Contact Information

This Privacy Policy describes the policies and procedures of Bitly, Inc., DPT 5006, 601 W. 26th Street, Suite 357 (3rd Floor), New York, NY 10001, the United States, (“Bitly Inc.”), and BK Wirtschaftstreuhand GmbH, Spichernstraße 1, 10777 Berlin, Germany (“Bitly Europe”), (Bitly Inc. and Bitly Europe collectively “Bitly”) for the collection, use, and disclosure of personal data about you for which either of us act as the data controller, or for which we act as joint controllers, in accordance with the European Data Protection Regulation (“GDPR”) and other applicable laws.

If you have any questions or concerns regarding privacy when using the Services of Bitly wish to use your rights, such as to object to the processing or have your personal data removed, please send us a detailed message to: [email protected] for US matters and/or [email protected] for EU matters. We will make every effort to resolve your concerns. Please also see “Rights of Data Subjects” for more detailed information on your rights as the data subject. The designated data protection officer of Bitly Europe is DataCo GmbH, Nymphenburger Str. 86, 80636 Munich, Germany, [email protected], www.dataguard.de.

Bitly Group Services

Bitly Services Bitly collects personal data about you from the following sources, as described in this Privacy Policy, when you (i) register for the Site and the Services, through your user account with Bitly, including registering through a third-party service (your “Account”); (ii) use the Services; or (iii) view or interact with a Bitly link, QR Code, Link in Bio or other Bitly Product (either our bit.ly links or one of our branded domains) on a third-party website. We collect the following types of information from you, some of which might be considered personal data under applicable law:

When You Register for a Bitly Account

When you create an Account, we collect the personal data from you, such as your name, phone number, company name, industry, job title, company size, email address, phone number and sign-in information. If you create an Account using your login information from a third-party account, such as Google, Facebook, Apple, or Twitter, we will access and collect the personal data about you that the third-party account provides (which is based on your privacy settings with the third-party account), so that you can log into your Account with us. We use your contact information to send you information about our Services and communicate with you about your Account, your activities on our Site and Services and policy changes. You may unsubscribe from receiving certain types of these messages through your Account settings, although Bitly reserves the right to contact you when we believe it is necessary, such as for administrative and account management purposes.

We may receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.

You have the opportunity to add sub-users to your Account. If you create a sub-user, the following personal data of the sub-user will be processed: Name, email address, IP address of the user’s device, date and time of sub-user creation, login information, employer, phone number.

Some features of the Services allow registered users to provide their own content to the Services, such as written descriptions of URLs, comments, images and video. Unless you request deletion of your personal data as described in this Privacy Policy, all content submitted by you to the Services may be retained by Bitly, even after you terminate your Account and may continue to be shared by third parties, as described in this Privacy Policy.

When You Create a Bitly Link, QR code or Link in Bio (collectively “Bitly Products”)

One feature of the Services is the ability to create shortened uniform resource locators (URLs) of websites, QR codes linking to a URL, or a Link in Bio linking to a URL (“Bitly Products”). When you create a shortened link, QR code, Link in Bio or other Bitly product, Bitly collects and stores both the original URL and any shortened URL and, if you are logged in to your Account, we will associate that information with your Account. Bitly also collects and stores your IP address, your geolocation data (which we derive from your IP address), the time and date on which you shortened the original URL and/or created the Bitly Product, and if you share a Bitly Product on a social networking platform, the name of the platform and your username on that platform.

When You Interact With a Bitly Product

Bitly automatically collects personal data about the interaction (such as clicks or views) with every Bitly Product created through the Services (either our bit.ly links or one of our branded domains) on a third-party website. This information includes, but is not limited to: (i) the IP address and location derived from the IP address; (ii) internet or other electronic network activity information like the referring websites or services; (iii) the time and date of each access; (iv) device settings, such as browser type, operating system, and language; and (v) cookies, as described in our cookie policy, and mobile advertising identifiers. As described in this Privacy Policy, we use this personal data to provide the Services, to understand and analyze how our Services are used and to identify trends, and to detect, deter and prevent malicious, fraudulent or unlawful activity, and in some cases we show a Destination Preview which contains information about the link or QR Code end destination, and may or may not include advertising from third parties. Please see the “Information We Share” section below for a description of how we may share information we collect when you create, view or interact with Bitly Products.

Usage Across Devices

We use the information we collect to make inferences that a unique individual has created or interacted with Bitly links, QR codes or Links in Bio on different devices so that we can detect, deter and prevent malicious, fraudulent or unlawful activity and analyze how users use our Services. For example, if you created a Bitly Product on a computer connected to your residential WiFi network, and you soon thereafter clicked on a Bitly Product on a mobile device connected to the same WiFi network, we may infer that a single individual created and clicked on the Bitly Product because both events were associated with the same IP address in the same time period.

Other Uses

We also may use personal data to pursue legitimate interests, such as direct marketing, research (including marketing research), network and information security, prevention of fraudulent, malicious and unlawful activities, or any other purpose, as disclosed to you at the time you provide personal data or we contact you for the first time.

Information We Share

The Services are designed to help you share information with others. The following categories of personal data generated through your use of the Services are shared publicly, within Bitly and with the following categories of third parties for the business purposes described below.

Bitly Group Companies – Personal data related to your Account and possible subscriptions for Services of Bitly Europe will be shared within Bitly to be used for our joint purposes as described under “Data Sharing and Joint Processing within Bitly”. Please note that if you hold a Bitly Account(s) and/or use Bitly Services managed by us or other Bitly entities, such personal data is combined with personal data collected in connection with Bitly Services. Sharing and combining the personal data is based on Bitly’s legitimate interests in finding synergies generated from performing, planning, and developing business in group level, and in promoting sales by cross and up-selling complementary products of group companies.

Bitly Products You Create – Much of your activity on and through the Services is public by default. For example, when you create a Bitly Product, the original URLs you have shortened and the corresponding Bitly Product are publicly available, including the possibly included personal data.

Account Information – Where permitted by law, if you register a Bitly Account with an email address on a domain owned by an organization, (for example, an employer or educational institution where you have an email account), we may share your email address and information about your Account, such as the number of links you have created, with that organization to explore the organization’s interest in creating or managing an enterprise account or for related purposes.

