Privacy Policy

We appreciate your visit to our website. Below, we would like to inform you about how we handle your data in accordance with Article 13 of the General Data Protection Regulation (GDPR).

Controller

The controller responsible for data processing on this website is:

Bitkom e.V.
Albrechtstraße 10
10117 Berlin
E-Mail: bitkom@bitkom.org

Data Protection Officer Contact Details

Our external Data Protection Officer is available to answer any questions regarding data protection. You can reach them at:

datenschutz nord GmbH
Location Berlin
Kurfürstendamm 212
10719 Berlin
E-Mail: office@datenschutz-nord.de

If you contact our Data Protection Officer, please also state the controller as specified in the Imprint.

Data Security

To protect your data from unwanted access as comprehensively as possible, we implement technical and organizational measures. We use an encryption procedure on our website. Your data is transferred between your computer and our server, and vice versa, via the internet using TLS encryption. You can usually recognize this by the closed lock symbol in your browser's status bar and by the address line starting with https://.

Usage Data

When you visit our website, so-called usage data is temporarily processed on our web server to deliver the website to your browser. We also evaluate usage data for statistical purposes to improve the quality of our website. This data set includes:

• the name and address of the requested content,
• the date and time of the request,
• the amount of data transferred,
• the access status (content delivered, content not found),
• a description of the web browser and operating system used,
• the referrer link, indicating the page from which you reached ours,
• the IP address of the requesting device.

The log data is only evaluated in anonymized form. Processing the IP address is necessary to deliver the website to the visitor's device.

The remaining usage data is also stored in the log files of our system. These data are not stored together with other personal data of visitors. The storage in log files is necessary to ensure the website's functionality. In addition, the data serves us to optimize the website and ensure the security of our information technology systems.

The legal basis for processing usage data is Article 6(1)(f) GDPR. Processing is based on our legitimate interest in providing the website content and ensuring an optimized presentation across devices and browsers.

Required Cookies

We use cookies on our website that are necessary for the use of our site. Cookies are small text files that can be stored and read on your device. A distinction is made between session cookies, which are deleted once you close your browser, and persistent cookies, which are stored beyond a single session. We do not use these required cookies for analytics, tracking, or advertising purposes. Some cookies contain only information about certain settings and are not personally identifiable. They may also be necessary to enable navigation, security, and the provision of the website. We use these cookies based on Section 25 (2) No. 2 TDDDG.

You can set your browser to inform you about the placement of cookies. You can also delete cookies at any time via your browser settings and prevent new cookies from being set. Please note that our website may then not be displayed in full and some features may no longer be technically available.

Consent Banner

We use the consent management platform Usercentrics (consent or cookie banner) on our website. Processing in connection with the consent management platform and logging your choices is based on Article 6(1)(f) GDPR in our legitimate interest to display content according to your preferences and to provide proof of your consent(s). Your chosen settings, consents, and the necessary usage data are stored in a cookie. This ensures that your settings are retained for subsequent page requests and your consents remain traceable.

Adjust privacy settings

The provider of the Usercentrics consent management platform acts as a strictly instructed service provider (processor) on our behalf. A data processing agreement in accordance with Article 28 GDPR has been concluded.

Web Analytics

To tailor our website to your needs, we use web analytics tools. Data processing is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25 (1) TDDDG, provided you have given your consent via our cookie banner. You can withdraw your consent at any time with future effect. You can adjust your preferences in our cookie banner by accessing it via the fingerprint icon in the lower left corner of our website.

How does tracking work?

The analytics provider creates user profiles for us based on pseudonyms. These profiles are used to analyze visitor behavior and are evaluated to improve and tailor our offering. To this end, persistent cookies are stored and read on your device. We may also retrieve recognition features for your browser or device (e.g., using tracking pixels or browser fingerprints). This allows us to recognize returning visitors, count them, and analyze their behavior on the website.

We also use heatmap and session recording features. The heatmap service shows us which areas of our website the mouse is moved over or clicked on most frequently. The session recording service records individual user sessions. We can replay these sessions to analyze website usage. Data entered in forms is not recorded and is never visible.

Which third parties do we use in this context?

Below you will find the third-party providers we work with for web analytics. If data is processed outside the EU/EEA (particularly in the USA), the following table provides information on the level of data protection.

Third-Party Tracking Technologies for Advertising Purposes

We use cross-device tracking technologies so that targeted advertising can be displayed to you on other websites based on your visit to our website, and so we can assess the effectiveness of our advertising campaigns.

Data processing is based on your consent, provided you have given your consent via our banner. Your consent is voluntary and can be withdrawn at any time.

How does tracking work?

