Privacy & Data Protection

Dear bitiba customers, dear visitors to the bitiba website, protecting your personal data is very important to us. The following information explains which data we collect and process in connection with your use of our website.

Overview

1. Who is responsible for data protection on this website?

bitiba GmbH (hereafter: bitiba), Herzog-Wilhelm-Strasse 12, D-80331 Munich, Germany is responsible for the processing of personal data on this website. Further information can be found here.

You can get in touch with our Data Protection Officer, Dr. Philipp Herrmann, through our Privacy Portal:

- I have a bitiba Customer Account

- I do not have a bitiba Customer Account

2. Which data is processed on our website?

When you visit the bitiba website your web browser sends various data to our servers. This serves only to optimise the technology, configuration and stability of our website as well as the system security. We gather log file data, including IP addresses.

3. Do we use cookies on the website?

Yes, various cookies are used on our website. Detailed information on how they work, how you can delete these cookies or how you can prevent them from being stored can be found in the data protection information and in the Preference Centre.

4. Do we use web analytics tools on our website?

Yes, we work with various providers to design and optimise our website and our offers in line with our requirements. Detailed information about these service providers, how the analysis tools work and how you can switch off these tools can be found in the Preference Centre.

5. Is there user-targeted advertising?

Yes, we work with service providers who can display user and interest-related advertising for us or our advertising partners, with the help of cookies and advertising IDs. Detailed information about these service providers, how the advertising tools work and how you can switch them off can also be found in the Preference Centre.

6. Do we pass your data on to third parties?

No. We do not pass on your data to unauthorised third parties. Furthermore, we guarantee to have the necessary contractual agreements with all external providers.

7. Who do I contact if I have a query?

If you have any questions about data protection, please contact bitiba Customer Service or our Data Protection Officer. We look forward to receiving your queries through our Privacy Portal:

- I have a bitiba customer account

- I do not have a bitiba customer account

8. How to withdraw consent or object to processing under GDPR Article 6 (1) (f)

Here is a brief overview of your options. You can find more information in our data protection information.

a. Cookies and similar technologies – go to the Preference Centre in our app or website. We cannot manage your preferences as they are device-specific.

b. Push notifications (app only) - depending on your mobile device, you can change your settings directly in the app or in your system settings. We cannot manage your settings as they are device-specific settings.

c. Email - you can click on the unsubscribe link in an email at any time to withdraw or opt-out. If you have an account with us, you can also change your newsletter preferences in your account. If you only wish to receive emails regarding your orders and your bitiba account, you can contact us at bitiba Customer Service at any time.

d. Postal mail- if you do not wish to receive postal advertising, you can contact us at bitiba Customer Service at any time.

e. Custom Audience - To withdraw your Custom Audience consent, you can contact us at any time at our Customer Care or visit our Privacy Portal.

Other - If you wish to withdraw other consent, delete your data or object to processing, you can contact us at bitiba Customer Service at any time or visit our Privacy Portal:

- I have a bitiba customer account

- I do not have a bitiba customer account

Data Protection Information

A. General information about data protection at bitiba

1. Scope and Definition

1.1 This Privacy Statement includes information referred to in the General Data Protection Regulation (GDPR) Article 13 about data processing in the context of visiting our website and using the shop accessible via this website.

1.2 Information on the type and purpose of data processing in connection with the use of our app, the contact functions on the website (customer service), as well as our social media appearances, can be found separately in the corresponding portal, or when using them the respective application.

1.3 In as much as we link to other pages, we have neither influence nor control over the linked content nor the respective data protection regulations. We recommend that you check the privacy policies on the linked web pages to determine whether and to what extent personal data is collected, processed, used and made accessible to third parties.

1.4 The full text of the General Data Protection Regulation (GDPR) along with further definitions and terms can be found here.

2. Location of Data Storage

2.1 All personal data that we collect and process via the website and our shop is stored and secured both on local servers in Germany and at Amazon Web Services EMEA SARL (AWS), a specialised cloud provider. Due to its technical and organisation measures, AWS is able to guarantee the greatest possible protection of your customer and user data against loss and unauthorised access. Should it be necessary within this context to transfer your data outside the EU/EEA, it will only be done on the basis of a valid adequacy decision or concluded standard contractual clauses.

