App Privacy

Data protection information according to Art. 13 ff. DSGVO

for the Cash Baron service (both the mobile app and the web application hereinafter referred to as “app”) of BitBurst GmbH.

 

1. General

The protection of your personal data is important to us, BitBurst GmbH, Lerchenweg 3, 40789 Monheim am Rhein, Germany. For this reason, we would like to offer you comprehensive transparency regarding the processing of your data in our services via this privacy policy. Because only if the processing is comprehensible to you as the data subject are you sufficiently informed about the scope, purposes and benefits of the processing and we have complied with the requirements of the GDPR.

The responsible party within the meaning of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act under German law (BDSG) and other data protection regulations is

BitBurst GmbH
Lerchenweg 3,
40789 Monheim am Rhein, Germany
015256114159
info@bitburst.net  
www.bitburst.net

Hereinafter referred to as the “responsible party” or “we”.

You can reach our data protection officer at the following contact details:

Nils Möllers
Keyed GmbH
Siemens Street 12
48341 Altenberge
info@keyed.de

 

2. General information about data processing

a. Information on our authorizations

We process personal data within the legally permissible limits. This means that data processing operations are based on a legal basis. These are standardized in Art. 6 para. 1 DSGVO. Most data processing is based on a legitimate interest on our part (Art. 6 (1) (f) DSGVO), on processing operations necessary for the performance of the contract (Art. 6 (1) (b) DSGVO) or on the basis of consent given by you (Art. 6 (1) (a) DSGVO). In the latter case, you will be informed separately (e.g. via a cookie banner) about the consent process.

Subject to this, personal data will only be passed on in the cases described below.

Personal data is only processed by us for unambiguous purposes (Art. 5 para. 1 lit. b DSGVO). As soon as the purpose of the processing ceases to apply, your personal data will be deleted or protected by technical as well as organizational measures (e.g. by pseudonymization).

The same applies to the expiry of a prescribed storage period, subject to cases in which further storage is necessary for the conclusion or fulfillment of a contract. In addition, there may be a legal obligation to store data for a longer period or to pass it on to third parties (esp. to law enforcement agencies). In other cases, the storage period and type of data collected as well as the type of data processing depends on which Cash Baron functions you use in the individual case. We will also be happy to provide you with information about this in individual cases, in accordance with Art. 15 DSGVO.

b. Information on the technical process of our app

Our App or the technical backEnd of our App (“Network”) is connected to various market research companies, marketplaces and businesses (collectively, “Marketplaces”). These marketplaces regularly create surveys for their customers (companies). For these surveys, the Marketplaces seek participants to take the surveys. To help the marketplaces find participants, we built our app with Cash Baron services. We match the marketplaces looking for participants with the participants, which is you. You, as a user of the app, deposit personal data in your user account when you create a user account and when you use a user account. This personal data is also called “qualifications” in our app. This is because we need to filter whether you are eligible for each new survey for which participants are sought. Either we can find this out on the basis of the qualifications you have already deposited or we ask you again to complete some additional qualifications that you can deposit in your user account. If you are eligible for a survey based on a match between the qualifications requested by the marketplaces and the qualifications you have submitted, you will have the opportunity to participate. If you choose to participate, we will share the matching qualifications with the marketplace. The survey itself will take place either in our app itself or else on the marketplace website or the website of the market research firm or a company. A link in our app will connect you directly to the survey.

The privacy statements of the marketplaces can be viewed at the following links. The marketplaces are listed here under their publication name in the app, but not with their full name or company name.

Lucid: https://luc.id/privacy-policy/

Innovate MR: https://www.innovatemr.com/privacy-policy/

PureSpectrum: https://purespectrum.com/privacy-policy/

Dynata: https://www.dynata.com/privacy-policy/

Cint: https://www.your-surveys.com/rules/privacy_policy

Adjoe: https://adjoe.io/privacy/

Adgem: https://docs.adgem.com/publisher-support/privacy-policy/

The following partners provide surveys that required real-time location of the user. With the user’s permission, location data is shared with these partners so they can use it to deliver matching surveys or offers. Permission to share location can be withdrawn at any time in Cash Baron. The handling of the data and how the user’s rights regarding the data can be viewed at the respective links.

InMarketMedia: https://inmarket.com/privacy/

 

3. Data processing in connection with the use of Cash Baron

The use of Cash Baron with all its functions requires the processing of certain personal data.

3.1 Informative use of the services of Cash Baron

The purely informational calling of Cash Baron requires the processing of the following personal data and information: operating system used, address of the terminal device with which you access Cash Baron (IP address) and the time of calling Cash Baron. All of this information is automatically transmitted from your App, should you not have configured it to suppress transmission of the information.

