I. General Information

In the following, we inform you about the processing of personal data when using mindtrajour.com.

The responsible party for data processing is:

MindTrajour UG (limited liability)

Larissa Lange

Straße der Jugend 18

14974 Ludwigsfelde

Email: datenschutz@mindtrajour.com

Protecting your privacy is very important to us. Therefore, please read this privacy policy carefully.

II. Scope of Data Processing, Processing Purposes, and Legal Basis

The scope of data processing, processing purposes, and legal basis are detailed further below.

Art. 4 No. 1 GDPR: Personal data refers to any information relating to an identified or identifiable natural person (e.g., their name or IP address).

Art. 4 No. 2 GDPR: "Processing" means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

The following legal bases generally apply for data processing:

  • Art. 6(1)(a) GDPR serves as our legal basis for processing operations for which we obtain consent.
  • Art. 6(1)(b) GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, such as when a visitor purchases a product from us or we perform a service for them. This legal basis also applies to processing necessary for pre-contractual measures, such as inquiries about our products or services.
  • Art. 6(1)(c) GDPR applies when we need to fulfill a legal obligation, such as in tax law.
  • Art. 6(1)(f) GDPR serves as a legal basis when we have a legitimate interest in processing personal data, such as for cookies necessary for the technical operation of our website.

III. Data Transfer Outside the EU

1. Data Transfer Based on an Adequacy Decision per Art. 45 GDPR

Where we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission under Art. 45(3) GDPR ensure data security, where available, such as for the UK, Canada, and Israel.

2. Data Transfer to the USA

On July 10, 2023, the Data Privacy Framework https://www.dataprivacyframework.gov/s/?hl=de came into effect. The USA is now considered a secure third country under EU data protection law. The tools we use are certified by the US Department of Commerce for the Data Privacy Framework: Amazon Inc., Google Inc., Vercel Inc., Meta Platforms Inc. (Instagram, Facebook).

3. Data Transfer Subject to Appropriate Safeguards per Art. 46 GDPR

If there is no adequacy decision under Art. 45(3) GDPR, a controller or processor may transfer personal data to a third country or an international organization only if the controller or processor has provided appropriate safeguards and provided that enforceable rights and effective legal remedies for data subjects are available.

IV. Storage Duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under commercial or tax law); in the latter case, deletion will occur after these reasons no longer apply.

V. Data Subject Rights

As a data subject, you have the following rights:

Pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein.

Pursuant to Art. 16 GDPR, the right to request the correction of incorrect or incomplete personal data stored by us without undue delay.

Pursuant to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is necessary:

  • To exercise the right of freedom of expression and information;
  • To fulfill a legal obligation;
  • For reasons of public interest; or
  • To establish, exercise, or defend legal claims.

Pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data where:

  • You contest the accuracy of the data;
  • The processing is unlawful, but you oppose the deletion of the data;
  • We no longer need the data, but you require it to establish, exercise, or defend legal claims; or
  • You have objected to processing pursuant to Art. 21 GDPR.

Pursuant to Art. 20 GDPR, the right to receive your personal data in a structured, commonly used, and machine-readable format or to request the transfer to another controller.

Pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority of your habitual residence for this purpose. Contact details of data protection supervisory authorities are available at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

Pursuant to Art. 21 GDPR, the right to object in specific situations and against direct marketing. When data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. The respective legal basis for processing can be found in this privacy policy. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims (objection under Art. 21(1) GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing.

For questions about data collection and data processing, please contact us directly at datenschutz@mindtrajour.com.

VI. Data Processing on the Website

Web Hosting and Provision of the Website and Software Application

This website and our software application are hosted externally. The personal data collected on this website and in the software are stored on the servers of the service providers listed below. This includes:

IP addresses, contact requests, meta and communication data, contract data, contact details, names, and website accesses.

The use of the host is for fulfilling contracts with our customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure and fast provision of our online presence and software by the professional provider (Art. 6 para. 1 lit. f GDPR). The host will only process your data to the extent necessary to fulfill its service obligations.

