Start your 7 day free trial

Privacy Policy

This Privacy Policy applies to the 7Mind App and the 7Mind Website (www.7Mind.app) (hereafter collectively referred to as the "Online Services"), which are provided by 7Mind GmbH.

Since we value the protection of your privacy when using our Online Services, we want to inform you through this Privacy Policy, in accordance with Article 13 of the General Data Protection Regulation (GDPR) and § 32 of the German Federal Data Protection Act (BDSG), about how our company and third parties process personal data within the context of our Online Services, and to make you aware of your rights regarding this matter.

This Privacy Policy uses terms as defined by the GDPR. The terms used, such as “recipient,” “visitor,” or “user,” are chosen for readability and are intended to be gender-neutral.

1. Data Controllers and Data Protection Officers

Controller

Data Protection Officer

7Mind GmbH
Ritterstr. 12,

10969 Berlín, Germany

Contact: [email protected]

Data Privacy contact:  [email protected]

Pridatect, S.L. de Borneo

Avinguda Josep Tarradellas 8-10, 5º, 4ª, 

08029 Barcelona, España

Contact: [email protected]

2. Definitions and Principles of Data Processing

Personal data refers to any information relating to an identified or identifiable natural person. This includes information such as your name, age, gender, address, phone number, email address, date and place of birth, IP address, or user behaviour. Information that we cannot link to your person, or only with an unreasonable amount of effort (e.g., anonymised information), is not subject to the GDPR and therefore not considered personal data in accordance with Recital 26 of the GDPR.

Processing of personal data (e.g., collection, querying, use, storage, or transfer) may only take place if it is based on a legal basis. Personal data is deleted once the purpose of the processing has been fulfilled and there are no further legal storage obligations or possible limitation periods to observe.

The controller is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data.

When we process your personal data, we will inform you below about the specific processes, the data processed in each case, the origin of the data, the scope and purpose of the data processing, the legal basis, the respective storage duration, your data subject rights, possible data transfers, and whether the data is required from you or not.

3. Overview of Purposes and Legal Basis for Data Processing

We process personal data from users of our Online Services (hereafter referred to collectively as "users") when this data is necessary for the functionality, security, and presentation of our Online Services or when the data is provided by users themselves. The specifics of each of the following explanations depend on how you interact with us.

We process personal data for one or more of the following purposes:

  • Functionality, security, and presentation of our Online Services;

  • To initiate and/or fulfil contracts with you;

  • To respond to and handle your contact requests;

  • For statistical analysis, evaluation, and development of our Online Services; and

  • For advertising and optimisation purposes.

Our processing of personal data is based on the following legal grounds:

  • Your consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, possibly in conjunction with § 25 TTDSG;

  • To initiate and/or perform a contract with you, in accordance with Article 6 (1) (b) or Article 9 (2) (b) GDPR;

  • To fulfil legal obligations, in accordance with Article 6 (1) (c) GDPR; and/or

  • Based on a legitimate interest in accordance with Article 6 (1) (f) or Article 9 (2) (f) GDPR.

4. Specific Processing Activities: Categories of Data Processed, Scope, Purpose, and Legal Basis for Each Data Processing Activity

The following section provides information about the specific data processing activities, the data processed in each case, the scope and purpose of each data processing activity, as well as the legal basis for each processing activity. The section begins by covering the data processing activities that apply to both Online Services, followed by the specific processing activities for the 7Mind Website and the 7Mind App.

4.1. Data Processing for Both Online Services

4.1.1. Hosting, Content Delivery Networks, and Data Infrastructure

4.1.1.1. Hosting

Our Online Services are hosted by external service providers (Website and Android devices: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, “Google”; for iOS devices: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA, “Apple”). The personal data collected as part of our Online Services is stored on the servers of these hosts in Europe (Website, Android devices) or in the United States (iOS devices). This data may include IP addresses, contact requests, metadata and communication data, contract data, contact data, names, access information, and other data generated via a website or app.

The use of the respective host is for the purpose of fulfilling contracts with our potential and existing customers (Article 6 (1) (b) GDPR) and to provide our Online Services securely, quickly, and efficiently through a professional provider (Article 6 (1) (f) GDPR).

To ensure data processing in accordance with data protection regulations and to protect your data, we have entered into a Data Processing Agreement with the respective host in accordance with Article 28 GDPR. In these agreements, our hosts particularly commit to only processing personal data if and to the extent that this is necessary to fulfil their service obligations.

For our 7Mind Website and for Android devices, processing should, according to our processor’s assurances (Google), occur within the EU. However, in certain instances (e.g., support cases), access to personal data from the US cannot be ruled out. Since Google LLC is certified under the Transatlantic Privacy Framework, access from or data transfer to the US is subject to the European Commission’s adequacy decision, thereby ensuring an adequate level of protection under Article 45 GDPR.

For iOS devices, processing takes place in the US. We have therefore entered into Standard Contractual Clauses with Apple to ensure an adequate level of data protection when transferring your data to the US.

Please note: For iOS devices and when transferring your data to Apple servers in the US, US authorities could therefore access your data and process it without your notification or without comparable remedies and data subject rights. Unfortunately, we have no influence over processing by US authorities.

Further information on the privacy policies and terms of use for Google and Apple can be found at the following links:
Google Privacy Policy
Apple Privacy Policy

4.1.1.2. Content Delivery Network

We also use a Content Delivery Network (CDN), a service that optimises the transmission of content over the internet. For this purpose, we use the Cloudflare service from Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA, “Cloudflare”) for our Online Services. Cloudflare routes affected data through its networks, only temporarily storing data to optimise transmission speed.

The use of the CDN is for the purpose of fulfilling contracts with our potential and existing customers (Article 6 (1) (b) GDPR) and in the interest of providing our app securely, quickly, and efficiently through a professional provider (Article 6 (1) (f) GDPR).

To ensure data processing in compliance with data protection regulations and to protect your data, we have entered into a Data Processing Agreement with Cloudflare in accordance with Article 28 GDPR. In this agreement, Cloudflare particularly commits to only processing personal data if and to the extent necessary to fulfil its service obligations.

Processing by Cloudflare occurs in the US. Since Cloudflare is certified under the Transatlantic Privacy Framework, data transfer to the US is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection under Article 45 GDPR.

Further information on Cloudflare’s privacy policy can be found at the following link:
Cloudflare Privacy Policy

4.1.1.3. Data Infrastructure and Transformation

We use the GetDBT service from dbt Labs Inc. (915 Spring Garden St Ste 500, Philadelphia, PA 19123, USA; “DBT Labs”) for our data infrastructure to transform our data, use analytics code more effectively, and create intelligent queries. DBT Labs processes data on our behalf but does not store it.

Since we use this service for our entire data infrastructure, all data we have from you may be captured and processed accordingly.

The legal basis for data processing is our legitimate interest in maintaining an integral, secure, and effective data infrastructure (Article 6 (1) (f) GDPR). Since you use our Online Services, we assume there are no overriding interests against our processing. Where processing occurs in the context of contract initiation or fulfilment with you, the legal basis is the (pre-)contractual relationship (Article 6 (1) (b) GDPR). If we have your consent, the legal basis is your consent (Article 6 (1) (a) GDPR, or if applicable, Article 9 (2) (a) GDPR). You can withdraw consent at any time by email to [email protected], with future effect. The legality of any processing that took place based on your consent before the withdrawal remains unaffected.

To ensure data protection-compliant processing and the safeguarding of your data, we have entered into a Data Processing Agreement with DBT Labs in accordance with Article 28 GDPR. Herein, DBT Labs particularly commits to only processing personal data if and to the extent that this is necessary to fulfil its service obligations.

Since DBT Labs is certified under the Transatlantic Privacy Framework, data transfer to the US is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection under Article 45 GDPR.

Further information on DBT Labs' privacy policy and terms of use can be found at the following links:
DBT Privacy Policy
DBT Terms of Use

4.1.2. Security, Monitoring, and Error Tracking

4.1.2.1. Sentry.io

To monitor the functionality of our Online Services and to detect and fix errors, we use the Sentry.io software, a service from Functional Software Inc. (45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA; “Sentry.io”). This can include, in certain cases, the processing of personal data, such as your IP address.

Where monitoring and error tracking relate to services for which a contractual relationship is being established or exists between you and us, the legal basis for processing is the (pre-)contractual relationship (Article 6 (1) (b) GDPR). Otherwise, the processing basis is our legitimate interest (Article 6 (1) (f) GDPR) in confidential, available, and integral data processing. Since you use our Online Services, we assume there are no significant interests against our processing.

