Logo of bitfuel GmbH / Bourros Group GmbH
_privacy

Privacy Policy

With this privacy policy, we would like to inform you about how we process personal data. We are aware of the importance of processing personal data for users and therefore comply with all applicable legal requirements. Protecting your privacy is of utmost importance to us. Compliance with statutory data protection regulations is therefore a matter of course for us.

Controller responsible for data processing

Bourros Group GmbH
Hanauer Landstraße 136A
60314 Frankfurt (Germany)
hello@bourros.com

bitfuel GmbH
Hanauer Landstraße 136A
60314 Frankfurt (Germany)

Phone: +49 (0)69 / 210 000 - 80
E-Mail: hello@bitfuel.de

Definitions

This privacy policy uses the terminology of the General Data Protection Regulation (GDPR).

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Restriction of processing” means the marking of stored personal data with the aim of limiting its future processing.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Pseudonymization” means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

“Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

“Recipient” means a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons authorized to process the personal data under the direct authority of the controller or processor.

“Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them.

Processing activities

We collect and process the following personal data about you:

  • Contact and address information, if you provide us with your contact details or register on our website
  • Online identifiers (e.g. IP address, browser type and version, operating system used, referrer URL, file name, access status, amount of data transferred, date and time of server request)
  • Social media identifiers

Purposes of data processing

We collect personal data only if and to the extent that you voluntarily provide such data, for example as part of a registration process.

We process your data for the following purposes:

  1. To enable the contact you have requested
  2. To inform you about our services
  3. For contract execution, in particular order processing and invoicing
  4. For advertising purposes
  5. To send email newsletters, provided you have subscribed
  6. For quality assurance
  7. For statistical purposes

Legal basis

Your data is processed on the following legal bases:

  1. Consent pursuant to Art. 6(1)(a) GDPR
  2. Performance of a contract pursuant to Art. 6(1)(b) GDPR
  3. Compliance with legal obligations pursuant to Art. 6(1)(c) GDPR
  4. Legitimate interests pursuant to Art. 6(1)(f) GDPR, in particular:
    • Improving our services
    • Protection against misuse
    • Statistical analysis

Data sources

We receive data from you (including via the devices you use). If we do not collect personal data directly from you, we will inform you of the source and whether the data originates from publicly accessible sources.

Data transfer / recipients

Your personal data is used internally and shared only with companies involved in fulfilling contractual obligations or service provision. We work with the following service providers who may have access to your data:

  1. Web analytics providers
  2. Web hosting providers, including Dropbox, Inc. (USA) and One Clipboard, Inc. d/b/a Splash (USA)
  3. Office management and event software providers, including Teamwork.com Ltd. (Ireland), Atlassian, Inc. (USA), Eventbrite, Inc. (USA), Sched LLC (USA), FastBill GmbH (Germany), and Google Ireland Limited (Ireland)
  4. Payment service providers

Personal data will otherwise not be shared with third parties unless you have given explicit consent or we are legally obliged to do so.

Data may be transferred to countries outside the European Union on the basis of contractual safeguards ensuring an adequate level of data protection.

Duration of processing

We store personal data only as long as necessary to fulfill the purpose of processing or as required by statutory retention obligations.

  1. If you have consented to the processing, your data will be stored at most until you withdraw your consent.
  2. If we require the data to perform a contract, it will be stored for no longer than the duration of the contractual relationship or any applicable statutory retention periods.
  3. If we process the data on the basis of legitimate interests, it will be stored only as long as your interest in deletion or anonymization does not outweigh our legitimate interests.

Requirement or obligation to provide data

Unless explicitly stated at the time of collection, the provision of data is neither required nor mandatory.

Data security

We have implemented extensive technical and organizational measures to protect your data against potential risks such as unauthorized access, unauthorized disclosure, alteration, or distribution, as well as loss, destruction, or misuse.

To protect your personal data during transmission from unauthorized access by third parties, data transfers may be secured using SSL encryption. This is a standardized encryption method for online services, particularly for the web.

