Product Privacy Policy

Data protection declaration according to Art. 13 and 21 GDPR

for the Bitlabs service of BitBurst GmbH

1. general

The protection of your personal data is important to us, BitBurst GmbH, Lerchenweg 3, 40789 Monheim am Rhein, Germany. Therefore, we would like to offer you comprehensive transparency regarding the processing of your data in our services through this data protection declaration. Because only if the processing is comprehensible to you as a data subject are you sufficiently informed about the scope, purposes and benefits of the processing and we have complied with the requirements of the GDPR.

Responsible in terms of the basic data protection regulation (GDPR), the Federal Data Protection Act according to German law (BDSG) and other data protection regulations is

BitBurst GmbH

Lerchenweg 3,

40789 Monheim am Rhein, Germany


[email protected]

Hereinafter referred to as “responsible party” or “we”.

2. general information on data processing

a. Information about our authorizations

We process personal data within the legally permissible limits. This means that data processing operations are based on a legal basis. These are standardised in Art. 6 Para. 1 GDPR. Most data processing operations are based on a legitimate interest on our part (Art. 6 para. 1 lit. f GDPR), on processing operations necessary for the performance of the contract (Art. 6 para. 1 lit. b GDPR) or on the basis of consent granted by you (Art. 6 para. 1 lit. a GDPR). In the latter case you will be informed separately (e.g. via a cookie banner) of the consent procedure.

Personal data will only be passed on in the cases described below.

We process personal data only for clear purposes (Art. 5 para. 1 lit. b GDPR). As soon as the purpose of the processing ceases to apply, your personal data will be deleted or protected by technical and organisational measures (e.g. by pseudonymisation).

The same applies to the expiry of a prescribed storage period, subject to the cases in which further storage is necessary for the conclusion or fulfilment of a contract. In addition, a legal obligation may arise for longer storage or disclosure to third parties (in particular to law enforcement agencies). In other cases, the storage period and type of data collected and the type of data processing depends on which Bitlabs functions you use in each individual case. We would be pleased to provide you with information on this in individual cases, in accordance with Art. 15 GDPR.

b. Information on the technical process of our service

The technical backend of our service (“network”) is connected to various market research companies, marketplaces and enterprises (collectively “marketplaces”). These marketplaces regularly create surveys for their customers (companies). For these surveys, the marketplaces are looking for participants to participate in the surveys. To assist the Marketplaces in finding participants, we have built the Bitlabs service. We bring the marketplaces that are looking for participants together with the participants, that is, you. When you use the service, you as a user enter personal data in your user profile. This personal data is also called “qualifications” in our service. This is because we have to filter for each new survey for which participants are sought whether you are eligible for the survey. Either we can find this out on the basis of the qualifications you have already deposited or we will ask you again to complete some further qualifications which you can deposit in your user account. If you are eligible for a survey because the qualifications required by the marketplaces and the qualifications you have stored match, you have the opportunity to participate. If you decide to participate, we will pass on the matching qualifications to the marketplace. The survey itself will either take place in our service product itself or on the website of the marketplace or the website of the market research company or a company. A link from our service will connect you directly to the survey.

The data protection declarations of the marketplaces can be viewed under the following links. The marketplaces are listed here under the publication name within our service, but not with the full name or company name.


Innovations MR:


3. data processing in connection with the use of Bitlabs

The use of Bitlabs with all its operations requires the processing of certain personal data.

3.1 Informational use of Bitlabs’ services

The purely informational calling of Bitlabs requires the processing of the following personal data and information: Address of the terminal device with which you access Bitlabs (IP address) and the time of the call to Bitlbas. All this information is transmitted automatically unless you have configured it to suppress transmission of the information.

This personal data is processed for the purpose of making the Bitlabs service functional and optimizing it, as well as to ensure the security of our information technology systems. These purposes are at the same time legitimate interests according to Art. 6 para. 1 lit. f. GDPR.

The storage period of your personal data is a maximum of 14 days. This personal data is not merged with other data sources. Data will only be passed on to third parties in necessary cases. Subject to further provisions of this privacy policy, data will not be transferred to third countries or international organisations.

3.2 Use at Bitlabs

Beyond the purely informational use of Bitlabs, you have the opportunity to use our services and our entire range of products.

This use of our services requires the processing of personal data and information in the manner described in this Section 3.

Some processing steps may also be carried out by third parties. The data processing of the third party providers is carried out in accordance with the terms of the relevant data protection declarations. In the case of data processing with third party providers, this may constitute commissioned processing within the meaning of Art. 28 GDPR. This is subject to strict legal requirements, which we comply with in the course of our contractual agreements with our contract processors.

The collection of this data, which is related to your profile, is carried out for the purpose of optimising our services, for the purpose of guaranteeing the functionality of our offer (legitimate purposes according to Art. 6 Para. 1 lit. f GDPR) as well as for the fulfilment of our service obligations towards you (Art. 6 Para. 1 lit. b GDPR). Should your consent be necessary for the processing procedure, we will obtain it at the appropriate point (e.g. via the opt-in possibility within the framework of a cookie banner when using our service for the first time). If you have any further questions, we will be happy to assist you within the scope of your right to information according to Art. 15 para. 1 GDPR.

3.3 Contact form / Contact by e-mail

We process the data you provide us with when contacting us for the purpose of answering your enquiry, your e-mail or your request for a callback. Processed data categories are master data, contact data, content data, possibly usage data, connection data and possibly contract data. In individual cases, we forward this data to companies affiliated with us, i.e. only within our company/group. The legal basis of the processing depends on the purpose:

– Basically, it is based on our legitimate interest and thus on Art. 6 para. 1 lit. f GDPR;

– If the aim is to conclude a contract, the authorization is based on Art. 6 para. 1 lit. b GDPR .