To ensure data protection-compliant processing and to safeguard your data, we have entered into a Data Processing Agreement with Sentry.io in accordance with Article 28 GDPR. In this agreement, Sentry.io particularly commits to only processing personal data if and to the extent necessary to fulfil its service obligations.

As Sentry.io is certified under the Transatlantic Privacy Framework, data transfer to the US is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection under Article 45 GDPR.

Further information on Sentry.io’s privacy policy can be found in Sentry.io's Privacy Policy.

4.1.2.2. Datadog

For security purposes, error tracking, and to ensure effective and documented monitoring of all our internal system and data queries, we use the Datadog service from Datadog Inc. (620 8th Ave, 45th Floor, New York, NY 10018, USA; “Datadog”). This service allows us to quickly search, filter, and analyse log data.

The following data is processed, og data for all system and data queries, including their content und User information (e.g., name, email address, if applicable, insurance number);

The legal basis for data processing within our use of this service is our legitimate interest in integral, secure, monitored, and documented data processing (Article 6 (1) (f) GDPR). Where processing occurs in the context of contract initiation or fulfilment with you, the legal basis is the (pre-)contractual relationship (Article 6 (1) (b) GDPR). If we have your consent, the legal basis is your consent (Article 6 (1) (a) GDPR, or if applicable, Article 9 (2) (a) GDPR). You can withdraw consent at any time by email to [email protected], with future effect. The legality of any processing that took place based on your consent before the withdrawal remains unaffected.

To ensure data protection-compliant processing and to safeguard your data, we have entered into a Data Processing Agreement with Datadog in accordance with Article 28 GDPR. In this agreement, Datadog particularly commits to only processing personal data if and to the extent necessary to fulfil its service obligations.

Processing is intended to take place within the EU, according to our processor’s assurances. However, in certain instances (e.g., support cases), access to personal data from the US or data transfer to the US cannot be ruled out. We have therefore entered into Standard Contractual Clauses with Datadog to ensure an adequate level of data protection even in cases where data is accessed from or transferred to the US.

Please note: When data is transferred to Datadog servers in the US, US authorities could access your transmitted data and process it without notification or without comparable remedies and data subject rights. Unfortunately, we have no influence over processing by US authorities.

Further information on Datadog’s privacy policy can be found in Datadog’s Privacy Policy.

4.1.3. Registration and User Account

In the registration processes described below, we process personal data to create your user account and/or to provide the services you have registered for. We provide information below on the data processing activities involved.

4.1.3.1. Direct Registration in 7Mind Online Services

You can register on our website to use additional services and features (such as managing your subscription or using our web app). Within the 7Mind App, registration is required to use the app.

The data requested during registration (mandatory: email address, username, password) are necessary and must be provided in full to create a user account or to provide the requested service. However, you are neither contractually nor legally required to provide this information. If you choose not to provide this information, we will not be able to create your user account or provide the services and features.

The legal basis for processing your personal data is the (pre-)contractual relationship with you, within which we create your user account or provide the requested services and features, as per Article 6 (1) (b) GDPR.

4.1.3.2. Registration with Facebook Login

Instead of registering directly with our Online Services, you can also register using Facebook Connect. The provider of this service is Meta Platforms Ireland Ltd (Merrion Road, Dublin 4, D04 X2K5, Ireland, “Facebook”).

If you decide to register with Facebook Login and click the “Facebook Login” button, you will automatically be redirected to the Facebook platform, where you can log in with your account details. This links your Facebook profile with our Online Services. Through this link, we receive access to your data stored on Facebook, including, facebook name (mandatory field) and email address stored with Facebook (optional).

These data are used to set up, provide, and personalise your account.

Registration with Facebook Login and the associated data processing are based on your consent (Article 6 (1) (a) GDPR). You may withdraw this consent at any time with future effect by sending a simple email to [email protected]. The lawfulness of any processing that took place based on your consent before the withdrawal remains unaffected.

As far as personal data are collected on our Online Services and transmitted to Facebook through the tool described here, Meta Platforms Ireland Ltd. (Merrion Road, Dublin 4, D04 X2K5, Ireland) and we are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited exclusively to the collection and transfer of data to Facebook. Any further processing carried out by Facebook is not part of the joint responsibility.

Our mutual obligations have been outlined in an agreement for joint processing. The wording of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing data protection information when using the Facebook tool and ensuring data protection-compliant implementation of the tool on our Online Services. Facebook is responsible for the data security of Facebook products. You can exercise data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you exercise data subject rights with us, we are obliged to forward your request to Facebook.

Data transfer by Meta Platforms Ireland Ltd. to the United States and other third countries is carried out by Meta Platforms Ireland Ltd. itself, over which we have no control. Facebook bases the transfer on the EU Commission’s Standard Contractual Clauses. Further details are available here:
https://www.facebook.com/legal/EU_data_transfer_addendum.

Please note: Despite Meta Platforms Ireland Ltd. being based in Ireland, your personal data may be transferred to Meta Platform servers in the United States or other third countries if you choose this registration method. Since Meta Platforms Inc. is certified under the Transatlantic Privacy Framework, the data transfer to America is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection under Article 45 GDPR.

Further information on Facebook’s privacy policy and terms of use can be found at:
Facebook Privacy Policy
Facebook Terms of Use

4.1.3.3. Registration with Apple Account

Alternatively, you may also sign up with your Apple Account. In this case, we receive the following personal data from Apple Inc. (One Apple Park Way, Cupertino, CA 95014, USA; “Apple”) to set up and provide your user account, name, email address and authentication token.

The legal basis for processing your personal data is the (pre-)contractual relationship with you, within which we create your user account or provide the requested services and features (Article 6 (1) (b) GDPR).

You are neither contractually nor legally required to register with your Apple Account or to provide your data to Apple or us. However, your registration data is necessary to set up your user account and allow access to all services and features of our Online Services. Therefore, without providing these details, we cannot create your user account or provide our Online Services in full.

To protect your data, including during transmission, we have entered into a Data Processing Agreement and Standard Contractual Clauses with Apple, limiting data processing to service provision and ensuring adequate data protection for any transfer to the United States.

Please note: Apple is not currently certified under the Transatlantic Privacy Framework (“EU-US-DPF”), so the European Commission’s adequacy decision does not apply. When data is transferred to Apple servers in the US, US authorities could access your transmitted data and process it without notification or without comparable remedies and data subject rights. Unfortunately, we have no influence over processing by US authorities.

Further information on Apple’s privacy policy can be found at:
Apple Privacy Policy

4.1.3.4. Registration with Google Single Sign-On

You also have the option to register via Google Single Sign-On (SSO), if this is your preference. We provide this Single Sign-On functionality using the service from Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Dublin D04 E5W5, Ireland).

With Single Sign-On, you only need to sign in once to access all the services and features we offer without additional logins. Another login or verification would only be necessary if:

  • You are already logged in and we conduct a random identity check for security purposes.

  • You are logging in from a different device, in which case we will send a six-digit verification code to the phone number you have on file, which will complete your login and validate your identity as an additional security measure.

  • You opt for multi-factor authentication, which would require an additional authentication factor (e.g., entering a verification code received by SMS) during login.

If you choose to use the Single Sign-On option, we process your login data (email address, password), IP address, and the date and time of your login/validation during the initial Google validation. After validation, we only continue to process your email address to provide the Single Sign-On functionality across our services and applications without requiring additional logins.

The legal basis for this data processing is the (pre-)contractual relationship with you (Article 6 (1) (b) GDPR). If no contractual relationship is established, the basis is our legitimate interest in providing a secure, fast, and efficient Single Sign-On option through a professional provider (Article 6 (1) (f) GDPR). Given the optional nature of this service and your expressed desire to use it, we do not believe there are any conflicting interests.

To ensure data protection-compliant processing and to safeguard your data, we have entered into a Data Processing Agreement with our service provider in accordance with Article 28 GDPR. In this agreement, our service provider particularly commits to only processing personal data if and to the extent necessary to fulfil its service obligations.

Processing is intended to take place within the EU, according to our service provider’s assurances. However, in certain instances (e.g., support cases), access to personal data from the US cannot be ruled out. Since Google LLC is certified under the Transatlantic Privacy Framework, data transfer to America is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection under Article 45 GDPR.

Further information on Google’s privacy policy can be found at the following link:
Google Privacy Policy

4.1.4. eCommerce and Payment Providers

4.1.4.1. Subscriptions for Paid Services in Our 7Mind App

Within our Online Services, you have the option to subscribe to paid services. In addition to the data required for registration (see section 4.1.3 of this Privacy Policy), we collect the following information necessary to administer your subscription: purchase date, subscription start date, subscription end date, information about whether the subscription automatically renews, and a transaction ID.

