Kontakt Marcel

Privacy Policy

Valid from 7 March 2023

FOR USERS OF OUR SERVICES

We are pleased that you are visiting our platform. Together with our technical service provider, we offer you the opportunity to participate in this service. Information about the model and the idea behind it can be found on the page.

The purpose of this privacy policy is to inform you about the processing of your personal data that we collect from you when you visit our website. Our data protection practice is in line with the legal regulations of the EU's General Data Protection Regulation (GDPR). The following data protection declaration serves to fulfill the information obligations resulting from the GDPR. These can be found, for example, in Art. 13 and Art. 14 et seq. GDPR.

Google Single-Sign-On (SSO)

If you are using "Login with Google" to authenticate on our platform, we will use your Google profile data as follows:

  • We access your Google profile first name and last name, email address and profile picture.
  • We use that data to sign you up with your Google email address, and we pre-fill your first name, last name and profile picture with your Google profile data. You can change that data later on.
  • We store the data on our secure, dedicated database server hosted by ISO 27001-certified provider Hetzner Online GmbH in Nuremberg, Germany.
  • We do not share your data with any third party.

LinkedIn Single-Sign-On (SSO)

If you are using "Login with LinkedIn" to authenticate on our platform, we will use your LinkedIn profile data as follows:

  • We access your LinkedIn profile first name and last name, email address and profile picture.
  • We use that data to sign you up with your Google email address, and we pre-fill your first name, last name and profile picture with your LinkedIn profile data. You can change that data later on.
  • We store the data on our secure, dedicated database server hosted by ISO 27001-certified provider Hetzner Online GmbH in Nuremberg, Germany.
  • We do not share your data with any third party.

Microsoft Single-Sign-On (SSO)

If you are using "Login with Microsoft" to authenticate on our platform, we will use your Microsoft profile data as follows:

  • We access your Microsoft profile first name and last name, email address and profile picture.
  • We use that data to sign you up with your Microsoft email address, and we pre-fill your first name, last name and profile picture with your Microsoft profile data. You can change that data later on.
  • We store the data on our secure, dedicated database server hosted by ISO 27001-certified provider Hetzner Online GmbH in Nuremberg, Germany.
  • We do not share your data with any third party.

Processor

Regarding our website, some processors are used. If they are used for a particular function or web service, they will be explicitly named at that location. The following processor is used: Mystery Minds GmbH, Barer Str. 71, 80799 Munich, Germany.

Mystery Minds GmbH is the technical service provider behind this service. Without the use of Mystery Minds GmbH, the provision of the platform functions is not technically possible for us.

Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the respective retrieving device (e.g. computer, cell phone, tablet, etc.).

What personal data is collected and to what extent is it processed?

  1. Information about the browser type and version used;

  2. The ISP of the provider;

  3. The operating system of the retrieval device;

  4. Host name of the accessing device;

  5. The IP address of the retrieval device;

  6. Date and time of access;

  7. Websites and resources (images, files, other page content) accessed on our website;

  8. Websites from which the user's system accessed our website (referrer tracking);

  9. Message whether the retrieval was successful;

  10. Amount of data transferred

This data is stored in the log files of our system. A storage of this data together with other personal data of a concrete user does not take place, so that an identification of individual site visitors does not take place.

The data is also anonymized immediately after collection in such a way that it is no longer possible to draw conclusions about the individual person on the basis of the IP address. By evaluating the anonymized data, we can monitor and improve the stability and availability of our website over a longer period of time.

Legal basis for the processing of personal data

Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.

Purpose of data processing

The storage and processing of personal data is also carried out to maintain the compatibility of our website for as many visitors as possible and to combat misuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the retrieving computer in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. In addition, we use the data to optimize the website and to generally ensure the security of our information technology systems.

Duration of storage

The deletion of the aforementioned technical data takes place as soon as they are no longer needed to ensure the compatibility of the website for all visitors, but no later than 3 months after accessing our website.

Possibility of objection and deletion

You can object to the processing at any time pursuant to Art. 21 GDPR and request deletion of data pursuant to Art. 17 GDPR. You can find out which rights you have and how to exercise them in the lower section of this privacy policy.

Registration and user account

What personal data is collected and to what extent is it processed?

You can register for a user account via our registration form. The registration itself can be completed by providing an email address, answering the other mandatory information and entering a password.

After the registration of the user account, further data (e.g. profile picture) can be entered in the profile on a voluntary basis and stored in the account.

Legal basis for the processing of personal data

The registration form is part of the contract regarding the user account. Art. 6 (1) (b) GDPR (performance of (pre)contractual measures)

Purpose of data processing

We will use the email address to send you the relevant appointment invitations and to enable you to log in.

The other data is used to determine joint appointments and to assign suitable colleagues.

The data will be deleted after you unsubscribe from this service or the contract between us and our technical service provider ends.

Your rights

Your rights are governed by the general rules described below in this Privacy Policy. You can contact us at any time if you no longer wish to participate.

Necessity of providing personal data

The use of the registration form on our site and the creation of an account is contractually required for the use of the protected area. The use of the content protected by the login area is not possible without entering the requested personal data. If you wish to use our login area, you must fill in the fields marked as mandatory. Registration is not possible if the data you have entered are obviously incorrect.