The following hosts are used:

a. Vercel

Our website uses the data hosting service "Vercel" provided by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, privacy@vercel.com. More information on the handling of user data by "Vercel" can be found in the privacy policy at Vercel Privacy Policy.

b. Supabase

Our website and Software Application uses the data hosting service "Supabase" provided by Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992. More information on the handling of user data by "Supabase" can be found in the privacy policy at Supabase Privacy Policy.

c. Amazon Web Services (AWS)

Our website and Software Application uses the data hosting service "AWS" (Amazon Web Services) provided by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA, aws-security@amazon.com. More information on the handling of user data by "AWS" can be found in the privacy policy at AWS Privacy Policy.

d. AWS Amplify

Our website and Software Application uses AWS Amplify, a service provided by Amazon Web Services, Inc., for the development and management of our website and software applications. AWS Amplify helps us with authentication, storage, API integration, and hosting of our applications. More information on the handling of user data can be found in the AWS privacy policy at AWS Privacy Policy.

2. Informational Use of the Website

When using the website for informational purposes, i.e., if visitors do not provide us with information, we collect the personal data that the browser transmits to our server to ensure the stability and security of our website. This constitutes our legitimate interest, so the legal basis is Art. 6 para. 1 lit. f GDPR.

Server Log Data

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address
  • Access status/HTTP status code

This data is not combined with other data types. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website - for this, the server log files must be recorded.

3. Cookies on Our Website

What are Cookies?

Cookies are small text files stored on your device when you visit our website. They enable us to store your activities and preferences (such as login data, language, font size, and other display settings) over a certain period, so you do not have to re-enter them each time you visit the website.

Types of Cookies We Use

We use different types of cookies on our website for various purposes:

  • Necessary Cookies: These cookies are essential to enable you to navigate the website and use its basic functions. Without these cookies, certain services cannot be provided.
  • Functional Cookies: These cookies allow our website to remember choices you make (e.g., your username, language, or the region you are in) and provide enhanced, more personalized features.
  • Analytical/Performance Cookies: These cookies collect information about how visitors use our website, e.g., which pages are visited most frequently or if error messages occur on pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are only used to improve the functionality of our website.
  • Advertising Cookies: These cookies are used to make advertising more relevant to you and your interests. They are also used to limit the frequency of ads and measure the effectiveness of advertising campaigns.

We use a cookie consent cookie to determine which cookie settings the users of our website have made. This cookie is stored locally on the user's device. This is technically necessary for the use of the website and therefore falls under our legitimate interest, making the legal basis Art. 6 para. 1 lit. f GDPR.

4. Web Beacons

Our website MindTrajour uses web beacons (also known as "pixel tags" or "clear GIFs"). Web beacons are small graphic files embedded in our web pages or emails. They allow us to monitor user behavior on our website and the effectiveness of our email campaigns.

a. Purpose of Use

We use web beacons for the following purposes:

  • Analysis and Improvement: Web beacons help us analyze the use of our website and improve our content and services. They allow us to understand which pages are visited, how long a user stays on a page, and what actions they perform.
  • Performance Monitoring: Web beacons allow us to monitor the performance and effectiveness of our website and email campaigns. This helps us optimize the user experience and ensure our marketing communication is relevant and engaging.
  • Marketing and Advertising: Web beacons allow us to measure the effectiveness of our online advertising and understand which ads and campaigns are most successful. They also help us identify user segments that are most likely to be interested in our offerings.

5. Contact

Inquiries by Email or Phone

If you contact us by email, phone, or the contact form on the website, your request, including the personal data resulting from it (name, request, email address, phone number), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided your request is related to the fulfillment of a contract or necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested.

We delete the data collected in this context once the storage is no longer necessary or restrict processing if there are statutory retention obligations.

We use the Customer Relationship Management (CRM) system of monday.com LLC, Hahashmonaim St 22, Tel Aviv-Yafo, Israel, to store your data. More information on the handling of user data can be found in the privacy policy of Monday.com at Monday.com Privacy Policy or privacy@monday.com.