The legal basis for processing this data is the (pre-)contractual relationship for accessing our paid services (Article 6 (1) (b) GDPR).

4.1.4.2. Processing Customer and Contract Data

We collect, process, and use our customers' personal data to the extent necessary to establish, structure, or modify the contractual relationship (master data). Personal data about the use of our Online Services (usage data) is collected, processed, and used only as required to enable users to access the service or to facilitate billing unless otherwise stated in this Privacy Policy.

This processing is based on Article 6 (1) (b) GDPR, which allows the processing of data for fulfilling a contract or pre-contractual measures. You are neither contractually nor legally required to provide the relevant data. However, without this information, it may not be possible to initiate, maintain, or provide the contractual relationship, or related (pre-)contractual measures for using our paid services.

4.1.4.3. Payment

Depending on your order, you have several payment options available, each of which involves the processing of specific data as required. We only share personal data with third parties when necessary for contract fulfilment, such as with the financial institution responsible for processing the payment. Additional data transfers will only occur if you have expressly consented to such transfer (Article 6 (1) (a) GDPR). We do not share your data with unauthorised third parties without your prior explicit consent.

The legal basis for processing this data is Article 6 (1) (b) GDPR, allowing data processing necessary for fulfilling a contract or taking pre-contractual measures. You are not required to provide this data by law or contract, but without it, establishing or maintaining contracts for our paid services may not be possible, nor can pre-contractual measures be taken.

4.1.4.3.1. Chargebee

Orders are processed through our service provider Chargebee Inc. (340 S. Lemon Ave, Suite 1537, Walnut, 91789, USA; “Chargebee”). Chargebee acts as our data processor, while payment processing is handled by Chargebee under its own responsibility.

To establish and fulfil a contract with you, we collect and process the necessary contractual data, including your name, address, and any necessary banking or account information.

To ensure data protection-compliant processing and safeguard your data, we have entered into a Data Processing Agreement with Chargebee under Article 28 GDPR. Chargebee commits to processing personal data only as necessary to fulfil its service obligations and only within its scope of responsibility (payment processing).

As processing occurs in the USA, we have also signed Standard Contractual Clauses with Chargebee to ensure an adequate level of data protection for any transfer to the United States.

Please note: When data is transferred to Chargebee servers in the United States, US authorities could access your transmitted data and process it without notification or comparable rights and remedies for data subjects. Unfortunately, we have no influence over processing by US authorities.

For more information on how Chargebee processes your data, please see Chargebee’s Privacy Policy.

4.1.4.3.2. Payment Processing through the Respective App Store

Payment processing is also possible through the Apple App Store (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA; “Apple”) and the Google Play Store (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When payment is processed through the app stores, 7Mind processes your email address for billing purposes. Beyond this, 7Mind does not process any additional personal data, including payment information. The app store providers themselves are responsible for handling the payment.

Please note: In the course of payment processing through the app stores, your personal data may be transferred to servers in the United States and processed there. Since Google LLC is certified under the Transatlantic Privacy Framework, the data transfer to America is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection under Article 45 GDPR. For iOS devices and when data is transferred to Apple servers in the United States, US authorities may have access to your transmitted data and process it without notification or equivalent remedies for data subjects. Unfortunately, we have no influence over processing by US authorities.

Further information on Google and Apple’s privacy policies and terms of use can be found at the following links:

4.1.5. Delivery of News and Service Communication - Braze

To send push notifications, in-app messages, and emails (such as our newsletter), we use Braze, a service provided by Braze Inc. (330 W 34th St FL 18, New York, New York 10001-2427, USA; “Braze”) as part of our Online Services.

Braze is a lifecycle engagement platform that allows us to personalise and automate lifecycle marketing campaigns across direct channels like email, mobile push notifications, and in-app messaging by using customer data.

When using Braze, the following personal data are processed: First and last name, User ID and Email addres. The legal basis for processing these data is your consent according to Article 6 (1) (a) GDPR. You may withdraw your consent at any time by sending an email to [email protected]. The lawfulness of any processing based on your consent up to the time of withdrawal remains unaffected.

To safeguard your data, we have entered into a Data Processing Agreement with Braze in line with Article 28 GDPR.

Your data is stored on Braze’s servers within the EU/EEA. In rare cases (support/maintenance), access from the United States or a data transfer to the United States cannot be ruled out. Since Braze Inc. is certified under the Transatlantic Privacy Framework, the data transfer to America is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection under Article 45 GDPR.

Further information on Braze’s Privacy Policy can be accessed at the following link: Braze Privacy Policy.

4.2. Data Processing in the Specific Context of the 7Mind Website

4.2.1. Functionality, Security, and Display of Our Website, as well as Consent Query (Cookie Banner)

When you visit our 7Mind website, it is technically necessary for your internet browser to transmit data to our web server. The following data are recorded in a server log file during an active connection between your internet browser and our web server web browser and version used, IP address of the requesting device, date and time of the server request and Referrer URL.

Additionally, the following data may be stored as part of the necessary consent query (cookie banner), IP address, consent status and date and time of any consent given

Logfile records are stored for 14 days and may be analysed to protect our website from attacks, to identify and resolve errors, and to manage server load. This processing is based on our legitimate interest in the confidentiality, availability, and integrity of data processing (Article 6 (1) (f) GDPR). We reserve the right to review log data if there is a justified suspicion of unlawful use. If illegal use is confirmed in individual cases, the relevant log files will be retained for as long as required for legal prosecution or to assert our rights (Article 6 (1) (f) GDPR).

Technically necessary cookies and similar technologies are also essential for displaying our website fully and correctly, as well as obtaining and storing your consent. Unless otherwise specified, the complete and correct display of our website constitutes a legitimate interest under Article 6 (1) (f) GDPR. The processing of personal data for the purpose of obtaining and storing your consent is achieved via CookieFirst cookies and serves to fulfil our legal obligation to ensure that non-essential cookies and technologies are not deployed without prior consent (Article 6 (1) (f) GDPR . The documentation of your consent, if provided, is carried out on the basis of Article 6 (1) (c) and Article 7 (1) GDPR, fulfilling the legal duty in this regard. If you wish to withdraw any consent given in the context of the consent query, you can do so at any time via the “Cookie Settings” feature in the footer of our website, effective for the future. Alternatively, you may delete the relevant cookie from your browser. When you revisit/reload our website, you will be prompted to provide consent once again.

Other than as described, we generally do not link the data mentioned above with other data sources.

4.2.2. Cookies and Similar Technologies

Our website uses cookies and similar technologies. “Similar technologies” refer to technical tools that can identify users without necessarily being a cookie, such as tracking pixels or LocalStorage. Cookies are text files stored in the internet browser or by the internet browser on the user’s system. When a user accesses our website, a cookie may be saved on the user’s operating system, or a tracking pixel may be triggered.

Third-party cookies or similar technologies may also be stored or triggered on your device when you visit our website (“third-party cookies”). These enable us or you to use certain services provided by the third-party company (e.g., cookies that save information about how a user arrived at our website).

Cookies contain a unique string of characters that can allow the browser to be identified upon subsequent visits to the website. They are stored temporarily for a session’s duration (session cookies), for a specific period, or permanently (persistent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Temporary cookies are deleted after a set period, while persistent cookies remain on your device until you delete them or your web browser automatically deletes them.

Technically necessary cookies and similar technologies are essential for the functionality and usability of our website. This category only includes cookies and technologies that guarantee the website’s basic functions and security features. Technically necessary cookies and technologies can be deployed without the user’s consent.

Non-essential cookies are those that are not required for the basic functionality and security of the website but are specifically used to collect personal data from the user, such as for tracking, advertisements, and other embedded content. Non-essential cookies and technologies (for example, those used for marketing, advertising, analytics, or analysis purposes) require your prior consent.

You may prevent the transfer of cookies or restrict it by changing your internet browser settings. Depending on your browser, you can also set it to inform you about cookies, only allow cookies on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and automatically delete cookies when closing the browser. Additionally, cookies can be deleted through browser settings at any time. Disabling cookies for the website may, however, result in certain functions of the website no longer being fully accessible.

When third-party or consent-based cookies and similar technologies are deployed, you will be informed of the processing activities, purposes, and legal bases within this Privacy Policy. Additional information on the cookies used by our website can also be found in our Cookie Policy.

4.2.3. Contacting Us and Making Inquiries

When you contact us (e.g., via email, chat, or contact form), we process the information you provide to handle your inquiry and to address any follow-up questions. The data processed here includes at least the contact details you provide (e.g., your email address if you send us an email) as well as other information provided by you during the initial contact or follow-up communications.

