Last Updated: January 2024
Mind & Business Mastery’s website pages can be accessed without providing any personal information. However, if you wish to access specific services offered by us through our website, it may be necessary to process personal data. In cases where processing personal data is required and there is no legal basis for such processing, we typically seek consent from you.
The collection and handling of your personal information, including but not limited to the name, address, email address, or telephone number, will always comply with the General Data Protection Regulation (GDPR) and follow the country-specific data protection regulations applicable to Mind & Business Mastery.
Who is responsible and how you can contact us
The person in charge of handling your personal information as defined by Article 4, Paragraph 7 of the EU Data Protection Regulation (GDPR) is:
c/o Block Services
Stuttgarter Str. 106
+49 (0) 1771960907
Data Protection Officer
c/o Block Services
Stuttgarter Str. 106
+49 (0) 1771960907
Purpose and legal basis
This data protection policy ensures compliance with legal obligations in terms of transparency in handling personal data. Personal data refers to any information that pertains to an identified or identifiable individual, such as their name, age, address, telephone number, date of birth, email address, IP address, or user behavior on our website. Data that cannot be linked to an individual, for instance through anonymization, is not considered personal data. The processing of personal data, including collection, retrieval, usage, storage, or transmission, always necessitates a legal basis and a clearly defined purpose.
Personal data that has been stored will be erased once the processing objective has been fulfilled and there are no legitimate grounds for keeping the data. Throughout the processing activities, we will provide you with information regarding the specific durations or criteria for retaining the data. However, we may retain your personal data in certain instances to uphold, exercise, or defend legal claims, as well as to comply with legal obligations for data retention.
Who receives your data
The personal data that we handle on our website will only be shared with third parties if it is essential to achieve the intended purposes and is supported by the appropriate legal grounds in each specific situation (such as consent or safeguarding legitimate interests). Additionally, we may disclose personal data to third parties in order to assert, exercise, or defend legal claims on an individual basis. Examples of potential recipients include law enforcement agencies, lawyers, auditors, and courts.
Personal data may be shared with service providers who operate our website and process data on our behalf in compliance with Article 28 of the GDPR.
Under the General Data Protection Regulation (GDPR), you possess the following rights:
As per the provisions outlined in Article 15 of the GDPR, you are entitled to request information from the controller regarding the processing of your personal data. If you wish to exercise this right, you can contact the controller at any time.
As per the provisions outlined in Article 16 of the GDPR, you are entitled to request the controller to rectify any inaccurate personal data without any unnecessary delay. Furthermore, you have the right to request the completion of incomplete personal data, which can be achieved by providing a supplementary statement, considering the purpose of the processing.
As per the provisions outlined in Article 17 of the GDPR, you are entitled to request the deletion of the data we retain, unless processing is required (i) to exercise the right to freedom of expression and information; (ii) to fulfill a legal obligation; (iii) for reasons of public interest; or (iv) to assert, exercise or defend legal claims.
As per the provisions outlined in Article 18 of the GDPR, you have the right to request the controller to restrict the processing of your data if one or more of the following conditions are met (i) you dispute the data’s correctness, (ii) the processing of your data is unlawful, (iii) we no longer need the data and you refuse to have it deleted because you need it to assert, exercise or defend legal claims or you have lodged an objection to processing according to Article 21 of the GDPR.
As per the provisions outlined in Article 20 of the GDPR, you are entitled to receive the personal information you have provided to a data controller in a format that is organized, commonly used, and can be read by machines. You also have the right to transfer this data to another data controller without any obstacles from the original controller, as long as the processing of the data is based on your consent or a contract, and it is done automatically. However, this right does not apply if the processing is necessary for a task carried out in the public interest or in the exercise of official authority by the controller. Additionally, when exercising your right to data portability according to Article 20(1) of the GDPR, you have the right to directly transmit your personal data from one controller to another, as long as it is technically feasible and does not negatively impact the rights and freedoms of others.