Customer Support – We use various tools for communication and to provide you with customer support. To use customer support, you must provide at least one valid email address. This data processing can include the following data: Name, email address, contract information, job title, employer, customer ID, payment information, communication data. Data is processed to provide the services, offer customer support, communication with interested persons, responding to inquiries and customer relationship management. If the purpose of the contact is to conclude a contract or if you already have an account then we retain your information as needed to verify and provide you access to the services. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, to the extent further storage is not permitted or required by law. Personal data collection in connection with customer support will be shared within Bitly to be used for our joint purposes as described under “Data Sharing and Joint Processing within Bitly.

Email Verification – We use an email verification service. The email address of a user is processed for the purpose of verification and to filter invalid and spam email addresses/domains. All email addresses which are provided to the verification service by us are automatically deleted after the verification process.

Email Marketing – For some services, we use email marketing providers to send transactional emails. When you register for our services, the data you enter during registration is transferred to our email marketing provider. This enables us to send you relevant emails, e.g. to confirm your registration or unsubscribe from our services. Further personal data may be stored and evaluated as a result, especially the user’s activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and operating system). For this purpose, your data will also be stored by our email marketing provider. Your data will not be passed on to third parties for the purpose of sending mails within the scope of using our services, nor will the vendor obtain the right to pass on your data.

Information You Elect to Share – When creating a Bitly Product, you can share that Bitly Product through Third Party Services. Any information that you elect to distribute through Third Party Services, such as a social network post you create, may then become accessible to users of those services. You can also access other Third Party Services through the Services, for example by clicking on links in the Statistics page for a Bitly Product. We recommend that you review the terms of services and privacy policies of such Third Party Services that you access through the Services since Bitly does not control and is not responsible for the privacy practices of these Third Party Services.

Information Shared with Service Providers – We may employ and contract with third parties to perform certain tasks on our behalf and under our direction (our “Service Providers”). We may need to share information about you with our Service Providers in order to fulfill certain business purposes, like providing our product with research and analytics on user behavior and providing advertising products and services to users, processing payments, and providing email marketing and support services. Our agreements with these Service Providers authorize them to use your information only as necessary to provide services to us. Transfers to subsequent third parties are covered by our agreements with our service providers.

Payment Processing – For the transmission and verification of purchases, the data processed include bank account details, billing/shipping address, card expiration date, customer name, CVC code, date/time/amount of transaction, device ID, email address, IP address/location, customer ID, payment card details, tax ID/status, unique customer identifier. We share your data in these cases to allow the payment processing services necessary to process the payments for your account.

Service Optimization – We use a variety of third party vendors in order to optimize our service. Vendors are used to evaluate the flow of visitors to our online offerings and may include behavior, interests or demographic information about visitors as pseudonymous values. With the help of these analyses, we can recognize, for example, which online offer, content or functions of our products are most frequently used or invite re-use. Likewise, we can understand which areas need optimization. Software may be used for analyzing and optimizing online offerings based on feedback functions and pseudonymously performed measurements and analyses of user behavior. In addition to web analytics, we may also use testing procedures, for example, to test and optimize different versions of our online offering or its components.

This processing may include IP address, random unique identifiers, experiment and event data associated with these identifiers (such as device type, variation and experiment IDs, browser and OS version and elements of the site being tested), device screen resolution, device type (unique device identifiers), operating system, browser type, geographic location (country only), preferred language, mouse events (movements, location and clicks), referring URL and domain, pages visited, date and time when website pages were accessed. The legal basis for the processing of personal data is the user’s given consent. In certain cases, your data will be processed on the basis of our legitimate interests of providing efficient, economical and recipient-friendly services and the improvement of our service.

Single Sign On – For some services, we allow users to elect to use single sign on services such as Google OAuth. Single Sign on Services allow users to log in to other online presences with their profile without having to create separate accounts.

Tax and Legal – Your personal data may be transferred to third parties for tax and legal reasons. Possible recipients are professionals (e.g. lawyers, tax consultants and auditors). In addition, data may be transferred to authorities (e.g. tax authorities) for tax and legal reasons. Such data transfer only takes place to recipients who are legally bound to secrecy.

The data may include the email address, IP address of the user’s device, date and time of registration, login information, address, contract information, payment information.

We have a legitimate interest in sharing personal data with professional consultants and auditors for the purpose of appropriate tax and legal consultation, and in some cases we are legally required to share this data.

Trust & Safety Compliance – We may share certain Bitly links, QR Codes, Link in Bio and/or related URLs, and the data collected when you create or interact with a Bitly Product to help detect, deter and prevent malicious, fraudulent or unlawful activity.

With Your Consent – We will share information about you when you direct or otherwise instruct us to do so, such as when you share QR Codes or content with others through the Services, if you intentionally use or direct us or the Services to interact with third parties, or if we notify you that the information you provide will be shared in a particular manner and you provide such information (like sharing/posting it with a third-party Service).

The legal basis for processing of customer data for the Services and related communications is that the processing is necessary for performance of the requested service and management of the customer relationship subject to Bitly Terms of Service. The legal basis for other communications with the customer, such as marketing, is our legitimate interests to promote sales and increase awareness of Bitly Services, and communicate with our interest groups. Where such communications require consent, for example if we wish to market via email our Services to a new customer who is a natural person in the EU, the legal basis is your consent. The legal basis for improving, monitoring and analyzing the Services, and to prevent malicious, fraudulent or unlawful activity is our legitimate interests to ensure security and lawfulness of our Services, including protecting data of our customers and users, and preventing unauthorized or wrongful use.

This personal data is used to authenticate users to allow access to Bitly’s Services, to identify users to provide customer support, and store events and log information about your use of the Services for purposes of audit in case of a security or other incident to have a trail of actions performed by us and our users, to maintain support records, to promote sales and increase awareness of Bitly’s Services, and for purposes of service and product improvement, and to prevent malicious fraudulent or unlawful activity. The data is removed upon request, except for data (such as user name) stored in application logs and audit trails, which are deleted according to our standard data management cycle. We retain the personal data we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable legal obligations. Aggregated data sets that do not contain personal data are stored for an indefinite period for the purpose of business analysis. The personal data is erased from or anonymized in our systems upon request of the data subject or the customer they represent, or if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the data subject, whichever occurs first.

