Data Privacy
Introduction
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as “data” for short) that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “Online Offer”).
The terms used are not gender-specific.
Status: December 2022
Responsible
MindAhead UG
Hallesche Straße 7
10963 Berlin
Germany
Managing directors: Nina Kiwit, Manuel Kraus
E-mail address:
info@mindahead.de
Privacy policy
1. General
1. the protection of your personal data is of utmost importance to MindAhead UG, Hallesche Straße 7, 10963 Berlin (“MindAhead”, “we”, “us”). We therefore comply with applicable data protection laws, in particular the General Data Protection Regulation (“GDPR”) on the protection, lawful processing and confidentiality of personal data and data security.
2. this privacy policy informs you about the nature, scope and purposes of the processing of personal data in the context of the use of our online offer on our app (“App”). In particular, the following informs you about which personal data we may collect, process and use when you use our App.
2. Which of your data do we collect, for what purposes and based on which legal basis do we process it?
1. Contact data
When contacting us by email (info@mindahead.de) or via other electronic channels (e.g. social media platforms), we process the data that you voluntarily provide to us (name, email address, type of request or the subject of your message and the content of your message).
We process the data provided in the course of contacting you exclusively for the purpose of processing your inquiry, contacting you at your request and providing you with the requested information. This data processing is thus necessary for the fulfillment of our (pre-)contractual obligations.
For all questions regarding data protection, you can also contact our data protection officer at any time. He can be reached via our contact details and at the following e-mail address: info@mindahead.de.
2. Access data and log files
We collect and process the following data when you visit our website and use the associated services that access the respective server containing the requested service (so-called server log files): Name of the page accessed, date and time of access, amount of data transferred, server status codes, user name, processing time, browser and client type along with version, your operating system, referrer URL (the previously visited page), IP address and the requesting provider, reverse DNS, location data, connection data, source and destination (network identifier or address, port numbers, protocol, email address, email subject, connecting server, protocol details, reputation data, reverse DNS, obvious identifier, connected servers), authentication data and email meta information.
This data is automatically generated by our servers when you use our app and is necessary for us to provide you with the services you request. We therefore process server log files solely to operate our app and related services, to identify you as an authorized user, to distribute web server requests in our server pool, and for security reasons (e.g., to investigate abusive and fraudulent activities). This data processing is thus necessary to protect our legitimate interests in operating a user-friendly and secure app.
3. User data / tracking
Based on your declaration of consent, we collect and process the following data about your use of and interaction with our app: IP address of your device, your operating system, the files requested by our app, screen resolution, phone model, your click behavior in the app (time of access, clicks), and the source from which you install the app. If the app crashes, a crash report is sent to us.
This data is collected via tools (see point 3). We use this usage data for (i) analytics, (ii) improvements to our services and our App, (iii) increasing the user experience. This data processing is based on your consent to the use of tools in our App. You can revoke this consent at any time with effect for the future and free of charge.
4. Newsletter
Based on your declaration of consent, we process the personal data that you voluntarily provided to us in the course of registering for the newsletter (your email address and, if applicable, your name) (i) for sending you email newsletters about our current projects, marketing and product information and (ii) for tracking your reading habits of our newsletters.
Performance Measurement: Our newsletters contain a mechanism for tracking your reading habits. This allows us to determine whether our newsletter is opened, when it is opened, and which links are clicked. These statistical analyses are used solely to identify the reading habits of our newsletter recipients and to tailor our content to them.
You can revoke your consent to receive our newsletter at any time (e.g. by e-mail to info@mindahead.de or via the unsubscribe link in our e-mail newsletters) with effect for the future and free of charge.
5. Registration and user account
If you are registered via our app or website and have a user account for the use of our online services, we process the following personal data: Name, email address, billing data, IP address and your access data.
We process the data of your user account exclusively for the operation of your account, the provision of our services as well as the billing of our services. This data processing is therefore necessary for the fulfillment of our (pre-) contractual obligations.
In order to use our services, we ask you about your current health status. We process this health data only with your prior consent pursuant to Art. 6 (1) (a) in conjunction with Art. 9 (2) (a) GDPR. You can revoke this consent at any time and without giving reasons. Without this consent, however, the use of our app is not possible, as this is indispensable for the provision of our service.
3. Tools
1. We use various tools in our app. Such tools allow us to store important data in order to provide you with our services and to make the use of our app more convenient for you.