2.2 The purpose of this data processing is the hosting of our web servers and databases as well as the data protection (backup) on the basis of corresponding order processing contracts.

3. Common Data Processing

bitiba also processes data in so-called joint responsibility with zooplus SE. The basis for this is a comprehensive contact in accordance with GDPR Article 26, which regulates the respective accountabilities and responsibilities of the two companies. Further details may be obtained from bitiba Customer Service or our Data Protection Officer.

4. General IT Services

We work together with various IT service providers who maintain our IT infrastructure and continually develop it further (in terms of security). If and insofar as these service providers have access to personal data in the course of these activities, this is always done under the supervision of bitiba and it is guaranteed that no personal data is stored outside of bitiba.

Legal basis: GDPR Article 6, (1) (f).

5. Data processing in the exercise of data subject’s rights

Should you choose to exercise your data protection rights, we will process your data separately from other processing activities in order to process and fulfil your request.

For the purpose of identity verification, we need your first and last name, address, email address and your order data.

For the purpose of fulfilment: In order to process your verified request, we will need to process the data relating to you that is included in the request.

Legal basis: GDPR Article 6, (1) (c).

We will transfer the above-mentioned data to our technology service provider Onetrust Technology Limited based on a corresponding contract for commissioned processing (GDPR Article 28).

Should it be necessary within this context to transfer your data outside the EU/EEA, it will only be done on the basis of a valid adequacy decision or concluded standard contractual clauses.

Regardless of any existing customer or order data, we will store any data related to your request separately for the purpose of fulfilling your rights as the data subject, and to ensure documentation and verification obligations (GDPR Article 5 (2)). The storage period is dependent on the relevant legal requirements.

6. Transmission of data to law enforcement authorities

If we are requested by the relevant law enforcement authorities to disclose personal data, this will only be done if we are legally obliged to do so; or are directly authorised to do so; or can prove a legitimate interest that outweighs the interests or fundamental rights and freedoms of the person concerned. In this instance, you are not able to object to this processing of data.

Under no circumstances do we transmit data directly to law enforcement authorities outside Germany.

Legal basis: GDPR Article 6 (1) (c), GDPR Article 6 (1) (f)

When processing such requests, we transmit the data to the above-mentioned technology service provider Onetrust Technology Limited. For further information, please refer to Section A, point 5 above.

B. Data Processing on the bitiba website

1. Logfiles

For technical reasons, when you call up the bitiba website, bitiba gathers so-called access data, which includes the IP address, and stores it in a log file. This log file also stores the name of the web page you accessed, the file accessed, the date and time of access, the amount of data trans-ferred, a notification of successful access, the browser type and version, the operating system, the so-called referrer URL (the previously visited page) as well as the requesting provider.

Legal basis: GDPR Article 6, (1) (f).

We do not pass this data onto third parties. The log files are automatically deleted two (2) months after collection. Prior to that the IP is anonymised and stored only for administrative / technical and security-related purposes. The collect of data is only necessary for the technical operation of the website. 

2. Cookies & Pixels

In addition to the log files, so-called cookies and similar technologies (e.g. pixels) are used when you visit our website and use the services that can be accessed via it. Details on the cookies and technologies used when using our website, duration of storage and information on how you can delete the data collected can be found in the Preference Centre. Please note that a general deactivation of cookies can lead to functional restrictions of our website.

We differentiate between the following types of cookies:

2.1 Necessary Cookies

Certain cookies are necessary for the functioning of the website and cannot be deactivated in your system. Please refer to the Preference Centre for more information.

Legal basis: GDPR Article 6, (1) (f).

2.2 Performance Cookies

These cookies enable us to evaluate the call ups and visits to our website shops in order to measure and improve the performance of our website. All information collected by these cookies is aggregated and therefore anonymous.

Legal basis: GDPR Article 6, (1) (a).

2.3 Functional Cookies

With these cookies we are able to provide extended functionalities and personalisation options. They can be set by us or by third parties whose services we use on our pages. You can also find further information here in the Preference Centre.

Legal basis: GDPR Article 6, (1) (a).

2.4 Targeting Cookies

These cookies can be set via our website by our advertising partners. They may be used by these companies to profile your interests and show you relevant ads on other websites. They do not store personal information directly, but are based on a unique identification of your browser and Internet device. Please refer to the Preference Centre for more information.

