clicking on the link provided in every newsletter email, via your customer account, or through the preference center linked in the emails.
We would like to point out that we analyze your user behavior when sending the newsletter. For this analysis, the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned in Section 3 a) and the web beacons with your email address and an individual ID. Links contained in the newsletter also include this ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click within them, and deduce your personal interests. We also link this data with actions you have taken on our website.
You can object to this tracking at any time by clicking the separate link provided in each email or by informing us via another contact channel. The information is stored as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely in statistical and anonymous form.
For sending email campaigns, in particular newsletters, we use the strictly instruction-bound external service provider Voyado AB, Lumaparksvägen 9, SE-120 31 Stockholm, Sweden. Voyado is a customer data platform that supports us in consolidating and analyzing CRM data, sending customer communications—especially email newsletters and SMS messages—and personalizing content within such communications. We have concluded a data processing agreement with the processor in accordance with Art. 28 GDPR. For further details, please refer to Voyado’s privacy policy: https://voyado.com/legal/privacy-policy/.
If you have provided us with your email address when purchasing goods, we reserve the right to regularly send you offers for similar goods from our range, comparable to those already purchased, by email. The processing of data for this purpose is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6 (1) sentence 1 lit. f GDPR.
If you initially objected to the use of your email address for this purpose, no emails will be sent by us. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future. You can do so by clicking on the link provided in every newsletter email, via your customer account, through the preference center linked in the emails, or by sending an email to service@blutsgeschwister.de.
7. Data processing in relation to the VIB Club
The VIB Club is a customer loyalty programme that we offer our customers who are resident in any of the countries served by our online shop, and also in Switzerland in both the online shop and the stores. You can register yourself as a member of the club and take advantage of attractive benefits, such as VIB offers, exclusive gifts (for example, an annual birthday present), free delivery and the exclusive participation in pre-sales and pre-shopping campaigns. You can find out more details in the Conditions of Use.
When you register for the VIB Club, you create a personal customer account. You can register for the VIB Club at any time: either when you are placing an order, or also independently from making a purchase.
a) This is the data we process:
When you register for the VIB Club, we process the following mandatory information :
- Surname, first name;
- Email address;
- Billing address;
- Shipping address.
You can choose to give us the following data:
- Title;
- Date of birth.
b) Purposes for data processing
We process your personal data in line with the current data protection legislation for the following purposes:
- Management of the VIB Club;
- Email advertising, provided that you have given your consent;
- Compliance with legal requirements;
- Contract processing;
- Individualising customer contact;
- Personalisation;
- Date of birth for personalisation.
c) Legal basis
The processing of your data is necessary for the management of the VIB Club to fulfil our contract (Article 6(1)(b) of the GDPR). Insofar as you have given consent for email advertising when registering for the VIB Club, this constitutes the legal basis for processing that data (Article 6(1)(a) of the GDPR). You may of course withdraw this consent at any time. Article 6(1)(c) provides the legal basis for this data processing, in relation to the compliance of this processing with legal obligations. Your right to object to permissible direct advertising pursuant to section 3 c) 2. shall of course remain unaffected.
d) Using the Apple Wallet or Android Wallet apps
You have the option to transfer your VIB Club membership card into your Apple Wallet or an Android wallet app, and to save it as a QR code. If you do, your customer reference number will be processed.
You can of course remove your VIB Club membership card from your wallet app and so delete it.
8. Privacy information for our Instagram/Facebook accounts
a) Information about personal data collection; Contact details for the data controller
Below we explain how your personal data is handled when you engage with or visit our Instagram and Facebook online presence. Personal data (henceforth referred to as data) constitutes any data that makes you personally identifiable. Please consider carefully which personal data you decide to share with us via Instagram and Facebook.
Instagram and Facebook are part of the Meta group, and so share infrastructure, systems and technology with Meta and other Meta companies: https://www.facebook.com/help/111814505650678?ref=dp). We would like to explicitly state that Meta stores the data of the users of its Instagram and Facebook services (e.g. personal information, IP address, etc.) and may also use them for business purposes, where applicable.
For more information about Meta’s data processing for Facebook and Instagram, see Meta's Privacy Policy at: https://www.facebook.com/privacy/policy/
We have no influence over data collection and further data processing by Meta. Furthermore, we cannot determine to what extent, where and for what duration the data will be stored, to what extent Meta fulfils existing erasure obligations, what evaluations and connections are made with the data and to whom the data will be passed on. If you would like to avoid Meta processing the personal data that you transfer to us, please contact us by other means. You can find our full contact details in the about sections of our Instagram and Facebook pages.
Where we are the sole processors of the data that you transfer to us via Instagram and Facebook, the data controller for the data processing with regards the General Data Protection Regulation (GDPR) is: Blutsgeschwister GmbH, Kreuzbergstrasse 28, 10965 Berlin, Germany, Tel.: +49 (0)30 - 5557181-91, Email: service@blutsgeschwister.de, Website: www.blutsgeschwister.de.
Where the data you transfer via Instagram and Facebook (Insights data) is processed additionally or solely by Meta, as the operator of these two services, the data controller's address with regards the General Data Protection Regulation (GDPR) is, in addition: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Where there is an agreement between jointly responsible persons, data processing is carried out in accordance with Art. 26 of the GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum.