6. Third-Party Applications Related to Our Website

a. Google Analytics (Analytical/Performance Cookies)

We use Google Analytics for website analysis, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis is your consent, Art. 6 para. 1 lit. a GDPR, which we obtain via the cookie consent tool. You can revoke your consent at any time. After your consent, Google Analytics processes your data.

More information on the handling of user data can be found in the privacy policy of Google Analytics at Google Analytics Privacy Policy.

b. Google Ads (Analytical/Performance Cookies)

We use Google Advertisement to receive evaluations of our website visitors, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis is your consent, Art. 6 para. 1 lit. a GDPR, which we obtain via the cookie consent tool. You can revoke your consent at any time. After your consent, Google Advertisement processes your data.

More information on the handling of user data can be found in the privacy policy of Google Ads at Google Ads Privacy Policy.

c. Google Tag Manager (Web Beacon)

We use Google Tag Manager for analyzing our Google Ads, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tracking code that allows us to measure and optimize advertising campaigns and attribute user behavior on our website to our Google Ads.

The legal basis is your consent, Art. 6 para. 1 lit. a GDPR, which we obtain via the cookie consent tool. You can revoke your consent at any time. After your consent, the Google Tag Manager processes your data.

More information on the handling of user data can be found in the privacy policy of Google Analytics at Google Analytics Privacy Policy.

d. Microsoft Clarity (Analytical/Performance Cookies)

We use the Microsoft Clarity application for website optimization, which records user behavior on the website. It is a product of Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA.

The legal basis is your consent, Art. 6 para. 1 lit. a GDPR, which we obtain via the cookie consent tool. You can revoke your consent at any time. After your consent, Microsoft Clarity processes your data.

More information on the handling of user data can be found in the privacy policy of Microsoft Clarity at Microsoft Clarity Privacy Policy.

e. Newsletter Application Beehiiv

If you have expressly consented according to Art. 6 para. 1 lit. a GDPR, we use the data you provide on this website (first name and/or email address) for sending the newsletter, waitlist information, or personal offers, should you have registered for this.

We use the newsletter provider:

beehiiv Inc. 228 Park Avenue # 2329976 New York, New York 10003 Email: privacy@beehiiv.com

Your data will be sent to this newsletter provider for sending purposes. Your consent also extends to this: Through web beacons or tracking pixels, which transmit various information about you, we can see and evaluate the following:

  • Whether you opened an email
  • The time of retrieval
  • Your IP address

These data are not used to create a profile.

You can unsubscribe at any time via a link at the end of each newsletter. You can also send your unsubscribe request via email to datenschutz@mindtrajour.com. More information on the handling of user data can be found in the privacy policy of typeform.com at Beehiiv Privacy Policy.

f. Customer Data Management with Monday.com

We use the Customer Relationship Management (CRM) system of monday.com LLC, Hahashmonaim St 22, Tel Aviv-Yafo, Israel, to store your contact data.

The legal basis for processing is our legitimate interest in answering inquiries directed to us. The legal basis for processing is therefore Art. 6 para. 1 lit. f GDPR.

More information on the handling of user data can be found in the privacy policy of Monday.com at Monday.com Privacy Policy or privacy@monday.com.

g. Google Fonts

We use Google Fonts, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the presentation of our website.

The legal basis for processing is our legitimate interest in ensuring an appealing and uniform presentation of our website. The legal basis for processing is therefore Art. 6 para. 1 lit. f GDPR.

VII. Data Processing in the Login Area and Use of Our MindTrajour Software

Third-Party Providers

a. Session Cookies from Supabase (Technically Necessary)

Our MindTrajour software uses session cookies from "Supabase," provided by Supabase, Inc., 970 Toa Payoh North #07-04, Singapore 318992.

The legal basis for this is our legitimate interest under Art. 6 para. 1 lit. f GDPR, as we otherwise cannot ensure a smooth login process into the software.