Legal basis: GDPR Article 6, (1) (a).

3. Plugins

Plugins are used on our websites. They are normally used to interact with other services or websites (plugin providers). We use the so-called “Shariff” solution (Shariff Wrapper), with which you yourself can determine whether and when data is transmitted to the operators of the respective networks. Only when you click on the relevant consent button will your browser establish a connection to the servers of the respective network.

Please note that bitiba is only responsible for collecting the IP address using the plugin. The provider is responsible for subsequent processing including data protection and duration of data storage.

Legal basis: GDPR Article 6, (1) (a).

In addition to the IP address collected by us, the plug-in provider may use available personal data for advertising purposes (also for third parties), market research and / or the needs-based design of its own website and to inform other users of the respective network about your activities on our website. The provider also acts as the controller for data protection. We have no knowledge of the extent to which the provider uses the data obtained once you have clicked on the relevant consent button. Further information about the purpose and scope of data processing by the plugin provider and information about exercising your rights (e.g. disclosure and objection) can be found in the data protection statements links below.

Go to the following providers for more details about plugins and information about data protection:

Facebook

Instagram

Pinterest

Twitter

YouTube

C. Data Processing when using online shops

1. Registration and use of bitiba "my account"

When you create a user (customer) account with your first order we collect the following data:

  • Registration data (e.g. first and last name, address, email address); login data (email address, password; customer data (invoice address, delivery address); connection data (IP address).

This data is processed in order to provide you with access to your bitiba user account (my account). The login details verify your customer account so that you can check your orders, manage your data settings, including delivery, payment and newsletter preferences and view your order history.

Legal basis: GDPR Article 6, (1) (b).

This data is never passed on to unauthorised third parties. We store this data for the duration of the existence of your customer account (my account), unless you request that we delete it beforehand and that there are no other legal storage obligations. The provision of the above-mentioned personal data is a contractual obligation otherwise you would not be able to use or manage your account.

2. Order Process & Delivery

We process payment, processing and delivery data in connection with an order:

  • Customer data (e.g. first and last name, email address, invoice address, delivery address, phone number, customer ID); connection data (IP address); payment data (e.g. payment information).

We process the data within the framework of an order in order to be able to record and process your order with the help of the data provided, to adapt the product selection according to your preferences and preferences and to make appropriate recommendations

Legal basis: GDPR Article 6, (1) (b).

Your data will not be passed on to unauthorised third parties. We share details of your delivery address to the logistics and shipping companies commissioned by us (see Logistics & Shipping) solely on the basis of contracts relating to order processing and only insofar as it is necessary for the contractual provision of the services. We store the data collected while executing the contract only for the duration of the contractual relationship, unless you request that we delete it beforehand, but at least until the statutory warranty claim expires. After expiry of these deadlines we retain the information of contractual relationship required by commercial and tax law for the legally determined period.

2.1 Logistics & Shipping

In order for the customer to receive information about the shipping status, bitiba sends the respective delivery company the email address and - if specified - the customer's phone number (only for freight forwarding deliveries), which you can use to find out about the delivery status of your order. bitiba respects the interest of its customers as well as its own. Delivery companies are obliged to protect your personal data and can use this data solely for shipping and dispatch purposes. You can find details about our logistics and shipping partners here.

Legal basis: GDPR Article 6, (1) (f).

2.2 Payment

 Depending on your selected payment method, your payment data is transferred to the corresponding payment service provider. For credit card payments, we use a PCI-DSS certified and specialised service provider with whom we have concluded a contract for the processing of orders.

Legal basis: GDPR Article 6, (1) (b).

Details of the providers with whom we work and who act as so-called contract processors and in some cases as companies responsible for data protection can be obtained at any time by contacting bitiba Customer Service or from our Data Protection Officer. We store this data for the duration of the existence of your customer account (my account), unless you request that we delete it beforehand and that there are no other legal storage obligations. The provision of the above-mentioned personal data is a contractual obligation otherwise you would not be able to use or manage your account.

Please contact the relevant provider in regard to the duration of the respective data storage. 