3.4 Collection and use of data

When you use the Bitlabs service, personal data is processed which you can store yourself or which you are asked to provide as part of the qualification query for a new survey. This includes your age, location, gender, and any other personal characteristics (“qualifications”) required by survey partners to join a survey.

When you use our service, Bitlabs places cookies on your device to enable you to use Bitlabs’ features properly.

The purpose of the processing operations associated with creating and completing a profile is to enable us to assign future usage operations and to enable you to access the full range of Bitlabs services. Directly connected with this is, for example, checking whether you are suitable for surveys that we receive from the marketplaces. To participate in surveys, you must meet the criteria requested for the specific survey. We will check whether you meet the criteria either by asking you (if we have not yet asked you for the criteria of the survey) or automatically (if we have already asked you for the criteria of the survey) after receiving the survey by comparing the criteria with the information you have provided about yourself.

The processing of your data thus serves the execution of the contract, is thus earmarked and necessary in accordance with Art. 6 para. 1 lit. b GDPR.

The storage of IP address and time of registration is necessary to ensure the security of our information technology systems. This is also in our legitimate interest, which is why the processing is also lawful in accordance with Art. 6 para. 1 lit. f GDPR.

The personal data entered by you will be stored by Bitlabs until the time your profile is deleted, beyond that only as long as the processing is necessary for the fulfilment of any contract.

It is not intended to pass on your data to third parties. All checks on the requested criteria in a survey are carried out by us on our servers.

3.5 Processing of the reward

Rewards are processed by the operator of the product from which you accessed the Bitlabs service. For successfully completed surveys, we only forward completion information and an identifier such as the ID of your survey start so that the operator itself can assign the reward to the user on its servers.

3.6 Tools

IP stack

In order to locate your location, we collect your IP location by determining your IP address through the service of IP Stack. Processed data categories are therefore connection data. The recipient of the data is apilayer GmbH, Elisabethstrasse 15/5, 1010 Vienna, Austria. A transfer to a third country is not intended. We do not store any personal data on your terminal device and do not read out such data. Our legal basis for the use of IPStack results from Art. 6 para. 1 lit. f GDPR (legitimate interest).

For detailed information on ipstack’s data protection, please refer to the following link:”

4. order processing

In some cases we use external service providers, such as IPStack, to process your data. These service providers have been carefully selected and commissioned by us. They are bound by our instructions and are regularly checked. Our contract processing contracts comply with the strict requirements of Art. 28 GDPR and the specifications of the German data protection authorities.

5. rights of data subjects

If your personal data is processed, you are the person concerned within the meaning of the GDPR and you as a user have the following rights vis-à-vis the person responsible:

5.1 Right to information

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.

If such processing has taken place, you can request information from the data controller about the following:

– the purposes for which the personal data are processed

– the categories of personal data which are processed;

– the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

– the planned duration of storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;

– the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;

– the existence of a right of appeal to a supervisory authority;

– any available information as to the source of the data where the personal data are not collected from the data subject;

– the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

– You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 DPA in connection with the transfer.

5.2 Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.

5.3 Right to limit processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

– if you dispute the accuracy of the personal data concerning you for a period that allows the person responsible to verify the accuracy of the personal data;

– the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data;

– the controller no longer needs the personal data for the purposes of the processing, but you need the personal data in order to assert, exercise or defend legal claims; or

– if you have lodged an objection to the processing pursuant to Art. 21 para. 1 DPA and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

– If the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

5.4 Right of deletion

5.4.1 You may request the controller to delete immediately the personal data concerning you and the controller is obliged to delete such data immediately if one of the following reasons applies:

– the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed

– you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 letter a or Art. 9 para. 2 letter a DPA and there is no other legal basis for the processing.

– You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

– The personal data concerning you have been processed unlawfully.

– The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.

– The personal data concerning you have been collected in relation to information society services offered, in accordance with Article 8(1) of the GDPR.

5.4.2 If the data controller has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or to make copies or replications of this personal data.

5.4.3 The right of cancellation does not apply where processing is necessary

– on the exercise of the right to freedom of expression and information;

– to comply with a legal obligation to which the processing relates under Union or national law to which the controller is subject or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 letters h and i and Art. 9 para. 3 GDPR;

– for archiving, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the law referred to in para. 1 is likely to render the attainment of the objectives of such processing impossible or seriously prejudice it, or

– to assert, exercise or defend legal claims.

5.5 Right to information

If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed of these recipients.

5.6 Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been communicated, provided that

the processing is based on a consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR and

the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

5.7 Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 letter e or f FADP; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling reasons for processing which are justified on grounds of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.

You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by using automated procedures involving technical specifications.

5.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

The processing is lawful until your revocation – the revocation therefore only affects the processing after receipt of your revocation. You can informally revoke your consent by mail or e-mail. Your personal data will then no longer be processed, subject to the permission of another legal basis. If this is not the case, your data must be deleted immediately after the revocation in accordance with Art. 17 para. 2 GDPR. Your right to revoke your consent subject to the above-mentioned conditions is guaranteed.

Your revocation must be addressed to:

BitBurst GmbH

Lerchenweg 3

40789 Monheim am Rhein, Germany


[email protected]

5.10 Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data concerning you is in breach of the DPA.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

6. automated decisions in individual cases including profiling

Automated decisions in individual cases, including profiling, are not carried out.

7. notification obligations of the responsible person

If your personal data have been disclosed to other recipients (third parties) for legal reasons, we will inform them of any correction, deletion or restriction of the processing of your personal data (Art. 16, Art. 17 para. 1 and Art. 18 GDPR). The obligation to notify is not applicable if it involves a disproportionate effort or is impossible. We will also inform you of the recipients upon request.