Privacy

Overview Privacy Policy

This translation is provided for informational purposes only. In case of inconsistencies, the original German Text is binding.

BitsaboutMe AG was founded for the purpose of giving you full control over your personal data. The protection of your personal data is therefore a top priority for BitsaboutMe and we have been guided by the principles of “Privacy By Design” right from the start when designing and implementing our products and services.

In particular, BitsaboutMe guarantees the following for maximum protection of your data:

  • Your personal data is and will always remain your property. BitsaboutMe has no rights to or access to your data unless you explicitly authorize us to do so.
  • BitsaboutMe stores your personal data in a Personal Data Storage (PDS) assigned to you – and only to you.
  • All data in your PDS is encrypted and only you have the key in the form of your login password.
  • Your PDS is hosted exclusively in trusted data centers within the EU and or Switzerland.
  • We basically do not store any personal data outside of your encrypted PDS with the exception of the email address with which you created your account.
  • You alone decide which data from which data sources is stored in your PDS.
  • Nobody – not even BitsaboutMe – can read or use your data without your key. Accordingly, your data cannot be passed on to third parties without your consent.
  • You can correct, download or completely delete the data in your PDS at any time.
  • All communication within our systems and with your web browser takes place exclusively via encrypted channels (HTTPS).
  • BitsaboutMe does not use cookies, the only exception is our session cookie, which is mandatory for a web application and is automatically deleted after the session.

You can find out more about the handling of your personal data in our data protection guidelines.

Definitions:

Term Definition
You You are the person who has visited our website or registered an account on our website to use the services of BitsaboutMe.
We / Us / BitsaboutMe BitsaboutMe AG and affiliated companies
Contractual partner Third parties called contracted with by BitsaboutMe to provide services, such as auxiliary persons, suppliers, sales partners and other service providers.
Third party Everyone except you and us.
Account Your personal, password-protected account with BitsaboutMe as a prerequisite for using our services.
PDS – Personal Data Store Storage Space associated with your account to store and encrypt your data.
Services Websites, tools and interfaces provided by us for the import, storage, analysis, statistical processing, visualization and use of data.
Data sources Third parties who store and process personal data. BitsaboutMe allows you to import a copy of the data stored there into your PDS (e.g. by linking your accounts created there).
Profile The profile is a list of personal data, demographic data and interests about you created and stored in the PDS.
Data Any information, data, text, images provided either by you, from third party sources or BitsaboutMe, or added to your PDS.
Personal Information All personal and non-personal data about you or created by you.
Personal Data / Person specific Data All data relating to an identified or identifiable person.

Privacy Policy

Published on May 25, 2018

1. Who we are

This website and services are operated by BitsaboutMe AG. We are responsible for your personal data that is stored by us. This is how you can reach us:

BitsaboutMe AG / Bollwerk 4 / 3011 Bern / Switzerland

Web: www.bitsabout.me Email: privacy@bitsabout.me

2. Introduction

We are happy that you are using BitsaboutMe! The following describes how we handle your personal data, what personal data is provided by you when you use our services as well as how we store, process and, if necessary, pass this data on to third parties.

With BitsaboutMe, we have developed a product that enables you to gain an overview of the data about you stored by third parties and to obtain interesting and valuable information about this aggregated data with the help of our services. Our mission is to give users back control over their personal data in order to protect their privacy and allow them to participate appropriately in the creation of value with their data.

3. Legal basis of data processing

As a Swiss company, we not only act in strict compliance with the applicable provisions of the Swiss Data Protection Act, but also develop and offer our services in compliance with the European General Data Protection Regulation (GDPR). We see ourselves as active supporters of this policy by offering BitsaboutMe, a product that allows you and ultimately also third parties who store data about you to technically exercise your legal rights and obligations as simply and transparently as possible.

Your personal data will only be processed within the framework of the applicable legal provisions and in particular only to the following extent:

  • to which you have given us your explicit consent;
  • which is necessary for the fulfilment of the purpose of the contract;
  • which is necessary to safeguard our legitimate interests;
  • for which a legal obligation exists.

Please note that websites and offers of third parties that can be reached via our services are not subject to the principles set out here, but generally have their own data protection regulations. We cannot assume any responsibility or liability for their compliance with data protection.