Information on the use of cookies

What personal data is collected and to what extent is it processed?

On various pages, we integrate and use cookies to enable certain functions of our website and to integrate external web services. The so-called "cookies" are small text files that your browser can store on your access device. These text files contain a characteristic string that uniquely identifies the browser when you return to our website. The process of saving a cookie file is also referred to as "setting a cookie". Cookies can be set here both by the website itself and by external web services. Cookies are set by our website or external web services in order to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognize individual visitors by pseudonyms, such as a unique or random IDs, so that we can provide more customized services. Details are listed in the following table.

Legal basis for the processing of personal data

Insofar as the cookies are processed on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR, this consent shall also be deemed to be consent within the meaning of Section 25 para. 1 TTDSG for the setting of the cookie on the user's terminal device. Insofar as another legal basis is mentioned according to the GDPR (e.g. for the fulfillment of a contract or for the fulfillment of legal obligations), the storage or setting takes place on the basis of an exception according to Section 25 (2) TTDSG. This exists "if the sole purpose of storing information in the end user's terminal equipment or the sole purpose of accessing information already stored in the end user's terminal equipment is to carry out the transmission of a message via a public telecommunications network" or "if the storage of information in the end user's terminal equipment or the access to information already stored in the end user's terminal equipment is absolutely necessary in order for the provider of a telemedia service to provide a telemedia service expressly requested by the user". Which legal basis is relevant can be seen from the cookie table listed later in this item.

Purpose of data processing

The cookies are set by our website or the external web services to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognize individual visitors by pseudonyms, such as a unique or random IDs, so that we can provide more customized services. Details are listed in the following table.

Duration of storage

Our cookies are stored until deleted in your browser or, if it is a session cookie, until the session expires. Details are listed in the following table.

Possibility of objection and removal

You can set your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide on a case-by-case basis whether to accept cookies or accept cookies in principle. Cookies can be used for various purposes, e.g. to recognize that your access device is already connected to our website (permanent cookies) or to store recently viewed offers (session cookies). If you have expressly given us permission to process your personal data, you can revoke this consent at any time. Please note that the legality of the processing carried out on the basis of the consent until the revocation is not affected.

Disclosure of cookies

PHPSESSID

Provider: Website operator

Reason: Cookie required by applications based on the PHP programming language. The cookie is stored during a session and required to keep website settings during an active session (i.e., a website visit).

Legal basis: §6.1f GDPR

Retention: ~24 hours

Type: Configuration

language

Provider: Website operator

Reason: The cookie is required to provide language detection features to the user.

Legal basis: §6.1f GDPR

Retention: ~2 years

Type: Configuration

_pk_*

Provider: Website operator

Reason: These cookies are required by our local installation of Matomo. The server calculates statistics regarding the website visit. The insights from this analysis are used to improve our website and to measure usage of our website.

Legal basis: §6.1f GDPR

Retention: ~13 months

Type: Product advancement

cly_*

Provider: Website operator

Reason: These cookies are required by our local installation of Countly. The server calculates statistics regarding the website visit. The insights from this analysis are used to improve our website and to measure usage of our website.

Legal basis: §6.1f GDPR

Retention: ~12 months

Type: Product advancement

Data security and data protection, communication by email

Your personal data are protected by technical and organizational measures during collection, storage and processing so that they are not accessible to third parties. In the case of unencrypted communication by email, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or the postal service for information requiring a high level of confidentiality.

Right to information and correction requests - Deletion & restriction of data - Revocation of consent - Right of objection

Right to information

You have the right to request confirmation as to whether we are processing personal data about you. If this is the case, you have the right to information on the information named in Art. 15 (1) GDPR, insofar as the rights and freedoms of other persons are not affected (cf. Art. 15 (4) GDPR). We will also be happy to provide you with a copy of the data.

Correction claim

In accordance with Art. 16 GDPR, you have the right to have any incorrect personal data stored with us (such as address, name, etc.) corrected at any time. You can also request a completion of the data stored by us at any time. A corresponding adjustment will be made immediately.

Right to deletion

Pursuant to Art. 17 (1) GDPR, you have the right to demand that we delete the personal data we have collected about you if

  • the data is either no longer needed;

  • due to the revocation of your consent, the legal basis of the processing has ceased to exist without replacement;

  • you have objected to the processing and there are no legitimate grounds for the processing;

  • your data is processed unlawfully;

  • a legal obligation requires this or a collection pursuant to Art. 8 (1) GDPR has taken place.

According to Art. 17 (3) of the GDPR, the right does not exist if

  • the processing is necessary for the exercise of the right to freedom of expression and information;

  • Your data has been collected on the basis of a legal obligation;

  • the processing is necessary for reasons of public interest;

  • the data is necessary for the assertion, exercise or defense of legal claims.

Right to restriction of processing

According to Art. 18 (1) GDPR, you have the right in individual cases to request the restriction of the processing of your personal data.

This is the case when

  • the accuracy of the personal data is disputed by you;

  • the processing is unlawful and you do not consent to erasure;

  • the data is no longer required for the purpose of processing, but the collected data is used for the assertion, exercise or defense of legal claims;

  • an objection to the processing pursuant to Art. 21 (1) GDPR has been lodged and it is still unclear which interests prevail.