Use of certain Facebook products, such as the "Facebook Business Tools", and the data processing that entails, is covered by an additional agreement between us and Meta Platforms Ireland Ltd., as joint data controllers in line with Art. 26 GDPR, which can be viewed here: https://www.facebook.com/legal/controller_addendum
The data controller for the processing of personal data is the natural or legal person who solely or jointly with others decides on the purposes and means of the processing of personal data (Art. 4(7) of the GDPR).
b) Data Protection Officer
You can contact the data protection officer for Meta, which operates Instagram and Facebook, using the online contact form provided at: https://www.facebook.com/help/contact/540977946302970.
c) Data processing when contacting us
If you contact us via the contact form or message function, for example, we process your data ourselves. The specific data that is processed in the case of the contact form is shown in the contact form itself. This data is stored and used purely for the purposes of contacting you in response to your request and for the technical administration that entails.
The legal basis for the processing of the data is our legitimate interest to answer your request as per Art. 6(1)(f) of the GDPR. If that contact leads to you agreeing a contract, then the additional legal basis for the data processing is Article 6(1)(b). Your data will be deleted after the final processing of your request, provided there exists no legal obligation that prevents this. We will consider the data processing to have finished once the circumstances indicate that the matter has been resolved.
9. Competitions
You can enter competitions on our website, for which you will need to enter your personal data. The data is entered into an input mask and then transferred to and stored by us. This data will only be transferred to a third party where we are jointly running the competition with our partners.
Your email address will be collected in connection with your participation in the competition.
The processing of this data is undertaken within the context of the precontractual procedures, which are necessary for the running of the competition. The data is subsequently deleted, provided that it no longer needed for the fulfilment of a contract or any precontractual procedures.
The legal basis for this processing of your personal data is Article 6(1)(b) of the GDPR.
10. Data subject rights
You have the right:
- To request the information that we process about you, as per Article 15 of the GDPR. In particular you can request information on: the purposes of the processing; the categories of personal data; the categories of receivers; to whom your data has been or is being disclosed; the planned length of storage; whether you have the right to amend, delete, restrict or withdrawal consent for that processing; whether you have right of appeal; the source of your data, in cases where it was not gathered by us; as well as about the existence of automated decision making, including profiling and where applicable, meaningful, specific information about you;
- To request the immediate amendment of your inaccurate or incomplete personal data that we store, as per Article 16 of the GDPR;
- To request the deletion of the data we hold about you, as per Article 17 of the GDPR, insofar as this processing is not required: for the exercise of the right to free expression and information; for the fulfilment of a legal obligation; for reasons of public interest; or for the enforcement, exercise or defence of a legal claim;
- To request the restriction of this processing of your personal data, as per Article 18 of the GDPR, insofar as: you dispute the accuracy of the data; the processing is unlawful; we no longer need the data but you refuse to allow it to be deleted; you require it for the enforcement, exercise or defence of a legal claim; or you have lodged an objection to the processing, as per Article 21 of the GDPR;
- To request to receive or transfer to another responsible person the personal data which you have made available to us, in an organised, conventional and machine-readable format, as per Article 20 of the GDPR;
- To withdraw consent previously granted at any time, as per Article 7(3) of the GDPR. The consequence of this withdrawing this consent means that we are not longer permitted to continue processing this data in the future, since it was based upon that consent; and
- To complain to the regulatory body, as per Article 77 of the GDPR. Normally, you can do this through the regulatory body for your usual place of residence or work, or for our registered office.
11. Data deletion and archiving obligations
The GDPR measures govern the deletion or restriction of the data we process about you. Unless it is explicitly stated in the context of this data protection statement, the data we hold about you is deleted as soon as it is no longer necessary for its intended purpose – in particular, for the fulfilment of our contractual and legal obligations — and there are no retention obligations that legally prevent its deletion. If the data cannot be deleted, because it is still required for other, and legally admissible, purposes, its processing is restricted. That means the data is locked and is not processed for other purposes. This applies to data, for example, that must be stored for commercial law or tax law reasons.
In accordance with legal requirements, routine storage is for 6 years, as per Section 257 para.1 of the HGB German accounting standards (accounting books, stock taking, opening balance sheets, annual reports, business letters, accounting records, etc.), and 10 years, as per Section 147 para.1 of the AO tax code (accounts, records, management reports, accounting records, business papers and letters, documents relevant for taxation, etc.).
12. Data security
For visits to our website, we use the popular SSL procedure (Secure Socket Layer) in conjunction with the highest encryption that is supported by your individual browser. Normally, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our online presence is encrypted when it is transferred, as there is closed symbol indicated by a key or padlock symbol in the lower status bar of your browser.
We also make use of appropriate technical and organisational security measures, to protect your data against random or deliberate manipulation, partial or complete data loss, destruction, or unauthorised access by a third party. Our security measures are continually being improved in line with technological developments.
13. Validity and amendments to this data protection statement
This data protection policy is currently valid, as of August 2025
We may need to amend this data protection statement as our website and offers develop and when legislation and official guidelines change. You can always access and print out our current data protection statement from our website at: https://www.blutsgeschwister.de/de/s/datenschutz:
Precendence of the German version
In the event of contradictions between the German and the English version of this declaration, the wording of the German version shall prevail.
****************************
b) Advertisements by post
On the basis of our legitimate interests for personalised direct advertising we reserve the right to store your first name and surname, postal address and — where we have received this additional information as part of our contractual relationship with you — your title, academic level, birth year and your occupation, sector or business name, as per Article 6(1)(f) of the GDPR, and use it to send you interesting offers and information about our products by post.