This personal data is processed for the purpose of the functionality and optimization of Cash Baron, as well as to ensure the security of our information technology systems. These purposes are at the same time legitimate interests according to Art. 6 para. 1 lit. f. DSGVO.

The storage period of your personal data is a maximum of 14 days. This personal data will not be merged with other data sources. A transfer of data to third parties will only take place in necessary cases. A transfer to third countries or international organizations does not take place, subject to further provisions of this privacy policy.

3.2 Use after registration with Cash Baron

Beyond the purely informational use of Cash Baron, you have the option to register for our Services and to use our entire offering.

This use of our Services requires processing of personal data and information in the manner set forth in this Section 3.

Some processing steps may also take place at third-party providers. The data processing of the third-party providers is carried out under the conditions of the respective relevant data protection declarations. In the case of data processing with third-party providers, this may be commissioned processing within the meaning of Art. 28 DSGVO. This is subject to strict legal requirements, which we comply with in the course of our contractual agreements with our processors.

The use after login and the associated data processing operations may differ from the purely informational use. The collection of this data, which is related to your profile, is carried out for the purpose of optimizing our services, for the purpose of ensuring the functionality of our offer (legitimate purposes according to Art. 6 para. 1 lit. f DSGVO) as well as for the fulfillment of our service obligations towards you (Art. 6 para. 1 lit. b DSGVO). If your consent is required for the processing operation, we will obtain it at the appropriate point (e.g. via the opt-in option in the context of a cookie banner when using our services for the first time). If you have any further questions, please do not hesitate to contact us within the scope of your right to information pursuant to Art. 15 (1) DSGVO.

3.3 Contact form / contacting us by e-mail

We process the data you provide to us when contacting us for the purpose of responding to your inquiry, your e-mail or your callback request. Processed data categories are master data, contact data, content data, possibly usage data, connection data and possibly contract data. We forward this data in individual cases to companies affiliated with us, i.e. only within our company/group. The legal basis of the processing depends on the purpose:

– Basically, it is based on our legitimate interest and thus on Art. 6 (1) lit. f DSGVO;

– If a conclusion of a contract is to be targeted, the authorization is based on Art. 6 (1) lit. b DSGVO.

3.4 Creation and use of a user account

You can create a user account (hereinafter also referred to as “profile”) in our Services in order to use the Cash Baron Services and your features. In order to do so, you must log in to one of our social media partners with one of your accounts. In doing so, our social media partners (Facebook, Instagram, Google, Apple, Twitter) will transmit personal data such as your email address to us and we will process it to create a user account and store it in our information technology systems. Your IP address and time of registration are also stored.

Other personal data that you can store independently in your user account or that you are asked for as part of the qualification query for a new survey include your age, your location, your gender and, if applicable, other personal characteristics (“qualifications”) required by the survey partners for joining a survey.

When you log into your profile, Cash Baron places cookies on your terminal device to enable you to remain logged in – even if you need to reload the app in the meantime. By creating the profile, they can use the functions of Cash Baron.

The processing operations associated with the creation and completion of a profile serve the purpose of being able to assign future usage operations and to be able to call up the entire range of Cash Baron services. Directly connected with this is, for example, checking whether you are suitable for surveys that we receive from the marketplaces. In order to participate in surveys, you must meet the criteria requested for the specific survey. We check whether you meet the criteria either by requesting you (if we have not yet requested the survey criteria from you), or automatically (if we have already requested the survey criteria from you) after receiving the survey by comparing the criteria with the personal information you have provided. The processing of your data thus serves the execution of the contract, is thus purpose-bound and necessary according to Art. 6 para. 1 lit. b DSGVO.

The storage of IP address and time of registration is necessary to ensure the security of our information technology systems. This is also our legitimate interest, which is why the processing is also lawful according to Art. 6 para. 1 lit. f DSGVO.

The personal data entered by you will be stored until the time of deletion of your profile at Cash Baron, and beyond that only as long as the processing is necessary for any contract performance.

A data transfer of your data to third parties is not intended. All checks on the requested criteria in a poll are carried out by us on our servers.