Right of revocation

If you have given us express consent to process your personal data (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR), you may revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.

Right to object

In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data relating to you that has been collected on the basis of Art. 6 (1) f (in the context of a legitimate interest). You only have this right if there are special circumstances against the storage and processing.

How do you exercise your rights?

You can exercise your rights at any time by contacting us at the contact details below:

support@mysteryminds.com

Right to data portability

Pursuant to Art. 20 GDPR, you have a right to the transmission of the personal data concerning you. The data will be provided by us in a structured, common and machine-readable format. The data can be sent either to you or to a person responsible named by you.

We provide you with the following data upon request according to Art. 20 para. 1 GDPR:

  • Data collected on the basis of explicit consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR;

  • Data that we have received from you in accordance with Art. 6 Para. 1 lit. b GDPR within the framework of existing contracts;

and the data that have been processed within the framework of an automated procedure.

We will transfer the personal data directly to a controller of your choice, as far as this is technically feasible. Please note that we may not transfer data that interferes with the freedoms and rights of other persons pursuant to Art. 20 (4) GDPR.

Right of appeal to the supervisory authority pursuant to Art. 77 (1) GDPR

If you suspect that your data is being processed illegally on our site, you can of course bring about a judicial clarification of the issue at any time. In addition, any other legal option is open to you. Independently of this, you have the option of contacting a supervisory authority in accordance with Art. 77 (1) GDPR. The right of complaint pursuant to Art. 77 GDPR is available to you in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the places mentioned above. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

FOR VISITORS OF OUR HOMEPAGE (www.mysteryminds.com)

Scope and subject of the privacy policy

The subject of this privacy policy is providing information as to whether and to what extent we collect personal data via our website, which can be accessed at https://www.mysteryminds.com/, and for which purpose this data is processed. In doing so, we fulfil our obligation under Articles 13 and 14 of the GDPR to inform you in detail and transparently about the collection of personal data on our website. This data protection declaration applies exclusively to the aforementioned website. Insofar as links are provided to other sites, we have neither influence nor control over the linked contents and the data protection regulations there. We recommend checking the privacy statements on those websites to determine whether and to what extent personal data is collected, processed, used and/or made available to third parties.

Definitions

This Privacy Policy is based on the terminology used by the European legislator for directives and regulations, when enacting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be read and understood in an easy manner by both the public as well as by our customers and business partners. To ensure this, we would like to explain the terms used.

We use the following terms, among others, in this data protection declaration:

Personal Data

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Affected Person

Affected person is any identified or identifiable natural person whose personal data are processed by the data controller.

Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third Party

A Third Party is a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons that is authorised to process the personal data under the direct responsibility of the data processor or the data processor.

Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Name and contact information of the controller / data protection officer

Mystery Minds GmbH, Barer Str. 71, 80799 München, represented by its managing director Christoph Drebes, Stefan Melbinger, e-mail: info@mysteryminds.com

Categories of personal data processed on our website

Website visit

a) Personal data

IP-address, cookie ID

b) Description

You can visit our website without providing any personal information. However, when you visit our website, we collect so-called usage data and store these in a log file (log file). This access data also includes the IP address. In addition, the name of the website accessed, the file accessed, the date and time of access, the amount of data transferred and notification of successful access, the browser type and version, the operating system, the so-called referrer URL (the previously visited page) and the requesting provider are stored in the log file. However, it is not possible to draw any conclusions about your person from this data.

In addition, cookies are stored on your terminal device (laptop, tablet, smartphone or PC) when you visit our website. For details on the cookies used on the website, the specific purpose of the cookies and a description of how you can delete these cookies, please refer to the cookie- and opt-out notices.

We collect the log file data, including the IP address, in order to ensure a smooth connection establishment of the website and to enable a comprehensive and convenient use of our website by the users. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. Cookies also enable us to make the use of our offer and our website more pleasant for the visitor, for example by using cookies to determine whether you have already visited a single page of our website. With the help of the cookie identification we also receive information about the user behaviour on our website or the search queries with which you reach our site and can adapt the offer to the interests of the user on future visits.

c) Purpose of the data processing

We collect the log file data, including the IP address, in order to ensure a smooth connection establishment of the website and to enable a comfortable use of our website by the users. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. Cookies also enable us to make the use of our offer and our website more pleasant for the visitor, for example by using cookies to determine whether you have already visited a single page of our website. With the help of the cookie identification we also receive information about the user behaviour on our website or the search queries with which you reach our site and can adapt the offer to the interests of the user on future visits.

d) Justifiable interests

The log file data, including the IP address, are only used for the technical and design optimization of the website and the backup of our systems (e.g. in the context of an attack on our IT or a security incident). If our website is accessed, no personal reference can be made from the data of the log file, including the IP address. This can only be the case if you log into your customer account at the same time. In this case we can assign the IP address to you directly]. For example, we use the cookie identification to find out whether and to what extent you have already visited our website, whether you have already registered with us using a specific identification and when you returned to it. Details and information on how to delete cookies can be found in the document Cookie and Opt Out Notes.

e) Recipient of the data
Company

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland

Description

Hetzner Online GmbH is responsible for the hosting of the website. The servers are held in a highly secure data center which is based in Germany.

