1. Contact data
This information applies to any processing of personal or business data carried out by the following responsible entity:
BIT Bierther GmbH (hereinafter referred to simply as “BIT”)
Dützhofer Str. 7
Phone: +49 (0) 2254-96100
BIT’s data protection officer (DPO) can be reached as follows:
dhpg IT-Services GmbH
c/o Mr. Christian Lenz
Phone: +49 (0) 2261-8195-0
2. Rights of data subjects
You have the right:
- to request information about personal data processed on you by us. As per Article 15 of the European Union’s General Data Protection Regulation of 2016 (hereinafter referred to simply as “GDPR”), the scope of such inquiries may specifically include: the purpose(s) for processing said data in the first place; the categories of personal data collected; the recipients or categories of recipient the data has been or will be disclosed to, especially in the case of third-country (i.e., non-EU) recipients; planned storage times; to what extent a right exists to insist on correction or deletion of data, to either impose restrictions on processing or to object to such processing per se; the right to lodge a formal complaint; the source if said data was not collected by us; and to what extent automated decision-making – such as profiling – is used, including meaningful information on such decision-making’s underlying logic;
- to request immediate correction of inaccurate, incorrect or incomplete personal data stored by us, as per GDPR Article 16;
- to request, pursuant to GDPR Article 17, deletion of stored data inasmuch as such data is not necessary for exercising the right to freedom of expression and information, for complying with legal obligations as outlined in Section 3 Subsection b, for reasons of public interest as described in Section 3 Subsection c, or for the assertion, exercise or defense of legal claims;
- to request, pursuant to GDPR Article 18, that restrictions be placed on the processing of personal data if you are contesting the accuracy or veracity of said data. You may also do so if such processing is unlawful, but you do not want the data deleted while we have no further need for said data, because you need them for asserting, exercising, or defending legal claims, or if you have already objected against processing in accordance with GDPR Article 21 Section 1 while a decision is still pending if our legitimate interest shall prevail;
- to receive personal data collected on you in a structured, commonly used and machine-readable format, pursuant to GDPR Article 20, or to exercise your right to data portability by requesting transmission of said data to a third party of your own choosing if processing is based on your consent or on a contractual agreement and if processing is performed in an automated fashion;
- to revoke at any time consent to having us process your personal data as per GDPR Article 7 Section 3, which effectively bars us from continuing any data processing based on your initial consent in the future; as well as
- to lodge a complaint with a supervisory authority pursuant to GDPR Article 77 Section 1. As a general rule, you would usually address such a complaint to a supervisory authority at your place of residence or work or, alternatively, at the location of our headquarters.
3. Right to object
Pursuant to GDPR Article 21 Section 1, you shall have the right to object at any time to processing of your personal data based on legitimate interest, as outlined in GDPR Article 6 Section 1 Subsection f, on grounds relating to your particular situation. Pursuant to GDPR Article 21 Section 2, you may do the same in response to data processing for direct advertising or marketing purposes without the need to supply any further evidence of special circumstances applying to your own situation.
Should the former apply, we shall desist from processing your data any further unless we can document prevailing compelling reasons to the contrary or unless processing serves the assertion, exercise, or defense of legal claims.
Should the latter apply, the right to cancellation or objection requires no such special situation and can simply be exercised by sending an e-mail message to firstname.lastname@example.org.
4. Transfer of data
We shall not transmit or otherwise pass your personal data to third parties under any circumstances other than the ones listed below. Specifically, we may share your personal data with third parties:
- if you have given explicit consent for us to do so, as per GDPR Article 6 Section 1 Subsection a;
- if, pursuant to GDPR Article 6 Section 1 Subsection f, disclosure of such data is required for the assertion, exercise, or defense of legal claims, and if there is no apparent reason to assume a legitimate interest in not having the data disclosed;
- if transfer of data is required to comply with legal obligations, as laid out in GDPR Article 6 Section 1 Subsection c; or
- if admissible by law and if, pursuant to GDPR Article 6 Section 1 Subsection b, necessary for establishing, processing and executing contractual relationships with you.
In addition, employees at Order Management, by nature of their work, require access to your personal data for processing orders and other contractual agreements. This shall in no way constitute a right to personal use of such data by these employees.
5. Data protection and security
Throughout our website, we employ SSL (Secure Socket Layer), one of the most widespread communication protocols, in connection with data encryption at the highest grade supported by the browser you are using to connect to our website. These days, that typically means 256-bit encryption. Should your browser not support such encryption, 128.bit v3 technology is used instead. You can usually tell that an individual page on our website is transmitted in encrypted mode when a key or lock symbol is showing in locked state on the lower status bar of your browser.
What’s more, we always make certain to take organizational and technical safety measures in an attempt to ensure that your data are protected from incidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties. These measures are continuously upgraded and improved as available technology develops and evolves.
6. Data transfer to third countries
Data are transmitted to parties in third countries (countries outside the European Economic Area) in strict accordance with all pertinent legal provisions, specifically with GDPR Articles 44 to 50 which regulate when such transfer is permissible.