3.5 Processing of payment & provision of credits

Payment

To process the payout of credits you receive via participation in surveys in or via our app, we offer various payment methods, partly via payment service providers such as PayPal. Processed data in this context are usage data, connection data, master data, payment data, contact data or also contract data. The legal basis for the use of payment service providers results from Art. 6 para. 1 lit. b DSGVO, as well as from our legitimate interests according to Art. 6 para. p. 1 lit. f) DSGVO to enable a user-friendly and uncomplicated payment processing. Please note, however: Personal data may also be disclosed on the part of the online payment service provider to service providers, to subcontractors or other affiliated companies, insofar as this is necessary to fulfill the contractual obligations arising from your order or the personal data is to be processed on behalf of them. We have signed an order processing agreement with each of the payment service providers so that the security of the processing of your data is guaranteed at all times.

The recipient is the respective service provider, such as: PayPal (Europe) S.à.r.l. & Cie. S.C.A. A transfer of data to a third country may take place. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Furthermore, the data will be deleted if you revoke your consent or request the deletion of the personal data.

The payment service providers in detail are:

PayPal

It is possible to process the payment transaction with the online payment service PayPal. PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as a payment method, your data required for the payment process will be automatically transmitted to PayPal. This is regularly the following data:

Name, address, company, e-mail address, telephone and mobile number, IP address. The data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may also pass on your data to third parties, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf. You can read PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/. The legal basis for the data processing is Art. 6 (1) lit. b DSGVO, as the processing of the data is necessary for the payment with PayPal and thus for the performance of the contract.

If you make a payment with PayPal, please check that you are responsible for paying taxes according to the laws in your country/region.

Exchange for vouchers

You can also exchange your credits, which you receive by participating in surveys in or through our app, for vouchers from our partners, such as StarBucks, Amazon, Zalando, Google Play Store, iTunes, Spotify, etc. Should you choose to do so, we will not share any of your personal data with our partners. For the allocation of vouchers, our service providers Cadooz and Tango Card transmit a non-personal ID and a credit score without personal reference. For this credit balance, Cadooz and Tango Card then transmit a voucher in the form of voucher codes to us, which we in turn pass on to you. Cadooz and Tango Card thus act as an intermediary that handles the ordering and processing of the allocation of vouchers by redeeming credit codes as our service provider. Cadooz and Tango Card do not process any personal data about you. Once you have received voucher codes, you can use them, for example, when shopping on the aforementioned platforms or in the aforementioned stores.

Further information about Cadooz can be found at https://www.cadooz.com.

Further information on Tango Card can be found at https://www.tangocard.com/.

Cadooz or Tango Card are solely responsible for any data processing in the context of credit redemption. For details of data processing by Cadooz, please refer to https://www.cadooz.com/datenschutz/.

For details of data processing by Tango Card, please refer to https://www.tangocard.com/privacy-notice/.

3.6 Essential tools and tracking tools

In order to ensure a smooth technical process and optimal user-friendly use of Cash Baron, we use the following tools:

IPStack

In order to locate your location, we collect your IP location via the determination of your IP address through the service of IP Stack. Processed data categories are therefore connection data. The recipient of the data is apilayer GmbH, Elisabethstrasse 15/5, 1010 Vienna, Austria. A transfer to a third country is not intended. We do not store any personal data on your terminal device and do not read such data. Our legal basis for using IPStack results from Art. 6 (1) lit. f DSGVO (legitimate interest, for security reasons).

For detailed information on ipstack’s data protection, please refer to the following link: https://ipstack.com/privacy.”

Research Defender

In order to be able to check whether your behavior complies with our Terms of Service, we check with the service of Research Defender. With this we can detect bot behavior or other forms of non-human usage. Our legal basis for using Research Defender results from Art. 6 (1) lit. f DSGVO (legitimate interest).

For detailed information on Research Defender’s data protection, please refer to the following link: https://researchdefender.com/gdpr-and-ccpa/

Appsflyer

Our app uses AppsFlyer, an attribution service provided by AppsFlyer Ltd, 14 Maskit St., POB 12371 Herzliya, Israel (“AppsFlyer”). We have entered into a commissioned processing agreement with AppsFlyer for the use of AppsFlyer (Article 28(3) of the GDPR).

AppsFlyer processes personal data on our behalf to create aggregated user profiles about the interaction with our advertising materials. Via the information thus obtained, we can measure the success of our app marketing campaigns and optimize our app. In addition, AppsFlyer allows us to ensure the security and defense against fraud by advertising networks.

The following data is transmitted to Appsflyer: Your device’s IP address and associated location data, campaign source and associated targeting, and various post-installation Cash Baron events in the app.

However, due to the activation of IP anonymization “IP Masking”, your IP address is shortened by AppsFlyer beforehand.

The recipient of the data in this regard is AppsFlyer Ltd, 14 Maskit St, POB 12371 Herzliya, Israel. The European Commission has determined by decision that an adequate level of protection for personal data is ensured in Israel (Art. 45 GDPR). Further information on Appsflyer’s data protection can be found at the following link https://www.appsflyer.com/privacy-policy/.