For more information on how user data is handled, please refer to Supabase’s privacy policy: Supabase Privacy Policy.

b. Apple OAuth (Technically Necessary)

We use Apple OAuth for logging into our MindTrajour software, provided by Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

The legal basis for this is your consent under Art. 6 para. 1 lit. a GDPR, which we obtain via the cookie consent tool. You can withdraw your consent at any time. After your consent, Apple OAuth will process your data.

For more information on how user data is handled, please refer to Apple’s privacy policy: Apple Privacy Policy.

c. Google OAuth (Technically Necessary)

We use Google OAuth for logging into our MindTrajour software, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis for this is your consent under Art. 6 para. 1 lit. a GDPR, which we obtain via the cookie consent tool. You can withdraw your consent at any time. After your consent, Google OAuth will process your data.

For more information on how user data is handled, please refer to Google’s privacy policy: Google Privacy Policy.

d. Sentry.io Software Error Reporting Support System

We use Sentry to optimize our software. It helps us identify, highlight, and monitor errors, bugs, and other performance issues in the software. We also use Sentry for sending user feedback. It is a product of Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA.

The following data is collected:

Event Data:

  • Error Messages: The exact error message or exception that occurred.
  • Stack Traces: Detailed information about where in the code the error occurred.
  • Log Entries: Relevant log information that helps understand the context of the error.

User Data:

  • User ID or Email: Information about the user who experienced the error, if provided.
  • Session Data: Details about the user session, such as session ID, session time, duration, and actions during the session.

System and Environment Data:

  • Operating System and Version: Information about the operating system of the affected device.
  • Browser and Version: Details about the browser used if the error occurred in a web application.
  • Device Type and Model: Information about the device where the error occurred (e.g., desktop, mobile device).
  • Software Version: The version of the software or application where the error occurred.

Network Data:

  • IP Address: The user's IP address to determine location and other network-related information.
  • HTTP Requests: Details of the HTTP requests made at the time of the error, including headers and payload.

Application and Configuration Data:

  • Configuration Parameters: Settings and configurations of the application valid at the time of the error.
  • Environment Variables: Values of environment variables set at runtime.

Tags and Metadata:

  • Custom Tags: Developers can add custom tags to capture additional contextual information.
  • Release Information: Details about the specific release or version of the application in use.

Replay Function:

  • Short videos showing user click behavior to understand how the software error occurred. These replays show user interactions with the application, such as mouse clicks, scroll movements, and keyboard inputs.

The legal basis for processing is our legitimate interest in providing optimized and error-reduced software. Therefore, the legal basis for processing is Art. 6 para. 1 lit. f GDPR.

For more information on how user data is handled, please refer to Sentry’s privacy policy: Sentry Privacy Policy.

VIII. Data Processing on Social Media Platforms

We are present on social media networks to showcase our organization and services. The operators of these networks regularly process data of their users for advertising purposes. Among other things, they create user profiles based on online behavior, which are used to display advertisements that match users' interests on the network's pages and elsewhere on the internet. For this purpose, network operators store information about user behavior in cookies on users' devices. It is also possible that these operators combine this information with other data. Further information and instructions on how users can object to processing by the network operators can be found in the privacy policies of the respective operators listed below. It is also possible that the operators or their servers are located outside the EU, which may result in data being processed there. This could pose risks for users, such as difficulties in enforcing their rights or access by government authorities.

If users of the networks contact us via our profiles, we process the data provided to answer the inquiries. This is our legitimate interest, making the legal basis Art. 6 para. 1 lit. f GDPR.

1. Instagram and Threads

We have a profile on "Instagram" and "Threads". The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

For more information and the applicable privacy policies of "Instagram," please visit: Instagram Privacy Policy.

2. Facebook

We have a profile on "Facebook." The provider is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

For more information and the applicable privacy policies of "Facebook," please visit: Facebook Privacy Policy. visit: LinkedIn Privacy Policy.

3. LinkedIn

We have a profile on "LinkedIn." The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

For more information and the applicable privacy policies of "LinkedIn," please visit: LinkedIn Privacy Policy.

IX. Changes to This Privacy Policy

We reserve the right to change this privacy policy with future effect. The current version is available here.

Date of Last Update: July 30, 2024