Should we transfer your data to parties in third countries, we shall issue special data protection information for the respective acts of data processing while also clearly citing legal provisions and regulations that apply specifically to such processing and transfer.
Data collection and storage information for data processing on our website
1. Visiting our website
When calling up our website at www.bit-gmbh.de, the Web browser you use on your terminal device automatically starts sending certain data and information to the web server on which our website runs. This happens for technical reasons as otherwise communication between the terminal device and the web server would be impossible. These data are temporarily stored in what is referred to as a “log file.” Specifically, the following information is automatically stored until auto-deleted:
- the IP address of the computer connecting to the website,
- date and time of access,
- name and URL of retrieved file(s),
- address of the website where a person clicked a link that sent them to our website (referrer URL),
- the Web browser used to contact our web server, and possibly the operating system run on the terminal device as well as the name of your Internet Access Provider (IAP).
The data listed above are processed by us exclusively:
- to guarantee smooth connection to our website,
- to ensure easy and convenient use of our website,
- to assess system security and stability, as well as
- for further administrative purposes.
Such legitimate commercial interest in data processing has its legal basis in GDPR Article 6 Section 1, specifically Subsection f. More specifically, our legitimate interest in this case is operation of our website in an effort to create a web presence for our company.
Your data are deleted as soon as they are no longer required for the designated purpose, no later than six months after collection.
2. Using our contact form “direct request / inquiry”
As a quick means of getting in touch with us directly, either to have a question answered or to launch a request with our sales team, an online contact form is available on our website.
Anybody using the contact form needs to enter their name and provide a valid e-mail address so that we know who launched the inquiry or query and how to contact them to respond. Other entries may be made at the user’s discretion.
All data for contacting purposes via the online form are processed, based on your voluntary consent, pursuant to GDPR Article 6 Section 1 Subsection a. Personal data collected from the contact form are automatically deleted once the inquiry or query has been answered.
By contrast, GDPR Article 6 Section 1 Subsection b applies if the contact form is used to launch requests for quotations or directly for purchase of our products or for solicitation of our services. In case of such contractual negotiations, your data will be stored in accordance with legal retention periods as mandated by German law.
3. Entering into a contractual agreement with BIT
When you enter into a contract with us, we store your master data and, if necessary, any additional data required to implement and execute the contract. Pursuant to GDPR Article 6 Section 1 Subsection b, data processing may proceed for as long as it is required to meet and satisfy any contractual obligations, goals and purposes. This usually comprises the entire duration of the contractual relationship.
After execution of the contract has concluded and after statutory periods for retaining business records (e.g., those mandated by the German Commercial Code) have elapsed, your data are deleted in the absence of any legitimate interest for retention as per GDPR Article 6 Section 1.
4. Cookies, analysis tools, plugins, and other third-party elements
Cookies simply serve to log information resulting from or relating to contact between our website and the browser run on the respective terminal device. Please note that this per se does by no means enable us to immediately determine your identity.
As the name implies, analysis tools track and analyze use and consumer patterns of website visitors. Utilization of analysis tools is intended to help us design our website to best conform to both our customers’ and our own needs and preferences. This way, our website and marketing activities can be adjusted and optimized quickly and continuously.
By contrast, plugins and other third-party elements are employed to embed and integrate third-party content.
a) First-party cookies
First-party cookies are required for technical reasons for our website to operate properly. They serve to help make navigating and using our webpages easier and more convenient for you. Session cookies, for instance, are used to recognize which individual pages you have already visited on our website during the current session. These are automatically deleted after leaving our website.
In an effort to optimize usability, we employ temporary cookies that are stored on your device for a specific period of time. The next time you visit our website to take advantage of our services, it will automatically recognize that you have already visited before. It will also remember previous browser activity such as the input you performed during previous sessions as well as stateful information such as your settings. This way, you don’t have to readjust or re-enter your settings every time you visit our website.
These data are deleted no later than six months after your visit.
As outlined in GDPR Article 6 Section 1 Subsection f, our legitimate interests in presenting our company on our website and in continuously improving its usability constitute a sufficient legal basis for processing data in such a fashion.
By default, most browsers accept cookies automatically. However, you can configure your browser either so that no cookies are stored on your computer at all or so that there will be a prompt showing each time a new cookie is generated. Please do keep in mind again that disabling cookies altogether may mean that you cannot use all the features on our website.
b) Third-party cookies, analysis tools, plugins, and other third-party elements
Third-party cookies, analysis tools, plugins, and other third-party elements listed below are only used with your express consent. As such, they are employed pursuant to GDPR Article 6 Section 1 Subsection a. You may revoke your consent at any time, effective immediately. To do so, you can change your settings here. However, refusal or withdrawal of consent may cause our website to not be displayed properly. You may also lose access to some of its functionality and features as a result.
