Name: BitPointer GmbH
Address: Braunsberger Str. 10, Lippstadt, North Rhine-Westphalia, 59558, DE
Telephone: +49 (0) 2941 8281169
Price range: €€€

1. Controller

BitPointer GmbH
Braunsberger Str. 10
59558 Lippstadt
Germany

Phone: +49 (0) 2941 8281169
Email: info@bitpointer.de

2. General Information

The protection of your personal data is important to us. Personal data is any data that can be used to personally identify you.

We process personal data exclusively within the framework of applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Telecommunications-Digital Services Data Protection Act (TDDDG).

3. Provision of the Website and Server Log Files

When you access this website, information is automatically stored in so-called server log files by the hosting provider:

IP address
Date and time of access
Pages accessed
Browser type and version
Operating system
Referrer URL
Amount of data transferred

Processing is carried out to ensure the secure operation of the website.

Legal basis: Art. 6 Para. 1 lit. f GDPR

Storage period: maximum 30 days

4. Cookies and Consent Management

4.1 What are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, smartphone) when you visit our website. We distinguish between technically necessary cookies and optional cookies.

4.2 Technically Necessary Cookies

These cookies are strictly necessary for the website to function. They enable basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website cannot be provided properly.

Technically necessary cookies used:

Session cookies for session management
Security cookies for protection against attacks
Cookie for storing your cookie settings

Storage duration: These cookies are deleted after the browser session ends or remain stored for up to 12 months if technically required.

Legal basis: Art. 6 Para. 1 lit. f GDPR in conjunction with § 25 Para. 2 TDDDG (legitimate interest in the technical functionality of the website)

4.3 Optional Cookies and Consent

In addition to technically necessary cookies, we only use further cookies with your explicit consent. These optional cookies serve to analyze website usage and integrate external services.

Optional cookies used:

Google Analytics (analysis of user behavior, anonymized)
Google Maps (integration of map views)

These cookies are set only after your consent. When you first visit our website, you will be asked via a consent window which optional cookies you wish to allow.

Legal basis: Art. 6 Para. 1 lit. a GDPR in conjunction with § 25 Para. 1 TDDDG (consent)

4.4 Managing and Withdrawing Your Consent

You can change your cookie settings or withdraw your consent at any time:

Open cookie settings: Click on the "Cookie Settings" link in the footer of this website
Disable individual cookies: In the settings dialog, you can decide individually for each optional service (Google Analytics, Google Maps)
Immediate effect: Your changes take effect immediately

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Note: Alternatively, you can also manage or delete cookies directly in your browser settings. Please note that the website may not function fully if cookies are deactivated.

5. Contact Form

5.1 Types of Data Processed

When using our contact form, we process the following personal data:

Name: Your first and last name or company name
Email address: Your email address for contact
Subject: The subject of your inquiry
Message: The content of your message
Technical metadata: IP address, timestamp, language of the inquiry (automatically captured)

Note: Providing your data is voluntary. However, name, email address, subject, and message are required for processing your inquiry. Without this information, we cannot process your inquiry.

5.2 Purpose of Processing

Your personal data is processed for the following purposes:

Processing your contact inquiry: Answering your questions, processing your inquiries, and communicating with you
Pre-contractual measures: If your inquiry is aimed at a possible contract conclusion or business relationship, processing is carried out for the implementation of pre-contractual measures (e.g., preparation of offers, consultation meetings)
Ensuring security: Protection against spam, abuse, and technical attacks through automated security checks

5.3 Legal Basis

Your personal data is processed on the basis of the following legal bases:

Art. 6 Para. 1 lit. b GDPR (Performance of a contract or pre-contractual measures): To the extent that your inquiry is aimed at a possible contract conclusion or business relationship, processing is carried out for the implementation of pre-contractual measures at your request.
Art. 6 Para. 1 lit. f GDPR (Legitimate interest): For general inquiries without contract reference (e.g., information inquiries, general questions), processing is carried out on the basis of our legitimate interest in answering your inquiry and communicating with interested parties and customers.

Right to object: You have the right to object to the processing of your personal data on the basis of Art. 6 Para. 1 lit. f GDPR at any time. In this case, we can no longer process your inquiry. The lawfulness of processing carried out until the objection remains unaffected.