Information on privacy

https://www.hetzner.de/rechtliches/datenschutz/

f) Data retention

The IP address will be deleted two months after its collection from our servers. Details on the cookies, their storage period and how you can delete this data (your right of objection) can be found under Opt-Out data protection.

g) Corresponding legal basis

Art 6 s.1(f) GDPR

h) Mandatory or required provisions

The provision of personal data is neither required by law nor by contract. However, without the provision of the cookie-id, the service and functionality of our website may be limited.

Category registration

You have the option of registering to use our services via our website. We process the data exclusively in connection with your registration and correspondence as part of our range of services. If and to the extent that we pass on personal data to third parties (sponsors, partners and exhibitors), we will obtain your prior express consent.

a) Personal data

E-mail address, first and last name, company, contact address, number of employees

b) Purpose of data processing

We use the data for the registration process for billing purposes and with the proviso that we can offer you tailor-made service packages.

c) Recipient of the data

The data is stored on our own server. Your registration data will not be passed on to third parties. We are the recipients of the data ourselves.

d) Retention of data

Until you request the deletion of your personal data. In all other respects, the duration of the data storage depends on the legal retention periods (as far as accounting and invoice data are concerned: 10 years)

e) Legal basis

Art. 6 s. 1 a) GDPR

f) Mandatory or required provision

The provision of personal data is neither required by law nor by contract. However, it is not possible to use our payable services without this piece of information.

g) Special right of revocation

You have the right to revoke your consent to the processing of your personal data at any time. The legality of the processing based on your consent until your revocation remains unaffacted.

Category contact form

a) Personal data

e-mail address, first and last name, date, time, commentary (request)

b) Description and purpose of the data processing

We use a contact form on our website to exchange information with our customers and interested parties and to answer their requests and inquiries. We process the inquiries and information sent to us in this context to process your inquiry and to contact you. At the same time, if you register as a customer with the same data, the data will be used to assign you to your profile. We also use your contact form data including the inquiry itself for the preparation of quotations.

c) Recipient and processor of data

We store the personal data that we have received from you via the contact form on our own servers. The highly secure servers are provided by the following service providers:

  • Company: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland
  • Description: Hetzner Online GmbH is responsible for the hosting of the website. The servers are held in a highly secure data center which is based in Germany.
  • Information on privacy:  https://www.hetzner.de/rechtliches/datenschutz/
Additional service providers:
Pipedrive
  • Company: Pipedrive Inc, 460 Park Ave South, New York, NY 10016, USA
  • Description: Pipedrive is a sales management tool designed to help small sales teams manage intricate or lengthy sales processes.
  • Transfer to third countries: Yes
  • Information on privacy: https://www.pipedrive.com/en/privacy
  • Privacy shield certification: The EU-US Privacy Shield is a data protection agreement between the European Union and the USA, which essentially consists of a number of assurances made by the USA to the EU. The Convention regulates the protection of personal data transferred from a member state of the European Union to the USA. The self-certification regulated therein by the American companies can be used as a basis according to Art. 45 DS-GMO that the recipient organisation offers an adequate level of protection. https://www.privacyshield.gov/participant?id=a2zt0000000TSfxAAG&status=Active
  • Opt-out: -
Hubspot
  • Company: HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA
  • Description: HubSpot is a comprehensive platform for marketing, sales, and customer service that helps businesses nurture and optimize customer relationships. We use HubSpot to analyze website visits, manage contact data, and conduct marketing activities. Contact data may be linked with additional information received from you.
  • Transfer to third countries: Yes
  • Information on privacy: https://legal.hubspot.com/privacy-policy
  • Privacy shield certification: HubSpot adheres to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. These frameworks establish standards for the processing of personal data from the European Union and Switzerland in the United States. For more information, please visit: https://legal.hubspot.com/privacy-policy#international-data-transfers
  • Opt-out: If you do not wish your data to be collected through HubSpot, you can disable collection by adjusting the cookie settings in your browser or by opting out through the methods specified in HubSpot's privacy policy.
Google Drive
  • Company: Google LLC, Google Data Pratection Office 1600 Amphitheatre Pkwy Mountain View, California 94043
  • Description: Google Drive is a file storage and synchronization service developed by Google. Google Drive allows users to store files on their servers, synchronize files across devices, and share files. We use Google Drive to automatically create and store documents, in particular letters and letters with personal data, on a case-by-case basis.
  • Transfer to third countries: Yes
  • Information on privacy: https://policies.google.com/privacy?hl=en
  • Privacy shield certification: The EU-US Privacy Shield is a data protection agreement between the European Union and the USA, which essentially consists of a number of assurances made by the USA to the EU. The Convention regulates the protection of personal data transferred from a member state of the European Union to the USA. The self-certification regulated therein by the American companies can be used as a basis according to Art. 45 DS-GMO that the recipient organisation offers an adequate level of protection. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
  • Opt-out: -
Outlook
  • Company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
  • Description: Outlook.com is a web-based suite of webmail, contacts, tasks and calendar services from Microsoft. We use the Outlook software to get in touch with you and store your personal data. We use the integrated contact management of the software for this purpose. The data can also be stored automatically.
  • Transfer to third countries: Yes
  • Information on privacy: https://privacy.microsoft.com/en-us/PrivacyStatement
  • Privacy shield certification: The EU-US Privacy Shield is a data protection agreement between the European Union and the USA, which essentially consists of a number of assurances made by the USA to the EU. The Convention regulates the protection of personal data transferred from a member state of the European Union to the USA. The self-certification regulated therein by the American companies can be used as a basis according to Art. 45 DS-GMO that the recipient organisation offers an adequate level of protection. https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active
  • Opt-out: We create an automated registration form for all e-mail distribution lists in MailChimp. This enables the recipient of e-mail campaigns to log out at any time
d) Data retention

