Bitfold AG Privacy Policy

In this data protection declaration, we, Bitfold AG, hereinafter also referred to as “we” explain how we collect and process personal data. This explanation is not exhaustive. It is possible that other data protection statements or general terms and conditions, conditions of participation and similar documents will also regulate additional issues.

Personal data is understood to be any information relating to an identified or identifiable person.

If you provide us with personal data of other persons (e.g., family members, data of colleagues), please ensure that these persons are aware of this Privacy Policy and only share their personal data with us if you have their permission to do so and if this personal data is correct.

This Privacy Policy has been developed in order to comply with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, the General Data Protection Regulation (“GDPR“) and the Swiss Data Protection Act (“DPA”). Whether and to what extent these provisions apply depends on the individual case.

1. Person in charge (Personal data controller)

Bitfold AG (Mühlegasse 18, CH – 6340 Baar) is responsible for the processing of the personal data described below. If you have any concerns about data protection, you can send them to us at the following contact address:

Bitfold AG
Mühlegasse 18
CH – 6340 Baar

We have appointed the following additional position: 

Data Protection Representative in the EU according to article 27 GDPR: 

Bitfold R&D sp. z o.o.
Ul. Wólczańska 143
90-525 Łódź

You can also contact this party for privacy concerns.

2. Collection and processing of personal data

We primarily process personal data that we receive from our users and other business partners in the course of our business relationship with them and others involved therein or that we collect from their users in the course of operating our websites, applications and other applications, as well as personal data that we have received from our users themselves through surveys.

We may process different categories of your personal data. This includes, in particular, the following data:

Technical data: when you use our website or other electronic offers, we collect the IP address of your end device and other technical data to ensure the functionality and security of these offers. This data also includes logs in which the use of our systems is recorded. The technical data in itself does not allow any conclusions to be drawn about the identity of the user. However, in the context of user accounts, registration, access control or contract processing, they can be linked to other categories of data (and thus possibly to the user’s person).

Basic data: This includes all information that we require in addition to contractual data (see below) to process our contractual or other business relationships or for marketing and advertising purposes. This includes, in particular, contact and identification data (e.g., surname, first name, address, email address, telephone number, customer number, copy or number of official identity document if applicable), personal data (e.g., age, gender, nationality, language).

Communication data: When you contact us via a contact form, email, phone, chat, or other means of communication, we collect information exchanged between you and us, including your contact details and communication boundary data.

Contract data: This includes information that we process in connection with the conclusion or performance of a contract, such as information about products purchased or subscriptions, any response to services such as satisfaction information or complaints. But also information about end devices, such as device type, device name, operating system and version.

Behavioural and preference data: Depending on our relationship with you, we try to get to know you and better tailor our products, services and offers to you. To this end, we collect and use information about user behaviour and preferences. We do this by assessing information about your behaviour in our area and may supplement this information with information from third parties, including publicly available sources. Analysis in our area includes, for example, how and how often you use our products and services.

Edge data from telecommunications traffic: This includes information that we process as a telecommunications service provider to establish a connection and transmit information. This includes, for example, telephone number, value-added service numbers, date, time and duration of the call, type of call, location data, IP address, device identification numbers such as IMEI, IMSI, MAC address.

Website data: This includes certain information that is generated as a result of visiting our websites. This may include, in particular, your Internet identifiers (e.g., cookie ID, IP addresses).

Registration data: Some offers can only be used using a user account or registration, which can be done directly with us or via our third-party login providers. In order to do so, you must provide us with certain data, and we collect data on the use of the offer or service.

Other data: We also collect user data in other situations. For example, in connection with official or court proceedings, data (such as records, evidence, etc.) is collected which may also relate to you. We may also collect data about who enters certain buildings or who has access rights (including access controls based on registration data or visitor lists, etc.), who attends events or campaigns and when, or who uses our infrastructure and systems.

Usually, you provide us with the data listed above. In certain circumstances, we also obtain data from public sources (e.g., public records, media, internet) or receive data from third parties. These may include, for example, the following third parties:

– People close to you (e.g., in the case of powers of attorney, referral programme, customer service programme)

– Banks or other contractual partners (e.g., when processing payments)

– Address dealers (e.g., for address updates or as part of our marketing activities)

– Market research institutes (customer surveys)

– Update of the network address (to identify the connection line and the associated simplified connection)

– Online service providers (e.g., analytical services)

– Authorities (e.g., in connection with legal proceedings)

When transferring or disclosing data on other persons, such as family members, colleagues, etc., we assume that the user is authorised to do so, and that the data is correct. By transmitting data about third parties, the user confirms this. You must also ensure that these third parties have been informed of this privacy policy.