5.4 Recipients

Your personal data is passed on to the following recipients:

Internal recipients:
- Management of BitPointer GmbH
- Employees of the support and consulting team responsible for processing your inquiry
- Technical personnel (only in case of technical problems or security incidents)
Data processors:
- Hosting provider (Strato AG): As hosting provider, Strato AG processes the data within the framework of the technical provision of the email server and website infrastructure. There is an agreement for data processing in accordance with Art. 28 GDPR.
- Email provider (Strato AG): Email transmission is carried out via the SMTP server of the hosting provider (smtp.strato.de). Strato AG processes the data as a data processor in accordance with Art. 28 GDPR.

Disclosure to third parties: Your personal data is not passed on to third parties (except for the mentioned data processors), unless we are legally obliged to do so or you have expressly consented.

5.5 Technical Processing

The technical processing of your contact inquiry is carried out as follows:

Email transmission: Your inquiry is transmitted via a secure SMTP server (smtp.strato.de) by email to the responsible employees of BitPointer GmbH. Email transmission is encrypted (TLS/STARTTLS).
No database storage: Your contact inquiry is not stored in a database. The data is transmitted exclusively by email and stored in the email inboxes of the recipients.
Security measures: To protect against spam and abuse, the following technical measures are used:
- CSRF protection (Cross-Site Request Forgery Protection)
- Honeypot field for bot detection
- Timing analysis to detect automated form submissions
- Rate limiting to limit requests per IP address
- Spam detection through keyword filtering
- Validation of email addresses against disposable email providers
Logging: For security purposes, errors and security incidents are logged in log files. These do not contain personal data from your inquiry, but only technical metadata (IP address, timestamp, error type). Log files are automatically deleted after a maximum of 30 days.

5.6 Storage Period

The storage period of your personal data depends on the purpose of processing and legal retention obligations:

General inquiries without contract reference: Your data is deleted after answering your inquiry, but no later than after 6 months. This includes emails in the inboxes of recipients as well as any backup copies.
Inquiries with contract reference: If your inquiry leads to a contract conclusion or business relationship, your data is stored in accordance with legal retention obligations:
- Commercial retention obligations: 10 years (in accordance with § 257 HGB for business letters and documents)
- Tax retention obligations: 10 years (in accordance with § 147 AO for tax-relevant documents)
After expiry of the legal retention periods, the data is deleted immediately.
Technical log files: Log files with technical metadata are automatically deleted after a maximum of 30 days.

Deletion upon request: You can request the deletion of your personal data at any time, provided that no legal retention obligations oppose this. In this case, we will delete your data immediately, provided this is technically possible.

5.7 Your Rights

You have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You can request information about the personal data we process.
Right to rectification (Art. 16 GDPR): You can request the rectification of incorrect or the completion of incomplete data.
Right to erasure (Art. 17 GDPR): You can request the erasure of your personal data, provided that no legal retention obligations oppose this.
Right to restriction of processing (Art. 18 GDPR): You can request the restriction of processing of your personal data.
Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, common, and machine-readable format.
Right to object (Art. 21 GDPR): You can object to the processing of your personal data, provided that processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR.

To exercise your rights, please contact us at info@bitpointer.de or use the contact details in the imprint.

6. Google reCAPTCHA (optional)

6.1 Status and Purpose

Current status: Google reCAPTCHA v3 is currently not activated and is not used.

If we should use Google reCAPTCHA v3 in the future to protect our contact form from spam and automated abuse, this will be done exclusively after your express consent.

The purpose of processing would be to protect our contact form from spam, automated abuse, and bot attacks to ensure the security and functionality of our website.

6.2 Types of Data Processed (if activated)

If Google reCAPTCHA v3 is activated, the following personal data would be processed:

IP address: Transmitted to Google to assess the risk of an automated inquiry
Device and browser information: Device type, operating system, browser type and version, screen resolution
Usage data: Interactions with the website (mouse movements, keyboard inputs, scroll behavior) to calculate a risk score
Timestamp: Date and time of access
Cookies: reCAPTCHA sets cookies to recognize devices and calculate the risk score

Note: Google reCAPTCHA v3 works in the background and does not require explicit user interaction (no checkbox or image selection as with reCAPTCHA v2).

6.3 Legal Basis (if activated)

If Google reCAPTCHA v3 is activated, processing of your personal data is carried out on the basis of your voluntary consent in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with § 25 Para. 1 TDDDG.