4. Which data we process and for what purpose

In order to offer, further develop and protect our services in the best possible way, we and our contractual partners collect, process, store and use the following data:

Your usage – In order to continuously optimize our services and to detect and prevent misuse, we collect, use and store information from and about your device. This usage data is transmitted to us by your Internet browser each time you visit BitsaboutMe and use our services and subsequently stored in log files. These include:

  • The IP address of the device used
  • Date and time of the visit
  • Name and URL of the service visited
  • Address of the website from which you accessed our services (referrer URL)
  • User ID (for logged in users)
  • Browser and device type used

This data is only used and stored as long as it is actually used, in particular for the following purposes:

  • To enable the use of our services (connection establishment)
  • To ensure the security and stability of our systems
  • To analyze and evaluate the use of our services
  • To optimize our services
  • Internal statistical and administrative purposes

Information relating to access to your account (IP address, access times) is stored in your account for security reasons and for your information. BitsaboutMe may publish anonymous statistics about the use of our services.

We also use cookies and analysis services when you use our services. For further details, please refer to the section below entitled Web analysis “Cookies and tracking pixels”.

Your account – To set up your personal BitsaboutMe account and to ensure your access to it, we collect, use and store your email address, and your encrypted password, and link them to your account. Your account will then automatically be linked to your personal data storage (see “Your PDS” below). Access to your account and decryption of the data stored in your PDS is only possible using the password you have created. Your encrypted password and e-mail address are stored by us on protected servers outside your PDS in order to authorize access to your account and PDS.

The Personal Data Store (PDS) – In your PDS we store, process and analyse the data imported from third parties according to your request and on your behalf as well as data generated by our services or yourself. This data is always stored encrypted in your PDS and can only be read if you are logged into your account with your password. The data imported by us into your PDS on your behalf from third party sources is always a copy. We do not delete or alter any of your personal data in the source systems of the respective third party sources. Nobody but yourself has access to your PDS, unless you give us or third parties your explicit and revocable consent.

BitsaboutMe allows you to analyse the data in your PDS. All analysis tools provided by BitsaboutMe run within a closed system. The data analysed and evaluated therein is stored in your PDS. By entering your login data for the respective account (e.g. Facebook, Migros Cumulus, email – the detailed list of possible data sources can be found here), you authorize us to link the corresponding accounts with your PDS and to import, edit (in particular to analyse and to evaluate) and save a copy of the data you selected for import from the respective data source into your PDS via an interface. Each time you log in to BitsaboutMe from your account, you give us these permissions again. This enables us to guarantee automatic data synchronization and analysis that is up to date at all times. In your account settings, you can manually manage this automatic data update and analysis for individual data sources. We store your login data for access to the data sources encrypted in your PDS.

Your profile – Your PDS contains a personal profile. This contains various personal data. The data either comes from the data sources connected by you (by means of automatic import) or is entered manually by you. These are in particular:

  • Personal data (name, address, email)
  • Demographic information (age, gender, place of residence, education)
  • Fields of interest (hobbies, topics, interests)

By opening an account and linking data sources to your PDS, you consent to BitsaboutMe creating an appropriate profile. The content in your profile can be continuously adapted and expanded.

You will find the current list in your PDS under the menu item “MyData”. Your profile is only stored in the PDS and can only be accessed and viewed by you. You can add, change and delete all entries at any time.

Newsletter – If you agree to receive our newsletter (opt-in), we use your personal data (in particular your email address) to send it. We can also involve third parties. Our newsletters may contain information and offers about our own services as well as services of third parties that are connected with the services of BitsaboutMe. You can unsubscribe to the newsletter at any time in your account or directly via the unsubscribe link in the corresponding email.

Web analysis “Cookies and tracking pixels” – On our website we use “cookies” and “tracking pixels”. These technologies enable us to collect and evaluate statistical data about the use of our website in order to continually improve our services. A cookie is a small data package that is sent from the web server to your browser and stored on your computer’s hard drive (you can delete or refuse cookies at any time using your browser settings). A pixel-code is a file that is implemented on our website and makes it possible to collect statistical usage data, such as the evaluation of visitor traffic.

The only cookie we use is the so-called session cookie. This is essential for the functioning of our services and is automatically deleted at the end of your session. We deliberately refrain from permanent cookies and especially cookies from third party providers, as they are usually used for tracking users. This results in a small loss of convenience, e.g. we have to wait until after logging in to set your preferences (e.g. language selection) in our services.

When using counting pixels for web analysis we work with the open source software Matomo (Matomo.org), which allows us to ensure your privacy. We deliberately avoid the use of Google Analytics.

In both cases (cookies and tracking pixels), we therefore ensure that your data is never processed on a person-specific basis but always anonymously.