To adhere to the principle of data minimisation, we kindly ask you to limit your details to only what is necessary.

If you wish to be contacted, for instance by emailing or chatting with us or by using a contact form, the legal basis for processing is Article 6 (1) (f) GDPR. We have a legitimate interest in processing your inquiry quickly, efficiently, and thoroughly. As you are the one reaching out to us, we assume that you do not have any interests opposing our processing of your inquiry. If the contact request concerns the conclusion or fulfilment of a contract, the legal basis for processing is Article 6 (1) (b) GDPR. You are not contractually or legally required to provide your information, but without it, we may be unable to respond to your inquiry. If we have your consent, the legal basis for processing is your consent, Article 6 (1) (a) GDPR, or possibly Article 9 (2) (a) GDPR. You may withdraw any consent provided by emailing us at [email protected], effective for the future. Withdrawal of consent does not affect the lawfulness of processing carried out based on your consent before it was withdrawn.

4.2.4. Statistical Analysis, Evaluation, and Development of Our Website Services and Data Processing by Google

4.2.4.1. Statistical Evaluation and Analysis of Our Website Services

With your prior consent, we process your personal data for statistical evaluation and analysis of the use of our website and services, our business activities, and for the further development of our website. We use Google Analytics cookies to collect relevant data (see also point 4.2.4.2 of this privacy policy). The data collected in this way is:

a) converted into a neutral user ID to prevent us (but not Google) from tracing it back to you, allowing us to identify details such as the date and time of the visit and usage data without the ability to link it back to a specific person,
b) subsequently used for statistical evaluation, analysis, and improvement of our website and services, and
c) ultimately used in anonymized form for statistical evaluation of key metrics related to our business activities.

In addition to Google Analytics, we also use the Facebook Tracking Pixel (see also point 4.2.4.3 of this privacy policy) for statistical evaluation of the use of our website, to determine the referring page leading to our website, and for conversion optimization.

The personal data processed in connection with these tools includes: IP address (partially anonymized using "anonymiseIP" in the case of Google Analytics), ID and usage information.

The legal basis for using cookies and processing the aforementioned personal data based on these cookies is your consent under Art. 6(1)(a) GDPR and § 25 TTDSG. You may withdraw your consent at any time with future effect via the "Cookie Settings" function on our website or by email to [email protected]. Any processing carried out prior to the withdrawal of consent remains unaffected.

4.2.4.2. Google Analytics

For the purpose of statistical evaluation, analysis, and development of our website, we use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google"), operated in Europe by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses "cookies," which are text files stored on your device following your consent. The cookie enables Google to analyze your use of our website. Each time you access a page of the website with a Google Analytics component, the internet browser on the affected person's IT system is automatically prompted by the component to transmit data to Google for web analysis. The following personal data is collected and processed via cookies IP address (partially anonymized; "anonymiseIP"), navigation information and location information 

The legal basis for the described processing of your personal data is your consent granted to us according to Article 6(1)(a) GDPR. You may revoke your consent at any time with future effect via the "Cookie Settings" function on our website or by emailing [email protected]. Any processing carried out prior to revocation remains unaffected. 

To ensure data protection-compliant processing and the protection of your data in the context of using Google Analytics, we have entered into a data processing agreement with our service provider in accordance with Article 28 GDPR. This agreement ensures that our service provider processes personal data only to the extent necessary to fulfill their service obligations. According to our processor, processing will take place within the EU. However, access to personal data from the USA cannot be excluded in individual cases (e.g., for support cases). 

Since Google LLC is certified under the Transatlantic Privacy Framework, the corresponding access and data transfer to America is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection in accordance with Article 45 GDPR. Further information on Google's privacy policies and terms of use or the Google Analytics terms of use can be found at the following links:

4.2.4.3. Facebook Tracking Pixel

This website also uses the Facebook visitor action pixel for conversion tracking. The provider of this service is Meta Platforms Limited (Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland, "Facebook"). This pixel allows the behavior of website visitors to be tracked after they are redirected to the operator's website by clicking on a Facebook ad. This enables us to evaluate the effectiveness of our Facebook ads for statistical and market research purposes and to optimize future advertising measures. The data collected is anonymous to us as the operator of this website. We cannot draw any conclusions about the identity of users. However, Facebook processes personal data, allowing Facebook to display advertisements on Facebook pages and outside of Facebook. This use of data is beyond our control as website operators. Specifically, the following data is processed by Facebook and us IP address, Facebook user ID, navigation information and  marketing information, including viewed ads and interactions with ads, services, and products.

 The use of the Facebook tracking pixel occurs exclusively with and based on your prior consent, Article 6(1)(a) GDPR. You may revoke your consent at any time with future effect via the "Cookie Settings" function on our website. Any processing carried out before revocation remains unaffected. As far as the pixel described here collects personal data on our website and forwards it to Facebook, we and Meta Platforms Ireland Ltd (Merrion Road, Dublin 4, D04 X2K5, Ireland, "Facebook") are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook. The processing carried out by Facebook after transmission is not part of the joint responsibility and is the sole responsibility of Facebook. Our shared obligations are recorded in an agreement on joint processing, the text of which you can view here: https://​www​.face​book​.com/​l​e​g​a​l​/​c​o​n​t​r​o​l​l​e​r​_​a​d​d​endum. According to this agreement, we are responsible for providing data protection information when using the Facebook tracking pixel and for implementing the pixel on our website in a data protection-compliant manner. Facebook is responsible for the data security of Facebook products. You can assert your rights (e.g., request for information) regarding data processed by Facebook directly with Facebook. If you assert rights against us, we are obliged to forward your request to Facebook. According to Facebook, the collected data is also transmitted to the USA and possibly other third countries for processing. Since Meta Platforms Inc. is certified under the Transatlantic Privacy Framework, access and data transfer to America are subject to the European Commission’s adequacy decision, ensuring an adequate level of protection in accordance with Article 45 GDPR for EU-US data transfer. Data transfers to other third countries by Facebook are based on the EU Commission's standard contractual clauses. Details can be found here: https://​www​.face​book​.com/​l​e​g​a​l​/​E​U​_​d​a​t​a​_​t​r​a​n​s​f​e​r​_​a​d​d​endum. Note: Third countries to which Facebook transfers data may currently be classified as unsafe third countries without an adequacy decision under Article 45 GDPR or a comparable level of protection. With data transfer to Facebook, third-country authorities may access and process your data without notice or notification to you (during and even after processing) or granting you comparable remedies and rights. Unfortunately, we have no control over the processing by third-country authorities in these cases. If desired, you can disable the remarketing function "Custom Audiences" in the ad settings under the following link if logged into Facebook: https://www.facebook.com/adpreferences/ad_settings. If you do not have a Facebook account, you can deactivate Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance's website: https://www.youronlinechoices.com/de/praferenzmanagement/. Further information on Facebook's privacy policy can be found in Facebook's privacy statement at the following link: https://​de​-de​.face​book​.com/​a​b​o​u​t​/​p​r​i​vacy

4.1.4.6 Amplitude and RudderStack

We use Amplitude, Inc. as our reporting tool to gain insights into the use of our services. Data sent to Amplitude is first processed through RudderStack, our central data platform. In RudderStack, all personal identifiable information is removed from the events before being forwarded to the target systems. RudderStack only stores the data temporarily in a queue. Once the data has been reviewed and sent, it is deleted.

As part of using Amplitude’s services, app usage data is processed. The legal basis for this data processing is our legitimate interest in improving our service and analyzing usage patterns (Article 6(1)(f) of the GDPR). No conflicting interest on your part is apparent due to your intent to use the service.

To protect your data, we have concluded a data processing agreement with Amplitude in accordance with Article 28 of the GDPR. Since access to or transfer of data to the United States cannot be excluded, and Amplitude is certified under the Transatlantic Privacy Framework, the data transfer to the U.S. is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection as per Article 45 of the GDPR. Any further data transfers to other third countries are based on the EU Commission’s standard contractual clauses

4.2.5. Marketing Activities We also process your personal data as part of marketing activities for analysis, advertising, and optimization purposes. The specific data processing activities are detailed below.

4.2.5.1. Newsletter In the context of registering for our newsletter, as well as receiving and unsubscribing from our newsletter, personal data is processed by us if you choose to subscribe, provide us with the relevant data, and confirm your subscription via our double opt-in process.