Contracts, Purchase Orders and Invoicing

For any individual that acts as the contact person for our customer, supplier, partner or other entity that we conduct or wish to conduct business with, we process the following information:

  • Basic information (such as name, title, company name, work location and contact information)
  • Business connections
  • Communications

The individual acting as the contact person in a primary source of information, but the personal data may also be collected from your employees, your colleagues, and our (other) customers, suppliers and partners. The personal data is used to discuss business, pursue business opportunities, send notifications related to our services and otherwise communicate with you, contracting, invoicing and making payments. The processing is based on our legitimate interests to comply with contractual obligations, or the terms of agreements we have (or have had), maintaining relationships, and operating our business. In addition, the invoicing related personal data will be used in accounting and reporting, which processing shall be based on our obligations under the law.

Website and Contact Requests

Bitly Inc and Bitly Europe process personal data gathered when you use or access their respective websites, including any and all subdomains of the sites (each “Site”, as applicable), respectively.

Each time Site is accessed, our system automatically collects data and relevant information from the computer system of the calling device.

The following data is collected:

  • Browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The IP address of the user
  • Date and time of access
  • Web pages from which the user’s system accessed our website
  • Web pages accessed by the user’s system through our website

This data is stored in the log files of our system. This data is not stored together with other personal data of the user. The temporary storage of the IP address by the system is necessary for the delivery of the website to the computer of the user. For this purpose, the user’s IP address must be kept for the duration of the session. The storage in log files is done to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our IT systems. An analysis of this data for marketing purposes does not take place. The legal basis for the temporary storage and other processing described above of data and logfiles is our legitimate interest to maintain functionality and ensure security of our website.

If you subscribe to our newsletter, request materials available from the website, send us a contact request, interact with our chat bot or otherwise contact us, we will likely add you to our list of commercial contacts. Please see the section “Newsletter, Events and Marketing” of this Privacy Policy to learn more about personal data processing in that regard. Please note that our services and resources are designed for business customers only (and should not even be interesting to consumers), and thus we presume that everyone contacting us and interested in our services represent a business, not a private individual. Personal data derived from our websites and contact requests are deleted upon request of the contact, if the data is identified as out of date, or if the contact is no longer deemed a suitable candidate for our services.

If you connect with us using various social media platforms and/or professional networks, please note that Btly does not control or have influence over how those platforms process your personal data. We recommend that you contact those third party platforms directly for information on their processing. Here are some links for your convenience:
Twitter: https://twitter.com/de/privacy
YouTube: https://business.safety.google/privacy/
LinkedIn: https://www.linkedin.com/legal/privacy-policy

Bitly may use third-party APIs and software development kits (“SDKs”) to provide certain functions in our Services. We use cookies and similar technologies for the following purposes: Technically necessary; Comfort; Statistics; Marketing. When we use cookies and/ or similar techniques for processing personal data, the types of personal data processed may vary, depending on the categories of cookies or similar techniques. Non-essential cookies are used only with your consent. You have the option of preventing cookies from being

Please see our Cookie Policy and EU Cookie Policy to learn how Bitly and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base.

Newsletters, Events and Marketing

If you subscribe to our newsletter or for other materials (such as blogs, newsletters available on our websites), we will process the given contact information to send the newsletter or provide the materials. Such processing is based on your consent and the necessity to fulfill our obligation to provide the subscribed material(s). The contact information is retained and possibly shared as described below.

We use following information to communicate on and promote our services (as compatible with the original purposes, if data is collected in another occasion):

  • Basic information (such as name, title, company name, work location, contact information)
  • Basic business information
  • Business connections (to our former, current and potential customers and other relevant entities)
  • Expressed interest to our products and services (such as download of specific materials)
  • Communications
  • Events
  • Marketing preferences (such as subscribed newsletter(s))

The information is obtained from you (e.g. in connection with interaction we have with you, the subscription(s) and website forms, event registrations, demo requests or other contact requests and communications (including on third party platforms, such as LinkedIn), or our cooperation partners (for example, our referral partners may disclose us information on potential customers or organizers of events which we sponsor may disclose us information on participants). Subject to your (cookie) consent, this data may be combined with information on online activity data in our website domains. Such data is gathered with cookies, please see our cookie policies for detailed description.

The personal data above is used to generate leads, target marketing activities to the contacts representing potential and current customers (for example to help our sales teams to target their efforts to contacts with potential interest in our services) and other stakeholders (including our suppliers and partners), and to retarget and customize our marketing. Naturally, the data is used to provide product and service updates, announce new materials, invitations to our events, and otherwise market our products and services and provide related information in different channels, such as emails, phone calls, on social platforms and over display. For example, we may retarget relevant contacts by serving new retail content on LinkedIn based on previous engagement with retail content on the Bitly Group websites. In addition, personal data is used, as applicable, for business intelligence, market and customer analysis, reporting and statistical purposes, and to better understand how people interact with our websites and services.

Once we have obtained your consent, the processing is needed to carry out marketing and reach our current and potential customers. You have a right to prohibit use of your contact information in marketing at any time by using the available web-tools (such as the “unsubscribe” button at the end of newsletter) or by sending us a notice (you can find the Contact Information at the very end of this Privacy Policy).

Personal data stored for marketing purposes are deleted upon request of the contact, if the data is identified as out of date, or if the contact is no longer deemed a suitable candidate for our services.

Data Sharing and Joint Processing within Bitly Group

Please note that if you hold a Bitly Account(s) and/or use Bitly Services managed by other Bitly entities, personal data collected by us is combined with personal data collected in connection with such other Services. Sharing and combining the personal data is based on Bitly’s legitimate interests in finding synergies generated from performing, planning, and developing business at the group level, and in promoting sales by cross and up-selling complementary products of group companies. The Bitly group companies have combined their customer support services to provide more effective global customer support. Your inquiries can be answered by both Bitly Europe and Bitly Inc. employees and collaborators. You can assert your data subject rights with Bitly Inc. as well as with us. The primary responsibility under GDPR for the processing of data lies with the entity which you are contracting or which is communicating with you.