The legal basis for the use of AppsFlyer is your consent (opt-in in the cookie banner), provided that you have given it to us during your first visit to our app. The legal basis for the integration of AppsFlyer therefore results from Art. 6 para. 1 lit. a DSGVO. On the basis of your consent, we store personal data on your terminal device by means of cookies and read out such data. If you have not given us your consent to use AppsFlyer (no opt-in in the cookie banner), we will not use AppsFlyer in the context of your visits to our app.

You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of past data processing operations. If you do not want AppsFlyer to collect and process data, you can download an opt-out cookie via the following link: https://www.appsflyer.com/optout.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In addition, the data will be deleted if you revoke your consent or request the deletion of personal data.

Once you delete your cookies, you will also need to download the opt-out cookie again.

Zendesk

Description and purpose

On this website we use the CRM and ticket system “Zendesk” of Zendesk Inc, 989 Market Street, San Francisco, CA 49130, USA. Zendesk is used to collect all inquiries from customers and interested parties in a uniform manner in order to be able to answer them more efficiently. If you enter your data in our contact form, this request will be processed by Zendesk. Alternatively, you can contact us by e-mail or telephone.

Legal basis

For cases in which contact is made for the purpose of contractual or pre-contractual measures, Art. 6 (1) lit. b) DSGVO is the relevant legal basis. For all other cases, your consent pursuant to Art. 6 para. 1 lit. a) DSGVO applies.

Recipient

The recipient of the data is the operator of the website and Zendesk Inc, 989 Market Street, San Francisco, CA 49130, USA.

Transmission to third countries

There is a transfer of data to the United States. The transfer is subject to appropriate safeguards pursuant to Art. 46 DSGVO. We have concluded standard contractual clauses with the data importer for this purpose. In addition, we are aware of our responsibility and, where necessary to protect the rights and freedoms of natural persons, take further measures to ensure the protection of personal data.

Duration of data storage

Data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Furthermore, the data will be deleted if you revoke your consent or request the deletion of the personal data.

Possibility of revocation

You have the possibility to revoke your consent in terms of Art. 6 para. 1 lit. a) for data processing at any time. A revocation does not affect the validity of past data processing operations.

Contractual or legal obligation

The provision of personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it would mean that you would not be able to use our website or would not be able to use it to its full extent.

Further data protection information via link

You can find more detailed information at: https://www.zendesk.de/company/agreements-and-terms/privacy-policy/

Our profiles on social media websites

Facebook

We operate a so-called Facebook fan page for our company on Facebook. When you visit the Facebook fan page, Facebook may evaluate your usage behavior and provide us with information obtained from this (“insights”). The use of the page insights is for the purpose of economic optimization and demand-oriented design of our website / our services. Processed data categories are master data, if applicable, contact data, content data, usage data, connection data. The recipient of the data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as joint controller pursuant to Art. 26 DSGVO.

Obligations of the joint controllers

Meta Platforms Ireland Limited is required to assume primary responsibility under our agreement within the meaning of Art. 26 (1) of the GDPR for the processing of personal data and to fulfill all obligations under the GDPR with regard to the principles and lawfulness of the processing of personal data. This includes in particular the fulfillment of the information obligations, the protection of the rights of the data subjects and the guarantee of the security of the processing.

Contacting us to assert data subject rights.

We forward requests regarding the rights of data subjects (Art. 15 – 22 DSGVO) to the primary controller Meta Platforms Ireland Limited via an appropriate form. This includes requests for access, correction, erasure and/or objections or restriction of data, as well as requests from supervisory authorities in connection with the processing of data under the General Data Protection Regulation.

Recipients

It is not excluded that the data will be transmitted to third parties by the social network. For more information, please refer to the privacy policy of the social network.  For our part, no transmission of data to third party recipients takes place.

Transmission to third countries

Your personal data processed in this context could be transferred by Meta Platforms Ireland Limited to a third country. It cannot be ruled out that Meta Platforms Ireland Limited will transfer to the affiliated company “Meta Platforms Inc.”, based in the United States. For more information on this, please refer to the privacy policy of Facebook, which is referred to under “Additional privacy notices”.

Duration of data storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Contractual or legal obligation to provide data

There is no contractual or legal obligation for the provision of data.

Revocation & objection option

You can prevent the collection and forwarding of personal data (esp. your IP address) as well as the processing of this data by the social network by disabling the execution of script code in your browser, installing a script blocker in your browser or activating the “Do Not Track” setting of your browser. In addition, Meta Platforms Ireland Limited offers the possibility to regulate data processing operations. For more details, please visit: www.facebook.com/settings.