We employ third-party cookies, analysis tools, plugins, and other third-party elements to ensure a user-friendly design and continuous optimization of our website. They also serve to track and statistically record usage of our website so that we can analyze and evaluate such data for the purpose of improving our product portfolio and the services we offer.
In subsequent sections, you can find more on the functionality, potential data recipients, data retention periods, and possible data transmission to third countries for each of our data processing activities involving third-party cookies, analysis tools, plugins, and third-party elements.
(1) Google Analytics
BIT’s website uses Google Analytics, a Web analysis service provided by Google LLC (hereinafter referred to simply as “Google”), headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America. We do so in a continuous effort to keep optimizing our website seamlessly and to tailor it as closely as possible to our customers’ and our own needs.
To this end, cookies are employed (as described under Section 8 above) and user profiles are created, each under a different pseudonym. Data on your use of our website tracked and generated by Google Analytic cookies includes:
- browser type and version;
- operating-system type and version;
- referrer URL (i.e., the address of the website where a person clicked a link that sent them to our website);
- host name of the accessing terminal device (usually, its IP address); plus
- time and date when the server inquiry was made.
This information is then sent to a Google server operating from the United States of America and subsequently stored there. Information collected in this fashion serves to analyze and evaluate usage data on our website as well as to collate and create website activity reports. It is also used to assist in providing supplementary services associated with website and Internet usage, especially as they pertain to facilitating market research and demand-oriented Web design.
Under no circumstances is your IP address to be cross-referenced, combined, or merged with other data Google has collected. To safeguard this, IP addresses are to be anonymized, effectively preventing clear identification of an IP address with a specific entity or person, in a process often referred to as “IP masking.”
You can find more information on the issues of data protection and privacy, specifically as they relate to Google Analytics, by consulting the Google Analytics online help at https://support.google.com/analytics/answer/6004245?hl=en.
Data collected by Google Analytics are transferred to the United States of America. Pursuant to GDPR Section 1 Subsection a, this requires your explicit consent. However, be first advised that access to legal recourse in the United States may be limited or altogether unavailable and that privacy protection tends to be significantly weaker in the US compared to the EU.
(2) Google Maps
Google Maps, Google’s web-mapping service, is accessed through an application programming interface (API) on our website.
This plug-in is integrated into our website by means of the so-called two-click method to protect visitors to our website in the most effective way possible. This means none of your personal data (including your IP address) is transmitted to Google just by calling up our website. Instead, you need to first activate the embedded map by clicking on it. This second click constitutes consent to having the map with our company location loaded in your browser, at which point data are transferred to Google.
To use GoogleMaps’ features and functions, your IP address needs to be collected and stored. This information is sent to a Google server operating from the USA and stored there, usually without prior anonymization.
Data collected by Google Maps are transferred to the United States of America. Pursuant to GDPR Section 1 Subsection a, this requires your explicit consent. However, be first advised that access to legal recourse in the United States may be limited or altogether unavailable and that privacy protection tends to be significantly weaker in the US compared to the EU.
(3) Google Adwords Conversion Tracking
For statistical collection and analysis of website usage patterns, we also use another Google service called Google Adwords Conversion Tracking.
In case a Google ad brought you to our website, a cookie is set on your terminal device by Google Adwords. Such cookies are only valid for 30 days and are not used for identification purposes. If the user visits certain pages of an Adwords’ customer and if the cookie is still valid, both Google and the customer can detect that the user clicked on the ad and was forwarded from there to the page.
As each Adwords customer receives a different cookie, cookies cannot be tracked beyond a customer’s web pages. Data collected in this fashion serve to create Conversion statistics for Adwords customers who have opted for Conversion Tracking. This way, Adwords customers can tell how many users have clicked on their ad and have been forwarded to a website with a Conversion Tracking tag. However, Adwords customers do not have access to any information that would allow for identification of individual users. This information is then sent to a Google server operating from the United States of America and subsequently stored there.
Google’s privacy statement on Conversion Tracking and Google Site Stats can be found at https://services.google.com/sitestats/en.html.
Data collected by Google Adwords Conversion Tracking are transferred to the United States of America. Pursuant to GDPR Section 1 Subsection a, this requires your explicit consent. However, be first advised that access to legal recourse in the United States may be limited or altogether unavailable and that privacy protection tends to be significantly weaker in the US compared to the EU.
c) Google Tag Manager
Another service we use on our website is Google Tag Manager by Google Ireland Limited, based in Google Building Gordon House, Barrow St., Dublin 4, Republic of Ireland.
Google Tag Manager provides marketers like us with an easy-to-use interface for managing website tags. The Google Tag Manager tool used for generating and implementing tags is an online domain operating without cookies. As such, it cannot collect or track any personal data by itself. However, Google Tag Manager can be used to trigger other tags that might collect and process such data. Even in such a scenario, Google Tag Manager itself cannot be used to access such data. If set on the cookie or domain level, deactivation will persist for all tracking tags implemented by Google Tag Manager.