As part of the new registration for our newsletter, we collect your first name and email address as well as your consent (for documentation purposes), IP address, date, and time of your consent. No additional data is collected unless voluntarily provided. This data is used exclusively to register for and send our newsletter. For the purpose of distribution, this data is stored and processed by our data processor Braze Inc. (330 W 34th St FL 18, New York, New York 10001-2427, USA; "Braze"). We also analyze and measure the success of the newsletter (such as access count, dwell time, click paths, and conversion rates). The legal basis for processing your personal data during registration for verification purposes (the “activation and confirmation email”) is our legitimate interest in legally compliant registration for our newsletter, Art. 6(1)(f) GDPR. The legal basis for processing your personal data in connection with receiving the newsletter is your consent, pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect using the unsubscribe link provided in the newsletter. The legality of processing carried out based on your consent before its revocation remains unaffected. The legal basis for processing your data for newsletter success measurement is our legitimate interest in continuously developing our newsletter, as per Art. 6(1)(f) GDPR.

In certain cases, the processing of your personal data may also be based on our legitimate interest in promoting our products and services (Art. 6(1)(f) GDPR), for example, if you are an existing customer of our company (see also Recital 47 GDPR).

Upon unsubscribing from our newsletter, your aforementioned personal data will be removed from the distribution list, but your email address will be stored in a blacklist by our data processor, Braze, to prevent future mailings. Data stored by us for other purposes remains unaffected. Data in the blacklist is only used to prevent future mailings and is not combined with other data. This serves both your interest and ours in complying with legal requirements for newsletter distribution (legitimate interest according to Art. 6(1)(f) GDPR). Blacklist storage is not time-limited. If you object to the storage, we will delete your personal data if your interests outweigh our legitimate interest.

Please note: To protect your data, we have entered into a data processing agreement with Braze Inc. according to Art. 28 GDPR. Your data is stored on Braze servers within the EU/EEA. In individual cases (support/maintenance), access from or data transfer to the USA cannot be excluded. Since Braze Inc. is certified under the Transatlantic Privacy Framework, the relevant data transfer to America is subject to the European Commission's adequacy decision, ensuring an adequate level of protection in accordance with Art. 45 GDPR.

Further information on Braze's data protection policies can be accessed via the following link: Braze Privacy Policy.

4.2.5.2. Social Plugins and Promotion of Social Media Presence

4.2.5.2.1. Facebook Plugins (Like & Share Button) This website integrates plugins from the social network Facebook. The service provider is Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland; "Facebook").
The Facebook plugins are identifiable by the Facebook logo or the "Like" button on this website. A complete overview of Facebook plugins is available here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When you visit this website, the plugin establishes a direct connection between your browser and Facebook's server. This allows Facebook to receive information that you visited our website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This enables Facebook to associate your visit to our website with your user account.
We note that as the provider of this site, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's Privacy Policy at: https://de-de.facebook.com/privacy/explanation.
If you do not want Facebook to be able to assign your visit to this website to your Facebook account, please log out of your Facebook account.
We use Facebook plugins based on our legitimate interest in achieving as much visibility on social media as possible, Art. 6(1)(f) GDPR. If consent has been requested, processing occurs exclusively on the basis of Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect via the "Cookie Settings" function on our website. The legality of processing carried out on the basis of your consent before its revocation remains unaffected.
If personal data is collected on our website via this tool and forwarded to Facebook, Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland; "Facebook") and we are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited solely to data collection and its transmission to Facebook. Any subsequent processing by Facebook is not part of our joint responsibility and is solely the responsibility of Facebook. Our shared obligations are detailed in a joint processing agreement, available here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook plugin and for implementing the plugin on our website securely. Facebook is responsible for the data security of Facebook's products. You can exercise your rights (e.g., access requests) regarding data processed by Facebook directly with Facebook. If you assert rights with us, we are obligated to forward your request to Facebook.
According to Facebook, the collected data is also transferred to the USA and potentially other third countries, where it is processed. Since Meta Platforms Inc. is certified under the Transatlantic Privacy Framework, the data transfer to America is covered by the European Commission's adequacy decision, ensuring an adequate level of protection according to Art. 45 GDPR for the EU-US data transfer. Facebook relies on the EU Commission's Standard Contractual Clauses for data transfers to other third countries. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum.
Please note: Third countries to which Facebook transfers data may currently be classified as unsafe, meaning there is no adequacy decision per Art. 45 GDPR nor a comparable level of protection. Transferring your data to Facebook could expose it to foreign authorities that may access and process it without providing you with any notice or comparable legal remedies and data subject rights (during and even after processing). Unfortunately, we have no control over processing by foreign authorities in these cases.
For more information on Facebook's privacy policy, please visit: https://de-de.facebook.com/about/privacy/.

4.2.5.2.2. Twitter/X Plugin This website includes features from the Twitter/X service. These features are offered by X Corp. (Suite 900, 1355 Market Street, San Francisco, California, 94103, USA; "Twitter").
By using Twitter/X and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter.
We note that the processing through the Twitter plugin is done by Twitter as the data controller, and as the operator of this website, we have no knowledge of the data sent to Twitter or its use by Twitter.
The use of the Twitter plugin is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in achieving as much visibility as possible on social media. If consent has been requested, processing occurs exclusively on the basis of Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect via the "Cookie Settings" function on our website. The legality of processing based on your consent before its revocation remains unaffected.
Since Twitter/X processes data in the USA, we have concluded Standard Contractual Clauses with Twitter/X to ensure an adequate level of data protection for the data transfer to the USA and processing there. Details are available here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
Please note: With your data being sent to Twitter servers in the USA, U.S. authorities could gain access to your data and process it without providing notice or comparable legal remedies and data subject rights (during and even after processing). We unfortunately have no control over the processing by U.S. authorities in these cases.
You can change your Twitter/X privacy settings in your account settings at https://twitter.com/account/settings.
For more information on Twitter's privacy policy, please visit: https://twitter.com/de/privacy.

4.2.5.2.3. SoundCloud Plugin

Our website integrates plugins from the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK; “SoundCloud”).
You can identify SoundCloud plugins by the SoundCloud logo on the relevant pages. When you visit our pages, activating the plugin establishes a direct connection between your browser and the SoundCloud server. SoundCloud thereby receives the information that you visited our page with your IP address.
If you click the “Like” or “Share” button while logged into your SoundCloud account, you can link or share content from our pages with your SoundCloud profile. This enables SoundCloud to associate your visit to our pages with your user account.
Please note that data processing through the SoundCloud plugin is managed by SoundCloud as the data controller, and as the operator of this website, we have no knowledge of the content of the data transmitted to SoundCloud or how SoundCloud uses it.
The use of the SoundCloud plugin is based on Art. 6(1)(f) GDPR. As the website operator, we have a legitimate interest in achieving as much visibility as possible on social media. If your consent has been requested (e.g., consent to store cookies), processing is based exclusively on your consent, Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect via the “Cookie Settings” on our website. The legality of processing carried out based on your consent before its revocation remains unaffected.
Please note: If you do not want SoundCloud to assign your visit to our pages to your SoundCloud account, please log out of your SoundCloud account before activating any SoundCloud plugin content.
Further information about SoundCloud’s privacy policy can be found at: https://soundcloud.com/pages/privacy.

4.2.5.2.4. Promotion of Our Social Media Presence Through External Text or Graphic Link

We also promote our presence on the following social networks on our website:

  • Facebook – Social network of Meta Platforms Inc. (1601 Willow Road, Menlo Park, CA 94025, USA), operated in Europe by Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland).

  • Instagram – Social network of Meta Platforms Inc. (1601 Willow Road, Menlo Park, CA 94025, USA), operated in Europe by Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland).

  • LinkedIn – Social network of LinkedIn Corporation Inc. (1000 West Maude Avenue, Sunnyvale, CA 94085, USA), operated in Europe by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland).

  • Twitter/X – Microblogging service of X Corp. (Market Square, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA).