You are entitled to raise an objection, based on your specific circumstances, at any time, to the processing of your personal information that is carried out under point (e) or (f) of Article 6(1) of the GDPR. This also applies to any profiling activities that are based on these provisions. If you object to the processing of your personal data, Mind & Business Mastery will cease processing it, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or if it is necessary for the establishment, exercise, or defense of legal claims. If Mind & Business Mastery processes your personal data for direct marketing purposes, you have the right to object to such processing at any time. This also includes any profiling activities related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, Mind & Business Mastery will no longer process your data for these purposes. Furthermore, you have the right to object, based on your specific circumstances, to the processing of, your personal data by Mind & Business Mastery for scientific or historical research purposes, or for statistical purposes as outlined in Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest. To exercise your right to object, you can contact Mind & Business Mastery. Additionally, you have the freedom to use your right to object through automated means using technical specifications, even in the context of using information society services, and without being bound by Directive 2002/58/EC.
You have the right to withdraw your consent to the processing of your personal data at any time.
If you believe that the processing of your personal data violates the GDPR, you have the right to file a complaint with a supervisory authority in accordance with Article 77 of the GDPR. Generally, you can contact the supervisory authority of your usual place of residence or work, or the supervisory authority at the place of our registered office.
A detailed description of how your data is processed
In the following section, we will provide you with comprehensive information on the distinct processing activities, the extent and purpose of data processing, the legal basis, the necessity to provide your data, and the duration of storage. Please note that there is no automated decision-making, including profiling, involved in individual cases.
When you access and use our website, we collect personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
Date and time of the request,
Name and URL of the retrieved file,
The website that the request is coming from (Referrer-URL),
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is hosted by webgo GmbH, Heidenkampsweg 81, 20097 Hamburg. They handle the processing of the mentioned data on our behalf following Article 28 of the GDPR.
In compliance with Article 6 (f) of the GDPR, we process data to protect our overriding legitimate interest in displaying our website and ensuring its security and stability. The collection and storage of data in log files are indispensable for the proper functioning of the website. It is important to note that there is no right to object to this processing, as it falls under the exception outlined in Article 21 (1) of the GDPR. If the continued storage of log files is required by law, the processing is conducted based on Article 6, Paragraph 1, Clause c of the GDPR. While there is no legal or contractual obligation to provide the data, it is technically impossible to access our website without providing the necessary information.
The aforementioned data will be stored for the duration that the website is displayed.
If you register on our website to receive our newsletter, we collect your email address and your name and store this information together with the date of registration and your IP address. You will then receive an email in which you must confirm your registration for the newsletter (double opt-in). If you do not confirm your registration, the data will not be processed and stored.
To send our newsletter, we use a service from
Systeme.io/ITACWT Limited, Cruise Park Rise, Tyrrelstown, Dublin 15, Irland, which processes your personal data on our behalf following Art. 28 GDPR. Your data will not be passed on to third parties.
In compliance with Article 6 (1) (a) of the GDPR, we process your data to send newsletters based on your consent. If you decide to unsubscribe from the newsletter, you have the right to revoke your consent at any time, as stated in Article 7 Para. 3 of the GDPR. It is important to note that providing your data is not a legal or contractual requirement, but without it, we are unable to send you the newsletter.
If you wish to access specific sections of our website, you can choose to create a member account. The necessary information for registration is collected from you when you purchase our products. Providing a username is a mandatory requirement for setting up a member account. When you register, your personal data will only be shared in accordance with our data protection policy.
To enable the restricted member area, we utilize the services of Systeme.io/ITACWT Limited, located at Cruise Park Rise, Tyrrelstown, Dublin 15, Ireland or the services of Podia by Podia Labs, Inc., 198 East 7th Street, New York, United States, which process your personal data on our behalf in compliance with Article 28 of the General Data Protection Regulation (GDPR).
In order to keep you informed and offer you various ways to connect with us and learn about our offers, we have established fan pages, accounts, or channels on the social networks mentioned below. By accessing and using our fan pages/accounts, certain data may be processed by us or the respective social network. Details regarding this data processing will be provided below.