For the processing operations, in particular the processing of direct messages, there is a right to object to the customer – company. You can send your justified objection according to Art. 21 DSGVO to the contact details of the customer – company mentioned above.

Further data protection information

For further information on the Page Insights supplement regarding the responsible party, please visit: https://www.facebook.com/legal/terms/page_controller_addendum

The privacy policy of Meta Platforms Ireland Limited can be found at: https://www.facebook.com/privacy/

Instagram

We operate a so-called Instagram fan page on Instagram regarding our company. When you visit the Instagram fan page, Facebook can evaluate your usage behavior and provide us with information obtained from this (“Insights”). The use of the page insights is for the purpose of economic optimization and demand-oriented design of our website / our services. Processed data categories are master data, if applicable, contact data, content data, usage data, connection data.

In addition, Meta Platforms Ireland Limited processes this data for market research and advertising purposes. If the users are logged in on the platform, Meta Platforms Ireland Limited may also use this data to serve personalized advertising outside of Instagram. 

If you use the option on Instagram to contact us via a direct message, their data will be used to answer their question and clarify the issue. Afterwards, the conversation will be deleted.

Instagram Insights may be based on personal data collected in connection with a person’s visit to or interaction with a page and its content. For more information about Insights, please visit:

https://de-de.facebook.com/business/help/441651653251838?id=419087378825961

It cannot be excluded that Meta Platforms Ireland Limited also uses the content of these messages for its own purposes. More information about the data collected by Instagram can be found at:

https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram Help Area&bc[1]=Policies%20and%20Messages.

Obligations of the joint controllers

Meta Platforms Ireland Limited is required to assume primary responsibility under our agreement within the meaning of Article 26(1) of the GDPR for the processing of personal data and to comply with all obligations under the GDPR with regard to the principles and lawfulness of the processing of personal data. This includes in particular the fulfillment of the information obligations, the protection of the rights of the data subjects and the guarantee of the security of the processing.

Contacting us to assert data subject rights.

We forward requests regarding the rights of data subjects (Art. 15 – 22 DSGVO) to the primary controller Meta Platforms Ireland Limited via an appropriate form. This includes requests for access, correction, erasure and/or objections or restriction of data, as well as requests from supervisory authorities in connection with the processing of data under the General Data Protection Regulation.

Recipients

It is not excluded that the data will be transmitted to third parties by the social network. For more information, please refer to the privacy policy of the social network.  For our part, no transmission of data to third party recipients takes place.

Transmission to third countries

Your personal data processed in this context could be transferred by Meta Platforms Ireland Limited to a third country. It cannot be ruled out that Meta Platforms Ireland Limited will transfer to the affiliated company “Meta Platforms Inc.”, based in the United States. For more information on this, please refer to the privacy policy of Instagram, which is referred to under “Additional privacy notices”.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Contractual or legal obligation to provide data.

There is no contractual or legal obligation for the provision of data.

Revocation & objection option

You can prevent the collection and forwarding of personal data (esp. your IP address) as well as the processing of this data by the social network by disabling the execution of script code in your browser, installing a script blocker in your browser or activating the “Do Not Track” setting of your browser.

For the processing operations, in particular the processing of direct messages, there is a right to object to the customer – company. You can send your justified objection pursuant to Art. 21 DSGVO to the contact details of the Customer – Company mentioned above.

Further data protection information

The privacy policy of Meta Platforms Ireland Limited can be found at: https://www.facebook.com/privacy/

The privacy policy of Instagram with information on, among other things, the type, scope and purpose of data processing on the part of Instagram can be found at:

https://help.instagram.com/519522125107875/?helpref=hc_fnav

LinkedIn

The joint controller is LinkedIn Ireland Unlimited Company, Wilton Place, Grand Canal Square 24, Dublin Ireland.

To advertise our products and services and to communicate with interested parties or customers, we operate a business account on the social media platform “LinkedIn”. When our online presence is called up on the LinkedIn platform, data of the users (e.g. personal information, IP address, etc.) is processed by LinkedIn Ireland Unlimited Company as operator of the platform.

The processing of the personal data of the persons using the social network serves the purpose of providing us with static information about the use of our online presence. In addition, this data is processed by LinkedIn Ireland Unlimited Company for market research and advertising purposes. If users are logged in to the platform, LinkedIn Ireland Unlimited Company may also use this data to serve personalized advertising outside of LinkedIn. 

