Privacy Policy

1. An overview of data protection

General information

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data recording on this website

Who is the responsible party for the recording of data on this website

The data on this website is processed by the operator of the website, whose contact information is available under section “Information Required by Law” on this website.
How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automatically when you access this website.
What are the purposes we use your data for?

You have the right to receive information about the source, recipients and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.

Please do not hesitate to contact us at any time under the address disclosed in section “Information Required by Law” on this website if you have questions about this or any other data protection related issues.

Analysis tools and tools provided by third parties

There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.

Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)

Usage of Netlify

Our website is hosted by Netlify. When you call up one of our web pages, your browser therefore establishes a connection to a server of Netlify, Inc., 610 22nd Street, Suite 315, San Francisco, CA 94107, USA. This server stores some information about the connection in a so-called log file. We do not have access to these log files. More information about how Netlify processes your data can be found in Netlify's Privacy Policy. Netlify collects the following personal data, which is technically necessary to enable you to view the website and to ensure stability and security: IP address, date and time of request, amount of data transferred, access status (HTTP status) and websites from which the user's system accesses our website (referrer URL). This data is stored by Netlify for 30 days. For more details, please see Netlify's commitment to protecting your data.

The storage of this data in log files serves to ensure the functionality and optimization of the website and to ensure the security of the information technology systems. Our legitimate interest in data processing lies in the aforementioned purposes. The legal basis for the collection and temporary storage of the aforementioned data and the log files is Art. 6 para. 1 p. 1 lit. f) DSGVO.

Anonymized web analytics through Netlify Analytics

We use Netlify Analytics to collect anonymized statistics about the use of our website. We do this to understand which content is read the most by our visitors. Netlify Analytics is an analytics service that respects the privacy of our visitors. This means that, for example, the frequency of page views is determined without attribution to any person. In addition, we record how many customers visited our site in total and from which country they read the website, without identifying individual customers. This makes the statistics less accurate but sufficient for us. For more information on how Netlify processes your data, please see their privacy policy and the Netlify Analytics documentation.

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our hoster will process your data only insofar as this is necessary for the fulfillment of its service obligations and follow our instructions regarding this data.We use the following hoster:

Netlify, Inc.,
610 22nd Street, Suite 315
San Francisco, CA 94107
USA

Conclusion of a contract on order processing
To ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

3. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third party access.

Information about the responsible party

The responsible party for data processing on this website is:

BitFlow GmbH
Mr. Florian Weigand
Tengstraße 26
80798 Munich, Germany

Phone: +49 89 1250 1227 0
E-Mail: privacy@bitflow.de

The responsible party is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).

Storage duration

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Information on data transfer to the USA

Our website uses, in particular, tools from companies based in the USA. When these tools are active, your personal information may be transferred to the US servers of these companies. We must point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to release personal data to security authorities without you as the data subject being able to take legal action against this. The possibility cannot therefore be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.m Widerruf unberührt.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6 SECT. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21 SECT. 1 GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21 SECT. 2 GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Information about, rectification and eradication of data

Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time at the address provided in section “Information Required by Law.”

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time at the address provided in section “Information Required by Law.” The right to demand restriction of processing applies in the following cases:

Wenn Sie die Richtigkeit Ihrer bei uns gespeicherten personenbezogenen Daten bestreiten, benötigen wir in der Regel Zeit, um dies zu überprüfen. Für die Dauer der Prüfung haben Sie das Recht, die Einschränkung der
- In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
- If you have raised an objection pursuant to Art. 21 Sect. 1 GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

Rejection of unsolicited e-mails

We herewith object to the use of contact information published in conjunction with the mandatory information to be provided in section “Information Required by Law” to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.

4. Recording of data on this website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them or they are automatically eradicated by your web browser.

In some cases it is possible that third party cookies are stored on your device once you enter our site (third party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.

Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g. for the shopping cart function) or those that are necessary for the optimization of the website (e.g. cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6 Sect. 1 lit. f GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of cookies to ensure the technically error free and optimized provision of the operator’s services. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6 Sect. 1 lit. a GDPR); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

In the event that third party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.

Contact form

If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.

The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your agreement (Art. 6 Para. 1 lit. a GDPR) if this has been requested.

The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g. after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.

Request by e-mail, phone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this was requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

Appointment booking via Microsoft Bookings

Our website uses the Microsoft Bookings service (part of Microsoft Office 365) of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft") for online appointment booking. The software makes it possible to book an appointment with one of our employees. The connection to the service is only established when you access the online booking function via a link or button on our website, in an e-mail or in the newsletter. To make an appointment, your entries in the form are transferred to Microsoft. You can find further information on the handling of your data in the Microsoft data protection declaration.

Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 DSGVO with the service provider in order to establish a secure level of data protection, which allow the transfer of personal data to a third country in individual cases. The legal basis for the processing of your data in relation to the "Microsoft Bookings" service is Art. 6 para. 1 sentence 1 letter f) DSGVO (legitimate interest in data processing). The legitimate interest arises from our claim to offer you a user-friendly website with a wide range of functions and to give you the opportunity to make an appointment with our staff quickly and easily at any time if necessary. We would like to point out that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.

5. Analysis tools and advertising

Microsoft Clarity (without Cookies)

This website uses Clarity, where tracking of users by a cookie has been disabled by us, so no cookie is set. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, https://docs.microsoft.com/en-us/clarity/ (hereinafter "Clarity"). Clarity is a tool for analyzing user behavior on this website. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behavior within our website. Clarity uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. use of device fingerprinting). Your data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA. The use of this service is based on Art. 6 (1) lit. f DSGVO; the website operator has a legitimate interest in effective user analysis.

Further details on Clarity's data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq
Option to object (Opt-Out): Widerspruchsmöglichkeit (Opt-Out): https://choice.microsoft.com/de-DE/opt-out

Job processing

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

6. Newsletter

Newsletter­ data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

7. Plugins und Tools

Pipedrive CRM

We use Pipedrive as our CRM tool for processing and storing contact data.

When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO.

In order to process and respond to your request and messages as quickly as possible, we have connected our contact form with our customer relationship management tool ("CRM tool") Pipedrive. The data submitted when filling out the form is sent to Pipedrive and stored there on Pipedrive servers. We use the CRM system Pipedrive of the provider Pipedrive OÜ on the basis of our legitimate interests (efficient and fast processing of user requests, existing customer management, new customer business), a private limited company established under the laws of the Republic of Estonia, with the address Paldiski mnt 80, Tallinn, 10617, Estonia, registered in the Estonian Commercial Register under the code 11958539, and a subsidiary of Pipedrive US. You can access Pipedrive's privacy policy here: https://www.pipedrive.com/en/privacy.
Microsoft Teams

We use the service "Microsoft Teams " of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter "Microsoft Teams") to conduct online meetings, video conferences and/or webinars.

In the case of the use of Microsoft Teams, different data is processed. The scope of the data processed depends on the data you provide before or during participation in an online meeting, video conference or webinar. In the context of using Microsoft Teams, data of the communication participants is processed and stored on Microsoft Teams servers. This data may include, in particular, your login data (name, email address, phone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and auditory contributions by participants, as well as voice input in chats, may be processed.
When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the performance of pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a DSGVO. Consent given can be revoked at any time with effect for the future.

Otherwise, the legal basis for data processing when conducting online meetings, videoconferences or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in the effective conduct of the online meeting, webinar or videoconference. For more information on data usage by Microsoft Teams, please see the Microsoft Teams privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.

Source: https://www.e-recht24.de
UP