Data Processing for the purposes of our Website
If you visit our Website for informational purposes without signing up for the Platform, Bitwala will be considered the sole controller within the meaning of the EU data protection regulation (GDPR) and the federal data protection law (BDSG) for any processing related to your visit.
Collection and processing of data
Bitwala gathers, uses and saves your personal data to provide access to the Website. This includes any information you provide manually as well as technical information that is required for the communication between your end-device and our applications.
The technical information we collect for our website bitwalatoken.com includes:
• Email Address
• IP Address (anonymised)
• Evaluation of website activity and internet usage
• User website activity on the website and the location they came from (e.g. URL and referrer)
• Operating system
With every access to our Website, usage data are transmitted through the respective
browser and stored in log files, the so-called server log files. The records stored in
case contain the following data: date and time of retrieval, page name, IP address,
URL (i.e. the page you have previously visited), the amount of data transferred, as well
the product and version information of the browser used. The IP addresses of users will be
deleted or anonymized after the end of use. In the case of anonymization, the IP addresses
changed in such a way that the details of personal or factual circumstances can no longer
assigned to a specific or identifiable natural person, or only with a disproportionate
of time, cost and manpower.
We use the log data and log files only for statistical evaluations for the purpose of operation, security and optimization of our offer. Additionally you may provide us certain information by your own choice to use certain features of our Website.
Whitelisting and Newsletter
In order to reserve your spot for the STO you have to enter your e-mail address and your
via the Website, which we will then collect and save on the basis of Art. 6 para. 1 lit.
GDPR. We need your e-mail address and your name to confirm your registration and to
communicate with you.
With our Newsletter we inform you about important product updates , special announcements and our offers. To register for the newsletter, we need your e-mail address. In addition, we record your IP address and the date of registration upon registering to ensure that no third party misuses your e-mail address and hereby logs in without your knowledge to receive the newsletter. This data is stored and used for the sending of the newsletter.
After registering, you will receive an e-mail to confirm your affiliation to the newsletter e-mail list. Unless you confirm your registration for our newsletter within 24 hours, we will delete your provided data for signing up for the newsletter (email address, IP address, date of registration) 24h after sending out the confirmation e-mail, provided that no statutory storage requirements are in conflict.
At the end of each newsletter, there is a link through which you can unsubscribe from the newsletter at any time. Upon cancellation of the newsletter, the personal data provided for the purpose of providing of the newsletter have been deleted, unless a statutory retention requirement precludes this.
Additionally we, collect certain data on your interactions with our Newsletter, using graphic elements integrated in each Newsletter (so called Pixels). We use these data in pseudonymised form for general statistical evaluation and to optimize our customer communication further. The Processing is based on Art. 6 para. 1 lit. f) GDPR and performed using the third party service provider Sendgrid. Sendgrid is a service of SendGrid, Inc..
By registering for our whitelisting and our newsletter, your e-mail address, IP address
date of registration will be transmitted to and stored by a server of SendGrid, Inc. in
USA. Pursuant to Commission Implementing Decision (EU) 2016/1250 of 12.07.2016, the
transmission of data from a controller or processor in the EU to US organizations
self-certifying to the US Department of Commerce to comply with the Framework Principles
the United States Department of Commerce EU-US Privacy Shields, including the Additional
Principles, are permitted. Sendgrid has committed to upholding these principles through
self-certification with the US Department of Commerce. Further information on data
at Sendgrid can be found at https://sendgrid.com/policies/tos/.
You can revoke your consent or object to the storage of data, the e-mail address and their use for sending the newsletter at any time. The revocation or objection can be declared via a link in the newsletter itself or by message to the in Paragraph 1 mentioned contact options.
Hosting of our Website
Our Website is hosted by a third party service provider based in the US. To protect your
privacy when transferring data outside the EEA we have concluded Standard Contractual
(https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087) provided by the EU commission. Furthermore, our hosting service provider is contractually bound to our instructions under a Data Processing Agreement. Additionally, this service provider is bound to our instructions by a data processing agreement.
Third Party Content
Occasionally, we may include third-party content on our site, such as videos from YouTube, Maps from Google Maps, RSS feeds or graphics from other websites, based on our legitimate interest to provide additional content on our Website, Art. 6 para. 1 lit. f) GDPR. In order to display the content, the providers of this content perceive the IP address of the users. We have no influence on storage and further use of the IP address by the third providers.
For a part of our service it is necessary for us to store cookies on your end device.
do not execute programs on your computer. Instead, the main purpose of cookies is to
customisation features when using our services (the “Functional Cookies”).
We use our own Functional Cookies for:
• Log-in identification
• Load distribution
• To remember your settings
• To remember your cookie consent The processing of data collected via our cookies is based on our legitimate interest to provide you a convenient and individualised service on our website, ARt. 6 para. 1 lit. f GDPR.
