Last updated: July 06, 2020
Users of the Android App Bitpot.
In accordance with Art. 13 DSGVO, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 Para. 1 lit. b DSGVO, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 Para. 1 lit. c DSGVO, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 Para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 paragraph 1 letter d DSGVO serves as the legal basis.
In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the data processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in/to a Non-EU country if the special requirements of Art. 44 ff. DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "Standardvertragsklauseln").
The measures include in particular the safeguarding of confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures to ensure that data subjects' rights are exercised, data is deleted, and we respond to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through the design of technology and through data protection-friendly default settings (Art. 25 DSGVO).
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
you have given your explicit consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO
the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
there is a legal obligation to pass on the information in accordance with Art. 6 Para. 1 S. 1 lit. c DSGVO
it is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b DSGVO.
When downloading the app, the necessary information is transferred to the App Store or Google Play Store. In particular, this information includes your user name, email address and customer number of your Google Account, time of download, unique mobile device number (IMEI), mobile phone number (MSISDN), MAC address for WLAN use and the unique network subscriber number (IMSI). We have no influence on this data collection and are not responsible for it. We only process the data provided to the extent necessary for downloading the app to your smartphone. They will not be stored beyond that.
The app offers the possibility to receive push notifications even if you are not actively using the app or the device is in idle mode.
You can switch this feature on or off at any time in the app settings. Push messages are delivered using servers provided by Google. The mobile devices must be registered with these servers, which requires the transmission of the Device ID assigned to the device.
Each push message is created by Bitbucket. Bitbucket sends a range of information to a URL on our server (bitpot-app.com). This information includes everything that Bitbucket says might be of interest for the push message. More details about this information can be found here:
Using the push message information provided by Bitbucket, a script on our server creates the content of the push message as sent to the app via the Google server. This script does not store any of the transmitted data longer than is necessary to execute the script on the server.
The legal basis for this arises from Art. 6 para. 1 p. 1 lit. b) DSGVO for the provision of our services based on your request, as well as from our legitimate interest, Art. 6 para. 1 p. 1 lit. f) DSGVO.
We use Google Analytics from Google Inc.
The generated information about the use of the App is transmitted with anonymized IP address to a Google server and stored there. The function for IP anonymization in Analytics sets the last octet for user IP addresses of type IPv4 and the last 80 bits in memory for IPv6 addresses to zero. Thus the exact IP address of the user is not stored. Google will use this information to evaluate your use of our app in order to compile reports on the activity for the app operators. Google may also transfer this information to third parties. If the user consents to the use of Google Analytics in the App, he/she agrees to the processing of data about him/her by Google in the manner and for the purposes set out above. This usage data forms the basis for statistical, anonymous evaluations so that trends can be identified which can be used to improve the App.
The legal basis for the processing of this data is based on our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, since we want to constantly improve the App.
To improve the stability and reliability of our apps, we rely on anonymous crash reports. For this purpose we use "Firebase Crashlytics", a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland.
In case of a crash, anonymous information is transferred to Google's servers (state of the app at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the mobile phone, last log messages). This information contains no personal data. Google is certified under the Privacy Shield Agreement, which is a guarantee of compliance with European data protection law.
The legal basis for the data transfer is Art. 6 para. 1 lit. a DSGVO, as the stability of the app can only be guaranteed if we receive information about crash causes. For this reason your permission for this feature is mandatory to use Bitpot. As long as you have not given your permission you cannot use Bitpot. If you revoke your consent, all personal data on the mobile device will be deleted and you will be logged out by Bitpot until you consent to Crashlytics again.
The free version of Bitpot uses Google AdMob to display personalized advertising. For this purpose, your IP address as well as your advertising ID is transmitted to the Google AdMob service (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The Ad ID is a pseudonym under which general information about your surfing behavior is stored. On our behalf, Google processes the data in order to provide you with personalized advertising tailored to your needs. We receive a fee from Google for the display of the advertising in order to provide you Bitpot free of charge.
Before you log in, you can refuse the transfer of the advertising ID. You will then not receive any personalized advertising within the app. If you agree to the transmission of your Advertising ID, the legal basis for this processing is Art. 6 para. 1 lit. a. DSGVO. Otherwise, the personal data of users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering and the Mobile Apps within the meaning of Art. 6 para. 1 lit. f. DSGVO).