We use the data until the conversation with you is finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally defined. In addition, we store the communication until we are requested to delete it. You can revoke your consent to data processing at any time without affecting the legality of the processing carried out on the basis of the consent until revocation.

e) Legal basis

Art. 6 s. 1 a, b) GDPR

f) Mandatory and required provisions

The provision of personal data is neither required by law nor by contract. However, it is not possible to process the request without this information.

Category Web Analytics

a) Personal data

IP address, and cookie ID

b) Description

The website uses tracking tools which, among other things, use cookies and collect the IP address. Tracking tools typically investigate where visitors come from, which areas of a website are visited and how often and for how long which subpages and categories are viewed.

c) Process of data processing

With the help of these tools it can be investigated how and where visitors come from, which areas of a website are visited most frequently and how often and for how long which subpages and categories are viewed. In addition, we can determine which search terms and websites the user has entered and evaluate how many users visit our pages in total and which information or offers are most in demand. The aim is to be able to design our offers and our website in a user-friendly way with the help of the knowledge gained.

d) Justified interests

Statistical analysis of the user profiles allows us to derive statements about the functioning and success of our websites. These include answers to questions about how often information pages on specific product groups were called up or how many visitors clicked on specific offers. With the help of tracking tools, we can tailor our offer more specifically to our customers, visitors and interested parties. You will find details about the providers, how they work and information on how you can delete the cookies used and prevent tracking under the Cookie and Opt Out information.

e) Recipient of the data

The following providers of tracking and web analysis tools process the access data on our behalf for the purpose of user analysis and statistical processing. For this purpose, we have concluded the corresponding processing contracts with the providers. Further details on the technical functioning of the tools and information on how you can prevent data transmission (tracking) may be found under the Cookie and Opt Out Notes.

Google Analytics
  • Company: Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Description: Google Analytics is a web analysis provider. Web analysis is the collection and evaluation of data on the behaviour of visitors on Internet sites.
  • Transfer to a third country: Yes
  • Information on privacy:  http://www.google.com/policies/https://support.google.com/analytics/answer/6004245?hl=de
  • Privacy shield certification: The EU-US Privacy Shield is a data protection agreement between the European Union and the USA, which essentially consists of a number of assurances made by the USA to the EU. The Convention regulates the protection of personal data transferred from a member state of the European Union to the USA. The self-certification regulated therein by the American companies can be used as a basis according to Art. 45 GDPR that the recipient organisation offers an adequate level of protection. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active#other-covered-entities
HOTJAR
  • Company: Hotjar Ldt., Dragonara Business Centre, 5th Floor, Dragonara Road,, Paceville St Julian's STJ 3141, Malta
  • Description: Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.
  • Information on privacy: https://www.hotjar.com/legal/policies/privacy/
  • Privacy shield certification: The EU-US Privacy Shield is a data protection agreement between the European Union and the USA, which essentially consists of a number of assurances made by the USA to the EU. The Convention regulates the protection of personal data transferred from a member state of the European Union to the USA. The self-certification regulated therein by the American companies can be used as a basis according to Art. 45 GDPR that the recipient organisation offers an adequate level of protection. Since Hotjar is a company registered in the European Union, it never needed to obtain a certification under the EU-US Privacy Shield framework. Hotjar is regulated by and follows European legislation in relation to data transfers.
f) Data retention

Details of the cookies and the technologies used in connection with these tracking tools, their duration of storage and information on how you can delete this data can be found in the Cookie and Opt-Out Notices.

g) Corresponding legal basis

Art.6, s.1(f) GDPR

h) Mandatory or required provisions

The provision of personal data is neither required by law nor by contract. However, without the cookie identification, the service and functionality of our website may be limited.

i) Profiling

With the help of the tracking tools the behaviour of the website visitors can be evaluated and the interests can be analyzed. For this purpose we create a pseudonymous user profile. [If you also log in to your dashboard with your user data, we can use this profile information to draw conclusions about you personally].

Categories Other Plugins

a) Personal data

IP address, cookie ID

b) Description

Other tools and plug-ins are used on the website, in which cookies are used and the IP address is collected, among other things. These plugins serve to integrate third-party services that significantly increase the experience, design and security on our site. The plugins process personal data, as well as your IP address and cookie identification. We have no influence over the type and scope of personal data. Please refer to the respective data protection pages of the plug-in providers.

c) Purpose of data processing

With the help of the additional plugins we can offer you improved services, important functionality, increased security and more attractive designs.

d) Justified interest

With the help of the additional plugins we can offer you improved services, important functionality, increased security and more attractive designs.

e) Recipient of data

For details about the recipients of the data, how the tools work, and how you can prevent data transmission (tracking), see the Privacy Opt-Out.

