DevBit
deen

Privacy Policy

Last updated: June 2026. This Privacy Policy explains which personal data is processed when you visit this website or contact DevBit e.U.

1. Controller

The controller for data processing is DevBit e.U., owner: Abanob Boles, Graf Kollonitsch-Straße 3, 2283 Obersiebenbrunn, Austria.

You can reach us by email at office@devbit.at or by phone at +43 660 1273361.

2. Short Overview

This website does not use Google Analytics or a GA4 snippet. No marketing cookies, advertising cookies or social media plugins are embedded.

Cookieless visitor statistics (OpenPanel) are only loaded if you actively agree via the cookie notice. You can change your choice at any time via the “Privacy settings” link in the footer of every page.

The only cookies intended on this website are the functional NEXT_LOCALE cookie for language selection and the op_consent cookie storing your statistics decision; in addition, there is technically necessary infrastructure processing by the hosting provider.

3. Website Access and Hosting

The website is hosted on Vercel. When you access the pages, Vercel processes technically necessary access data, such as IP address, date and time, requested URL, browser and device information and referrer information, where required for delivery, security and error analysis.

This processing is used to provide the website reliably and securely. The legal basis is our legitimate interest in stable, secure and performant website operation under Art. 6(1)(f) GDPR.

Depending on technical delivery, Vercel may process data via infrastructure in the EU and in third countries. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses and a data processing agreement.

4. Cookies and Language Selection

The NEXT_LOCALE cookie is only set when you actively choose a language in the language switcher. It stores the selected language so the root language switch can respect your choice on your next visit.

NEXT_LOCALE is a first-party cookie for functional language selection. It is stored for up to one year and is set with SameSite=Lax.

The op_consentcookie stores your decision about visitor statistics (value “granted” or “denied”, without any identifier or ID). It is only set once you make a choice in the cookie notice, is a first-party cookie stored for 12 months and is set with SameSite=Lax. Your choice is also remembered in your browser’s localStorage.

The legal basis is our legitimate interest in user-friendly, consistent language routing and in storing your consent status under Art. 6(1)(f) GDPR; where ePrivacy or Austrian TKG rules apply, both cookies are treated as technically or functionally necessary.

5. Cookieless Analytics with OpenPanel (only with consent)

We use OpenPanel for traffic measurement and product analytics in cookieless mode — only if you have agreed beforehand via the cookie notice (“Allow statistics”). Without your consent, or after you decline, the analytics script is not loaded and no statistics data is collected.

OpenPanel is embedded through a first-party proxy at /api/op, so the browser does not send direct third-party tracking requests to OpenPanel.

According to our current technical setup, OpenPanel does not store cookies and does not use localStorage or comparable device storage for this website. IP addresses are not stored; they are processed only temporarily to enable coarse geolocation, especially country resolution.

According to the available technical verification, OpenPanel Cloud is operated in the EU, region Frankfurt. A data processing agreement must be concluded with OpenPanel.

Technical usage data may be collected, such as page views, outgoing link clicks, CTA clicks, form start, form submit, form errors, WhatsApp clicks, language, page key, path, referrer and UTM parameters. The contents of your form message, names, email addresses and other contact contents are not sent as analytics properties.

The legal basis is your consent under Art. 6(1)(a) GDPR, given via the cookie notice. You can withdraw your consent at any time with effect for the future: the “Privacy settings” link in the footer of every page reopens the cookie notice, where you can choose “Decline”. The withdrawal takes effect at the latest from the next page load; the lawfulness of processing carried out before the withdrawal remains unaffected.

6. Contact Form and Email Requests

The contact form on this website does not send your input itself and does not transfer it to an email delivery provider. When you submit the form, it opens your local email application with a prepared email to office@devbit.at; the subject and message body are pre-filled from your input.

The data you entered, especially name, email address, selected topic and message, only leaves your device once you send that email yourself from your email application. From that point on, this is ordinary email communication from your email provider to our mailbox; the same applies if you email us directly.

We process the data contained in your email to handle your request, communicate with you and, if a project follows, prepare or perform a contract. The legal basis is Art. 6(1)(b) GDPR (preparing or performing a contract); for general requests without a contractual context, our legitimate interest in answering requests under Art. 6(1)(f) GDPR.

7. WhatsApp Contact

If you contact us via WhatsApp, WhatsApp or Meta processes the resulting communication data, such as your phone number, profile information, message contents, metadata and device information, under its own privacy terms.

The provider of WhatsApp in the European Economic Area is WhatsApp Ireland Limited, a Meta group company. More information is available in the WhatsApp Privacy Policy.

Using WhatsApp is voluntary. You can use the contact form or email instead if you do not want to communicate through WhatsApp.

8. Recipients and Processors

Personal data may be transferred to technical service providers where this is necessary for operation, security, analytics or communication. This includes Vercel for hosting and OpenPanel for cookieless analytics. No email delivery provider is used for the contact form.

Data processing agreements are concluded with processors where required. We do not disclose data for advertising purposes.

9. Retention

We store contact requests for as long as needed to handle the request, follow-up questions and documentation of the business relationship. If this leads to a contract or invoice relationship, statutory retention obligations apply.

Technical log and analytics data is stored only as long as needed for operation, security, error analysis and traffic measurement, or as provided in the respective service provider data processing terms.

10. Your Rights

Subject to the GDPR, you have in particular the following rights:

  • Access to personal data processed about you.
  • Rectification of incorrect or incomplete data.
  • Erasure of personal data.
  • Restriction of processing.
  • Data portability.
  • Objection to processing based on legitimate interests.
  • Complaint with a data protection supervisory authority.

In Austria, the data protection authority is available at https://www.dsb.gv.at/.

11. Security

This website is delivered via HTTPS. This encrypts transmission between your browser and our website. Absolute protection against third-party access cannot be guaranteed for internet communication.

12. No Automated Decisions

There is no solely automated decision-making within the meaning of Art. 22 GDPR.

13. Updates to this Policy

We update this Privacy Policy when technical, organizational or legal circumstances change.