Bitpot

Privacy Policy

Last updated: July 06, 2020

1. Name and contact info regarding this privacy policy

Florian Meyer
hello@bitpot-app.com

2. Categories of affected persons

Users of the Android App Bitpot.

3. Applicable legal bases

In accordance with Art. 13 DSGVO, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 Para. 1 lit. b DSGVO, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 Para. 1 lit. c DSGVO, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 Para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 paragraph 1 letter d DSGVO serves as the legal basis.

4. Safety measures

In accordance with Art. 32 DSGVO and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the data processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

5. Data transfers to Non-EU countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer the data in/to a Non-EU country if the special requirements of Art. 44 ff. DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "Standardvertragsklauseln").

The measures include in particular the safeguarding of confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures to ensure that data subjects' rights are exercised, data is deleted, and we respond to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through the design of technology and through data protection-friendly default settings (Art. 25 DSGVO).

6. Transfer of personal data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

7. Purposes for which the personal data are to be processed

a) Downloading the app

When downloading the app, the necessary information is transferred to the App Store or Google Play Store. In particular, this information includes your user name, email address and customer number of your Google Account, time of download, unique mobile device number (IMEI), mobile phone number (MSISDN), MAC address for WLAN use and the unique network subscriber number (IMSI). We have no influence on this data collection and are not responsible for it. We only process the data provided to the extent necessary for downloading the app to your smartphone. They will not be stored beyond that.

b) Push Notifications

The app offers the possibility to receive push notifications even if you are not actively using the app or the device is in idle mode. You can switch this feature on or off at any time in the app settings. Push messages are delivered using servers provided by Google. The mobile devices must be registered with these servers, which requires the transmission of the Device ID assigned to the device. Each push message is created by Bitbucket. Bitbucket sends a range of information to a URL on our server (bitpot-app.com). This information includes everything that Bitbucket says might be of interest for the push message. More details about this information can be found here:

Using the push message information provided by Bitbucket, a script on our server creates the content of the push message as sent to the app via the Google server. This script does not store any of the transmitted data longer than is necessary to execute the script on the server.

The legal basis for this arises from Art. 6 para. 1 p. 1 lit. b) DSGVO for the provision of our services based on your request, as well as from our legitimate interest, Art. 6 para. 1 p. 1 lit. f) DSGVO.

c) Google Analytics

We use Google Analytics from Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) in our App. You can choose whether or not to use Google Analytics when you first launch the App. You can always disable the use of Google Analytics in the App settings.

The generated information about the use of the App is transmitted with anonymized IP address to a Google server and stored there. The function for IP anonymization in Analytics sets the last octet for user IP addresses of type IPv4 and the last 80 bits in memory for IPv6 addresses to zero. Thus the exact IP address of the user is not stored. Google will use this information to evaluate your use of our app in order to compile reports on the activity for the app operators. Google may also transfer this information to third parties. If the user consents to the use of Google Analytics in the App, he/she agrees to the processing of data about him/her by Google in the manner and for the purposes set out above. This usage data forms the basis for statistical, anonymous evaluations so that trends can be identified which can be used to improve the App.

The legal basis for the processing of this data is based on our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, since we want to constantly improve the App.

d) Google Crashlytics

To improve the stability and reliability of our apps, we rely on anonymous crash reports. For this purpose we use "Firebase Crashlytics", a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland.

In case of a crash, anonymous information is transferred to Google's servers (state of the app at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the mobile phone, last log messages). This information contains no personal data. Google is certified under the Privacy Shield Agreement, which is a guarantee of compliance with European data protection law.

The legal basis for the data transfer is Art. 6 para. 1 lit. a DSGVO, as the stability of the app can only be guaranteed if we receive information about crash causes. For this reason your permission for this feature is mandatory to use Bitpot. As long as you have not given your permission you cannot use Bitpot. If you revoke your consent, all personal data on the mobile device will be deleted and you will be logged out by Bitpot until you consent to Crashlytics again.

e) Google AdMob

The free version of Bitpot uses Google AdMob to display personalized advertising. For this purpose, your IP address as well as your advertising ID is transmitted to the Google AdMob service (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The Ad ID is a pseudonym under which general information about your surfing behavior is stored. On our behalf, Google processes the data in order to provide you with personalized advertising tailored to your needs. We receive a fee from Google for the display of the advertising in order to provide you Bitpot free of charge.

