Blue Moon VirtualBlue Moon Virtual

Legal

Privacy Policy

Last updated: April 2026

1. Controller

The controller responsible for data processing on this website is:

Blue Moon Virtual GmbH
Managing Director: Moritz Mergener
Grunewaldstraße 39b
12165 Berlin, Germany
Phone: +49 30 233 27927
Email: info@bluemoonvirtual.com

2. Purpose and Scope of Processing

We process personal data only to the extent necessary to provide this website, respond to inquiries, initiate and perform contractual relationships, and improve the technical and commercial quality of our services.

3. Legal Bases

Where applicable, processing is based on:

  • Art. 6(1)(a) GDPR for consent-based processing, especially for non-essential analytics and marketing technologies.
  • Art. 6(1)(b) GDPR for pre-contractual measures and contract performance.
  • Art. 6(1)(f) GDPR for legitimate interests, including IT security, service stability, and efficient communication.

Where information is stored on or read from end-user devices, additional national ePrivacy rules may apply.

4. Hosting and Technical Delivery

Our website is technically hosted with Hetzner Online GmbH. In this context, technically necessary information such as IP address, access time, pages requested, referrer data, browser details, and system messages may be processed to ensure secure delivery and troubleshooting.

We also use Cloudflare for DNS and infrastructure-related services, which may involve the processing of technical connection metadata.

5. Contact Requests

If you contact us by email, phone, or form, we process the information you provide, including contact details, company details, and the content of your inquiry. This is done in order to handle your request and, where relevant, to prepare a contractual relationship.

For structured processing, inquiries may be managed in CRM systems such as Monday.

6. Customer Areas and File Uploads

Where we provide protected customer areas, upload features, or project-related workspaces, we process access credentials, technical usage data, and any content you upload or maintain there.

Such processing generally serves the performance of our services and is based on Art. 6(1)(b) GDPR.

7. AI-Enabled Features

If AI-enabled functionality is offered on this website or in related services, we process the content you submit and related technical metadata in order to provide the feature. External providers, including API providers such as OpenAI, may be involved in that processing.

Please submit only such content as is necessary for your request, and avoid sharing special categories of personal data unless strictly required.

8. Analytics, Marketing, and Consent Management

We may use technologies for audience measurement, campaign evaluation, and marketing control, including Google Analytics 4, Google Ads Conversion Tracking, and Google Consent Mode. Where legally required, such services are activated only after you have given prior consent.

You may adjust or withdraw your choices at any time through the consent management solution in use.

9. Embedded Content and Third-Party Resources

Individual pages may include embedded content or third-party resources, such as videos, maps, fonts, or media assets. Accessing such content can result in the transfer of technical data to the relevant provider.

Where consent is required, the relevant content is loaded only after such consent has been obtained.

10. Recipients and International Transfers

Personal data is disclosed only to recipients who are necessary for the provision of our services or where a legal basis exists. These may include hosting, infrastructure, CRM, analytics, and AI service providers.

Where data is processed outside the EU or EEA, we rely on appropriate safeguards, such as Standard Contractual Clauses or recognized adequacy decisions.

11. Retention Periods

We retain personal data only for as long as necessary for the relevant purposes or as long as statutory retention obligations apply.

  • Server and security logs are usually retained for a short period.
  • Inquiry and communication data is retained for handling requests and documenting business relationships where needed.
  • Access credentials and project-related content are generally stored for the duration of the contractual relationship.

12. Your Rights

Under the GDPR, you may have the right to access, rectify, erase, or restrict the processing of your personal data, as well as the right to data portability and to object to certain processing operations. You may withdraw consent at any time with effect for the future.

You also have the right to lodge a complaint with a competent data protection supervisory authority.

13. Data Security

We implement appropriate technical and organizational measures to protect personal data against loss, manipulation, and unauthorized access. This includes encrypted transmission via TLS.

14. Changes to This Privacy Policy

We update this privacy policy whenever our website, the technologies we use, or the applicable legal requirements change.