Google Captcha
  • Company: Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Description: To protect your orders via internet form this website uses the service reCAPTCHA of the company Google Inc. The query serves to differentiate whether the input is made by a person or abusively by automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose your input will be transmitted to Google and used there. If you use a website with the reCAPTCHA recognition service, the browser establishes a direct connection to Google. The data required for authentication is also entered directly via Google's servers. Therefore, we have no influence on the amount of data collected by Google in this way.
  • Transfer to third countries: Yes
  • Information on privacy: https://www.google.com/intl/de/policies/privacy/
  • Privacy shield certification: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active#other-covered-entities
Google Fonts
Google Tag Manager
  • Company: Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA
  • Description: Google Tag Manager is a tag management system developed by Google to manage JavaScript and HTML tags for tracking and analysis on websites (variants of e-marketing tags, sometimes referred to as tracking pixels or web beacons).
  • Transfer to third countries: Yes
  • Information on privacy: http://www.google.com/policies/, http://www.google.com/policies/technologies/ads/, http://www.google.com/policies/technologies/
  • Privacy shield certification: The EU-US Privacy Shield is a data protection agreement between the European Union and the USA, which essentially consists of a number of assurances made by the USA to the EU. The Convention regulates the protection of personal data transferred from a member state of the European Union to the USA. The self-certification regulated therein by the American companies can be used as a basis according to Art. 45 DS-GMO that the recipient organisation offers an adequate level of protection. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active#other-covered-entities
  • Opt-out: Yes
f) Data retention

Details on cookies, how long they are stored and how you can delete this data (your right of objection) can be found under the Opt-Out data protection link.

g) Legal basis

Art. 6 s. 1 f) GDPR

h) Mandatory and required provisions

The provision of personal data is neither required by law nor by contract. However, without the cookie identification, the service and functionality of our website may be limited.

Category Newsletter

a) Personal data

e-mail address, address, first and last name, company, number of employees

b) Description and purpose of data processing

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers, special offers or news about Mystery Minds GmbH. Mandatory information for sending the newsletter is your e-mail address and your name to be able to address you personally. We use the so-called double opt-in procedure] for sending the newsletter. This means that we will not send you an e-mail newsletter until you have expressly confirmed that you agree to receive it. We will send you a confirmation e-mail asking you to confirm that you would like to receive our newsletter in the future by clicking on an appropriate link. Only with the activation of the confirmation link do you give us your consent for the use of your personal data. The data will be used exclusively for the purposes of advertising in the form of the newsletter.

When sending the newsletter, we also automatically evaluate your user behavior. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels with which we can determine that you have received and opened the newsletter and clicked on the links stored in the newsletter. With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. We may link this information to actions you take on our website by means of tracking.

Mailchimp
  • Company: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA
  • Description: Mailchimp is a newsletter dispatch software, which is used for the dispatch of our E-Mail marketing actions. Mailchimp has the possibility to evaluate opening and click rates of e-mails sent via Mailchimp broken down by user. To verify this, MailChimp loads a small, transparent image into each email campaign and counts how often the image is loaded among the delivered campaigns. The image is not visible to recipients.
  • Transfer to third countries: Yes
  • Information on privacy: http://mailchimp.com/legal/forms/data-processing-agreement/
  • Privacy shield certification: The EU-US Privacy Shield is a data protection agreement between the European Union and the USA, which essentially consists of a number of assurances made by the USA to the EU. The Convention regulates the protection of personal data transferred from a member state of the European Union to the USA. The self-certification regulated therein by the American companies can be used as a basis according to Art. 45 DS-GMO that the recipient organisation offers an adequate level of protection. https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
  • Opt-out: We create an automated registration form for all e-mail distribution lists in MailChimp. This enables the recipient of e-mail campaigns to log out at any time
d) Data retention

You can object at any time to the receipt of newsletters and thus, to the processing of your aforementioned data for the purpose of e-mail advertising. If you no longer wish to receive e-mails, you can click on the "Unsubscribe Link" in each e-mail or contact us at info@mysteryminds.com. There are no further costs to this other than the transmission costs according to the basic tariffs. The legality of the processing on the basis of the consent until your revocation remains unaffected. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of another contact method. At the same time you will be unsubscribed from the newsletter. Until then the data will be stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously.

e) Legal basis

Art. 6 s. 1 a) GDPR

f) Special right of revocation

You have the right to revoke your consent to the processing of your personal data at any time (cancellation of the newsletter). The legality of the processing based on your consent until your revocation remains unaffacted. The contact data für the enforcement of revocation can be found in the imprint of the website. You may always use the link provided for in the advertising mail. To this extent, no costs other than the transmission costs based on the basic tarrifs are incurred. The provider of the newsletter tool is also covered by the revocation, i.e. the irrevocable deletion of your data also with this company.

g) Mandatory or required provisions

The provision of personal data is neither required by law nor by contract. However, the provision of personal data presents a precondition for the sending of newsletter.