Google reCAPTCHA would only be used if you have previously expressly consented. Consent is voluntary and can be withdrawn at any time.

6.4 Recipients (if activated)

If Google reCAPTCHA v3 is activated, the following recipients would receive your personal data:

Google Ireland Limited: Gordon House, Barrow Street, Dublin 4, Ireland
Google LLC: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (possible disclosure for technical purposes)

Google Ireland Limited would process the data as controller in accordance with Art. 4 No. 7 GDPR. There is no data processing in the sense of Art. 28 GDPR, as Google reCAPTCHA is operated as an independent service.

6.5 Third Country Transfer (if activated)

If Google reCAPTCHA v3 is activated, personal data may be transferred to the USA. The USA is considered a third country with an insufficient level of data protection according to EU standards according to the case law of the European Court of Justice (ECJ).

Transfer mechanism: Data transfer would be carried out on the basis of the EU-US Data Privacy Framework (DPF), in which Google LLC is registered. Alternatively or additionally, Standard Contractual Clauses (SCC) in accordance with Art. 46 Para. 2 lit. c GDPR may be used.

Note on residual risks: Despite the mentioned transfer mechanisms, there are remaining risks in data transfer to the USA. In particular, there is the possibility that US authorities can access the data under certain circumstances.

6.6 Withdrawal of Consent (if activated)

If Google reCAPTCHA v3 is activated, you can withdraw your consent at any time with effect for the future, without affecting the lawfulness of processing carried out until the withdrawal.

Withdrawal via cookie settings: You can withdraw your consent at any time via the "Cookie Settings" link in the footer of this website. The change takes effect immediately.

6.7 Further Information

Further information on data processing by Google reCAPTCHA can be found in Google's privacy policy:

Note: We currently do not use external third-party spam services such as Google reCAPTCHA. Spam protection is carried out exclusively through technical measures on our server (honeypot field, rate limiting, spam detection through keyword filtering).

7. Google Maps

7.1 Purpose of Processing

This website integrates Google Maps to display interactive maps. Integration is carried out exclusively after your express consent.

The purpose of processing is the display of interactive maps for better findability of the company location and to improve the user-friendliness of the website.

7.2 Types of Data Processed

In the context of using Google Maps, the following personal data is processed:

IP address: Transmitted to Google to display the map
Location data: If you have activated location sharing in your browser, location data may be processed
Device and browser information: Device type, operating system, browser type and version
Usage data: Interactions with the map (e.g., zoom, pan, clicks)
Timestamp: Date and time of access to the map

7.3 Legal Basis

Processing of your personal data is carried out on the basis of your voluntary consent in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with § 25 Para. 1 TDDDG.

Google Maps is only used if you have previously expressly consented. Consent is voluntary and can be withdrawn at any time.

7.4 Recipients

Data recipients: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Google Ireland Limited processes the data as controller in accordance with Art. 4 No. 7 GDPR. There is no data processing in the sense of Art. 28 GDPR, as Google Maps is operated as an independent service.

Possible disclosure to third parties: Google Ireland Limited may pass the data on to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in particular for technical purposes and to provide the services.

7.5 Third Country Transfer

In the context of using Google Maps, personal data may be transferred to the USA. The USA is considered a third country with an insufficient level of data protection according to EU standards according to the case law of the European Court of Justice (ECJ).

Transfer mechanism: Data transfer is carried out on the basis of the EU-US Data Privacy Framework (DPF), in which Google LLC is registered. Alternatively or additionally, Standard Contractual Clauses (SCC) in accordance with Art. 46 Para. 2 lit. c GDPR may be used.

Note on residual risks: Despite the mentioned transfer mechanisms, there are remaining risks in data transfer to the USA. In particular, there is the possibility that US authorities can access the data under certain circumstances. We inform you that you consent to data transfer to the USA through your consent to use Google Maps.

Further information on the EU-US Data Privacy Framework can be found at: https://www.dataprivacyframework.gov/

7.6 Withdrawal of Consent

You can withdraw your consent to use Google Maps at any time with effect for the future, without affecting the lawfulness of processing carried out until the withdrawal.

Withdrawal via cookie settings: You can withdraw your consent at any time via the "Cookie Settings" link in the footer of this website. There you can deactivate consent for Google Maps. The change takes effect immediately.