Web analytics and tracking tools used

Google Analytics

Like almost every website operator, we use analytics tools in the form of tracking software to determine usage frequency and the number of users on our website.

To optimize this website and our services, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies,” which are text files stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the United States and stored there.

If IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by adjusting your browser software settings; however, please note that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout

As an alternative to the browser add-on, or within browsers on mobile devices, you may click the corresponding opt-out link to prevent Google Analytics from collecting data on this website in the future. This opt-out works only in the browser used and only for this domain. An opt-out cookie will be stored on your device. If you delete your cookies in this browser, you will need to click the link again.

Further information can be found at:
https://tools.google.com/dlpage/gaoptout and
https://www.google.com/intl/en/analytics/privacyoverview.html
(general information on Google Analytics and data protection).

Please note that Google Analytics on this website has been extended with the code gat._anonymizeIp(); to ensure anonymized collection of IP addresses (so-called IP masking).

Google AdWords

This website uses the online advertising program Google Ads and, as part of Google Ads, conversion tracking provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use Google Ads to draw attention to our offerings on external websites through advertising materials (so-called Google Ads). Based on the data from advertising campaigns, we can evaluate how successful individual advertising measures are. This serves our interest in showing you advertising that is relevant to you, making our website more appealing, and ensuring a fair calculation of advertising costs.

Further information on Google’s data protection policies can be found at:
http://www.google.de/policies/privacy/

Facebook Visitor Action Pixel and Facebook Custom Audiences

With your consent, we use the Facebook Visitor Action Pixel of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, within our website. This allows us to track user actions after they have viewed or clicked on a Facebook ad. In this way, we can display interest-based advertisements to visitors of this website when they are using the Facebook social network.

In addition, this function enables the placement of personalized advertising banners on social networks, which may include products that users previously viewed on our website (remarketing). For this purpose, the Facebook Pixel has been implemented on this website. When visiting the website, the pixel establishes a direct connection to Facebook’s servers. Among other things, Facebook is informed that you have visited this website (including information about which products you purchased and for which revenue amounts).

If you are a Facebook user, Facebook may associate this information with your personal user account. When you subsequently visit Facebook pages, the tracking pixel creates a direct connection between your browser and Facebook’s servers. As a result, Facebook receives information from your browser that our website was accessed from your device (e.g. your PC). Facebook can then also determine whether a Facebook advertisement was effective, for example whether it led to an online purchase.

We receive only statistical data from Facebook that does not allow any conclusions to be drawn about a specific individual. This is done for the purpose of measuring advertising effectiveness. Tracking via the Facebook Pixel is carried out in such a way that it does not enable us to identify you personally; users are marked only in anonymized form as visitors to our website. Facebook uses cookies for this purpose.

Facebook stores and processes the data collected via the pixel. This processing may take place, at least in part, outside the territorial scope of EU data protection regulations. Further information on the collection and use of data by Facebook, as well as your rights and options for protecting your privacy, can be found in Facebook’s privacy policy at:
https://www.facebook.com/about/privacy

Facebook Lead Ads

We use Facebook Lead Ads provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, to identify individuals interested in our services and to enable further personal and promotional communication. For this purpose, we process personal data provided by you, in particular your first name, last name, email address, and interest in the content we offer.

You may withdraw your consent at any time by sending an informal email to hello@candylabs.de. The data you enter is also processed by Facebook Inc. We have no influence over the data collected by Facebook Inc. or how it is processed.

For further information, please visit Facebook’s privacy policy at:
https://www.facebook.com/about/privacy

Unbounce

For certain campaign and advertising pages (landing pages), we use the service Unbounce provided by Unbounce Marketing Solutions Inc., 400–401 West Georgia Street, Vancouver, BC, Canada, V6B 5A1. These pages are hosted by Unbounce.