3. Data processing purposes and legal basis

We use the personal data we collect primarily to conclude and process contracts with our customers and business partners and to purchase products and services from our suppliers and subcontractors, as well as to fulfil our legal obligations at home and abroad. If you work for such a customer or business partner, your personal data may also be processed in this capacity. In addition, we use the personal data we collect to provide our services electronically in the context of providing the content published on and for analytical and statistical purposes, to study user behavior in order to improve the quality of the services offered.
In addition, where permitted and deemed appropriate, we also process your and other individuals’ personal data for the following purposes where we (and sometimes third parties) have a legitimate interest commensurate with the purpose:

– To offer and further develop our offers, services and websites;

– Communication with third parties and handling of their queries (e.g., applications, media enquiries);

– Review and optimise needs assessment procedures for direct customer engagement and collection of personal data from publicly available sources for customer acquisition.

– Advertising and marketing (including the organisation of events), unless you have objected to the use of your data;

– Market and opinion research, media monitoring;

– Investigation of legal claims and defence in connection with legal disputes and official proceedings;

– Prevention and investigation of crime and other offences (e.g., internal investigations, data analysis to combat fraud);

– Guarantees of our operations, in particular IT, our websites, applications and other platforms;

– Video surveillance to maintain property rights and other IT, building and facility security measures and to protect our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone call recordings);

If you have consented to the processing of your personal data for specific purposes (for example, when registering for the Newsletter or attending a webinar) we process your personal data to the extent and on the basis of that consent, unless we have another legal basis and we need that basis. Consent given may be revoked at any time, but this does not affect processing that has already taken place.
In connection with the sending of a Newsletter, we record the address file, the subject and the number of Newsletters sent. In connection with the personal data, the addresses to which the Newsletter was sent and whether the mailing was successful or unsuccessful are recorded. Of course, this personal data is only processed for the purpose of improving the content and structure of the Newsletter.

Please note that by registering for our Newsletter at, you also consent to the processing of your data for marketing purposes. This includes sending emails with advertising or marketing content, invitations to events and offering advertisements.

We may engage third parties to technically process our marketing activities and may share your data with third parties for this purpose (see section 5).

To participate in our webinars or online lectures, you must register for them, as part of which we collect certain data to enable you to participate in the webinar. We reserve the right to use your data for marketing purposes.

Cookies / tracking and other technologies related to the use of our website

3.1 Cookies

We typically use “cookies” and similar technologies on our websites to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the browser you use when you visit our website. This allows us to recognise you when you return to the site, even if we do not know who you are.

In addition to cookies that are only used during a session and deleted after a visit to a website (“session cookies”), cookies may also be used to store user settings and other information for a limited period of time (e.g., two years) (“persistent cookies”). However, you can set your browser to reject cookies, only store them for one session or otherwise delete them prematurely. Most browsers are pre-set to accept cookies. The following pages explain how to set up, process cookies in the most popular browsers.

• Mozilla Firefox
• Google Chrome for desktops
• Google Chrome for mobile devices
• Apple Safari for desktops
• Apple Safari for mobile devices

We use permanent cookies to save your settings (e.g., language, auto login) so that we can better understand how you use our offers and content. If you block cookies in whole or in part, some functions (such as language selection, shopping cart, ordering processes) may stop working.

In some cases, we also attach visible and invisible graphics to our Newsletters and other marketing emails and, where permitted, by downloading them from our servers, we can determine if and when you have opened an email so that we can measure and better understand how you use our offers and tailor them to you. You can block this in your email programme; most are set up this way.

By using our websites and agreeing to receive Newsletters and other marketing e-mails, you consent to the use of these techniques. If the user does not wish to do so, he/she must set his/her browser or email program accordingly.

