Privacy Policy

Introduction

This privacy policy explains which types of your personal data (“data”) we process, for which purposes and to what extent. It applies to all processing activities we carry out, including on our websites, mobile applications and external online presences (e.g., our social media profiles).

The terms used are not gender-specific.

Status: August 25, 2025

Table of Contents

• Introduction
• Controller
• Data Protection Officer
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• Use of Cookies / Local Storage
• Provision of the Website and Web Hosting
• Newsletter & Email Communication (Listmonk)
• Contact
• Presence on Social Networks
• Plugins and Embedded Content
• Your Rights
• Withdrawal of Consent
• Deletion of Data
• Changes and Updates
• Definitions

Controller

BitBitHooray UG (haftungsbeschränkt)
Eichenring 60
15749 Mittenwalde, Germany

Authorized representative: Franz Scholz

E‑mail: hello@bitbithooray.com

Data Protection Officer

No data protection officer has been appointed as the legal requirements under Sec. 38 BDSG are currently not met. Please contact the controller named above for any privacy inquiries.

Overview of Processing

Types of data processed

• Inventory data (e.g., names, addresses)
• Content data (e.g., entries in online forms)
• Contact data (e.g., email address, phone number)
• Meta/communication data (e.g., device information, IP addresses)
• Usage data (e.g., pages visited, access times)

Categories of data subjects

• Users (e.g., website visitors, users of online services)

Purposes of processing

• Provision of our website, secure communication and server operation
• Newsletter distribution (Listmonk) based on consent
• Handling of contact requests

Relevant Legal Bases

• Consent (Art. 6(1)(a) GDPR): e.g., newsletter.
• Contract and pre‑contractual measures (Art. 6(1)(b) GDPR): e.g., responding to specific requests.
• Legitimate interests (Art. 6(1)(f) GDPR): e.g., server operation, security, basic functionality.

National rules (Germany): BDSG and TTDSG apply in addition.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (e.g., access controls, backups, least‑privilege).

SSL/TLS: We use SSL/TLS encryption (see https:// in your browser’s address bar).

Use of Cookies / Local Storage

We do not use optional tracking/marketing cookies. Only technologies necessary for basic functionality are used (e.g., Local Storage to keep your language choice and certain notice decisions).

• Type: Necessary Local‑Storage entries (e.g., language preference)
• Retention: Until you clear your browser data/local storage
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

General opt‑out resources for cookies/tracking include optout.aboutads.info and youronlinechoices.com.

Provision of the Website and Web Hosting

We use web hosting services (infrastructure, platform, computing, storage, databases, security and maintenance). For delivering our online content, technical server logs are processed (e.g., IP address, timestamp, user agent, referrer) to ensure stability and security.

IONOS (website hosting)

Our website is hosted by IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). IONOS processes various log files upon access (e.g., IP, referrer, browser type, time). Legal basis: Art. 6(1)(f) GDPR. We have concluded a data processing agreement with IONOS.

• 1&1 IONOS: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany
• Website: https://www.ionos.de
• Privacy: https://www.ionos.de/terms-gtc/datenschutzerklaerung/

STRATO (virtual server)

We also operate services (including our newsletter system Listmonk) on a virtual server provided by STRATO AG. Access generates technical server log data (e.g., IP address, date/time, user agent, referrer) processed to ensure operation and mitigate threats (Art. 6(1)(f) GDPR). We have concluded a data processing agreement with STRATO.

• STRATO AG: Otto‑Ostrowski‑Straße 7, 10249 Berlin, Germany
• Website: https://www.strato.de
• Privacy: https://www.strato.de/datenschutz/

E‑mail transmission and hosting

Hosting services include sending/receiving/storing emails. Sender/recipient addresses and transport data are processed; end‑to‑end encryption applies only if used by the communication partners.

Newsletter & Email Communication (Listmonk)

We use the open‑source software Listmonk, operated by us on our own server at listmonk.bitbithooray.com (server location: Germany), to send newsletters. When you subscribe, we store and process only your email address for the purpose of sending the newsletter.

• Processed data: Email address
• Purpose: Newsletter/updates
• Legal basis: Consent (Art. 6(1)(a) GDPR)
• Withdrawal: You can withdraw your consent at any time via the unsubscribe link.
• Disclosure: No disclosure to third parties
• Retention: Until withdrawal/unsubscription; afterwards deletion or minimal suppression list to prevent future mailings (Art. 6(1)(f) GDPR)

Contact

When contacting us (e.g., via email, phone or social media), we process the data necessary to respond to your request.

• Data categories: Inventory, contact and content data
• Legal basis: Art. 6(1)(b) GDPR (pre‑contractual measures) or Art. 6(1)(f) GDPR (legitimate interests)

Presence on Social Networks

Our website only contains links to social networks/platforms (e.g., LinkedIn, Instagram, Facebook, GitHub, Dribbble). Data (e.g., IP address) is transmitted only when clicking such links. The providers’ privacy policies apply; data transfers to third countries may occur and are typically safeguarded by EU Standard Contractual Clauses (Art. 46 GDPR).

• GitHub – GitHub, Inc., USA – Privacy
• LinkedIn – LinkedIn Ireland Unlimited Company, IE – Privacy
• Dribbble – Dribbble Holdings Ltd., UK – Privacy
• Instagram – Meta Platforms Ireland Ltd., IE – Privacy
• Facebook – Meta Platforms Ireland Ltd., IE – Privacy

Plugins and Embedded Content

We currently do not use external plugins that transmit data to third parties upon page load. Social media icons and fonts are embedded locally (no external CDNs). Icons are plain links (see Social Networks section).

• Purpose: Provision of our online offer and user‑friendliness
• Legal basis: Art. 6(1)(f) GDPR

Your Rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
• Withdraw consent (Art. 7(3) GDPR)
• Complain to a supervisory authority (Art. 77 GDPR) – e.g., the Data Protection Commissioner of Brandenburg, Germany

Withdrawal of Consent

You may withdraw your consent at any time with future effect, e.g., by using the unsubscribe link in our emails or by contacting us. Processing up to the time of withdrawal remains lawful.

Deletion of Data

We delete data when the purpose ceases to apply, consent is withdrawn or other permissions lapse. Where legal retention duties apply, we restrict processing to those purposes.

Contact by email: We process your data to handle your request (Art. 6(1)(b) or (f) GDPR). On request, we will delete your email and associated personal data unless legal obligations prevent this.

Online appointments (“BitBitHooray UG – Get2Know”, Nextcloud Appointment): We process name, email and preferred date/time solely for scheduling; legal basis Art. 6(1)(b) (and, where applicable, (f)) GDPR; deletion after completion unless legal duties apply.

Changes and Updates

We will update this policy when our processing activities change. Where required, we will inform you accordingly.

Definitions

• Personal data: Any information relating to an identified or identifiable natural person (Art. 4 GDPR).
• Reach measurement: Analysis of visitor flows/interests (web analytics).
• Tracking: Cross‑service monitoring of user behavior/interests (profiling).
• Controller: The entity determining purposes/means of processing.
• Processing: Any operation performed on personal data (collection, storage, transmission, deletion, etc.).