What personal data we process
When reaching out to us through messenger or direct message on the relevant social network, we typically collect and retain your user name for communication purposes. Additionally, we may store any other information you have shared with us that is essential for addressing your inquiry. This data processing is carried out in accordance with Article 6 Paragraph 1 Sentence 1 f) of the GDPR, which allows for the protection of our legitimate interests as the responsible party.
We receive automated statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, information on page activity and post interactions, reach, video views/views and information on the proportion of men/women among our fans/followers. The statistics only contain aggregated data that cannot be related to individual people.
What personal data is processed by social networks
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to Google Ireland Limited servers, whereby your IP address is transmitted.
Your use of Google Fonts is subject to your consent under Art. 6 Para. 1 lit. a. GDPR and Section 25 Paragraph 1 TTDSG. We may transfer your personal data to third countries outside the European Economic Area, particularly the USA. This transfer is carried out in accordance with Article 45 Para. 1 GDPR, based on the adequacy decision of the European Commission. The US companies and their subcontractors involved are registered under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) certification. In cases where there is no adequacy decision from the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed on other appropriate guarantees with the data recipients under Art. 44 ff. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can find a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/ DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE view. Before such a transfer to a third country, we obtain your consent under Article 49 Paragraph 1 Sentence 1 Letter a. GDPR, which you provide through the Consent Manager (or other forms, registrations, etc.). Please note that there may be unknown risks associated with third country transfers (such as data processing by security authorities in the third country, the extent of which and the consequences for you are unknown, over which we have no control, and which you may not be aware of).
Google Analytics collects and stores data automatically for website analysis. This data includes IP address, visit time, device and browser information, as well as details about your website usage. Pseudonyms are used to create usage profiles from this data. Cookies may also be utilized. Generally, your IP address is not merged with other data by Google. The processing of this data is carried out based on a data processing agreement with Google.
Google Tag Manager
Our website utilizes Google Tag Manager, a service provided by Google Ireland Limited. By using Google Tag Manager, we are able to seamlessly integrate various codes and services on our website in an organized and simplified manner. This tool effectively implements tags and triggers them when necessary. It is important to note that when a tag is triggered, Google may process information, including personal data. Additionally, there is a possibility that Google may transmit this information to a server located in a third country. The personal data processed by Google Tag Manager includes online identifiers such as cookie identifiers and IP addresses. You can access more detailed information about Google Tag Manager on the following websites: 1. https://www.google.com/analytics/terms/tag-manager/ 2. https://support.google.com/tagmanager/answer/7157428 3. https://www.google.com/intl/de/policies/privacy/index.html. Additionally, we have established a data processing agreement (DPA) with Google for the utilization of the Google Tag Manager in compliance with Article 28 of the GDPR. Google solely processes the data on our behalf to activate the stored tags and display the services on our website. If required by law or for data processing purposes, Google may share this information with third parties. If you have disabled specific tracking services (e.g., by setting an opt-out cookie), the deactivation will apply to all relevant tracking tags integrated through the Google Tag Manager. Google Tag Manager is a tool that enables us to incorporate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not generate user profiles, store cookies, or conduct independent analyses. Its sole purpose is to manage and display the integrated tools. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google’s parent company in the United States.
The utilization of the Google Tag Manager is based on Article 6 Paragraph 1 Clause f of the General Data Protection Regulation (GDPR). The operator of the website possesses a legitimate interest in efficiently and effortlessly integrating and managing various tools on their website. Your explicit consent, in accordance with Article 6 Paragraph 1 Clause a) of the GDPR, serves as the legal basis for processing personal data as described here. The purpose of processing the data collected during the consent declaration is to document your consent. Our legitimate interest, in accordance with Article 6 Paragraph 1 Clause f) of the GDPR, serves as the legal basis for processing the data obtained during the consent acquisition process. We have a legitimate interest in being able to substantiate the consent you have provided (Article 7 Paragraph 1 of the GDPR). Google is authorized to engage subcontractors as part of the order processing. A comprehensive list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/. The provision of personal data is neither legally nor contractually obligatory, and it is not necessary for the conclusion of a contract. You are not obligated to provide personal data, and failure to do so may result in limited or restricted access to our website.