Social media plugins – Your account / our services includes functions (so-called plugins) to connect to various third-party providers of social media platforms (such as Facebook, Twitter, Instagram). We use a special “two-click” implementation of these plugins to protect your privacy, where data is only exchanged with third parties if the plugins are activated by you, i.e. clicked. As long as these plugins are only displayed, no data exchange takes place. These plugins allow you to share content on social networks. If you activate these plugins while surfing the website (e.g. “share-Button” of Facebook), a connection to the servers of this website is established. Data can be transferred to this third party provider. If you are logged in to this third party’s network at the same time, your visit to BitsaboutMe can be assigned to your network account (e.g. Facebook account). BitsaboutMe has no influence on the way this data is transmitted. The purpose and scope of the data collection and the further processing and use of the data by your social media provider as well as your rights and setting options for the protection of your privacy can be found in the data protection information of this provider.

5. Passing on data to third parties

We may call in third parties for the processing of personal data. This is particularly the case when it makes our services safer and more reliable and generally serves the purpose of the contract. We share personal data with the following categories of order data processors.

Contractors working with BitaboutMe – In certain cases (in particular to improve and protect our services) it may make sense for us to use third-party services (e.g. hosting providers, IT support or web analysis services). When selecting these contractual partners, we pay particular attention to their trustworthiness and to ensuring that any personal data transmitted is processed anonymously or encrypted and not disclosed exclusively to the extent of the respective contractual purpose and wherever possible.

Our most important data relevant service providers are:

OVH, 59100 ROUBAIX, FR – Internet hosting
We rent our servers and data storage from OVH, in the most modern data centers within the EU and manage this infrastructure independently.

MailChimp, The Rocket Science Group LLC, Atlanta GA, US – Newsletter dispatch
We use MailChimp to send our newsletters. If you register for our newsletter, we will share your email address as well as your first and last name with MailChimp.

We will never share or sell your personal information to advertisers or third parties who are not contractors without your explicit consent.

Judicial and administrative authorities – If there are plausible indications, we can process and disclose those personal data that are necessary to uncover and prevent fraudulent use of BitsaboutMe, our services or our property rights in violation of law or contract. In addition, we may be required to disclose personal data on the basis of a judicial or administrative request or on suspicion of a criminal offence or an illegal act.

Transmission of personal data abroad – If a transfer of your personal data to contracted service providers appears appropriate for the data processing described in this data protection guidelines, we are entitled to transfer it to third parties abroad. These are obliged to the same extent as we ourselves to protect your data. If the level of data protection in a country does not correspond to that of the EU, we contractually ensure that the protection of your personal data corresponds to that of the EU. We use the so-called “EU Model Clauses” to ensure that the commissioned service providers are data protection certified (e.g. using Swiss-US or EU-US Privacy Shield) or make sure that Binding Corporate Rules (BCR) have been approved by a data protection authority.

6. How we protect your data

Location – Data is stored and processed exclusively within the EU and Switzerland in trustworthy data centres of leading providers. We contractually ensure that all rights applicable between you and BitsaboutMe are also guaranteed in the relationship between BitsaboutMe and the respective provider

Security – It is BitsaboutMe’s top priority to protect your data against manipulation, loss and unauthorized access by third parties. We do so by using appropriate technical and organizational measures and continuously improving our security measures in line with technological developments. Our employees and the third parties commissioned by us have been bound by us to secrecy and compliance with these data protection guidelines. All data, logins and passwords in your PDS are stored encrypted and can only be decrypted by you with your personal password. BitsaboutMe always uses recognized, high standards of encryption technology, i.e. exclusively HTTPS for data transfer and SQLCipher, an open source extension of SQLite, which ensures a transparent 256-bit AES encryption of data in the PDS.

Duration – We only store your data for as long as we need to be able to offer you our services or as long as we are legally obliged to do so. If you delete your account, we will also irrevocably delete your data stored in your PDS.

7. These are your rights

You have the right at any time to assert your data protection rights and to obtain information about the personal data we have stored about you, to have it corrected, supplemented or completely deleted and to object to the processing of your personal data (especially for marketing purposes). You also have the right to receive the personal data provided by you in a structured, current and machine-readable format or to have it transmitted to a third party.

It is BitsaboutMe’s explicit goal to make it as easy as possible for you to exercise these rights. The corresponding functionalities are included in the services of BitsaboutMe right from the start and are easily accessible. Please note that in this case the use of our services may no longer be possible and that a request for deletion may be countered by legal retention obligations. All further requests in this context please send an email to privacy@bitsabout.me.