The user’s browser communicates directly with Unbounce, which means that the user’s IP address is transmitted and cookies may be set. All information entered by users on these pages is also stored by Unbounce. We subsequently receive an analysis of user activity.

Further information about Unbounce and data protection at Unbounce can be found at:
http://unbounce.com/privacy/

Postmark (Wildbit, LLC)

This website uses email delivery services provided by Wildbit, LLC, 2400 Market Street, No. 200, Suite 235B, Philadelphia, PA 19103, United States, to send emails for the confirmation of registrations and orders.

For the purpose of sending emails via Postmark, we transmit your email address as well as your first and last name (for email personalization) to Postmark.

The most up-to-date privacy information regarding Postmark, along with additional details, can be found at:
https://wildbit.com/privacy-policy

Mailchimp (Email-Marketing)

We use Mailchimp as our mailing list provider for sending newsletters. Mailchimp is a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA (“Rocket”). Rocket signed the so-called Safe Harbor Agreement on July 22, 2008, which is a data protection agreement between the European Union and the United States.

The data stored during registration is transmitted to and stored by Rocket. The data provided during registration is not passed on to any other third parties. After registration, Mailchimp sends you an email to confirm your subscription.

Mailchimp also offers various analytical options to evaluate how newsletters are opened and used, such as how many users an email was sent to, whether emails were bounced, and whether users unsubscribed after receiving an email. These analyses are aggregated and are not used by us for individual evaluation.

In addition, Mailchimp uses the Google Analytics analysis tool from Google and may integrate it into newsletters. Further details on Google Analytics can be found in this privacy policy under “Google Analytics.”

More information on data protection at Mailchimp can be found at:
http://mailchimp.com/legal/privacy/

Log files

Each time our website is accessed, usage data is transmitted by the respective internet browser and stored in log files known as server log files. The data records stored include the following information: the domain from which the user accesses the website, the date and time of access, the IP address of the accessing device, the webpage(s) visited within the website, the amount of data transferred, browser type and version, operating system used, name of the internet service provider, and a message indicating whether the request was successful.

These log file records are analyzed in anonymized form in order to improve our services and make them more user-friendly, to identify and resolve errors, and to manage server capacity.

The log files are evaluated in anonymized form to improve our website, enhance usability, detect and fix errors, and manage server load. To analyze the log files, we use the tool Papertrail. In this context, usage data may be transmitted to the servers of companies that provide such tools.

We require this data to ensure a secure and stable connection between you and us. We also use the data to improve the overall user experience on our website.

Sentry

To improve the technical stability of our services, we use Sentry (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, United States). Sentry monitors system stability and identifies code errors. User data, such as device information or the time an error occurred, is collected in anonymized form, is not used on a personal basis, and is subsequently deleted. For further information, please refer to Sentry’s privacy policy:
https://getsentry.com/privacy/

Zapier

To integrate various databases and tools, we use Zapier, a service provided by Zapier Inc., 548 Market St #62411, San Francisco, California 94104, United States. In this process, customer data—excluding payment data—may be transmitted.

Further information on data protection at Zapier can be found at:
https://zapier.com/privacy

Matomo (formerly Piwik)

Our website uses the web analytics service Matomo. Matomo is an open-source software that analyzes website visitor activity. The cookies used collect information about your use of our website. This information is stored on a Matomo server in Germany. Your IP address is anonymized before storage.

You have the option to prevent Matomo cookies from being stored on your computer by adjusting your browser settings accordingly. Please note that this may result in you not being able to use all features of our website to their full extent.

Instagram

In addition, we use features of the Instagram service operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, United States (“Instagram”). The corresponding plugins are marked with an Instagram logo, for example in the form of an “Instagram camera.” An overview of the Instagram plugins and their appearance can be found here:
http://blog.instagram.com/post/36222022872/introducing-instagram-badges

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram’s servers. The content of the plugin is transmitted directly from Instagram to your browser and embedded into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the United States and stored there.

If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts.