Bitly Europe and Bitly Inc. are joint controllers according to Art. 26 GDPR. Bitly Inc. and Bitly Europe GmbH have concluded a joint controller agreement in accordance with the GDPR, in which we have made arrangements about our joint responsibilities with regards to the processing of your personal data. To protect your personal data, we have concluded so-called standard contractual clauses (“SCCs”). SCCs are data protection regulations issued by the European Commission, the conclusion of which imposes legal obligations on the data importer and the implementation of which guarantees compliance with European data protection standards.

Personal data may be transferred outside the European Union and the European Economic Area, including, but not limited to, the United States of America as well as other locations and jurisdictions in which we conduct our business or our service providers are located. Such transfers are performed subject to standard data protection clauses adopted by the EU Commission in accordance with the GDPR, which are made available to the data subject upon request.

Business Transfers

We may transfer and/or provide information about our users in connection with an acquisition, sale of company assets, or other situation where user information would be transferred as one of our business assets. You will be notified via email and/or a prominent notice on our website. In such a case, the acquirer of Bitly may continue to use your information as set forth in this policy or as otherwise allowed by law.

Protection of Bitly and Others

Bitly may access, read, preserve, and disclose any information it collects when it has a good faith belief that doing so is reasonably necessary to (i) comply with a law, regulation, or compulsory legal request, including process from a governmental law enforcement or national security agency, (ii) enforce this Privacy Policy or our Terms of Service, including investigation of potential violations hereof, (iii) detect, deter, prevent or otherwise address malicious, fraudulent or unlawful activity, (iv) respond to user support requests, or (v) protect the rights, property or safety of Bitly, its users and the public. This includes exchanging information with other companies and organizations for protection from malicious, fraudulent or unlawful activity.

Data Analysis and Business Insights

Account, subscription and payment related personal data will be shared also within Bitly to be used for our joint purposes. Please note that if you hold a Bitly Account(s) and/or use any Bitly, such personal data is combined with personal data collected in connection with such Accounts and Services. Sharing and combining the personal data is based on Bitly’s legitimate interests in finding synergies generated from performing, planning, and developing business at the group level, and in promoting sales by cross and up-selling complementary products of group companies.

Bitly has joint business intelligence operations, making use of following personal data shared within Bitly:

  • Account information, subscriptions to the Services, and payment data,
  • User events, account creation, product usage and other usage data (such as logs, encodes, decodes, and page views) from Sites and Services,
  • IP address.

The data sources are the companies that are part of the Bitly Group. The joint controllers also use for purposes of business intelligence data obtained through third party ads campaigns platforms such as information on page views, number of users, costs and clicks, but this information is aggregated or otherwise anonymized prior submittal for use of business intelligence and thus do not contain personal data.

The information is used to analyze the use, interest, and engagement in our Site and other Services to generate and extract relevant information for improving Services, planning and developing Bitly’s business, and communicating more efficiently and meaningfully with our current and prospective customers, for example by following means:

  • We use emails for analyzing an understanding on how many accounts each email or email domain is associated with to determine how many accounts a customer has, which is necessary for purposes of customer management.
  • We use certain criteria based on account type and use for selecting a group of accounts based on the criteria to tailor our marketing and sales activities, for example to provide them with special promotions or suggest Services or subscriptions which would be more suitable for their use or they may find otherwise interesting.
  • We create aggregated reports and dashboards on usage of different Services and features, for example, how many accounts were created per day or encodes were created by month, QR codes created, URLs shortened, Link-In-Bio created or changed, customer domain used, by types of accounts, and page views, which are necessary for Service development, reporting and business planning.
  • We use email, product usage data, and page views for analyzing if specific emails are active, or if they should be deactivated due to long term inactivity.

Insights, reports, mailing lists, and other results of the analysis are created based on the business need, and personal data possibly contained thereto are processed for the purposes of sales, marketing, and product development in accordance with this Privacy Policy.

The legal basis for the processing of data is our legitimate interests in synergies generated from performing, planning, and developing business in group level, and from cross and up-selling complementary products of the Bitly group companies.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, to the extent further storage is not permitted or required by law.

When a user deactivates their account (or we do it based on long-term inactivity), the account information is anonymized. Personal data related to payments is anonymized or erased after the retention period for accounting records and the limitation period of the possible out-standing payments (debt), whichever occurs later under the applicable laws, have passed. Subscription data, product usage data and similar data based on actions of the users is anonymized or erased after three (3) years have passed from the year during which the account was deactivated.

Web Tracking and Statistics

We use web tracking solutions to continuously improve the content and our site from a technical, design and editorial point of view and to make it more convenient for you. Based on the statistical findings on browser type and operating system, we can optimize our web design.

By using these methods, we do not obtain any personal data about you, but rather only statistical information about the use of our websites and product. In this way, we learn, for example, which our websites content is particularly popular, at what times our website is used particularly intensively, via which pages our users reach our site, from where the user has dialed into the Internet before visiting the site, and which browsers and operating systems our users generally use when surfing on our websites. We use this information to continuously improve the content and our site from a technical, design and editorial point of view and to make it more convenient for you. The collected data is stored in a so-called tracking session together with an anonymous user ID (unique hash from browser properties and the current time). Additionally the data collection and processing takes place at all times without personal reference. The statistics are used to enable and enhance the functionality and performance of our website and services and to understand user behavior to improve our website, services and customer experience. The tracking pixel data is stored on the users’ device for up to 12 months.

Customer Support and Management

Bitly works together to provide support services to our customers, and to administer and manage the customer relationships by sharing and using the following personal data:

  • Account information, subscriptions to the Services, billing information, and payment data,
  • Personal data included to the business information (if corporate customer) and accounting information,
  • User events, account creation, product usage and other usage data (such as logs, encodes, decodes, and page views) from Services,
  • Credentials to customer support channel(s) and other tools we may provide,
  • Communications with the customer,
  • IP address,
  • Social media profile information, interactions, contents and other user generated information.

The data sources are the companies part of Bitly. Subject to your consent, we collect information above from your use of our Site and Services by cookies and similar technologies (see our Cookie Policies) to be shared and used across Bitly. The joint controllers also use personal data obtained through following third party Ads campaigns platforms, received as described in this Privacy Policy.