8. Changes

Privacy policy – BitsaboutMe reserves the right to amend or change this Privacy Policy from time to time. We will inform you in advance of any material changes in an appropriate form. Your continued use of BitsaboutMe will be deemed your acceptance of any changes.

Legal status – Your personal data belongs to you, we only import and store it securely for you on your behalf. This fact is also retained in the event of changes in the context of a possible restructuring, merger, acquisition or sale of BitsaboutMe. Your personal data will always remain encrypted and under your sole control. In the event of a structural change, BitsaboutMe will notify you via the email address associated with your account. If you do not agree to such a change, you have the option at any time to download your data from your PDS and/or to permanently delete your account with all data.

Version May 2018

 

Appendix 1 – List of data sources that can be imported into the Personal Data Store (PDS)

It is currently possible to connect the following data sources and copy data contained therein into the PDS:

  • Facebook
  • Google
  • Instagram
  • Twitter
  • Migros
  • Email accounts

To connect a data source, enter your login data (usually user name / email and password). With this information, you allow:

  • BitsaboutMe to access the corresponding data source and the data it contains on your behalf;
  • data from the data source to be stored and encrypted in your PDS;
  • your login data to be encrypted and stored in the PDS;
  • every time you log in to your BitsaboutMe account, the data source is to be compared and the data to be updated if necessary;
  • the data in your PDS to be analyzed, visualized and displayed according to your criteria in the private statistics area;
  • parts of the data to be used to create your profile.

You can terminate this connection at any time and delete the associated data by disconnecting the corresponding source in the MyData/Data Source area. All data in the PDS is deleted irretrievably, the original data in the corresponding source remains unchanged.

In detail, we process the following data for you:

Facebook

Source Facebook
Data
  • Posts (URLs of photos/videos, timestamps, comments, likes to the posts)
  • Public profile pictures of friends liking or commenting your posts
  • Liked pages (URL, timestamps)
  • Profile information (date of birth, education)
Purpose
  • Archiving
  • Analysis and visualization of stored data
  • Creation of the BitsaboutMe profile
Processing
  • Access to Facebook account
  • Copying the above data to the PDS
  • Analysis and visualization
Deletion Disconnecting/deleting the Facebook source deletes all Facebook data in the PDS

Google

Source Google
Data
  • Geodata (GPS coordinates)
  • Browser data (visited websites)
  • Activity data (Google searches and websites, URLs of YouTube Videos)
  • Fitness data (number of steps)

Only data that was selected when the takeout file was created can be processed. All other data types not listed above are not transferred to the BitsaboutMe PDS.

Purpose
  • Archiving
  • Analysis and visualization of stored data
  • Creation of the BitsaboutMe profile
Processing
  • Access to Google Drive
  • Copying the above data to the PDS
  • Analysis and visualization
Deletion Disconnecting/deleting the Google source deletes all Google data in the PDS

Instagram

Source Instagram
Data
  • Posts (including URLs of photos/videos, timestamps, comments, likes to the posts)
  • Public profile pictures of friends liking or commenting on your posts
Purpose
  • Archiving
  • Analysis and visualization of stored data
  • Creation of the BitsaboutMe profile
Processing
  • Access to Instagram account
  • Copying the above data to the PDS
  • Analysis and visualization
Deletion Disconnecting/deleting the Instagram source deletes all Instagram data in the PDS

Twitter

Source Twitter
Data
  • Public posts (including URLs of photos/videos, timestamps, comments, likes to the posts)
Purpose
  • Archiving
  • Analysis and visualization of stored data
  • Creation of the BitsaboutMe profile
Processing
  • Access to your Twitter account
  • Copying the above data to the PDS
  • Analysis and visualization
Deletion Disconnecting/deleting the Twitter source deletes all Twitter data in the PDS

Migros

Source Migros
Data
  • Purchased items (date, time, description, price)
  • Name of Migros branch
Purpose
  • Archiving
  • Analysis and visualization of stored data
  • Creation of the BitsaboutMe profile
Processing
  • Access to your Cumulus account
  • Copying the above data to the PDS
  • Analysis and visualization
Deletion Disconnecting/deleting the Migros source deletes all Migros data in the PDS

Email

Source Email
Data
  • Email header (e.g. sender, recipient, date, time)
  • Content of the email
Purpose
  • Archiving
  • Analysis and visualization of stored data
  • Creation of the BitsaboutMe profile
Processing
  • Access to your email account
  • Copying the above data to the PDS
  • Analysis and visualization
  • Text analysis of the email content in areas of interest for your own profile
Deletion Disconnecting/deleting the email source deletes all email data in the PDS