When you visit our website, the third-party providers listed below may retrieve recognition features for your browser or device (e.g., browser fingerprint), evaluate your IP address, store or read recognition features on your device (e.g., cookies), or gain access to individual tracking pixels. These features may be used by third parties to recognize your device on other websites. We can commission the display of advertising on these third-party sites based on the pages you have visited with us.

What does cross-device tracking mean?

If you log in to the third-party provider's service with your own user data, the various recognition features for different browsers and devices can be linked. If the third-party provider creates its own feature for your laptop, desktop PC, smartphone, or tablet, these features can be associated as soon as you use a service from the third-party provider while logged in. This enables the provider to target our advertising campaigns across devices.

Which third-party providers do we use for this purpose?

Below you will find the third-party providers we use for advertising purposes. If data is processed outside the EU/EEA (particularly in the USA), the following table provides information on the level of data protection.

Embedded Videos

We embed videos on our website that are not stored on our own servers. For privacy reasons, no third-party content is loaded and the third-party provider receives no information when you access our website. Only once you have given consent via our banner is third-party content loaded. At this point, the provider receives information that you have accessed our site as well as the technically necessary usage data. The provider is then also able to implement tracking technologies. We have no influence on further data processing by the third party. Your consent covers the loading of third-party content. Embedding occurs based on your consent, provided you have given it via our banner.

Please note that embedding certain video services may result in your data being processed outside the EU/EEA (particularly in the USA). If this is the case, the following table provides information on the level of data protection.

We use video services from the following third-party providers:

Map Services

We embed map services on our website that are not stored on our own servers. For privacy reasons, no third-party content is loaded and the third-party provider receives no information when you access our website. Only once you have given consent via our banner is third-party content loaded. At this point, the provider receives information that you have accessed our site as well as the technically necessary usage data. We have no influence on further data processing by the third party. Your consent covers the loading of third-party content. Embedding occurs based on your consent, provided you have given it via our banner.

Please note that embedding certain map services may result in your data being processed outside the EU/EEA (particularly in the USA). If this is the case, the following table provides information on the level of data protection.

We use map services from the following third-party providers:

Integration of Other Third-Party Technical Content and Features

To display our website, we use the technical functions and content of third-party providers listed below. Accessing our site causes content from these third parties to be loaded, and the provider receives information that you have accessed our site as well as the technically necessary usage data. We have no influence on further data processing by the third party. Embedding occurs based on Section 25 (2) No. 2 TDDDG and Article 6(1)(f) GDPR in the interest of making our website as attractive and informative as possible.

Please note that the use of third-party content and functions may result in your data being processed outside the EU/EEA (particularly in the USA). For transfers to the USA, an adequate level of data protection is ensured by the adequacy decision (EU-U.S. Data Privacy Framework).

Contact Form

You have the option to contact us via our contact form. To use our contact form, you must provide the data marked as mandatory fields. We use this data on the basis of Article 6(1)(f) GDPR in order to respond to your inquiry. Your data is processed only for the purpose of responding to your request. In addition, Article 6(1)(b) GDPR may serve as the legal basis if your inquiry is related to the initiation of pre-contractual measures. We will delete your data if it is no longer required and if no statutory retention obligations prevent its deletion.

Newsletter

You can subscribe to our newsletter on our website. Please note that we require certain information (at least your email address) for newsletter registration.

The newsletter is sent only if you have given us your explicit consent. After registering, you will receive a confirmation email at the address provided (double opt-in). You can withdraw your consent at any time. You will find an easy way to unsubscribe, e.g., via the link included in each newsletter.

When you register for the newsletter, we store additional data, as required, to demonstrate that you have subscribed. This may include storing the full IP address at the time of subscription and/or confirmation, as well as a copy of the confirmation email. This data processing is carried out on the basis of Article 6(1)(f) GDPR in our legitimate interest to be able to document the legality of the newsletter distribution.

Press Distribution List

You may register for our press distribution list on our website. We collect your name, email address, job title, and publication/company in this context. You may also voluntarily provide your phone number, area of responsibility, and your username on the social network X. We process your data for the regular distribution of our press releases. The legal basis for data processing is Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future. We delete your data as soon as you unsubscribe from the list.

Membership Application

You have the option to apply for membership on our website. We process the data you provide for the purpose of reviewing your application and, if accepted, for managing your membership. The legal basis for data processing is Article 6(1)(b) GDPR (initiation and performance of membership) and/or Article 6(1)(f) GDPR (balancing of interests based on Bitkom's interest in processing membership applications and contacting the persons named in this context).