2. In addition, based on our legitimate interests, we use tools that are technically strictly necessary to provide our service through the App. For example, to recognize you when you use our service, to provide you with your data, to monitor incoming and outgoing payments, or to ensure the security of our App. In the following, we present each of these tools in a more transparent way:
– We use the Google Workspace tool to store and process the data. This also provides us with analytics and reports in aggregated form. You can find more information here: https://workspace.google.com/security. (Read) access to the information by Google LLC. based in the USA cannot be ruled out.
– We use the Typeform tool to obtain the data in the course of the questionnaire. You can find more information here: https://www.typeform.com/help/a/what-happens-to-my-data-360029581691/.
4. Will your data be passed on to third parties?
1. We entrust your personal data to the following external service providers (data processors) to the extent necessary to assist us in providing our services:
– IT service providers and/or providers of data hosting solutions or similar services;
– Other service providers, providers of tools and software solutions that assist us in operating our website and providing our services and act on our behalf (including Google Workspace, Typeform).
2. All our data processors process your data only on our behalf and on the basis of our instructions so that we can provide our services to you.
3. In addition, we transfer your personal data to the following recipients (data controllers) to the extent necessary:
– Potential third parties involved in providing services to you in order to fulfill our contractual obligations (e.g. login services, banks for processing payment, payment service providers);
– External third parties based on our legitimate interests, as far as this is necessary (e.g. auditors and tax advisors, insurance companies in case of insurance claims, legal representatives in case of damage claims);
– Authorities and other public bodies, insofar as this is required by law (e.g. tax authorities).
4. If we process your data in a third country outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services, this is only done insofar as this is necessary to fulfill our (pre-)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. We have taken suitable and appropriate precautions to develop a data protection-compliant way of transferring your data to the respective third country (e.g. for the USA through the “Privacy Shield” or the conclusion of so-called “Standard Data Protection Clauses”). Upon your request, we can provide you with a copy of these appropriate safeguards if we process or have your data processed in third countries.
5. Retention period
1. We store your personal data only for as long as is necessary for the purposes for which they are processed. In addition, we may be obliged to store your data for longer in accordance with the statutory retention periods.
2. Specifically, we store your data in connection with contacting us in accordance with the statutory retention periods for a period of generally seven years.
3. If you have only registered for our newsletter and are otherwise not a customer of ours, we will store your data until you revoke your consent and beyond that for a maximum of three years.
4. We store data in connection with your registration and your user account until the termination of your customer relationship with us or beyond that until the expiry of the respective statutory retention periods (usually for a period of seven years).
5. In addition, we store your personal data after an incident even beyond the aforementioned periods, as long as legal claims can be asserted from the relationship between you and us, or until the final resolution of an incident or legal dispute. This longer storage is done to protect our overriding legitimate interests in the enforcement, clarification and defense of our legal claims.
6. Rights of the persons concerned
1. You have the right to access your personal data processed by us (Art 15 GDPR). In addition, you have the right to have inaccurate or incomplete data corrected and – under certain circumstances – the right to have it deleted (Art. 16 and Art. 17 GDPR). In addition, you have the right to restriction of processing (Art. 18 DSGVO) and the right to data portability of the data you have provided (Art. 20 DSGVO).
2. In addition, you have the right to object on grounds relating to your particular situation (Art. 21 GDPR). Such an objection may be made in particular with regard to the processing of data for direct marketing purposes.
3. You also have the right to revoke your consent at any time with effect for the future.
4. Finally, you have the right to lodge a complaint with the competent supervisory authority (Art 77 DSGVO). The competent supervisory authority for Germany is the Federal Commissioner for Data Protection and Freedom of Information (Graurheindorfer Str. 153. 53117 Bonn).
5. If you have any questions about this or other topics, you can contact us:
Mindahead UG
Hallesche Str. 7
10963 Berlin
info@mindahead.de
7. Data security
We take appropriate technical and organizational security measures in accordance with Art. 32 DSGVO to ensure an adequate level of data protection, taking into account the risks, in particular to protect your personal data against accidental or unlawful destruction, alteration or loss and against unauthorized disclosure or access.
8. Changes to our privacy policy
As the Internet evolves, we will periodically change our Privacy Policy. We will announce changes in our app. Therefore, you should regularly access this Privacy Policy to keep yourself informed about the current state of affairs.