  • YouTube – Social video platform of YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA), a subsidiary of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), operated in Europe by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

The integration is via a text link or a linked graphic of the network. This prevents an automatic connection to the respective social network server when our website is accessed. Only by clicking on the respective link is the user redirected to the social network’s service.
Once redirected, the social network collects information about the user. It cannot be ruled out that data processing of the information collected occurs in the USA. The website operator has no control over data processing performed by the social network once the user is redirected.
The personal data processed in this context includes the IP address, date, time, and the page visited. If the user is also logged into their account on the respective network, the network provider may associate the information with the user’s personal account. If the user interacts via a “share” button, this information may be saved and potentially published in the user’s account. To prevent immediate association of collected information with the user’s account, the user should log out of their social media account before clicking the provided graphic link. They can also configure their account settings accordingly.
The legal basis for integrating links on our website is our legitimate interest in promoting and gaining visibility for our social media presence, Art. 6(1)(f) GDPR. No overriding interests are apparent.
Please note: By clicking on the respective link, you will be redirected to the social network’s website. Your personal data may then be transferred to servers in the USA or accessed from the USA, despite the European location of network subsidiaries. While Meta Platforms Inc. (Facebook, Instagram) and Google LLC (YouTube) are certified under the Transatlantic Privacy Framework, ensuring adequate protection per the European Commission’s adequacy decision and Art. 45 GDPR, Twitter/X and LinkedIn are not currently certified under the framework. This means the adequacy decision of the European Commission does not apply to Twitter/X and LinkedIn. When transferring data to these networks’ servers in the USA, U.S. authorities may gain access to your data without notice or comparable legal remedies or data subject rights (both during and after processing). Unfortunately, we have no control over processing by U.S. authorities.
Further information on the respective social networks’ privacy policies can be found at the following links:

4.2.5.3. Zendesk

To handle user inquiries, we use the customer relationship management system Zendesk. The provider is Zendesk Inc. (1019 Market Street in San Francisco, CA 94103, USA; “Zendesk”).
With Zendesk, you can submit inquiries by providing only your email address, without needing to provide further personal data.
Our website also allows you to send messages via a chat window. The chat functions are provided by Zendesk. When you use this chat window, we store your chat messages along with your IP address. Providing your name is not required for the chat.
When you contact us via Zendesk functions, we process your data and information to handle your inquiry and any follow-up questions. To adhere to the data minimization principle, we request that you limit your information to what is necessary.
If you wish to contact us, such as by sending an email or chat message, the legal basis for processing is Art. 6(1)(f) GDPR. We have a legitimate interest in promptly, efficiently, and fully handling your inquiry. Since you initiate contact with us, we assume no conflicting interests prevent us from processing your inquiry. If your inquiry aims to conclude or fulfill a contract, the legal basis is Art. 6(1)(b) GDPR. You are neither contractually nor legally obligated to provide your data. However, if you do not provide your data, we may be unable to process your inquiry. If we have your consent, the legal basis for processing is your consent, Art. 6(1)(a) GDPR or, if applicable, Art. 9(2)(a) GDPR. You may revoke your consent at any time with future effect via the “Cookie Settings” function on our website. The legality of processing carried out based on your consent before its revocation remains unaffected.
To ensure compliant processing and data protection, we have concluded a data processing agreement according to Art. 28 GDPR with Zendesk.
Zendesk processes personal data in the USA. Since Zendesk Inc. is certified under the Transatlantic Privacy Framework, the transfer of data to the USA is covered by the European Commission's adequacy decision, ensuring adequate protection under Art. 45 GDPR.
If you do not wish your inquiry to be handled by Zendesk, you can alternatively contact us directly by email at [email protected].
Further information on Zendesk’s privacy policy can be found here: https://www.zendesk.de/company/customers-partners/privacy-policy/.

4.2.5.4. Unbounce

We use Unbounce, a service provided by Unbounce Marketing Solutions Inc. (Unbounce Marketing, 400-401 West Georgia Street, Vancouver, BC V6B 5A1, Canada; “Unbounce”), to host landing pages for special campaigns. Your IP address is transmitted to and processed by Unbounce.
The legal basis for data processing is our legitimate interest in providing and promoting our special campaigns, Art. 6(1)(f) GDPR. As you show interest in or participate in our special campaigns, we assume there are no significant opposing interests on your part regarding this processing. If the provision and promotion of our special campaigns occur in the context of prospective or existing contractual relationships, the legal basis for processing is the contractual relationship in accordance with Art. 6(1)(b) GDPR. If we have received your consent, the legal basis for processing is your consent under Art. 6(1)(a) GDPR and, if applicable, Art. 9(2)(a) GDPR. You can withdraw your consent at any time with future effect through the “Cookie Settings” feature on our website. The legality of processing carried out based on your consent until revocation remains unaffected.
To protect your personal data, we have entered into a data processing agreement with Unbounce in accordance with Art. 28 GDPR, obligating Unbounce to safeguard our customers’ data and to refrain from sharing it with third parties. The data transfer to Canada is also governed by the European Commission’s adequacy decision for Canada, ensuring an adequate level of protection under Art. 45 GDPR.
Further information about Unbounce’s data protection policies can be found in Unbounce’s Privacy Policy.

4.3. Data Processing in the Specific Context of the 7Mind App

4.3.1. App Download, Technically Necessary Data Collection, Consent Requests

4.3.1.1. Downloading the 7Mind App from the App Store

When you download our app, you transfer personal data to the operator of the respective app store. This includes your email address, download timestamp, and unique device identifier, among other details. We have no control over this data processing and are not responsible for it. No personal data is transmitted to us as part of this process.

4.3.1.2. App Permissions

The 7Mind App uses the following permissions:

  • Permission: Internet Access

  • Purpose: Establishing a connection and communication with the hosting service

4.3.1.3. Technically Necessary Data Collection and Consent Requests

When accessing our app, your device automatically transmits data to us that is required for technical reasons.
The following data is processed by us in this context IP addres, navigation data and device details. 

Additionally, the following data is stored as part of the required consent request (cookie banner) IP address, consent status and details.

The collection of technically necessary data is based on Art. 6(1)(f) GDPR. We have a legitimate interest in providing our app securely, without technical issues, and in an aesthetically pleasing manner. Collecting technically necessary data, including in log files, is essential for this. Log file data is evaluated as needed to protect our app against attacks, troubleshoot issues, and manage server load. This is also where our legitimate interest in confidential, available, and secure data processing is founded, Art. 6(1)(f) GDPR. We reserve the right to further process log file data if there is specific evidence of unlawful use.

Furthermore, we process personal data to obtain and manage your consent. Due to the legal obligation arising from § 25 TTDSG to ensure that non-essential cookies and technologies are not used without your prior consent, we request your consent via our cookie banner. Storing your consent preferences serves two purposes: first, to ensure that non-essential cookies and technologies are only used with your prior consent (a legitimate interest under Art. 6(1)(f) GDPR) and second, to meet statutory documentation and proof requirements, Art. 6(1)(c) in conjunction with Art. 7(1) GDPR. You can withdraw your consent at any time by emailing [email protected] with future effect.
No combination of the aforementioned data with other data sources is undertaken on our part.

4.3.3. Statistical Evaluation, Analysis, and Further Development of Our 7Mind App

4.3.3.1. Firebase and Google Analytics for Firebase

4.3.3.1.2. Data Processing by Google within the Scope of Our Use of Firebase and Google Analytics for Firebase

As part of our use of Firebase, particularly Google Analytics for Firebase, Google also processes the personal data listed in the previous section. Currently, agreements among controllers with Google are not feasible, so we entered into a data processing agreement with Google to protect your data. The legal basis for the described processing of your personal data by Google is as follows:

  • For our use of Google Analytics for Firebase: your consent under Art. 6 (1) (a) GDPR. You can withdraw consent at any time with future effect by emailing us at [email protected]. The legality of processing conducted on the basis of consent up to the time of withdrawal remains unaffected.

  • For our use of other Firebase tools: the contract initiation or performance between you and us under Art. 6 (1) (b) GDPR, or if no contractual relationship exists, our legitimate interest in providing app functions in a straightforward and efficient manner, per Art. 6 (1) (f) GDPR. Given that you use our app functions, we assume that your interests do not override our data processing requirements.

Please note: Even though Google Ireland Ltd. is based in Ireland, your personal data, including the IP address of your internet connection, may be transmitted to or accessed from Google servers in the USA. Since Google LLC is certified under the Transatlantic Privacy Framework, access to or data transfer to the USA is subject to the European Commission’s adequacy decision, ensuring an adequate level of protection per Art. 45 GDPR.

More information on Google’s privacy policies, terms of service, Firebase terms of use, and data processed with Firebase tools is available at:

4.3.3.2. RudderStack

We use RudderStack, an open-source Customer Data Platform (CDP) provided by RudderStack, Inc. (96 S. Park Street, San Francisco, 94107, USA; “RudderStack”), to collect data from our app for analysis and further development. RudderStack processes the following personal data for us UserID, IP Address, device and browser details.

The legal basis for processing your personal data is your consent under Art. 6 (1) (a) GDPR. You can withdraw consent at any time with future effect by emailing us at [email protected]. The legality of processing conducted on the basis of consent up to the time of withdrawal remains unaffected.

To ensure data protection compliance and the security of your data, we entered into a data processing agreement with RudderStack under Art. 28 GDPR, obligating RudderStack to process personal data only as necessary to fulfill its service obligations.

Data storage is conducted on 7Mind Cloud servers, and RudderStack does not permanently store data. Excluded from this are aggregate counts for event names, event types, source ID, destination ID, and error codes. Processing by RudderStack occurs in the USA. We also entered into standard contractual clauses with RudderStack to ensure adequate data protection.