We use the personal data we collect for a variety of administrative and business purposes including:

  • Respond to inquiries, questions and comments and provide customer and technical support, provide access to certain functionalities of our Services,
  • Provide centralized support for customers with extended support hours,
  • Efficient and centralized sales related communication and activities with extended support hours,
  • Maintain central platform for customer communication,
  • Align on and more efficiently communicate with our current and prospective customers concerning our Services,
  • Allow our customers to understand interactions with our Services,
  • Analyzing customer and visitor’s website usage behavior for better understanding of customers and visitors needs and wishes,
  • To help detect, deter and prevent malicious, fraudulent or unlawful activity to protect our Services and customers, and malfunction of the Sites and Services,
  • Manage payments and customer records,
  • Use common financial planning and managing to align and implement group financial strategies and policies.

We process your data to provide customer support, customer communications, to optimize and improve our service and the user experience, and to process and manage payments, or to the extent the purpose of the contact is to conclude a contract or if you already have an Account or otherwise use our Service because such processing and contact is necessary to conclude the contract or provide the Service. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, to the extent further storage is not permitted or required by law.

When a user deactivates their account (or we do it based on long-term inactivity), the account information is anonymized. Payment data is anonymized or erased after the retention period for accounting records and the limitation period of the possible out-standing payments (debt), whichever occurs later under the applicable laws, have passed. Subscription data, product usage data and similar data based on actions of the users is anonymized or erased after three (3) years have passed from the account deactivation or last contact.

Marketing

Bitly works together to provide support services to our customers, and to administer and manage the customer relationships by sharing and using the following personal data:

  • Account information and subscriptions to the Services
  • Other contact details than connected to a registered account
  • Personal data included to the business information (if corporate customer)
  • User events, account creation, product usage and other usage data (such as logs, encodes, decodes, and page views) from Services
  • Social media profile information, interactions, contents and other user generated information
  • Messaging content that individuals choose to share (e.g., social media messages, in-app messages, SMS)
  • Social media and messaging metadata (e.g., number of social media followers, number of posts, number of tweets)
  • Any content, communications, messages, data, and information sent or received by customer through the Services
  • Other individual information (e.g., age, gender, employer, profession, geographic location, education information, financial status, interests and preferences) available on social media or public sources

The data sources are the Bitly group companies. The joint controllers also use personal data obtained through following third party Ads campaigns platforms, received as described in this Privacy Policy: Google Analytics & Ads, LinkedIn Ads & Marketing, Facebook Ads and Microsoft Advertising.

We use the personal data we collect for marketing purposes to:

  • Align on marketing operations and marketing strategies,
  • Run common marketing campaigns
  • Serve end users with interest–based advertising, as well as to measure the effectiveness of advertising campaigns
  • Interact with (potential) customers and business partners to promote Bitly Services

We collect personal data for purposes above through tracking technologies of online marketing partners in connection with our QR Code services as identified in our cookie banner and policy. The legal basis for processing personal data as necessary for marketing is our legitimate interests to promote sales and increase awareness of Bitly Services, and communicate with our interest groups. Where marketing requires consent under applicable mandatory laws, for example if we wish to market via email our Services to a new customer who is a natural person in the EU, the legal basis is the recipient’s consent. If you have given us your consent to share your data with a third-party provider, the legal basis for the data processing is your consent. However, a third-party provider may also form part of our (pre)contractual services, in which case the legal basis for the data processing is that the processing is essential to provide the services. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, to the extent further storage is not permitted or required by law.

Facebook Online Advertising Platforms and Tools

Use of Facebook Comments

We use functions of Facebook Inc. (“Facebook”) to extend the functionality of our online presence. Users can use Facebook Comments to comment on content on our online presence using their Facebook account. Personal data can be stored and evaluated, especially the activity of the user (especially which pages have been visited and which elements have been clicked on) as well as device and browser information (especially the IP address and the operating system). We do not have any information about the exact scope of the collection of personal data. For more information about Facebook’s collection and storage of data, please visit: https://de-de.facebook.com/policy.php

The use of the Facebook Comment Plug-In serves the improvement of the user friendliness of our online presence. We use this plug-in to offer an embedded comment function directly on Facebook without users having to leave our online presence.

Use of Facebook Messenger Customer Chat

We use functionalities of the communication plugin Facebook Messenger Customer Chat to communicate with our users and customers. The plugin enables the integration of Facebook Messenger into the website. Users can communicate with our company at any time with all the functionalities of Facebook Messenger. Users can log into Messenger with their Facebook login or have a conversation as a guest user. The plugin automatically loads the last chat history between the user and our company and allows users logged into Facebook Messenger to continue the conversation from different accesses, even after leaving our website.

Cookies from Facebook are stored on your terminal device in the process.

The following personal data is processed by Facebook as a result:

  • Content provided by users during communication.
  • User data:
  • Unique identifiers, such as device ID, IP address.
  • Name, last name
  • Data of the Facebook account used

For more information on how Facebook processes data, click here:
https://www.facebook.com/legal/technology_terms
https://www.facebook.com/about/privacy
https://www.facebook.com/policies/cookies

Use of Facebook Connect

We use Facebook Connect in order to enable Facebook social network users to log in to other online presences with their Facebook profile without having to create separate accounts there. In order to use Facebook Connect, the user needs a Facebook account. This is always protected by a user name and an individual password. If the user discovers the Facebook Connect logo on an online presence, he can start the login process by clicking on the button. In a pop-up or a new window he can now enter the Facebook login data. After successful authentication, a connection is established between the Facebook profile and the respective online presence via which data can be transferred. The user can now make use of the services of the online presence without having to deposit a separate profile with the personal data there. The user has no way of preventing the transmission of this information when using Facebook Connect. The Facebook Connect login dialog basically shows which data is transmitted. Further information on the collection and storage of data by Facebook can be found here: https://en-gb.facebook.com/policy.php

Your personal data will be stored for as long as is necessary to fulfill the purposes of the use cases described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes. Legal basis for the processing of personal data within products of Facebook. The legal basis for the processing of personal data within Facebook products is your consent. If you contact us via Facebook, we process the data you insert in your message for the purpose of responding to you.