We expressly point out that, as the provider of this website, we have no knowledge of the content or scope of the data transmitted or how it is used by Instagram. Further information can be found in Instagram’s privacy policy at:
https://help.instagram.com/155833707900388
as well as the general information at:
https://help.instagram.com

LinkedIn

Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States.

Each time you access one of our pages that contains LinkedIn features, a connection to LinkedIn’s servers is established. LinkedIn is informed that you have visited our website using your IP address. If you click the LinkedIn “Recommend” button while logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with your user account.

Please note that, as the provider of this website, we have no knowledge of the content of the transmitted data or how it is used by LinkedIn.

Further information can be found in LinkedIn’s privacy policy at:
https://www.linkedin.com/legal/privacy-policy

Youtube

This website uses YouTube’s embedding function to display and play videos provided by YouTube, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The extended data protection mode is used, which, according to the provider, only initiates the storage of user information once the video(s) are played.

When playback of embedded YouTube videos is started, YouTube sets cookies to collect information about user behavior. According to YouTube, this information is used, among other things, to compile video statistics, improve user experience, and prevent misuse.

If you are logged into Google, your data will be directly associated with your account when you click on a video. If you do not wish this association with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such evaluation is carried out in particular pursuant to Art. 6(1)(f) GDPR on the basis of Google’s legitimate interests in displaying personalized advertising, conducting market research, and/or tailoring its website to user needs.

You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube directly. Regardless of whether the embedded videos are played, a connection to the Google “DoubleClick” network is established each time this website is accessed, which may trigger further data processing operations beyond our control.

Further information on data protection at YouTube can be found in the provider’s privacy policy at:
https://www.google.de/intl/de/policies/privacy.

Twitter

Plugins of the short messaging service Twitter Inc. (Twitter) are integrated into our website. The Twitter plugins (tweet button) can be recognized by the Twitter logo on our pages. An overview of tweet buttons can be found here:
https://about.twitter.com/resources/buttons

When you visit a page on our website that contains such a plugin, a direct connection is established between your browser and Twitter’s server. Twitter thereby receives the information that you have visited our website using your IP address.

If you click the Twitter “tweet” button while logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to associate your visit to our website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the transmitted data or how it is used by Twitter.

If you do not wish Twitter to associate your visit to our pages with your Twitter user account, please log out of your Twitter account.

Further information can be found in Twitter’s privacy policy at:
https://twitter.com/privacy.

Xing

Functions of the Xing service, operated by XING AG, Gänsemarkt 43, 20354 Hamburg, Germany, are integrated into our website.

When you activate and use the plugin, your browser establishes a direct connection to Xing’s servers. The content of the plugin is transmitted directly from Xing to your browser and embedded into the website. By activating the plugin, Xing receives the information that you have accessed the corresponding page of our website.

If you are logged in to Xing, Xing can associate your visit with your Xing account. Information on the purpose and scope of data collection, the further processing and use of data by Xing, as well as your rights and configuration options in this regard, can be found in Xing’s privacy policy at:
https://privacy.xing.com/de/datenschutzerklaerung.

HubSpot

We use HubSpot on our website for analytics purposes, a service provided by HubSpot Inc. HubSpot is certified under the EU–US Privacy Shield. In this context, so-called web beacons are used and cookies are set, which are stored on your computer and enable us to analyze your use of the website.

The information collected (e.g. IP address, geographic location, browser type, duration of visit, and pages viewed) is analyzed by HubSpot on our behalf in order to generate reports on website visits and the pages accessed. If you subscribe to email newsletters or download other documents, we may also use HubSpot to associate your visits to our website with your personal data (in particular name and email address).

If you do not wish to be tracked by HubSpot in general, you can prevent the storage of cookies at any time by adjusting your browser settings accordingly. Further information on how HubSpot works can be found in HubSpot Inc.’s privacy policy at:
https://legal.hubspot.com/de/privacy-policy

For interactions such as newsletter subscriptions, the collection of certain data (name, email address) is required. This data, as well as any additional voluntary information, is collected, stored, and used to provide the service. Our newsletter allows you to learn more about us and our services. For this purpose, we receive your contact information (and any additional information you voluntarily provide). This data is stored on the servers of our software partner HubSpot.