If you use the option on LinkedIn to contact us via a direct message, their data will be used to answer their question and clarify the matter. Afterwards, the conversation will be deleted.

LinkedIn provides company profile insights that provide us with anonymized statistical data about the people visiting our fan page. These so-called “profile insights” are aggregate statistics that are created based on certain actions and logged by LinkedIn when users and visitors interact with our company profile and related content.

It cannot be excluded that LinkedIn Ireland Unlimited Company also uses the content of these messages for its own purposes. For more information, please refer to the privacy policy of the social network.

Obligations of the joint controllers

LinkedIn Ireland Unlimited Company is obliged to assume primary responsibility under our agreement as defined in Article 26 (1) of the GDPR for the processing of personal data and to fulfill all obligations under the GDPR with regard to the principles and lawfulness of the processing of personal data. This includes in particular the fulfillment of the information obligations, the protection of the rights of the data subjects and the guarantee of the security of the processing.

Contacting us to assert data subject rights.

We forward requests regarding the rights of data subjects (Art. 15 – 22 DSGVO) to the primary controller LinkedIn Ireland Unlimited Company via an appropriate form. This includes requests for access, correction, erasure and/or objections or restriction of data, as well as requests from supervisory authorities in connection with the processing of data under the General Data Protection Regulation.

Recipients

It is not excluded that the data will be transmitted to third parties by the social network. For more information, please refer to the privacy policy of the social network.  For our part, no transmission of data to third party recipients takes place.

Transmission to third countries

Your personal data processed in this context could be transferred by LinkedIn Ireland Unlimited Company to a third country. It cannot be ruled out that LinkedIn Ireland Unlimited Company transmits to the affiliated company “Microsoft Corp.”, based in the United States. Further information on this can be found in LinkedIn’s privacy policy, which is referred to under “Further privacy notices”.

Duration of data storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Contractual or legal obligation to provide data

There is no contractual or legal obligation for the provision of data.

Revocation & objection option

You can prevent the collection and forwarding of personal data (esp. your IP address) as well as the processing of this data by the social network by disabling the execution of script code in your browser, installing a script blocker in your browser or activating the “Do Not Track” setting of your browser.

For the processing operations, in particular the processing of direct messages, there is a right to object to the customer – company. You can send your justified objection pursuant to Art. 21 DSGVO to the contact details of the Customer – Company mentioned above.

Further data protection information

The privacy policy of LinkedIn Ireland Unlimited Company can be found at:

https://www.LinkedIn.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

The privacy policy of LinkedIn with information on, among other things, the type, scope and purpose of data processing in relation to cookies can be found at:

https://de.LinkedIn.com/legal/cookie-policy

Twitter

We operate a Twitter fan page for our company. When you visit and use our Twitter fan page, Twitter can evaluate your usage behavior and provide us with information obtained from this. The use of this information is for the purpose of economic optimization and needs-based design of our website. Processed data categories are master data, contact data, content data, usage data, connection data. The recipient of the data is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, as joint controller pursuant to Art. 26 DSGVO.

The processing of the personal data of the persons using the social network serves the purpose of providing us with static information about the use of our online presence. In addition, these data are processed by Twitter International Company for market research and advertising purposes. If the users are logged in on the platform, Twitter International Company may also use this data to serve personalized advertising outside of Twitter. 

If you use the option on Twitter to contact us via a direct message, your data will be used to answer your question and clarify the matter. Afterwards, the conversation will be deleted.

Twitter provides company profile insights that provide us with anonymized statistical data about the people visiting our fan page. These so-called “profile insights” are aggregate statistics that are created based on certain actions and logged by Twitter when users and visitors interact with our company profile and related content….

It cannot be ruled out that Twitter International Company also uses the content of these messages for its own purposes. For more information, please refer to the privacy policy of the social network.

Obligations of the joint controllers

Twitter International Company is obliged to assume primary responsibility under our agreement within the meaning of Article 26 (1) of the GDPR for the processing of personal data and to fulfill all obligations under the GDPR with regard to the principles and lawfulness of the processing of personal data. This includes in particular the fulfillment of the information obligations, the protection of the rights of the data subjects and the guarantee of the security of the processing.

Contacting us to assert data subject rights.

We forward requests regarding the rights of data subjects (Art. 15 – 22 DSGVO) to the primary controller Twitter International Company via an appropriate form. This includes requests for access, correction, deletion and/or objections or restriction of data, as well as requests from supervisory authorities in connection with the processing of data under the General Data Protection Regulation.

Recipients

It is not excluded that the data will be transmitted to third parties by the social network. For more information, please refer to the privacy policy of the social network.  For our part, no transmission of data to third party recipients takes place.