Insofar as data is processed in the USA, we would like to point out that Google is certified under the Privacy Shield Agreement and thereby guarantees to comply with European data protection law
For the paid version of Bitpot we use RevenueCat to process payments of the app subscription (RevenueCat, Inc., 633 Taraval St. Suite 101, San Francisco, CA, 94116). To associate your app subscription with your Bitbucket account an anonymized version of your Bitbucket account ID is transmitted to RevenueCat (SHA-256 hash). The legal basis for the data transfer is Art. 6 para. 1 lit. a DSGVO, as this is the only way to ensure proper payment processing and to enable you to use the paid features of the app.
We only process your personal data such as your account ID from Bitbucket if there is a legal basis for this. According to the basic data protection regulation, three regulations in particular come into consideration here:
You have given us your consent to process your personal data for one or more purposes, Art. 6 para. 1 p. 1 lit. a DSGVO. In this context, you will be informed by us in detail about the purpose(s) of the processing and we will document your express consent.
The processing of your personal data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures with you, Art. 6 para. 1 sentence 1 lit. b DSGVO.
The processing of personal data is necessary for the protection of our legitimate interests, unless your interests or fundamental rights and freedoms prevail, Art. 6 para. 1 p. 1 lit. f DSGVO.
We store all personal data that you submit to us only for as long as it is needed to fulfill the purposes for which the data was submitted or as long as it is required by law. Upon fulfilment of the purpose and/or expiry of the statutory storage periods, the data will be deleted by us. By logging out of the app, all personal data within the app will be deleted. No data will be permanently stored on our server (bitpot-app.com) (see point 7b).
In relation to the processing of your personal data you are entitled to the following rights:
In accordance with Art. 15 of the DSGVO, you have the right to request information about your personal data processed by us. This right of information includes information about
the processing purposes
the categories of personal data
the recipients or categories of recipients to whom your data has been or will be disclosed
the planned storage period or at least the criteria for determining the storage period
the existence of a right of rectification, erasure, restriction of processing or opposition
the existence of a right of appeal to a supervisory authority
the origin of your personal data, if it was not collected by us
the existence of automated decision making, including profiling and, where appropriate, meaningful information on its details
In accordance with Art. 16 DSGVO, you have the right to have incorrect or incomplete personal data stored by us corrected without delay.
In accordance with Art. 17 DSGVO, you have the right to demand the immediate deletion of your personal data from us, unless further processing is necessary for one of the following reasons:
to exercise the right to freedom of expression and information
in order to comply with a legal obligation imposed on the controller by the law of the European Union or of the Member States to which the controller is subject or in order to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO
for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DPA, insofar as the law referred to in a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing
to assert, exercise or defend legal claims
In accordance with Art. 18 DSGVO, you can request the restriction of the processing of your personal data for one of the following reasons:
You dispute the accuracy of your personal data.
The processing is unlawful and you refuse to have your personal data deleted.
We no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims.
You object to the processing in accordance with Art. 21 Paragraph 1 DSGVO.
If you have requested the rectification or deletion of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 para. 1 and Art. 18 FADP, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can demand that we inform you of these recipients.
You have the right to receive the personal data you have provided us with in a structured, common and machine-readable format. You also have the right to request the transfer of this data to a third party, provided that the processing was carried out with the aid of automated procedures and is based on consent pursuant to Art. 6, para. 1, sentence 1, letter a or Art. 9, para. 2, letter a or on a contract pursuant to Art. 6, para. 1, sentence 1, letter b DPA.
In accordance with Art. 7 Para. 3 DSGVO, you have the right to revoke the consent you have given to us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. In future, we may no longer continue the data processing that was based on your revoked consent.
Under Art. 77 DSGVO you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the DSGVO.
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without indicating the specific situation. If you wish to make use of your right of revocation or objection, an e-mail to hello@bitpot-app is sufficient.
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision
is necessary for the conclusion or performance of a contract between you and us
is authorised by the legislation of the European Union or the Member States to which we are subject and that legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests
with your express consent
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g DPA applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests. With regard to the above-mentioned cases, we will take appropriate measures to protect the rights and freedoms and your legitimate interests, including at least the right to obtain an intervention from us, to express our own point of view and to challenge the decision.