We may use this data to contact you and to determine which services offered by candylabs GmbH may be of interest to you. All information collected by us is subject to this privacy policy.

HubSpot is a software company based in the United States with a subsidiary in Ireland.

Private Captcha (CAPTCHA-Service)

We use ‘Private Captcha’ (https://privatecaptcha.com/) on our website to protect us and our online services from unwanted, automated access and spam. Private Captcha is a service provided by Intmaker OÜ, Pärnu mnt 139b, Tallinn, Harjumaa, Estonia, 11317.

Private Captcha helps us to differentiate between normal interactions and misuse. When you interact with a part of our website that is protected by Private Captcha, your device receives a computational task that is automatically solved in the background. As part of the protection mechanism, Private Captcha also calculates a trust score for each request by analysing technical/device data (e.g. IP address, device information) and behavioural data (e.g. mouse movements, clicks). This score evaluates the likelihood that a request is made by a human or a bot (malicious script), based on technical and behavioural indicators.

Private Captcha does not set or use its own cookies. However, it may see automatically transmitted cookies from the user’s device, depending on the user’s settings. The actual data depends on the device’s settings and permissions. Private Captcha only uses the data to reliably differentiate between human and automated behaviour and afterwards to improve the threat detection and increase the system security. The legal basis for the use and data processing of Private Captcha is our legitimate interest in the security of our website and protection against automated access, spam and other forms of misuse, Art. 6 para. 1 lit. f GDPR.

Zustimmung zur Verwendung von Cookies.

To ensure that our website functions properly, we use cookies. In order to obtain and properly document your valid consent to the use and storage of cookies in the browser you use to access our website, we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH Amsterdam, Netherlands. Website: https://cookiefirst.com (hereinafter referred to as “CookieFirst”).

When you access our website, a connection is established with CookieFirst’s server to enable us to obtain your valid consent for the use of certain cookies. CookieFirst then stores a cookie in your browser in order to activate only those cookies to which you have consented and to properly document your consent. The processed data is stored until the specified retention period expires or until you request deletion of the data. Deviating from this, certain statutory retention periods may apply.

CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this processing is Article 6(1)(c) of the General Data Protection Regulation (GDPR).

Data Processing Agreement

We have concluded a data processing agreement with CookieFirst. This is a data protection–related contract that ensures that the data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

Server Log Files

Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser transmits to us automatically. The following data is collected:

  • Your consent status or the withdrawal of your consent
  • Your anonymized IP address
  • Information about your browser
  • Information about your device
  • The date and time of your visit to our website
  • The URL of the website on which you saved or updated your consent declaration
  • The approximate location of the user who saved their consent preferences
  • A universally unique identifier (UUID) of the website visitor who clicked the cookie banner

Rechte des Betroffenen

You have the right to request information about whether and which personal data relating to you is being processed by us. You also have the right to request the correction of inaccurate personal data or the completion of incomplete personal data.

  1. Under certain circumstances, you have the right to request the erasure of your personal data.
  2. Under certain circumstances, you have the right to request the restriction of the processing of your personal data.
  3. You may withdraw your consent to the processing and use of your data, in whole or in part, at any time with effect for the future.
  4. You have the right to receive your personal data in a commonly used, structured, and machine-readable format.
  5. If you have questions, comments, complaints, or requests for information in connection with our privacy policy and the processing of your personal data, you may contact our data protection officer in writing.
  6. You also have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates applicable legal provisions.

Status of this Privacy Policy
July 2, 2022

We reserve the right to amend this privacy policy at any time with effect for the future.

This privacy policy was generated with the help of the privacy policy generator provided by ePrivacy GmbH.