Meta Platforms Ireland Ltd., located at 4 Grand Canal Square, Dublin 2, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”), utilizes the Facebook pixel as part of its technology. This pixel automatically collects and stores data such as IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or registering for a newsletter. This data is used to create usage profiles using pseudonyms. Additionally, information is hashed and stored for comparison purposes, which can identify individuals (e.g. names, email addresses, and telephone numbers) as part of the extended data comparison. When you visit our website, the Facebook pixel automatically sets a cookie, which enables your browser to be recognized when you visit other websites using a pseudonymous CookieID. Facebook (by Meta) combines this information with other data from your Facebook account to compile reports on website activity and provide personalized and group-based advertising. The information collected by Facebook (by Meta) technologies about your use of our website is usually transmitted to a server at Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. If the transfer of data to the USA is our responsibility, our cooperation is based on standard data protection clauses of the European Commission. There is no adequacy decision from the European Commission for the USA. For more information about data processing by Facebook, please refer to Facebook’s data protection information (by Meta) at https://de-de.facebook.com/policy.php.
Within Facebook Business Tools we generate statistics on visitor activities on our website using the data collected by the Facebook Pixel regarding your use of our website. This data processing occurs under a mutual agreement with Facebook (by Meta) for the purpose of optimizing the presentation and promotion of our website.
Facebook Ads Manager
This website utilizes Facebook Ads, provided by Meta, to advertise on Facebook and other platforms. We establish the parameters for each advertising campaign, while Meta is responsible for the precise execution, including the decision on ad placement for individual users. Data processing is conducted in accordance with an agreement between the parties involved, as outlined in Article 26 of the GDPR, unless otherwise specified for specific technologies. The joint responsibility is limited to data collection and transmission to Meta Platforms Ireland, excluding any subsequent data processing by Meta Platforms Ireland. To optimize our advertising efforts on Facebook (by Meta), we utilize Facebook Custom Audience, which involves determining the characteristics of specific target groups based on statistics derived from visitor activities on our website via Facebook Pixel. In the process of determining the target groups, Facebook (by Meta) acts as our processor, conducting an extended data comparison. Furthermore, we employ personalized advertising through Facebook Pixel Remarketing, utilizing the pseudonymous cookie ID set by the Facebook Pixel and the data collected on your website usage behavior. For web analysis and event tracking of your subsequent usage behavior after accessing our website through a Facebook Ads advertisement, we employ Facebook Pixel Conversions. This data processing is carried out based on a data processing agreement with Facebook (by Meta).
You can make appointments with us on our website. We use the “Calendly” tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).
We offer the option of processing payments via the payment service provider Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe to the extent that it is necessary for the fulfillment of the contract (Art. 6 Para. 1 lit b. GDPR).
Name of Cardholder
Credit card details
Credit card validity period
Credit card verification number (CVC)
Date and time of the transaction
The processing of the data provided under this section is not required by law or contract. Without submitting your personal data, we cannot process a payment via Stripe. [You have the option to choose another payment method.]
Stripe plays a dual role as controller and processor in data processing activities. As the controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (according to Art. 6 Para. 1 lit. f GDPR) and serves to execute the contract (according to Art. 6 Para. 1 lit. b GDPR). We have no influence on this process.
Stripe acts as a processor to be able to complete transactions within the payment networks. As part of the order processing relationship, Stripe acts exclusively according to our instructions and is contractually obliged to comply with data protection regulations in accordance with Article 28 GDPR.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
Further information on objection and removal options against Stripe can be found at: https://stripe.com/privacy-center/legal
We will store your data until payment processing is completed. This also includes the time required to process refunds, manage claims and prevent fraud.
On our website, you can purchase digital and downloadable products. One of the services we use for this purpose is Copecart, a service offered by CopeCart GmbH, Ufnaustraße 10, 10553 Berlin, Germany.
When redirecting from our website to sales or checkout pages via Copecart, the processing of personal data is in compliance with the legal requirements set forth in Article 6, Paragraph 1, Sentence 1, Letter b of the GDPR.