Performance and Marketing Analytics
To improve our Website we use data collected by cookies and similar technologies (e.g.
beacons) for the statistical collection and analysis of general usage patterns. We also
this data for advertising and marketing purposes and to show personalised ads to you on
Websites and other websites.
Data collected by these cookies (the “Analytics Cookies”) will be processed by us or third party service providers, based on the consent you provided by clicking “OK” in our cookie banner, Art. 6 (1) (a) GDPR.
The data collected by Analytics Cookies usually includes
• IP address of your device,
• Date and time of the access
• Cookie ID number
• Device ID of mobile devices
• Technical information on browser and operating system (the “Device Fingerprint”)
This data is only collected and stored in pseudonymous form and is never used to identify you individually or to draw conclusions other than on a general, aggregated level.
Opt-out of tracking and withdrawal of consent
If you wish to disable tracking in general, you can always configure your browser to decline cookies, in which case we will not be able to process data in the above mentioned way.
In the following section we will further describe the cookies and services we use for marketing and analytics purposes as well as alternatives to generally prevent being tracked by the respective service.
Services used for Performance and Marketing Analytics
On our Website and in our App, we are making use of Google Analytics based on your consent. Google Analytics is a service of Google Inc (hereinafter referred to as “Google”) for web analysis. Google Analytics is using so-called cookies. Cookies are text files that are stored on your computer and which enable an analysis of your website use. The information generated by the cookie about your website usage is usually transmitted to a Google server in the US and stored there.
However, if IP anonymization is enabled on this website, Google will truncate your IP address beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the US and shortened there. On behalf of Bitwala, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP addresses transmitted by Google Analytics will not be merged with other data provided by Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all functions of this website in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de Google has committed itself to self-certification by the US Department of Commerce to adhere to the framework of the [EU-US Privacy Shield (https://www.privacyshield.gov).
Further Transmission of data
Whenever we transfer data to service providers, data may only be used for performance of
services. Services are selected and commissioned carefully and contractually bound by our
instructions. Additionally to the transfer of data to the ones explicitly mentioned in
providers maintaining our systems and consultancy firms.
Otherwise, we transfer data to Third Parties only if:
• You have given an express declaration of consent for this, pursuant to Art. 6, para. 1, lit. a GDPR,
• Further transmission is necessary, pursuant to Art. 6, para. 1 lit. f GDPR, for bringing, exercising or defending legal claims, and no reason exists to suppose that you have a predominant and properly protected interest in preventing your data from being passed on,
• We have a legal duty to pass on your data pursuant to Art. 6 para. 1 lit. c GDPR, or
• This is legally permissible and requisite, pursuant to Art. 6 para. 1 lit. b GDPR, for the handling of contracts with yourself or for the execution of precontractual actions which are being carried out at your request.
Duration of storage We store personal data only as long as necessary to fulfil our contractual or statutory duties. This means that, as long as your account is active, we will keep any data required to provide our Services. Upon your deletion of your account, we will delete any of your data, provided it is not required for purposes of evidence, in which case we keep it until expiration of statutory periods of limitation, or for statutory retention periods.
In particular, Bitwala and Partner Bank may be subject to retention periods under German Tax and Commercial Law up to 10 years for relevant information. This may include certain technical information related to the initiation or the receipt of payments.
Rights of the persons concerned
You have the right to information about the processing of your personal data at any time and free of charge. This information includes an overview of the data relating to you, as well as a copy of such data (Right to Access). Should data be or become inaccurate, we are obliged to correct the information on your request (Right to Rectification). You may at any time request the deletion of data (Right to Erasure). Wherever we are not able to delete your data, as may be the case when we are subject to statutory retention periods, data processing will be restricted. Processing will also be restricted upon your request, if you believe that the data we have stored are not correct or if there is a dispute over the legality of the processing (Right to Restriction of Processing). You may at any time request us to transfer your personal data to you or a third party of your choice (Right to Data Portability). You can exercise your rights with either Joint Controller, i.e. Bitwala or Partner Bank, by using the above contact details. However, for your convenience we have implemented a special data privacy team at Bitwala which will handle and, where necessary, forward all requests, which can be reached at: email@example.com.
Right to withdraw consent
Under Art. 7 para 3 GDPR you have the right to withdraw any consent you may have given to
at any time. In this case, data processing will no longer take place based on your
The withdrawal however does not affect the lawfulness of past processing activities. If
would like to withdraw any consent given to us, please contact either of the Joint
using their contact details provided above or direct your request to:
firstname.lastname@example.org. Alternatively you may use features provided within our applications to withdraw your consent.
Right to objection to processing based on legitimate interest
Wherever we process your data on the basis of legitimate interests under Art. 6 para. 1 lit. f GDPR you have the right to object to the processing of your data according to ARt. 21 GDRP.
You may at any time object to data processing for direct marketing purposes.
If you would like to object to any of our performance or marketing analytics purposes, please use one of the above listed opt-out methods or contact: email@example.com.