Before you log in, you can refuse the transfer of the advertising ID. You will then not receive any personalized advertising within the app. If you agree to the transmission of your Advertising ID, the legal basis for this processing is Art. 6 para. 1 lit. a. DSGVO. Otherwise, the personal data of users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering and the Mobile Apps within the meaning of Art. 6 para. 1 lit. f. DSGVO).

Insofar as data is processed in the USA, we would like to point out that Google is certified under the Privacy Shield Agreement and thereby guarantees to comply with European data protection law .

You can find the privacy policy of Google under : . The data is stored on servers in the USA. Google is certified for the EU-US Privacy Shield Agreement: .

For more information about Google's use of your information, including how to opt-out or opt-in, please see Google's Privacy Policy and Google's advertising display settings .

f) Revenue Cat

For the paid version of Bitpot we use RevenueCat to process payments of the app subscription (RevenueCat, Inc., 633 Taraval St. Suite 101, San Francisco, CA, 94116). To associate your app subscription with your Bitbucket account an anonymized version of your Bitbucket account ID is transmitted to RevenueCat (SHA-256 hash). The legal basis for the data transfer is Art. 6 para. 1 lit. a DSGVO, as this is the only way to ensure proper payment processing and to enable you to use the paid features of the app.

8. Legal basis for the processing of personal data

We only process your personal data such as your account ID from Bitbucket if there is a legal basis for this. According to the basic data protection regulation, three regulations in particular come into consideration here:

9. Duration and the criteria for the storage of personal data

We store all personal data that you submit to us only for as long as it is needed to fulfill the purposes for which the data was submitted or as long as it is required by law. Upon fulfilment of the purpose and/or expiry of the statutory storage periods, the data will be deleted by us. By logging out of the app, all personal data within the app will be deleted. No data will be permanently stored on our server (bitpot-app.com) (see point 7b).

10. Your rights

In relation to the processing of your personal data you are entitled to the following rights:

a) Information

In accordance with Art. 15 of the DSGVO, you have the right to request information about your personal data processed by us. This right of information includes information about

b) Correction

In accordance with Art. 16 DSGVO, you have the right to have incorrect or incomplete personal data stored by us corrected without delay.

c) Deletion

In accordance with Art. 17 DSGVO, you have the right to demand the immediate deletion of your personal data from us, unless further processing is necessary for one of the following reasons:

d) Restriction on processing

In accordance with Art. 18 DSGVO, you can request the restriction of the processing of your personal data for one of the following reasons:

e) Notification

If you have requested the rectification or deletion of your personal data or a restriction of processing in accordance with Art. 16, Art. 17 para. 1 and Art. 18 FADP, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You can demand that we inform you of these recipients.

f) Transmission

You have the right to receive the personal data you have provided us with in a structured, common and machine-readable format. You also have the right to request the transfer of this data to a third party, provided that the processing was carried out with the aid of automated procedures and is based on consent pursuant to Art. 6, para. 1, sentence 1, letter a or Art. 9, para. 2, letter a or on a contract pursuant to Art. 6, para. 1, sentence 1, letter b DPA.

g) Revocation

In accordance with Art. 7 Para. 3 DSGVO, you have the right to revoke the consent you have given to us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. In future, we may no longer continue the data processing that was based on your revoked consent.

h) Complaint

Under Art. 77 DSGVO you have the right to complain to a supervisory authority if you believe that the processing of your personal data violates the DSGVO.

i) Objection

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without indicating the specific situation. If you wish to make use of your right of revocation or objection, an e-mail to hello@bitpot-app is sufficient.

j) Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g DPA applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests. With regard to the above-mentioned cases, we will take appropriate measures to protect the rights and freedoms and your legitimate interests, including at least the right to obtain an intervention from us, to express our own point of view and to challenge the decision.