Transmission to third countries

Your personal data processed in this context could be transferred by Twitter International Company to a third country. It cannot be excluded that Twitter International Company transmits to the affiliated company “Twitter, Inc.”, based in the United States. Further information on this can be found in Twitter’s privacy policy, which is referred to under “Further privacy notices”.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Contractual or legal obligation to provide data

There is no contractual or legal obligation for the provision of data.

Revocation & objection option

You can prevent the collection and forwarding of personal data (esp. your IP address) as well as the processing of this data by the social network by disabling the execution of script code in your browser, installing a script blocker in your browser or activating the “Do Not Track” setting of your browser.

For the processing operations, in particular the processing of direct messages, there is a right to object to the customer – company. You can send your justified objection pursuant to Art. 21 DSGVO to the contact details of the Customer – Company mentioned above.

Further data protection information

The privacy policy of Twitter International Company and Twitter, Inc. can be found at:

https://twitter.com/de/privacy

YouTube

We operate a channel about our company on YouTube. When you visit and use our YouTube channel, Google may evaluate your usage behavior and provide us with information obtained from this. The use of this information is for the purpose of economic optimization and needs-based design of our website. Processed data categories are master data, contact data, content data, usage data, connection data. The recipient of the data is Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 Ireland, as joint controller pursuant to Art. 26 DSGVO.

Obligations of the joint controllers

Google Ireland Limited is required to assume primary responsibility under our agreement within the meaning of Art. 26(1) of the GDPR for the processing of personal data and to fulfill all obligations under the GDPR with respect to the principles and lawfulness of the processing of personal data. This includes in particular the fulfillment of the information obligations, the protection of the rights of the data subjects and the guarantee of the security of the processing.

Contacting us to assert data subject rights.

We forward requests regarding the rights of data subjects (Art. 15 – 22 DSGVO) to the primary controller Google Ireland Limited via an appropriate form. This includes requests for access, correction, erasure and/or objections or restriction of data, as well as requests from supervisory authorities in connection with the processing of data under the General Data Protection Regulation.

Recipients

It is not excluded that the data will be transmitted to third parties by the social network. For more information, please refer to the privacy policy of the social network.  For our part, no transmission of data to third party recipients takes place.

Transmission to third countries

Your personal data processed in this context could be transferred to a third country by Google Ireland Limited. It cannot be ruled out that Google Ireland Limited transmits to the affiliated company “Google LLC.”, based in the United States. Further information on this can be found in YouTube’s privacy policy, which is referred to under “Further privacy notices”.

Duration of data storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

Contractual or legal obligation to provide data

There is no contractual or legal obligation for the provision of data.

Revocation & objection option

You can prevent the collection and forwarding of personal data (esp. your IP address) as well as the processing of this data by the social network by disabling the execution of script code in your browser, installing a script blocker in your browser or activating the “Do Not Track” setting of your browser.

For the processing operations, in particular the processing of direct messages, there is a right to object to the customer – company. You can send your justified objection pursuant to Art. 21 DSGVO to the contact details of the Customer – Company mentioned above.

Further data protection information

The privacy policy of Google Ireland Limited can be found at:

https://policies.google.com/privacy?hl=de

Information on the cookies used

Cookies are small files that are stored on your device (computer, tablet or smartphone). When a website is accessed, the cookie stored on a device sends information to the party that placed the cookie.

How we use cookies

We want you to be able to make an informed decision for or against the use of cookies, which are not strictly necessary for the technical features of the App. Please note that if you opt out of the use of cookies for advertising purposes, you will still be shown advertisements, but they will be less targeted to your interests. However, you can still use all the functionality of the website/service.

We distinguish between

– Necessary cookies, which are absolutely necessary for the technical functions of the app,

– Statistics cookies, which allow us to analyze the use of the App, and

– Marketing cookies, which are placed by advertising companies to display advertisements relevant to your interests.

We offer you the opportunity to select your preferences regarding functional and marketing cookies as part of your initial visit to our App and at any time thereafter.

 

4. Order processing

In some cases, we use external service providers, such as IPStack and OneSignal, to process your data. These service providers have been carefully selected and commissioned by us. They are bound by our instructions and are regularly monitored. If necessary, order processing contracts are concluded with our partners. Our order processing contracts comply with the strict requirements of Art. 28 DSGVO as well as the requirements of the German data protection authorities.