Please note: If data is transferred to RudderStack servers in the USA, US authorities could access and process your data without prior notice or the ability to exercise equivalent legal remedies and rights. Unfortunately, we have no influence over data processing by US authorities.

Further information on RudderStack’s privacy policy and data structure can be found in the RudderStack Privacy Policyand RudderStack Data Structure.

4.3.3.3. Adjust
We use Adjust, a service provided by Adjust GmbH (Saarbrücker Str. 37A, 10405 Berlin, Germany; “Adjust”), in our app to analyze app usage and assess the success of specific marketing campaigns. For this purpose, we store an ID as well as certain actions performed within our app (e.g., registration, login, starting a course, receiving push notifications, etc.).
The use of this service is based solely on your prior consent under Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with future effect by emailing [email protected]. The legality of the processing conducted based on consent up to the time of withdrawal remains unaffected.
Further information about Adjust's data protection provisions can be found in the Adjust Privacy Policy.

4.3.2.4 Algolia

In our Aapp, we use a service provided by Algolia SAS (55 Rue d'Amsterdam, 75008 Paris, France, "Algolia") to develop a better search function that enhances the user experience and contributes to fulfilling the purpose of the contract. In doing so, Algolia processes data on our behalf. The data processed by Algolia generally consists of the user’s input into the app’s search bar. Additionally, the following personal data may be processed: IP address.

The legal basis for the data processing is our legitimate interest in improving the search function of our app (Article 6(1)(f) GDPR). Since you benefit from this improvement, we assume that our processing does not conflict with any overriding interest on your part.

To ensure that your data is processed and protected in accordance with data protection regulations, we have signed a data processing agreement with Algolia under Article 28 of the GDPR. In this agreement, Algolia specifically guarantees that it will process personal data only if, and to the extent that, it is necessary to fulfill its performance obligations.

4.3.4. Contentful
We also use Contentful, provided by Contentful GmbH (Max-Urich-Straße 3, 13355 Berlin, Germany; “Contentful”), for creating and managing content in our app. The data processed by Contentful usually consists of editorial material intended for our app, but the following personal data may also be processed IP address.

No "special categories of personal data" or other sensitive personal data from app users are transferred.
The use of Contentful is based on contract fulfillment towards potential and existing customers (Art. 6 (1) (b) GDPR) and our interest in providing a secure, quick, and efficient content creation process for our app (Art. 6 (1) (f) GDPR).
To ensure data protection compliance, we entered into a data processing agreement with Contentful under Art. 28 GDPR. This agreement ensures that Contentful processes personal data only as required to fulfill its obligations.
Contentful processes data in the USA and potentially in other third countries. We have also established standard contractual clauses with Contentful to ensure adequate data protection during international transfers.


Note:  If data is transmitted to Contentful servers in the USA, US authorities may access and process your data without notice or comparable legal remedies or rights. We have no influence over this.
More information about Contentful’s privacy policy can be found in the Contentful Privacy Policy.

4.3.5. Apple HealthKit
We can also transfer certain information to the Apple HealthKit App upon your instruction. HealthKit is operated by Apple Inc. (One Apple Park Way, Cupertino, CA 95014, USA; “Apple”).
Your data is then transferred exclusively and directly to your Apple HealthKit App and stored locally on your device. We do not transmit this data to any third parties and only make it available to another app on your device upon your instruction and approval.
The legal basis for the processing in this transfer is your instruction and consent under Art. 6 (1) (a) GDPR.
When data is transferred, your personal data, including your IP address, may be transmitted to or accessed from Apple servers in the USA. We have entered into standard contractual clauses with Apple to ensure adequate data protection during this transfer.
Note: If data is transferred to Apple servers in the USA, US authorities could access and process your data without notice or comparable legal remedies or rights. We have no control over this.
More information on Apple’s relevant data protection provisions can be found in the Apple Privacy Policy.

5. Legitimate Interests
Where not otherwise specified in this privacy policy, if we base the processing of your personal data on legitimate interests in accordance with Art. 6 (1) (f) GDPR, these interests include the provision, security, and display of our online offerings, protection against misuse, identification and resolution of errors, consent queries to ensure lawful cookie use, enforcement or defense against legal claims, and addressing any queries.

6. Categories of Recipients of Personal Data

6.1. Data Processors
When processing your data, we work with service providers bound by our instructions and who have access to your data based on binding data processing agreements under Art. 28 GDPR. You can find a list of the service providers we currently work with in Section 4 of this privacy policy or request it via email at [email protected].

6.2. Other Recipients
Apart from the cases listed in this privacy policy, we only share your personal data without your explicit prior consent in the following cases:

  • Government or other authorized entities, as permitted or required by law: If it is necessary to investigate illegal use of our online offerings or for law enforcement purposes, personal data may be shared with law enforcement authorities and possibly affected third parties. This only occurs when there are concrete indications of illegal or abusive behavior. Data may also be shared to enforce terms of use or other agreements. Additionally, we are legally obliged to provide certain authorities with information on request, including law enforcement agencies, authorities that prosecute administrative offenses, and tax authorities. This data sharing is based on our legitimate interest in combating misuse, prosecuting criminal offenses, and securing, asserting, and enforcing claims, provided your rights and interests in protecting your personal data do not outweigh these interests, Art. 6 (1) (f) GDPR, or based on a legal obligation under Art. 6 (1) (c) GDPR.

  • We may also share personal data with auditors, accounting service providers, lawyers, banks, tax advisors, and similar entities if necessary for service provision (Art. 6 (1) (b) GDPR), proper business operations, including enforcing or defending legal claims, and legal proceedings (Art. 6 (1) (f) GDPR) or if required by law (Art. 6 (1) (c) GDPR).

  • Any successor to our business or part thereof, provided it is legally permitted and necessary.


7. Transfer to Third Countries
As detailed in Section 4 of this privacy policy, data processing within our online offerings takes place within the European Economic Area and in the United States, a third country with an adequacy decision from the European Commission (Art. 45 GDPR), generally ensuring an adequate level of protection.
However, as U.S. companies must first self-certify under the Transatlantic Privacy Framework ("EU-US DPF") and be listed by the U.S. Department of Commerce to benefit from the adequacy decision’s provisions, our data processors and we, when certification is absent, strive to implement appropriate safeguards to protect your privacy and data security. Consequently, our U.S. data transfers not already covered by the European Commission's adequacy decision continue to be based on legally prescribed contractual or other provisions designed to ensure adequate data protection. You can request to view these safeguards, which rely on guarantees under Art. 46 GDPR or, if applicable, provisions of Art. 49 GDPR, along with any necessary additional security measures. Note: If you would like more information, please contact us anytime at [email protected].

8. Retention Period
Unless a specific retention period is mentioned in this privacy policy, we store your personal data only as long as necessary to achieve the respective processing purpose. We retain your data: (i) if you have consented to processing, no longer than until you withdraw your consent; (ii) if we need the data to initiate or perform a contract, only as long as the contractual relationship with you is in effect or completed (including the defense and enforcement of claims within statutory limitation periods); (iii) if we process the data based on a legitimate interest, only as long as your interest in deletion or anonymization does not outweigh our interest.
Data may also be stored if required by European or national lawmakers in regulations, laws, or other provisions applicable to the controller (e.g., tax law, commercial law, anti-money laundering), or if needed to secure, assert, or enforce legal claims (Art. 6 (1) (f) GDPR). To avoid violating legal regulations or losing the ability to assert or defend claims, we reserve the right to delete data only after the expiration of the longest retention period that justifies its storage.

9. Your Rights as a Data Subject

When processing your personal data, the GDPR grants you the following rights. You can exercise the rights described in Sections 9.1 to 9.7 at any time by sending an email to [email protected]. The complaint right described in Section 9.8 should be directed to the relevant supervisory authority.

Please Note: When exercising your rights under Articles 15 to 22 of the GDPR, your personal data will be processed to handle your request and provide proof of processing. The legal basis for this documentation is either Art. 6(1)(c) GDPR, where we are legally required to demonstrate compliance, or our legitimate interest in evidence-based enforcement of legal rights under Art. 6(1)(f) GDPR.

9.1. Right of Access (Art. 15 GDPR in conjunction with §§ 29, 34 BDSG)
Under Art. 15 GDPR and §§ 29, 34 BDSG, you have the right to request confirmation as to whether personal data concerning you is being processed. If it is, you have the right to access this data and the details listed in Art. 15 GDPR.

9.2. Right to Rectification (Art. 16 GDPR)
You have the right to promptly request the rectification of inaccurate personal data and the completion of incomplete data concerning you.