2.3 Fraud Prevention

bitiba uses information about atypical ordering processes (e.g. simultaneous ordering of large amounts of goods using different customer accounts registered at the same address), to help avoid payment defaults and to protect our customers from misuse of their accounts or their identities. The risk assessment of the likelihood of attempted fraud also takes into account whether the end device has dialled in via different service providers, whether the end device has a frequently changing geo-reference, how many transactions have been made via the end device and whether a proxy connection is used.

The following data is processed:

  • Customer data (first and last name, email address); invoice data (invoice address, delivery address, payment information), customer ID; connection data (IP address, browser information)

Legal basis: GDPR Article 6, (1) (f).

bitiba is legally obliged to secure customer authentication (3DS2) as part of the payment process, which also includes the encrypted transmission of the payment information to the banks concerned.

Legal basis: GDPR Article 6, (1) (c).

bitiba works with various credit agencies and providers within the framework of fraud prevention. Details of the providers responsible for the extent and duration of data storage can be obtained from bitiba Customer Service or from our Data Protection Officer. 

2.4 Sanctions List Check

Under European Union legislation, bitiba is obliged to prevent the supply of goods to persons on so-called sanctions lists (terrorist groups, organisations and individuals). For this purpose, the names and invoice addresses are compared with the sanctions lists. No data processing beyond the initial query is carried out.

Legal basis: GDPR Article 6, (1) (c).

3. bitiba Stamp Card Loyalty Programme

The bitiba Stamp Card programme is a loyalty programme where registered customers can earn stamps based on their purchases. The Stamp Card programme is an integral part of the contractual relationship between the customer and bitiba. We only process the following data:

  • Customer data (email address; customer number, order history)

We process this data exclusively to give you access to this Stamp Card programme. The data is not linked to any other data or stored in a separate profile. After registering, the customer receives information about the Stamp Card programme and is subsequently informed by email about the status and expiry of the stamp card.

Legal basis: GDPR Article 6, (1) (b).

This data is not shared with third parties. We store this data for the duration of the existence of your customer account (my account). If you do not wish to receive email notifications about the status of your Stamp Card please let us know via the above-mentioned contact details.

4. Product Preferences and Favourites

We collect information in connection with the use of "my account" and your orders so that we can learn about your product favourites and preferences. This is to make your shopping experience more pleasant and enjoyable. You can adjust the data processing settings yourself via bitiba "my account". We only process the following data:

  • Customer number, order history, preferred delivery service, preferred payment method

Legal basis: GDPR Article 6, (1) (f).

This data is never passed on to unauthorised third parties. We store this data for the duration of the existence of your bitiba customer account (my account), unless you request that we delete it beforehand. The provision of the above-mentioned personal data is not a contractual or legal obligation.

5. Buying Behaviour and Profile Building

We want to provide you with an optimal shopping experience when using our online shop and show them personalised offers including special offers, based on previous purchases and product research. For this purpose, we internally process the customer number, product searched for or purchased, each shopping basket and the order history to analyse the buying and user behaviour. The results of this analysis have no legal consequences or negative effects for you. You have the right to object to associated profile formation at any time.

Legal basis: GDPR Article 6, (1) (f).

bitiba Product Recommendation

By evaluating data gathered from your bitiba "my account" and the purchases you make, we are able to prioritise which products are shown to you according to your preferences, favourites, and them make appropriate recommendations. This information is used only to improve our range of services to enhance the customer's shopping experience.

6. bitiba Product Recommendation

By evaluating data gathered from your bitiba "my account" and the purchases you make, we are able to prioritise which products are shown to you according to your preferences, favourites, and them make appropriate recommendations. This information is used only to improve our range of services to enhance the customer's shopping experience. 

7. Customer Survey

In some countries we use Google Customer Review software on our websites for the purposes of customer reviews and internal quality management. We want to provide our customers with the opportunity to evaluate their purchases once they have received them. Google does not get any customer data from our database. Only order numbers, customer number and email address are transmitted.

Legal basis: GDPR Article 6, (1) (a).

8. Wish List

You have the option to create a wish list with products you are interested in. We store this data and products in your customer account when you are logged in. The data is used exclusively to create your wish list so you can look at it whenever you want to.

Legal basis: GDPR Article 6 (1) (a). 