Your rights

In addition, you have the right to request information about the personal data concerned at any time. This includes in particular the right to information on whether and to what extent we process personal data, where these data come from and for what purpose they are processed. In addition, you have the right to have your data corrected or deleted, to demand a restriction on processing or to object to such processing. The right to revoke consent given at any time (e.g. for the receipt of advertising) remains unaffected. You also have the right to submit a complaint to a supervisory authority. You can enforce your rights and submit them via e-mail via info@mysteryminds.com or via the contact details given under "person responsible".

Overview of used cookies

Here you will learn how you can individually object to the processing of your personal data with regard to cookies (web tracking, etc.) and/or how you can independently delete the personal data collected (in particular the IP address). In all other respects please consider our references to your rights in the[link to data security explanation] as well as our[link to data security facts].

What are cookies and what categories of cookies are there?

Depending on their function and intended use, cookies can be divided into four categories: Absolutely necessary cookies, performance cookies, functional cookies and cookies for marketing purposes. Please note that not all of the cookies listed here may be used when you visit our website with a mobile device.

a) Necessary Cookies

These are cookies that are required so that you can navigate our websites and use the basic functions of the website, such as the allocation of anonymous session IDs to bundle several related queries to one server.

b) Performance-Cookies

Performance cookies are used to improve the user-friendliness of a website and thus the user experience. Performance cookies collect information about the use of our websites, e.g. Internet browser and operating system used; domain name of the website from which you came, number of visits, average time spent, and pages accessed. These cookies do not store any information that allows personal identification of the user. The information collected with the help of cookies is aggregated and therefore anonymous.

c) Analysis cookies

We use analysis cookies to improve the user-friendliness of our website. Analysis cookies enable us to determine how our website is used and, for example, on the basis of which preferences and search terms it is accessed.

d) Advertising cookies

We use advertising cookies to offer you more targeted relevant content. They are also used to measure and control the effectiveness of advertising campaigns. Marketing cookies register whether a website is visited and what content is used. This information may be shared with third parties, such as advertisers, and is often linked to third-party site functionality (third-party cookies).

e) Social media cookies

Social media cookies are set by social networks. For example, you can register on our site using the login data of a social network.

How can I delete cookies or turn off tracking?

You can use your browser settings to either delete individual cookies or remove the entire cookie inventory. Under "Help" or "Settings" you should find information about the management of your cookies in your browser.

In addition, you will receive information and instructions on how these cookies can be deleted or their storage blocked in advance, depending on the provider of your browser, under the following links:

You can use your browser settings to either delete individual cookies or remove the entire cookie inventory. Under "Help" or "Settings" you should find information about the management of your cookies in your browser. In addition, you will receive information and instructions on how these cookies can be deleted or their storage blocked in advance, depending on the provider of your browser, under the following links:

You can also individually manage the cookies of many companies and features used for advertising. To do this, use the corresponding user tools that have been created as part of self-regulation programs in many countries, e.g. the US site http://optout.aboutads.info/ or the EU site Your Online Choices http://www.youronlinechoices.com/.

Most browsers also offer a so-called "Do-Not-Track function" with which you can specify that you do not want to be "tracked" by websites. When this feature is enabled, your browser tells advertising networks, websites and applications that you do not want to be tracked for behavior-based advertising and the like. Information and instructions on how to edit this function are available from the links below, depending on the provider of your browser:

Further possibilities of how you can object to the processing of your personal data (in particular the IP address) can be found in the following "Opt-Out" notes.

Which cookies do we use?

When you visit our website, the following cookies are stored in your browser's cache.

Name of the provider Name of the cookie Purpose Expiration date Category
Google Analytics _gat This cookie restricts the collection of data if too many requests are received on one page. In this way, the speed of the website is kept high even under high load. 1 Minute Analysis cookie
Google Analytics _ga This cookie (Google Analytics) is used to collect information about how visitors use our website. We use the information to create reports and help us improve the site. Cookies collect information anonymously, including the number of visitors to the website from which the visitors came to the website and the websites they visited. 2 years Analysis cookie
Google Analytics _gid This cookie (Google Analytics) is used to collect information about how visitors use our website. We use the information to create reports and help us improve the site. Cookies collect information anonymously, including the number of visitors to the website from which the visitors came to the website and the websites they visited. 24 hours Analysis cookie

What rights do I have?

You have the right to request confirmation at any time as to whether we are processing personal data and the right of access to such personal data. In addition, you have the right to correct, delete and restrict data processing, as well as the right to object to the processing of personal data at any time, or to revoke your consent to data processing at any time or to request data transfer. In addition, you have the right to complain to a supervisory authority in the event of data protection violations.

Information on the revocation options for data processing

Here you will learn how you can individually object to the processing of your personal data with regard to cookies (web tracking, etc.) and/or how you can independently delete the personal data collected (in particular the IP address). For the rest, please note our information on your rights in the data protection declaration and our data protection facts.

Google Analytics

Application and explanation

Google Analytics is an online service that serves to analyse the data traffic of websites. On our behalf, Google will use cookies to evaluate the use of our website and compile reports on website activity for us. However, we use Google Analytics with the so-called "AnomizeIP" extension, which initially shortens your IP address when you visit our website. This means that it is no longer possible to refer to persons.

