Privacy Policy

We inform you below in accordance with the statutory data protection provisions (particularly pursuant to the German Federal Data Protection Act - BDSG and the European General Data Protection Regulation - GDPR) about the type, scope and purpose of the processing of personal data through our company. This privacy policy also applies to our website and social media profiles. Regarding the definition of terms such as "personal data" or "processing," we refer to Article 4 of the GDPR.

---

Name and Contact Details of the Data Controller

The data controller (hereinafter "Controller") pursuant to Article 4(7) of the GDPR is:

bumbleflies UG (haftungsbeschränkt)
Email: info@bumbleflies.de

---

Legal Basis for Processing Personal Data

Below we inform you about the legal basis for processing personal data:

1. If we have obtained your consent for the processing of personal data, Article 6(1)(a) GDPR is the legal basis.
2. If processing is necessary for the performance of a contract or the implementation of pre-contractual measures that are undertaken at your request, Article 6(1)(b) GDPR is the legal basis.
3. If processing is necessary to comply with a legal obligation to which we are subject (e.g., statutory retention requirements), Article 6(1)(c) GDPR is the legal basis.
4. If processing is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) GDPR is the legal basis.
5. If processing is necessary for our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms do not override this, Article 6(1)(f) GDPR is the legal basis.

---

Provision of Our Website and Creation of Log Files

If you use our website purely for informational purposes (i.e., without registration or any other transmission of information), we only collect the personal data that your browser transmits to our server. When you view our website, we collect the following data:

• IP address
• Internet Service Provider of the user
• Date and time of access
• Browser type
• Language and browser version
• Content of the access
• Time zone
• Access status/HTTP status code
• Data volume
• Websites from which the request originates
• Operating system

This data is not stored together with other personal data about you.

This data serves the purpose of providing our website to you in a user-friendly, functional and secure manner with functions and content, as well as for its optimization and statistical evaluation.

The legal basis for this is our legitimate interest in the data processing outlined above, pursuant to Article 6(1)(f) GDPR.

For security reasons, we store this data in server log files for a period of a few days. After this period expires, the data is automatically deleted, unless we require its retention for evidentiary purposes in case of attacks on the server infrastructure or other violations of law.

---

Sharing Personal Data with Third Parties

Without your consent, we generally do not share data with third parties. If this does occur, the sharing will be based on the legal grounds mentioned above, for example when sharing data with online payment providers for contract fulfillment or pursuant to court order or legal obligation to disclose data for purposes of law enforcement, hazard prevention, or enforcement of intellectual property rights.

---

Data Transfer to Third Countries

The adoption of the European General Data Protection Regulation (GDPR) has established a uniform basis for data protection in Europe. Your data is therefore primarily processed by companies for which the GDPR applies. Should processing by third-party services outside the European Union or European Economic Area occur, these must meet the special requirements of Articles 44 et seq. GDPR. This means processing takes place on the basis of special guarantees, such as the officially recognized finding by the EU Commission of adequate data protection levels or adherence to officially recognized special contractual obligations, so-called "standard contractual clauses."

---

Deletion of Data and Storage Duration

Unless explicitly stated otherwise in this privacy policy, your personal data will be deleted or blocked once the consent given for processing is withdrawn or the purpose for storage no longer applies, unless further storage is required for evidentiary purposes or is prevented by statutory retention requirements. These include commercial retention requirements for business correspondence pursuant to § 257(1) HGB (6 years) and tax-related retention requirements pursuant to § 147(1) AO for receipts (10 years). Once the prescribed retention period expires, your data will be blocked or deleted unless storage is still required for contract conclusion or fulfillment.

---

Data Security

To protect all personal data transmitted to us and to ensure that data protection regulations are complied with by both us and our external service providers, we have implemented appropriate technical and organizational security measures. Therefore, all data between your browser and our server is encrypted via a secure SSL connection.

---

Rights of the Data Subject

1. Right to Object or Withdraw Consent

If processing is based on your consent pursuant to Article 6(1)(a) and Article 7 GDPR, you have the right to withdraw this consent at any time. This does not affect the lawfulness of processing based on the consent given until withdrawal.

If we base the processing of your personal data on the balancing of interests pursuant to Article 6(1)(f) GDPR, you can object to the processing. We request that you state the reasons why we should not process your personal data as we do. In case of a justified objection, we will review the situation and either stop or modify the data processing or explain our compelling legitimate interests for continuing the processing.

2. Right of Access

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information about your personal data stored with us pursuant to Article 15 GDPR. This includes, in particular, information about the purposes of processing, the categories of personal data, and the categories of recipients to whom your data has been or will be disclosed.

3. Right to Rectification

You have the right to rectification of inaccurate data or completion of incomplete data pursuant to Article 16 GDPR.

4. Right to Erasure

You have the right to erasure of your personal data stored with us pursuant to Article 17 GDPR, unless statutory or contractual retention requirements or other legal obligations or rights for further storage prevent this.

5. Right to Restrict Processing

You have the right to restrict processing of your personal data if one of the conditions in Article 18(1)(a) to (d) GDPR is met.

6. Right to Data Portability

You have the right to data portability pursuant to Article 20 GDPR, which means you can receive the personal data stored with us in a structured, commonly used and machine-readable format or request its transmission to another controller.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority, in particular in the member state of your residence, your workplace, or the place of the alleged infringement. For Bavaria, the competent supervisory authority is the Bavarian Data Protection Authority (BayLDA).

---

Contact Information

If you have any questions about the collection, processing or use of your personal data, or if you wish to request information, rectification, blocking or deletion of data, or to withdraw given consent or object to certain data uses, please contact:

bumbleflies UG (haftungsbeschränkt)
Gleiwitzer Str. 6-d
81929 Munich, Germany
Email: info@bumbleflies.de
Phone: +49 1567 8451908

---

Last updated: May 2026