Possibility of revocation of consent and removal from Facebook. You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation. The user can store settings in their Facebook which data may not be transferred. If the user already uses Facebook Connect, they can delete their user account. There is always the alternative possibility of registering directly with us in order to avoid such data transmission. You can prevent Facebook from collecting and processing your personal data by preventing the storage of third-party cookies on your computer, by using the “Do Not Track” feature of a supporting browser, by disabling the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

For more information about how Facebook can opt out of and opt out of Facebook, visit: https://en-gb.facebook.com/policy.php

Google Online Advertising Platforms and Tools

Use of Google Maps

We use the online map service Google Maps of Google LLC (“Google”) to visually display geographical data and embed it in our online presence. Through the use of Google Maps on our online presence, information about the use of our online presence, your IP address and addresses entered with the route plan function are transmitted to a Google server and stored there. Further information on the collection and storage of data by Google can be found here: https://business.safety.google/privacy/

Your personal data will be stored for as long as is necessary to fulfill the purposes described in this Privacy Policy or as required by law.

Use of Google Tag Manager

Scope of Processing of Personal Data

We use Google Tag Manager (https://www.google.com/intl/de/tagmanager/). With Google Tag Manager, tags from Google and third-party services can be managed and bundled and embedded on an online presence. Tags are small code elements on an online presence that are used, among other things, to measure visitor numbers and behavior, capture the impact of online advertising and social channels, use remarketing and targeting, and test and optimize online presences. When a user visits the online presence, the current tag configuration is sent to the user’s browser. It contains statements about which tags are to be triggered. Google Tag Manager triggers other tags that may themselves collect data. You will find information on this in the passages on the use of the corresponding services in this data protection declaration. Google Tag Manager does not access this data.

Your personal data will be stored for as long as is necessary to fulfill the purposes described in this Privacy Policy or as required by law. Advertising data in server logs is anonymized by Google’s own statements to delete parts of the IP address and cookie information after 9 and 18 months respectively.

For more information about the Google Tag Manager:

please visit https://www.google.com/intl/de/tagmanager/faq.html;
and see Google’s privacy policy: https://business.safety.google/privacy/

Use of Google Ads Conversion Tracking

We use the functionalities of Google Ads Conversion Tracking to track how many visitors to our website came via Google Ads. The use of Google Ads Conversion Tracking serves us to track the origin of our website visitors.

The following personal data is processed by Google:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP address

However, since we do not control or materially influence the processing of your personal data by Google, we cannot provide any binding information on the purpose and scope of the processing of your data. Further information on the processing of data by Google can be found here: https://business.safety.google/privacy/

Use of Google Enhanced Conversions

We use functionalities of Google Enhanced Conversion Tracking to improve the accuracy of your conversion measurement. The use of Google Ads Conversion Tracking serves us to track the origin of our website visitors.

The following personal data is processed by Google as a result:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP address
  • E-mail address
  • Phone number
  • First name
  • Last name
  • Country of residence

This data is secured by using a one-way hashing algorithm called SHA256. Hashed data maps the original string of characters to data of a fixed length. An algorithm generates the hashed data, which protects the security of the original text. This data can only be linked to a user, if the User has a Google Account for which the same email address is used and the user agreed to personalized advertising in their Google account. Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

However, since we do not control or materially influence the processing of your personal data by Google, we cannot provide any binding information on the purpose and scope of the processing of your data. Further information on the processing of data by Google can be found here: https://business.safety.google/privacy/

Use of Google Analytics

Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site (e.g., to measure reach). In connection with the use of Google Analytics, location data (information on the geographical position of a device or person) may be processed in addition to metadata and communication data (e.g. device information and IP addresses). Usage data (e.g. access to websites, clicks, access times), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms) or inventory data (e.g. names, addresses) may also be processed. Google Analytics has been supplemented by the code “gat._anonymizeIp();” in order to ensure that IP addresses are collected anonymously (IP masking).

On our behalf, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage. Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

Google Signals

We have activated Google Signals in Google Analytics. This special aspect of Google Analytics involves cross-device tracking. If you have permitted personalized ads in your Google account, your data can be analyzed across multiple devices. The data is collected and linked to the Google account. This helps us to understand the behavior of visitors and users and how you interact with our websites and products across multiple devices and sessions to improve our service and marketing measures.

Use of Google Optimize

We use Google Optimize to evaluate the flow of visitors to our online offerings and may include behavior, interests or demographic information about visitors as pseudonymous values. With the help of these analyses, we can recognize, for example, which online offer, content or functions of our products are most frequently used or invite re-use. Likewise, we can understand which areas need optimization. In addition to web analytics, we may also use testing procedures, for example, to test and optimize different versions of our online offering or its components. This processing includes usage data (e.g. web pages visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses).

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, in the context of web analysis, A/B testing and optimization, no clear data of the users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

The purposes of this processing are reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavior-related profiling, use of cookies); provision of our online offering and user-friendliness. Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

Processing of personal data within Google products is based upon your consent. However, in some cases the use of a Google product may also form part of our (pre)contractual services, or our interest in providing our users with efficient, economical and recipient-friendly services and the improvement of our service.

Use of Google AdSense and/or Ads Manager

In connection with Destination Preview, there may be advertising delivered by Google AdSense (https://adsense.google.com/) or Ad Manager (https://admanager.google.com/). Google may use cookies to serve ads based on a user’s prior visits to your website or other websites. Google’s use of advertising cookies enables it and its partners to serve ads to your users based on their visits of certain websites. If you are in the European Economic Area (EEA), the UK, and Switzerland, Bitly will obtain your consent for the use of cookies or other local storage related to any such advertising, where legally required, and for the collection, sharing, and use of personal data for any ads personalization (if any).

Possibility of Revocation of Consent and Removal from Google

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation. You may prevent the collection and processing of your personal data by Google by preventing the storage of cookies by third parties on your computer, by using the “Do Not Track” function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker to Google and to prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
With the following link you can deactivate the use of your personal data by Google: https://adssettings.google.de
Further information on objection and removal options against Google can be found at: https://business.safety.google/privacy/

For more information on terms of use and data protection in connection with Google Analytics, please visit www.google.com/analytics/terms/de.html or www.google.com/intl/de/analytics/privacyoverview.html. In addition, you can object to processing on the basis of legitimate interest by sending an email to [email protected].