 

5. Data subject rights

If your personal data is processed, you are a data subject within the meaning of the DSGVO and as a user you are entitled to the following rights against the controller:

5.1 Right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing exists, you may request information from the controller about the following:

– The purposes for which the personal data are processed;

– the categories of personal data which are processed;

– the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

– the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

– the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

– the existence of a right of appeal to a supervisory authority;

– any available information on the origin of the data, if the personal data are not collected from the data subject;

– the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

– You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.

5.2 Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

5.3 Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

– if you dispute the accuracy, of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

– the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

– the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims; or

– if you have objected to the processing pursuant to Article 21 (1) DSGVO, as long as it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

– If the processing of personal data concerning you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

5.4 Right to erasure

5.4.1 You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay, if one of the following reasons applies:

– The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

– You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.

– You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or the You object to the processing pursuant to Art. 21 (2) DSGVO.

– The personal data concerning you have been processed unlawfully.

– The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

– The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

5.4.2 If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

5.4.3 The right to erasure shall not apply to the extent that the processing is necessary

– For the exercise of the right to freedom of expression and information;

– for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) DSGVO;

– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) DSGVO, insofar as the right referred to in (1) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

– for the assertion, exercise or defense of legal claims.

5.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

5.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and

the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

5.7 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

5.8 Right to revoke your declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

The processing is lawful until your revocation – the revocation thus only affects the processing after receipt of your revocation. You can declare the revocation informally by mail or e-mail. The processing of your personal data will then no longer take place, subject to permission by another legal basis. If this is not the case, your data must be deleted immediately after the revocation in accordance with Art. 17 (2) DSGVO. Your right to revoke your consent subject to the above conditions is guaranteed.

Your revocation should be addressed to:  

BitBurst GmbH
Lerchenweg 3
40789 Monheim am Rhein, Germany
015256114159
info@bitburst.net
www.bitburst.net

5.9 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

 

6. Automated decisions in individual cases including profiling.

Automated decisions in individual cases including profiling do not take place.

 

7. Newsletter

If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the controller. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data will not be passed on to unauthorized third parties. For the purpose of sending the newsletter, however, necessary data could be transmitted to appropriate service providers. Furthermore, an exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a) DSGVO. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

 

8. Data transmission to third countries

The controller may transfer personal data to a third country. In principle, the controller can ensure that an adequate level of protection is brought about for the processing operations by means of various appropriate safeguards. It is possible to transfer data transfers on the basis of an adequacy decision, internal data protection rules, approved codes of conduct, standard data protection clauses or an approved certification mechanism pursuant to Art. 46(2)(a)-(f) GDPR.

If the controller makes a transfer to a third country on the legal basis of Art. 49 (1) a) DSGVO, you will be informed at this point about the possible risks of a data transfer to a third country.

There is a risk that the third country receiving your personal data may not provide an equivalent level of protection compared to the protection of personal data in the European Union. This may be the case, for example, if the EU Commission has not issued an adequacy decision for the respective third country or if certain agreements between the European Union and the respective third country are declared invalid. Specifically, in some third countries there are risks regarding the effective protection of EU fundamental rights through the use of surveillance laws (for example, the USA). In such a case, it is the responsibility of the controller and the recipient to assess whether the rights of data subjects in the third country enjoy an equivalent level of protection as in the Union and can also be effectively enforced.

However, the General Data Protection Regulation should not undermine the level of protection afforded to individuals throughout the Union when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organizations, including when personal data are further transferred from a third country or from an international organization to controllers or processors in the same or another third country or to the same or another international organization.

 

9. Integration of other services and contents of third parties

Description and purpose

It may happen that third-party content, such as videos, fonts or graphics from other websites, is integrated within this online offer. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) are aware of the IP address of the user. This is because without the IP address they would not be able to send the content to the browser of the respective user. The IP address is thus necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. Insofar as this is known to us, we inform the users about it. We would like to provide and improve our online offer through these integrations.

Legal basis

The legal basis for the integration of other third-party services and content is Art. 6 (1) lit. f) DSGVO. Our overriding legitimate interest lies in the intention of an appropriate presentation of our online presence and user-friendly and economically efficient services on our part. For further information, please refer to the respective data protection information of the providers.

Contractual or legal obligation for the provision of personal data

The provision of personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it would possibly result in you not being able to use this function or not being able to use it to its full extent.

 

10. Notification obligations of the responsible party

If your personal data has been disclosed to other recipients (third parties) with legal grounds, we will notify them of any rectification, erasure or restriction of the processing of your personal data (Art. 16, Art. 17(1) and Art. 18 DSGVO). The notification obligation does not apply if it is associated with a disproportionate effort or is impossible. We will also inform you about the recipients upon request.