9.3. Right to Erasure (Art. 17 GDPR)
You have the right to request the immediate erasure of your personal data if the conditions outlined in Art. 17 GDPR are met and no legal provision justifies further processing.

9.4. Right to Restrict Processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g., if you dispute the accuracy of the data processed or have objected to the processing. If you exercise this right, the processing of the data will be restricted, except for storage, and will only be processed with your consent, to assert or defend legal claims, to protect the rights of another person, or for significant public interests of the EU or a member state.

9.5. Right to Data Portability (Art. 20 GDPR)
Under specific circumstances outlined in Art. 20 GDPR, you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to have this data transmitted to another controller. If you request the direct transfer of data to another controller, this will only be done if technically feasible.

9.6. Right to Object (Art. 21 GDPR)
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR, including profiling based on these provisions. If you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims (objection under Art. 21(1) GDPR in conjunction with § 36 BDSG).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your data for this purpose, including profiling related to direct marketing. If you object, your personal data will no longer be used for direct marketing (objection under Art. 21(2) GDPR).

9.7. Right to Withdraw Consent
You also have the right to withdraw your consent to the processing of personal data at any time with future effect. You can change your consent status using our provided settings or send an informal message to the above email address. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

9.8. Right to Lodge a Complaint with a Supervisory Authority
Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, workplace, or where the alleged infringement occurred if you believe that processing of your personal data violates the GDPR or other data protection regulations. This right to lodge a complaint is without prejudice to other administrative or judicial remedies.

UK Supervisory authority: Information Commissioner´s Office:

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Link: https://ico.org.uk/make-a-complaint/

The supervisory authority responsible for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit
Address: Alt-Moabit 59-61, 10555 Berlin
Telephone: +49 (0) 30 13889-0
Fax: +49 (0) 30 2155050
Email: [email protected]

10. Necessity of Providing Personal Data
You are neither legally nor contractually obliged to provide your personal data. However, providing personal data may be necessary for (pre-)contractual purposes or technically required.
Regarding our online services, the necessary personal data for use is generally marked as such or collected as part of technical requirements. Failure to provide this data may result in certain functionalities being unavailable or inaccessibility of our services.
If in doubt, you can contact us at [email protected] to determine if data provision is technically or contractually required and what consequences may result from not providing data in specific cases.

11. Automated Decision-Making
We do not use automated decision-making mechanisms, including profiling, that produce legal effects concerning you or significantly affect you.

12. Data Security
We strive to ensure the security of your data to the maximum extent permitted by applicable data protection laws and technical means. To protect your data, we maintain technical and organizational security measures per Art. 25 and 32 GDPR, which we continually adapt to the latest technological standards.
If we use third-party services to process your data, we select them carefully and in compliance with legal requirements.
Note: For further information, please feel free to contact us at [email protected].

13. Version and Changes to This Privacy Policy
We reserve the right to change this privacy policy at any time, in compliance with applicable laws and regulations.
The version of this privacy policy available online at the time of your visit applies to your use of our 7Mind online services. The current version of this privacy policy is always accessible at www.7mind.co/uk/privacy

14. Country-specific provisions

14.1 Canada

This section supplements the Privacy Policy and applies to the collection, use, disclosure and retention of personal data by 7mind while operating in Canda, in the context of their commercial activities. Except as noted below, nothing in this Canada-specific section changes or modifies the Privacy Policy, in case of conflict between the Privacy Policy and this Canada-specific section, the terms of this Canada-section section shall prevail.

14.1.1 Rights
Notwithstanding section 9 of the DPN, as provided by and in accordance with Canadian data protection laws you have the following rights with respect to your personal data:

  • You can request access to your personal data.

  • You can ask for the correction of your personal data if it is inaccurate, incomplete or no longer up to date in accordance with applicable laws.

  • You can withdraw your consent to our collection, use and disclosure of your personal data, except in limited circumstances, including legal or regulatory requirements or as a result of a contractual obligation (for instance, if you are a representative of our client and we need to process your personal data in order to provide services to our client).

Should you wish to exercise these rights, please refer to the “Contact Us” subsection of this Canada-specific section. You can also unsubscribe from receiving commercial electronic messages from us by following the unsubscribe procedure included in these messages.

14.1.2 Collection, use and sharing of personal data
Our collect, use and share your personal data is done on the basis of your consent (which may be implied or obtained by our client or provider rather than by us directly), unless we are otherwise permitted to process your personal data without consent under Canadian data protection laws (for instance, when a consent exception applies). Note that we may use or share personal data in order to comply with Canadian laws and regulations that are equivalent to those mentioned in section 4 of this Privacy Policy (which relate to jurisdictions other than Canada).

The categories of data processors and service providers which perform services on our behalf and with whom we may share your personal data are: providers offering IT services, accounting services, logistics and procurement services; printing services; telecommunication services; debt collection services; compliance and due diligence services, advisory and distribution services, marketing and communications services as well as financial institutions or brokerage firms providing trade execution, cash management and clearing services, and providers of similar services required to support our activities in Canada.

14.1.3 International transfers of personal data
We may transfer your personal data outside Canada, including when we share personal data or transfer personal data to service providers located in other jurisdictions. As a result of such transfers, your personal data may be available to government authorities under lawful orders and laws applicable in foreign jurisdictions.

14.1.4 Data retention
We may anonymize personal data at the expiration of the retention period described in section 8 of the Privacy Policy, so that it can no longer directly or indirectly identify you.

14.1.5 Contact Us
If you wish to exercise the rights set out in the “Rights” subsection of this Canada-specific section, or if you have any questions or complaints relating to this Canada-specific section or our personal data processing practices, please contact [email protected] 

14.2 California Notice at Collection

14.2.1 General Information

7mind (including applicable subsidiaries) (“we”, “our”), is responsible for collecting and processing your personal information in relation to our service provision.

We may collect personal information and sensitive personal information as described section 4 of our Privacy Policy for the purposes described.

We do not, and have never, sold the personal information of California residents.  As of Dezember 2024, we do not share personal information to facilitate cross-context behavioral advertising.  To the extent you have questions about this practice, please email us at [email protected].

We will retain your personal information for the longer of:

  • the period required by applicable law;

  • such other period consistent with our policies and procedures.

Most personal information collected in relation to a specified client is kept for the duration of the contractual relationship plus a specified number of years after the end of the contractual relationship or as otherwise required by applicable law.

If you would like further information on the period for which your personal information will be stored or the criteria used to determine that period please contact us by referring to section 8 of our Privacy Policy.

If you have any questions about this Notice or need to access it in an alternative format due to having a disability, please contact us: [email protected] 

14.2.1 Additional Information for California Residents
In addition to the above disclosures, the following applies to the personal information of California residents covered by the California Consumer Privacy Act, as amended (“CCPA”):

  • Personal information is defined under the CCPA to include any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with a particular California consumer or household. Examples include, but are not limited to, social security numbers, bank and credit account information, transaction histories, credit information, and biometric data.

  • In the preceding 12 months, we have disclosed each category of personal information identified in section 4 of this Privacy Policy with one or more of the categories of recipients identified in this Privacy Policy for the business purposes described therein.

  • If we collect sensitive personal information, we do not use sensitive personal information for purposes that the CCPA permits you to limit.

  • A consumer may request that we disclose to you (a) the categories of personal information the we have collected about you, (b) the categories of sources from which the personal information is collected, (c) the purpose for collecting the personal information, (d) the categories of third parties with whom we share personal information, and (e) the specific pieces of personal information that we have collected about you.

  • This notice provides: the purpose for collecting and/or sharing your personal data (section 4); the types of personal data we collect and/or share about you (section 4); the categories of sources from which your personal data is collected (section 4); and the categories of personal data we share with third parties (section 4 and 6).

  • A consumer may request to have their personal information deleted, to the extent required by law.

  • A consumer may request that we correct inaccurate personal information that we maintain about that consumer.

  • A consumer has a right to receive non-discriminatory treatment by a covered business for the exercise of privacy rights conferred by CCPA.

  • If you would like to exercise your rights under CCPA, or if you are a parent, guardian or legal representative making a request on behalf of a California resident, you may do so by email at: [email protected]

  • Please note that identities of individuals requesting deletion or disclosure of their personal information must first be verified.  Your request must provide sufficient information to allow us to properly respond to your request. The identifying information provided in your request may be verified against third party databases for identification purposes. We are unable to respond to your request if we are unable to verify your identity.  Some personal information we process may not be subject to the rights described above.  For example, other laws may apply to certain personal information we process.  In that circumstance, we will follow the law that applies to the personal information at issue.

Data Privacy Documentation updated: 26.11.2024