Rights under the GDPR

If you are a resident of the EEA or Switzerland, or otherwise subject to the GDPR, and we process your personal data, you have the right to ask for the following rights:

  • In all cases a right to be informed about processing by Bitly that pertains to personal data based on which you may be identified, and access to a copy of such personal data (Art. 15 GDPR).
  • If the personal data that is being processed is incorrect or inaccurate, you are entitled to demand for the data to be corrected (Art. 16 GDPR).
  • Subject to the conditions set in the GDPR, you may demand for the deletion or limitation of the processing and have the right to object to the processing altogether (Art. 17, 18, and 21 GDPR).
  • If the processing is based on your consent or a contract and the processing of data is carried out using automated procedures, you may be entitled to data transferability (Article 20 GDPR).
  • If you have consented to the processing of your data by the data controller, you may revoke your consent at any time. The legality of the data processing carried out on the basis of the consent that was obtained prior to the revocation will not be affected.

Furthermore, you have a right to appeal to the competent supervisory authority (Art. 77 GDPR) if you deem the personal data processing by us to violate the GDPR or other applicable data protection laws.

Landesbeauftragte für Datenschutz und Informationsfreiheit

Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: [email protected]

Contact details of authorities in other EU Member States can be found from the directory maintained by the European Data Protection Board.

Contact Details for questions and Exercising your rights

If you have any questions or concerns regarding privacy when using the Services or wish to use your rights, such as object the processing or have your personal data removed, please send us a detailed message to: [email protected] or [email protected]. In addition to email you may exercise any of your rights by sending a request to us, our contact details are provided in “Contact Information” above.

We will make every effort to resolve your concerns. Once we receive your request, we will ask that you verify your identity such as by authenticating through your account. Please note that if you do not have a Bitly account, Bitly has no way of identifying you or verifying that you created or clicked on a Bitly Product, or otherwise interacted with our Services.

You may be entitled, in accordance with applicable law, to submit a request through an authorized agent. To designate an authorized agent to exercise your rights and choices on your behalf, please provide a written attestation, declaration, or permission that has either been physically signed or provided electronically per applicable law. In certain circumstances, we may be required by law to retain your personal data.

Tools available to exercise your rights

If you have a Bitly Account, you may access, correct, or request deletion of your personal data by logging into your Account. For Bitly Link, Link in Bio and QR Code services, once logged in to your account, you will be able to view a history of the URLs you have shortened and the metrics pages for those URLs. You can request a complete copy of the personal data we store about your account by clicking the button to request a report in your Account Settings. You can delete your Account at any time through your Account settings page. If you delete your Account, you will no longer be able to access or use the Services. If you have an Account but are unable to access it, you can contact us at [email protected]. We will respond to your request within a reasonable timeframe.

As a Bitly Europe QR Code Services user you have the possibility to cancel the registration at any time by using the tools in the Service or via an email to customer support or [email protected]. You can object to the storage of your personal data at any time. In this case, all personal data stored will be deleted to the extent permitted by law or no opposing legitimate interest prevails. To do so, please send an email to [email protected].

Please note that in the interest of ensuring that existing Bitly Products continue to function for all of our users, the Bitly Products that you have created and shared cannot be deleted or disabled (even if your Account is deleted), and any shortening and sharing activity that has already occurred on your Account also cannot be deleted. If you have concerns about any unauthorized use of your Account, you can delete your account within your Account settings.

International transfers of personal data

Depending on your location, information about you may be transferred to the United States or other countries outside the EU or European Economic Area (EEA) or may be processed there. These data transfers are necessary to provide you with the Services and functionalities you have requested as outlined in this policy.

To protect your personal data, we rely on appropriate legal basis for each data transfer. In particular, we use contractual safeguards such as Standard Contractual Clauses approved by the European Commission. Where applicable, we base data transfers also on adequacy decisions issued by the European Commission.

Please feel free to contact us for further information about international data transfers, including to obtain access to a copy of applicable safeguards.

California Privacy Rights

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020, provides you with specific rights regarding your “personal information,” as that term is defined under the CCPA. This section describes the rights that California consumers have and explains how to exercise those rights. For the purposes of this section, personal information does not include: (i) information that is lawfully made available from federal, state or local government records; (ii) de-identified or aggregated data; or (iii) information excluded from the scope of the CCPA. To be clear, these rights are granted only to the extent that you are a California consumer and we are acting as a “business” under the CCPA with respect to your personal information. The rights in this section are not intended to grant you additional rights, but only your rights under the CCPA.

Information We Collect; How We Collect It; How We Use It

We have collected the following categories of personal information from consumers from the sources described in the Privacy Policy above, specifically the categories of sources identified in the subsection titled “Bitly Connections Platform Services” (under the section “Bitly Group Services”), and have shared such personal information with the following categories of third parties within the last twelve (12) months:

Category

Examples

Business or Commercial Purposes for Collecting Personal Information

Disclosed in the Prior Twelve (12) Months for the Following Business Purposes

“Sold” or “Shared” in the Prior Twelve (12) Months for the Following Purposes

Categories of Third Parties With Whom We Disclose, Sell, or Share Personal Information

A. Personal identifiers.

A real name, postal address, online identifier, Internet Protocol address, email address, account name.

To register your Bitly account or create a Bitly link

To communicate with you

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

For the security and integrity of our services, to verify or maintain the quality or safety of services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

B. Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Some personal information included in this category may overlap with other categories.

A name, physical characteristics or description, address, telephone number, credit card number, debit card number, or any other financial information, medical information.

To register your Bitly account

To communicate with you

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

C. Protected classification characteristics under California or federal law.

Age and gender.

Marketing and advertising

None

Service providers who perform business services for us

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

To provide customer support

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

To register your Bitly account or create a Bitly link

When you interact with a Bitly link, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

G. Location data.

Physical location.

To create a Bitly link

When you interact with a Bitly link, to detect, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

H. Inferences drawn from other personal information for profiling purposes.

Used to create a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

When you interact with a Bitly link, as needed to provide services to our customers

Marketing and advertising

Service optimization and analytics

To detect, deter and prevent malicious, fraudulent or unlawful activity

Helping to ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors

Undertaking internal research for service optimization

Providing advertising and marketing services

Auditing related to counting ad impressions to unique visitors

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.

