Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

B.IT Solutions GmbH
In der Illbach 2-4
56412 Heiligenroth
Germany

Managing Director: Goekhan Cirag
Phone: +49 2624 9073999
Email: info@bit-solutions.com
Website: www.bit-solutions.com

2.1 Scope of Personal Data Processing

We process personal data of our users only to the extent necessary to provide a functional website and to deliver our content and services. The processing of personal data of our users takes place regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2.2 Legal Basis for Data Processing

Our processing of personal data is based on the following legal provisions:

• Art. 6(1)(a) GDPR – Where we obtain the consent of the data subject for the processing of personal data.
• Art. 6(1)(b) GDPR – For the processing of personal data necessary for the performance of a contract to which the data subject is party. This also applies to processing operations required for pre-contractual measures.
• Art. 6(1)(c) GDPR – Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject.
• Art. 6(1)(d) GDPR – Where vital interests of the data subject or another natural person require the processing of personal data.
• Art. 6(1)(f) GDPR – Where the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override those interests.

2.3 Applicable Laws

In addition to the GDPR, the following laws apply to data processing:

• BDSG (Federal Data Protection Act, Bundesdatenschutzgesetz) – National implementation of the GDPR in Germany, including supplementary provisions on employee data protection, the appointment of data protection officers, and the processing of special categories of personal data.
• TDDDG (Telecommunications Digital Services Data Protection Act, Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz) – Provisions on the protection of privacy in the telecommunications and digital services sector, particularly regarding the use of cookies and similar technologies.

2.4 Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this period if this has been provided for by European or national legislators in Union regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or performance of a contract.

3.1 Description and Scope of Data Processing

When you access our website, your browser automatically transmits certain technical data to our web server. The following data is recorded in this process:

• IP address of the requesting device
• Date and time of access
• Name and URL of the requested file
• Website from which the access was made (referrer URL)
• Browser type and version used
• Operating system of the requesting device
• Name of your Internet service provider
• HTTP status code
• Volume of data transferred

3.2 Legal Basis

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the proper technical operation and security of the website.

3.3 Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's device. For this purpose, the IP address of the user must remain stored for the duration of the session. The storage in log files takes place in order to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

3.4 Duration of Storage

The data is deleted as soon as it is no longer necessary for the purpose of its collection. In the case of the collection of data for the provision of the website, this occurs when the respective session has ended. In the case of storage of data in log files, this occurs after seven (7) days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or anonymized so that an attribution to the accessing client is no longer possible.

This website uses SSL/TLS encryption for security purposes and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator. You can recognize an encrypted connection by the browser's address bar changing from "http://" to "https://" and by the lock icon displayed in your browser's address bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5.1 Description and Scope of Data Processing

Our website uses only technically necessary cookies. Cookies are small text files that are stored on your device by your browser. They do not cause any damage and do not contain viruses.

We use only technically necessary cookies that are essential for the operation of the website. We do not use cookies for analytics, tracking, or advertising purposes.

5.2 Legal Basis

The legal basis for the processing of personal data using technically necessary cookies is Art. 6(1)(f) GDPR in conjunction with § 25(2) TDDDG. Technically necessary cookies do not require the user's consent.

5.3 Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Certain functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

5.4 Duration of Storage and Opt-Out

Cookies are stored on the user's device and transmitted to our site by the user. Therefore, as a user you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

6.1 Description and Scope of Data Processing

On our website, we provide you with our email address and telephone number for contacting us. You may contact us by email at info@bit-solutions.com or by telephone at +49 2624 9073999.

If you contact us by email or telephone, the personal data you provide (e.g., name, email address, telephone number, content of your inquiry) will be stored and processed by us in order to handle your inquiry.

6.2 Legal Basis

The legal basis for the processing of data transmitted via email or telephone is Art. 6(1)(f) GDPR. Our legitimate interest lies in processing and responding to your inquiry. If the contact aims at the conclusion of a contract or the performance of pre-contractual measures, Art. 6(1)(b) GDPR additionally serves as the legal basis.

6.3 Purpose of Data Processing

The processing of personal data serves exclusively to handle and respond to your inquiry. No disclosure of data to third parties takes place unless this is necessary for the processing of your inquiry or required by law.

6.4 Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data transmitted by email or telephone, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

Where statutory retention obligations exist (e.g., commercial or tax retention periods), the data will be stored for the duration of the respective retention period and deleted after its expiration.

6.5 Right of Objection and Removal

The user has the option to object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The objection may be communicated informally by email to info@bit-solutions.com. All personal data stored in the course of establishing contact will be deleted in this case.

This website uses the “Inter” font for the uniform display of typefaces. The fonts are stored locally on our web server and are loaded directly from there (known as “self-hosting”).

When you access our website, the fonts are loaded exclusively from our own server. No connection to external servers (such as Google servers) is established. Therefore, no data is transmitted to third-party providers, in particular not your IP address or other personal data.

No data transfer to Google or other external service providers takes place in connection with the integration of fonts.

We employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

In particular, we implement the following measures:

• SSL/TLS encryption of data in transit
• Regular updates of software and security systems
• Access controls and authorization management
• Secure server environments with firewall protection
• Regular backups and recovery procedures

We would like to point out that data transmission over the Internet (e.g., when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by European or national legislators in Union regulations, laws, or other provisions to which the controller is subject.

Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless there is a necessity for the continued storage of the data for the conclusion or performance of a contract.

In particular, the following retention periods apply under German law:

• 6 years – Retention period under commercial law pursuant to § 257(1) HGB (German Commercial Code) for commercial correspondence.
• 10 years – Retention period under tax law pursuant to § 147(1) AO (German Fiscal Code) for accounting records and tax-related documents.

After the expiration of the respective retention period, the corresponding data will be routinely deleted unless it is still required for the performance or initiation of a contract.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

10.1 Right of Access (Art. 15 GDPR)

You may request confirmation as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request information from the controller about the following:

• The purposes of the processing;
• The categories of personal data being processed;
• The recipients or categories of recipients to whom the personal data have been or will be disclosed;
• The envisaged period for which the personal data will be stored, or the criteria used to determine that period;
• The existence of the right to request rectification, erasure, restriction of processing, or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• All available information on the origin of the data where the personal data is not collected from the data subject;
• The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You also have the right to request information as to whether your personal data is transferred to a third country or an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

10.2 Right to Rectification (Art. 16 GDPR)

You have the right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

10.3 Right to Restriction of Processing (Art. 18 GDPR)

You may request the restriction of the processing of your personal data under the following conditions:

• If you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
• The controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims;
• If you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

10.4 Right to Erasure (Art. 17 GDPR)

You may request that the controller erase personal data concerning you without undue delay, and the controller shall be obligated to erase the data without undue delay where one of the following grounds applies:

• The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• You withdraw the consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing;
• You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
• The personal data concerning you have been unlawfully processed;
• The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject;
• The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

10.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to whom the personal data has been provided, where the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means.

10.6 Right to Object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

10.7 Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

10.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
(Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz)
PO Box 30 40
55020 Mainz
Germany
Website: www.datenschutz.rlp.de

We reserve the right to amend this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your next visit.

We recommend that you review this privacy policy regularly to stay informed about our data protection practices.

As of: February 2026