Effect of withdrawal: After withdrawal, no further data is transmitted to Google Maps. Already loaded maps are replaced by a placeholder. Existing Google Maps cookies are deleted and no longer used.

7.7 Further Information

Further information on data processing by Google Maps can be found in Google's privacy policy:

8. Google Analytics (GA4)

8.1 Purpose of Processing

We use Google Analytics 4 (GA4), a web analytics service, to analyze and improve the use of our website. Google Analytics enables us to create statistical evaluations about the use of our website to optimize the website and improve user-friendliness.

Processing is carried out exclusively for purposes of reach measurement and usage analysis of our website.

8.2 Types of Data Processed

Google Analytics collects and processes the following types of data:

Online identifiers: Cookie IDs, Client IDs, User IDs (pseudonymized)
Device and browser information: Device type, operating system, browser type and version, screen resolution
IP address: Only processed in shortened form (IP anonymization activated)
Usage data: Page views, visited subpages, time spent on individual pages
Interaction data: Events (e.g., button clicks, form submissions, downloads), scroll depth, time on page
Referrer information: Origin of visitors (search engine, direct access, referral from other websites)
Timestamp: Date and time of page view
Geographic data: Approximate geographic location at country level (based on anonymized IP address)

Note: No personal data such as name, email address, or address is collected. IP anonymization is activated, so your IP address is shortened before storage.

8.3 Legal Basis

Processing of your personal data is carried out on the basis of your voluntary consent in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with § 25 Para. 1 TDDDG.

Google Analytics is only used if you have previously expressly consented. Consent is voluntary and can be withdrawn at any time.

8.4 Recipients and Data Processing

Data processor: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Google Ireland Limited processes the data on behalf of BitPointer GmbH as a data processor in accordance with Art. 28 GDPR. There is a data processing agreement (Data Processing Agreement) with Google Ireland Limited.

Possible disclosure to third parties: Google Ireland Limited may pass the data on to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in particular for technical purposes and to provide the services.

8.5 Third Country Transfer

In the context of using Google Analytics, personal data may be transferred to the USA. The USA is considered a third country with an insufficient level of data protection according to EU standards according to the case law of the European Court of Justice (ECJ).

Transfer mechanism: Data transfer is carried out on the basis of the EU-US Data Privacy Framework (DPF), in which Google LLC is registered. Alternatively or additionally, Standard Contractual Clauses (SCC) in accordance with Art. 46 Para. 2 lit. c GDPR may be used.

Note on residual risks: Despite the mentioned transfer mechanisms, there are remaining risks in data transfer to the USA. In particular, there is the possibility that US authorities can access the data under certain circumstances. We inform you that you consent to data transfer to the USA through your consent to use Google Analytics.

Further information on the EU-US Data Privacy Framework can be found at: https://www.dataprivacyframework.gov/

8.6 Storage Period

The storage period of data collected by Google Analytics is configurable in your Google Analytics account. By default, usage data is stored for a period of 14 months.

After expiry of the configured storage period, the data is automatically deleted. You can individually adjust the storage period in your Google Analytics account (minimum 2 months, maximum 50 months).

Current configuration: Data is stored for a period of 14 months, unless a different configuration has been made.

8.7 Withdrawal of Consent and Opt-out

You can withdraw your consent to use Google Analytics at any time with effect for the future, without affecting the lawfulness of processing carried out until the withdrawal.

Withdrawal via cookie settings: You can withdraw your consent at any time via the "Cookie Settings" link in the footer of this website. There you can deactivate consent for Google Analytics. The change takes effect immediately.

Effect of withdrawal: After withdrawal, no further data is transmitted to Google Analytics. Already collected data remains unaffected by the withdrawal, but is automatically deleted after expiry of the configured storage period.

Browser plugin: Alternatively, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:

Google Analytics Opt-out Browser Add-on

Note: The browser plugin only prevents data collection for the browser in which it is installed. If you want to use the plugin in multiple browsers, you must install it separately in each browser.

8.8 Further Information

Further information on data processing by Google Analytics can be found in Google's privacy policy:

Google Analytics Measurement ID: G-GQH40CQJWV

9. Recipients

Personal data is only passed on to service providers who act as data processors in accordance with Art. 28 GDPR (e.g. hosting providers).

10. Data Subject Rights