None

Service providers who perform business services for us

We do not use or disclose sensitive personal information, as that term is defined under the CCPA. The categories of personal information described above are anonymized or erased from our systems upon request, if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the relevant individual, whichever occurs first.

Selling or Sharing of Personal Information

Bitly does not “sell” or “share” your personal information to third parties, as those terms are used in the CCPA.

Rights to Your Information

a. Right to Know

As a California consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale/sharing of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • The categories of personal information we collected about you.
  • The categories of sources from which the personal information is collected.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (see Data Portability Rights below).

b. Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. However, we may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to perform certain actions set forth under the CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.

c. Right to Data Portability

You have the right to request a copy of the personal information we have collected and maintained about you in the past 12 months. The CCPA allows you to request your information from us up to twice during a 12-month period. We will provide our response in a readily usable (and usually electronic) format.

d. Right to Correct

You have the right to request the correction of any personal information we maintain about you.

e. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

f. Exercising Your Rights

To exercise the rights described above, please contact us by using the following methods:

After submitting a request, we will take steps to verify your identity in order for us to properly respond and confirm that it is not a fraudulent request. In order to verify your identity, we will ask, at a minimum, that you provide your name, email address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. Depending on the request, if we are unable to verify that the consumer submitting the request is the same individual about whom we have collected personal information, we may contact you for more information, or we may not be able to meet your request.

Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your personal information. If you are making a request as the authorized agent of a California consumer, we will ask you to submit reliable proof that you have been authorized in writing by the consumer to act on such consumer’s behalf.

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the CCPA allows us up to 90 days to respond. We will still contact you within 45 days from when you contacted us to let you know we need more time to respond.

California “Shine the Light”

In addition to the above rights, under California Civil Code Section 1798.83 (“Shine the Light”), California residents may have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us by email at [email protected]. If you do not want your personal information shared with any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to us at [email protected].

Contacting Us

If you have questions or concerns about this privacy policy, your California privacy rights, or our information practices, please email us at [email protected].

Virginia/Colorado/Connecticut and certain other U.S. State Privacy Rights

The Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the Connecticut Data Privacy Act and similar laws in other U.S. states (“State Privacy Laws”) provide their consumers with specific rights regarding their personal data. To the extent that you are a resident of one of these states, this section describes your rights under the State Privacy Laws and explains how you may exercise these rights.

The categories of personal data we process, our purposes for processing your personal data, the categories of personal data that we share with third parties, and the categories of third parties with whom we share it are set forth in the terms of the Privacy Policy above.

Rights to Your Information

In addition to the rights set forth in our Privacy Policy, the State Privacy Laws provide you with the following rights:

  • Right to know. You have the right to know whether we process your personal data and to access such personal data.
  • Right to data portability. You have the right to obtain a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means. You may request such personal data up to twice annually, subject to certain exceptions.
  • Right to delete. You have the right to delete personal data that you have provided by or that we have obtained about you. Please note that we may deny such a request if the requested deletion falls under an exception as set forth in the State Privacy Laws. Additionally, if you request deletion of your personal data and we have obtained such information from a third-party source, we may retain such data by keeping a record of the deletion request and the minimum data necessary to ensure that your personal data remains deleted from our records and that such retained data is not used for any other purpose, or we may opt you out of the processing of such personal data for any purpose except for those allowed under the State Privacy Laws.
  • Right to opt out. You have the right to opt out of the processing of the personal data for purposes of: (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. As of the latest date of the Privacy Policy:
    • We do not process personal data for the purposes of targeted advertising;
    • We do not sell your personal data; and
    • We do not engage in profiling decisions based on your personal data that produce legal or similarly significant effects concerning you.
  • Right to correct. You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes for which we process it.
  • Right to nondiscrimination. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. Unless permitted by the State Privacy Laws, we will not:
    • Deny you goods or services;
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
    • Provide you a different level or quality of goods or services; or
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How to Exercise Your Rights; Verifying Your Identity

To exercise any of your privacy rights, or if you have any questions about your privacy rights, you may contact us by:

After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that your request is not fraudulent. We may contact you for additional information as reasonably necessary to authenticate your request, but if we are ultimately unable to authenticate your request using reasonable commercial efforts, then we may not be able to comply with it.

Only you or your authorized agent may make a verifiable request related to your personal data. If you are making a request as the parent or legal guardian of a known child regarding the processing of that child’s personal data, we may ask you to submit reliable proof of your identity.

Response Time; Your Right to Appeal

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the State Privacy laws allow us up to 90 days to respond. We will contact you within 45 days from when you contacted us to inform you of the need for additional time and the reason for such extension. We may charge you a reasonable fee to cover administrative costs if your requests are manifestly unfounded, excessive, or repetitive.

If we decline to take action on a request that you have submitted, we will inform you of our reasons for doing so, and provide instructions for how to appeal the decision. You will have the right to appeal within a reasonable period of time after you have received our decision. Within 60 days (45 days for residents of Colorado) of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general’s office to submit a complaint.

Nevada Privacy Rights

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal data that we have collected (or may collect) from you to data brokers or other third parties. You can exercise this right by emailing us at [email protected] with the subject line “Nevada Do Not Sell Request.”

Children’s Privacy

We do not knowingly collect personal data from children. If we learn that we have collected personal data of a child under 13 (or older as required by applicable law), we will take steps to delete such information from our systems as soon as possible. If you believe we might have any personal data from or about a child under 13, please contact us at [email protected].

Data Privacy Framework (EU-US, UK Extension and Swiss-US)

Bitly complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Bitly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Bitly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Bitly commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS Data Privacy Framework Dispute Resolution, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS Data Privacy Framework Dispute Resolution are provided at no cost to you.

Bitly is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, individuals have the right to invoke binding arbitration related to their personal data. In some cases, we hold liability in cases of onward transfers of data to third parties.

Changes to our Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time. If we make material changes in the way we collect or use information, we will provide notice by posting an announcement on the Services or sending you an email, and we will indicate when those changes will become effective. You are agreeing to any changes to the Privacy Policy when you use the Services after those changes become effective.