3.2 Google Analytics

We sometimes use Google Analytics or similar services on our websites. This is a service provided by third parties, which may be located in any country in the world (in the case of Google Analytics, this is Google Ireland (based in Ireland), Google Ireland relies on Google LLC (based in the USA) as an order processor (both “Google”),, by means of which we can measure and evaluate the use of the website (not personal data). Permanent cookies set by the service provider are also used for this purpose. We have configured the service so that visitors’ IP addresses are truncated by Google in Europe before being transferred to the USA and thus cannot be tracked. We have disabled the ‘Data Sharing’ and ‘Signals’ settings. Although we may assume that the information we share with Google is not personal data for Google, it is possible that Google may draw conclusions about the identity of visitors based on this data for its own purposes, create personal profiles and link this data to those individuals’ Google accounts. If the user has registered with the service provider himself, the service provider also knows the user. Processing of the user’s personal data by the service provider then takes place under the responsibility of the service provider in accordance with its data protection regulations. The service provider only informs us about the use of our website (without any information about the user).

3.3 Social media plug-ins

We also use so-called social network plug-ins on our websites, such as LinkedIn, Facebook, Twitter, YouTube, Pinterest or Instagram. In each case, this is visible to the user (usually via the respective icons). We have configured these elements to be disabled by default. If the user activates them (by clicking on them), the operators of the respective social networks can register that the user is on our website and where and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator in accordance with their data protection regulations. We do not receive any information about the user from them.

4. Data transfer and data transmission abroad

We disclose information as part of our business activities and for the purposes set out in clause 4 above. We also disclose your personal data to third parties, insofar as this is permitted and seems appropriate to us because they process it for us or wish to use it for their own purposes. This applies in particular to the following entities:

– Providers of our services (external, e.g., banks, insurance companies), including order processors (e.g. IT providers);

– subcontractors and other business partners;

– national and foreign authorities, official agencies or courts;

– other persons where their inclusion is for the purposes set out in paragraph 3;
Hereinafter referred to as: the Recipients.

These recipients are partly national but may be located anywhere in the world. In particular, you must expect your data to be transferred to all countries where our service providers are located.

If the recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the current European Commission standard contractual clauses with the necessary additions for the FADP, provided that it is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision). An exception may apply in the case of legal proceedings abroad, but also in the case of an overriding public interest or if the performance of a contract requires such disclosure, if you have given your consent or if it concerns data that you have made generally available and have not objected to the processing of such data.

5. Period of retention of personal data

We process and store personal data for as long as necessary to fulfil our contractual and legal obligations or otherwise for the purposes of the processing, i.e., for the entire duration of the business relationship (from the start of the processing until the termination of the contract), for example, and longer in accordance with statutory storage and documentation obligations.

As soon as your personal data is no longer needed for the aforementioned purposes, it will be deleted or anonymised as far as possible.

6. Data security

We take appropriate technical and organisational precautions to protect your personal data from unauthorised access and misuse. However, we cannot guarantee absolute data security.

7. Profiling and automated decision-making

For the purpose of establishing and implementing the business relationship, as well as for other purposes, we generally do not use fully automated decision-making (such as regulated in Article 21 DPA; Article 22 DPA, Article 4 (4) GDPR). If we use such procedures on a case-by-case basis, we will inform you separately, insofar as this is required by law, and inform you of your associated rights.

8. Rights of the data subject

Within the framework of the data protection legislation applicable to you and to the extent provided for, you have the right to information, rectification, erasure and otherwise the right to object to our processing of your data, in particular for direct marketing purposes, profiling for direct advertising and other legitimate processing interests, as well as the right to have certain personal data made available for transfer to another party (so-called data portability).

Please note, however, that we reserve the right to enforce restrictions provided by law, for example, if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to do so) or require it for the purposes of pursuing a claim. If you incur costs, we will inform you in advance.

Please note that the use of these rights may be contrary to contracts and may have consequences, such as premature termination or cost implications. We will inform you in advance if this is not already contractually regulated.

Exercising such rights usually requires clear proof of your identity (e.g. by means of a copy of your identity card if your identity is not clear or cannot be otherwise verified). In order to exercise your rights, you may contact us at the address given in section 1.
Every data subject also has the right to pursue their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner ( You also have the right to lodge a complaint with the President of the Data Protection Authority. Detailed information on how to exercise your rights can be found on the website of the UODO (

9. Changes

We may change this Privacy Policy at any time without prior notice. The current version published on our website shall apply. To the extent that the data protection statement is part of your contract with us, we will inform you of the change via email or other appropriate means in the event of an update.