For the electronic signing of the membership application, we use the Adobe Acrobat Sign service provided by Adobe Systems Software Ireland Limited. The provider acts strictly as a processor on our behalf. A data processing agreement pursuant to Article 28 GDPR has been concluded.

Member Portal

We provide our members with a member portal. The portal serves as a central platform for exchange and networking within Bitkom member companies and offers various functions and information. Members can access industry-relevant news and insights into Bitkom topics via the portal, as well as the working areas of various Bitkom committees and working groups. The portal enables members to connect and exchange ideas with experts and other member companies and provides invitations and direct registration for Bitkom events.

To access the member portal, employees of Bitkom member companies need a personal account, which can be requested after registration. Once access is granted, each user can edit their profile, set topic preferences, and receive targeted information and invitations accordingly.

The processing of personal data for the provision and use of the member portal is based on Article 6(1)(b) GDPR (performance of contract) or Article 6(1)(f) GDPR in our legitimate interest to provide the services and information of the portal. Detailed information on the processing of your data in connection with the member portal is available here.

If you wish to delete your user account for the member portal, please contact us by email at portal@bitkom.org.

TIA Tool (“BiTIAT”)

We provide our member companies with the Transfer Impact Assessment (TIA) tool, which we developed together with our member companies. The TIA tool is accessible after login via the member portal on bitkom.org and is available exclusively to our member companies. Upon registration via the member portal, we check whether you are authorized to use the tool. We also record the number of logins associated with your user account within a twelve-month period to prevent misuse of the tool. The legal bases for the described data processing are Article 6(1)(b) GDPR (performance of the user relationship) and Article 6(1)(f) GDPR (balancing of interests based on Bitkom's interest in detecting and preventing misuse of the TIA tool as set out in the terms of use)¹.

Obligation to Provide Data

The provision of your data is neither legally nor contractually required and is voluntary. However, providing certain data is necessary to use specific services, such as providing your email address in the contact form, without which we cannot respond to your inquiry. When entering data, we will inform you if data is required for a particular service or function. Such data is marked as mandatory. If required data is not provided, the respective service or function cannot be provided. If optional data is not provided, we may not be able to provide our services to the usual extent or in the usual manner.

Retention Period

Unless otherwise specified above, we delete personal data when it is no longer required for the processing purposes mentioned above and no legitimate interests or other (statutory) retention requirements preclude deletion.

Other Processors

We transfer your data to service providers as part of processing pursuant to Article 28 GDPR who support us in operating our website and related processes. This includes, for example, hosting providers. Our service providers are strictly bound by our instructions and are contractually obligated accordingly.

Below you will find the processors with whom we cooperate, unless already named above. If data can be processed outside the EU/EEA in this context, you will find information on this in the following table.

The service providers process data strictly on our instructions and are obligated to comply with applicable data protection law. All processors have been carefully selected and are granted access to your data only to the extent and for the duration required to perform their tasks.

The servers of some of our service providers are located in the USA and other countries outside the European Union. Companies in these countries may be subject to data protection laws that do not protect personal data to the same extent as in EU member states. For data transfers to US providers certified under the EU-U.S. Data Privacy Framework, an adequate level of data protection is ensured by the corresponding adequacy decision. For other transfers to countries without an EU-recognized high level of data protection, we ensure an adequate level through contractual arrangements or other recognized instruments. With such recipients in third countries, we conclude the standard contractual clauses provided by the European Commission for processing personal data in third countries, pursuant to Article 46(2)(c) GDPR.

Your Rights as a Data Subject

The GDPR grants you certain rights as a data subject when your personal data is processed:

Right of access (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. Where that is the case, you have the right to access such data and to the information listed in Article 15 GDPR.

Right to rectification (Article 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete data.

Right to erasure (Article 17 GDPR)

You have the right to obtain the erasure of personal data concerning you without undue delay where one of the grounds set out in Article 17 GDPR applies.

Right to restriction of processing (Article 18 GDPR)

You have the right to obtain restriction of processing where one of the conditions in Article 18 GDPR applies, e.g., where you contest the accuracy of the data, for a period enabling the controller to verify it.

Right to data portability (Article 20 GDPR)

In certain cases, as set out in Article 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, or to have those data transmitted to another controller.

Right to withdraw consent (Article 7 GDPR)

If processing is based on your consent, you have the right under Article 7(3) GDPR to withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal is effective only for the future. Processing before the withdrawal remains unaffected.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection law. The right to lodge a complaint may be exercised before a supervisory authority in the member state of your habitual residence, your place of work, or the place of the alleged infringement.

How to exercise your rights

Unless otherwise specified above, please contact the entity listed in the Imprint to exercise your data subject rights.