D. Customer Communication Data Processing

1. Newsletter

When you register for our email newsletter, we only process your email address. The data will only be used to send you information about bitiba products and promotions at regular intervals, depending on your selected areas of interest.

Legal basis: GDPR Article 6, (1) (a).

When you receive the newsletter, we use so-called web beacons or tracking pixels, which can help us to determine whether you have received or opened the newsletter and if you have clicked on links within the newsletter. With the data obtained, we create a user profile to tailor the newsletter to your individual interests. We may use tracking to link this data to actions you have taken on our website.

Legal basis: GDPR Article 6, (1) (a).

We do not pass on the personal data you provide when registering for the newsletter to unauthorised third parties. However, the newsletter tool is provided by an external provider, which is why we have concluded a contract for the processing of data with this provider.

Details of the providers can be obtained from bitiba Customer Service or from our Data Protection Officer. You can object to the receipt of newsletters, at any time, including the processing of your aforementioned data by contacting bitiba Customer Service. The legality of the processing based on the consent until your revocation remains unaffected. Furthermore, if you do not wish an automated evaluation and analysis of your user behaviour in connection with the newsletter, you must unsubscribe from the newsletter service. Until then, the data will be stored for as long as you have subscribed to the newsletter. After cancellation we store the data anonymously, only for statistical purposes only. The provision of personal data is not required by law or contract. However, it is not possible to send or receive the newsletter without providing the email address.

2. Product Availability Reminder

You can choose to be notified by email about the availability of certain products. If you request a reminder, we will send you information when the product you want is back in stock. If the requested product is still not available after a few weeks, we will inform you and, if applicable, offer suitable product recommendations or vouchers.

Legal basis: GDPR Article 6, (1) (a).

We do not pass the data on to third parties. We automatically delete your email address from the respective product availability mailing list after 95 days.

3. Marketing (email)

In as much as it is permitted by law and provided that you have concluded a contract with bitiba and provided your email address, bitiba has the right to use your email address for direct advertising for its own similar goods or services. You can to object to the use of this email address at any time, without incurring any costs other than the basic rate transmission costs, by contacting bitiba Customer Service.

4. Marketing (postal)

In as much as it is permitted by law and unless the recipient has objected to receipt, bitiba may send you postal advertising. For the purpose of printing and sending these advertising materials, we work together with service providers as contract processors. Your right to object at any time to the use of your address for advertising purposes at any time shall remain unaffected.

5. Facebook and Google Custom Audience

On some websites and as part of our newsletter registration, you will be given the opportunity to participate in the Custom Audience or Customer Match marketing programme. This allows us to connect with you through social media and networks, better understand your product preferences and display interest-based advertising where appropriate. However, this requires a separate consent and is not automatically done when you register for our newsletter. Your email address collected in the process is "hashed" in advance and forwarded to the following recipients as independent responsible parties. If you do not maintain a user account with these providers, your email address will be automatically deleted.

Legal basis: GDPR Article 6, (1) (a).

You can find details about data protection at

https://policies.google.com/privacy?hl=en
https://www.facebook.com/about/privacy

You can object to the data processing at any time by contacting zooplus Customer Care or visiting our Privacy Portal. The legality of the processing based on your consent until revocation remains unaffected.

E. Your Rights

You have the right to request confirmation from bitiba at any time as to whether we are processing your personal data and the right to receive information about this personal data. You also have the right to correct, delete and restrict data processing, as well as the right to object to the processing of personal data at any time, or to revoke your consent for data processing at any time or to request the transfer of data.

For any information needs or requests, revocations or objections to the processing of data, please contact bitiba Customer Service or send an email to our Data Protection Officer. In addition, you have the right to complain to a supervisory authority if violations of privacy should occur. You can visit our Privacy Portal anytime to exercise your Data Subject Rights:

- I have a bitiba Customer Account

- I do not have a bitiba Customer Account

F. Notes on specific rights of objection

You have the right to object at any time, for reasons arising from a specific situation, to the processing of your personal data, on the legal basis of: GDPR Article 6, (1) (e) or (f) in accordance with GDPR Article 21. We will cease processing of your personal data unless we can provide compelling protection reasons for processing which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. If you wish to exercise your right to objection, please contact bitiba Customer Service or visit our Privacy Portal.

Status of this Privacy & Data Protection Policy: 30.05.2022