Privacy disclaimer

We have concluded a contract for order processing on the basis of the so-called EU standard contract clauses.

http://www.google.com/policies/
https://support.google.com/analytics/answer/6004245?hl=de

Privacy shield certification

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Opt-out

Please download and install the browser plugin here.

Browser-Plugin

Google Fonts

Application and explanation

This site uses so-called web fonts provided by Google to uniformly display fonts. When you call up a page, your browser loads the required Web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you are using must connect to Google's servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers.

Data privacy

The privacy policy is available at the following link:

https://www.google.de/intl/de/policies/privacy/

What rights do I have?

You have the right to ask Mystery Minds GmbH at any time to confirm whether we process your personal data and the right to information about this personal data.
In addition, you have the right to rectification, cancellation and restriction of data processing, as well as the right to object to the processing of personal data at any time, or to revoke your consent to data processing at any time or to request, or to revoke your consent to data processing at any time or to request data transfer. In addition, you have the right to complain to a supervisory authority in the event of data protection violations.

Who is responsible for data protection at Mystery Minds GmbH?

The Mystery Minds GmbH, Barer Str. 71, 80799 München, represented by the managing directors Christoph Drebes, Stefan Melbinger, is responsible for the privacy policy on this website, you can reach us by phone at: +49 89 95732941 or by e-mail: info@mysteryminds.com.

Data protection facts

Compliance with data protection, a comprehensive guarantee of data security and transparency in data processing are essential for our services. The following information is intended to give you a quick and easy overview of which data we collect and process from you. You will find the detailed description in our data protection declaration, as well as the document on your additional revocation options for data protection opt-out.

The Mystery Minds GmbH, Barer Str. 71, 80799 München, represented by the managing directors Christoph Drebes, Stefan Melbinger, is responsible for the privacy policy on this website, you can reach us by phone at: +49 89 95732941 or by e-mail: info@mysteryminds.com.

Which data is processed?

Affected area Data processed
Accessing our websites - creating log files IP address, cookie identification (cookies)
Registration E-mail address, title, first and last name
Accessing our websites - web analysis IP address, cookie identification (cookies)
Newsletter E-mail address, title, first and last name

For what purpose does the data processing take place?

Affected area Purpose of processing
Accessing our websites - creating log files By means of log files, so-called log files, we ensure the connection to our website and simplify the use of the website, e.g. by pre-selecting the correct language and currency. We carry out evaluations for system security and stability as well as for administrative purposes.
Registration We use the data for the registration process for billing purposes and with the proviso that we can offer you tailor-made service packages.
Accessing our websites - web analysis We use analysis and tracking tools to analyse user behaviour; this enables us to adapt our website to the interests of visitors; statistical analysis of user profiles allows us to make statements about the functioning and success of our pages (e.g. "How many visitors have clicked on a particular project on our homepage").
Newsletter News - through our newsletter we send you current information about our products, services and promotions as well as offers.

Please refer to our cookie and opt-out notices for details on the cookies used on the website, the specific processing purpose and a description of how you can end cookies and advertising tracking.

Is there an obligation to provide data?

Affected area Legal basis Obligation to supply
Accessing our websites - creating log files Art. 6 Abs. 1 f) GDPR No. However, some areas of the website cannot be used or can only be used to a limited extent without the data being processed, e.g. your shopping basket is stored via cookies.
Registration Art. 6 Abs. 1 a), f) GDPR No
Accessing our websites - web analysis Art. 6 Abs. 1 f) GDPR No.
Newsletter Art. 6 Abs. 1 a), f) GDPR Yes, otherwise it will not be possible to send the newsletter or address you personally.

Is profiling taking place?

Affected area Profiling
Accessing our websites - creating log files Yes - Details can be found in the cookie and opt-out notices and in our privacy policy.
Registration Yes - Details can be found in the cookie and opt-out notices and in our privacy policy.
Accessing our websites - web analysis Yes - Details can be found in the cookie and opt-out notices and in our privacy policy.
Newsletter Yes - Details can be found in the cookie and opt-out notices and in our privacy policy.

When is this data deleted?

Affected area Storage time
Accessing our websites - creating log files Please refer to the cookie and opt-out instructions for details on how long cookies are stored and how you can delete them prematurely and object to data processing.
Registration Deletion of your customer account; 2 years after the last contact or as soon as we are requested to delete it.
Accessing our websites - web analysis Please refer to the cookie and opt-out instructions for details on how long cookies are stored and how you can delete them prematurely and object to data processing.
Newsletter When you unsubscribe from the newsletter or as soon as we are requested to delete it.

What rights do you have in connection with the processing of this data?

You have the right to ask Mystery Minds GmbH at any time to confirm whether we process your personal data and the right to information about this personal data.

In addition, you have the right to rectification, cancellation and restriction of data processing, as well as the right to object to the processing of personal data at any time, or to revoke your consent to data processing at any time or to request data transfer.

All information requests, requests for information, revocations or objections to data processing should be sent by e-mail to our data protection officer or to the above contact details. In addition, you have the right to complain to a supervisory authority in the event of data protection violations.