Privacy Policy
Last Updated: January 2024
Protecting your personal data (“Data”) is very important to us. Through this privacy policy, we therefore inform you about the nature, extent, and purpose of the personal data we gather, utilize, and process. We also let you know about your specific rights regarding your data.
This privacy policy applies to the online services provided by Mind & Business Mastery, accessible through the domain mindandbusinessmastery.com and all of its subdomains (referred to as “our website”).
Mind & Business Mastery’s website pages can be accessed without providing any personal information. However, if you wish to access specific services offered by us through our website, it may be necessary to process personal data. In cases where processing personal data is required and there is no legal basis for such processing, we typically seek consent from you.
The collection and handling of your personal information, including but not limited to the name, address, email address, or telephone number, will always comply with the General Data Protection Regulation (GDPR) and follow the country-specific data protection regulations applicable to Mind & Business Mastery.
Who is responsible and how you can contact us
The person in charge of handling your personal information as defined by Article 4, Paragraph 7 of the EU Data Protection Regulation (GDPR) is:
Katharina Schwarze
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach
Germany
+49 (0) 1771960907
katharina@mindandbusinessmastery.com
Data Protection Officer
Katharina Schwarze
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach
Germany
+49 (0) 1771960907
katharina@mindandbusinessmastery.com
Purpose and legal basis
This data protection policy ensures compliance with legal obligations in terms of transparency in handling personal data. Personal data refers to any information that pertains to an identified or identifiable individual, such as their name, age, address, telephone number, date of birth, email address, IP address, or user behavior on our website. Data that cannot be linked to an individual, for instance through anonymization, is not considered personal data. The processing of personal data, including collection, retrieval, usage, storage, or transmission, always necessitates a legal basis and a clearly defined purpose.
Personal data that has been stored will be erased once the processing objective has been fulfilled and there are no legitimate grounds for keeping the data. Throughout the processing activities, we will provide you with information regarding the specific durations or criteria for retaining the data. However, we may retain your personal data in certain instances to uphold, exercise, or defend legal claims, as well as to comply with legal obligations for data retention.
Who receives your data
The personal data that we handle on our website will only be shared with third parties if it is essential to achieve the intended purposes and is supported by the appropriate legal grounds in each specific situation (such as consent or safeguarding legitimate interests). Additionally, we may disclose personal data to third parties in order to assert, exercise, or defend legal claims on an individual basis. Examples of potential recipients include law enforcement agencies, lawyers, auditors, and courts.
Personal data may be shared with service providers who operate our website and process data on our behalf in compliance with Article 28 of the GDPR.
Cookies
When you access our website, we send small text files known as cookies to your device’s browser, where they are stored. Alternatively, information can be stored in the local storage of your browser. Certain functions of our website cannot be provided without the use of cookies or local storage (technically necessary cookies). However, other cookies enable us to conduct various analyses, such as identifying the browser you use when revisiting our website and transmitting diverse information to us (non-essential cookies). Through the utilization of cookies, we strive to enhance the user-friendliness and effectiveness of our online offering, for instance, by tracking your website usage and determining your preferred settings (e.g., country and language preferences). If third parties process information through cookies, they directly collect the information via your browser. Cookies do not cause any harm to your device, cannot execute programs, and are devoid of viruses.
Your rights
Under the General Data Protection Regulation (GDPR), you possess the following rights:
Information
As per the provisions outlined in Article 15 of the GDPR, you are entitled to request information from the controller regarding the processing of your personal data. If you wish to exercise this right, you can contact the controller at any time.
Correction
As per the provisions outlined in Article 16 of the GDPR, you are entitled to request the controller to rectify any inaccurate personal data without any unnecessary delay. Furthermore, you have the right to request the completion of incomplete personal data, which can be achieved by providing a supplementary statement, considering the purpose of the processing.
Deletion
As per the provisions outlined in Article 17 of the GDPR, you are entitled to request the deletion of the data we retain, unless processing is required (i) to exercise the right to freedom of expression and information; (ii) to fulfill a legal obligation; (iii) for reasons of public interest; or (iv) to assert, exercise or defend legal claims.
Restriction
As per the provisions outlined in Article 18 of the GDPR, you have the right to request the controller to restrict the processing of your data if one or more of the following conditions are met (i) you dispute the data’s correctness, (ii) the processing of your data is unlawful, (iii) we no longer need the data and you refuse to have it deleted because you need it to assert, exercise or defend legal claims or you have lodged an objection to processing according to Article 21 of the GDPR.
Data portability
As per the provisions outlined in Article 20 of the GDPR, you are entitled to receive the personal information you have provided to a data controller in a format that is organized, commonly used, and can be read by machines. You also have the right to transfer this data to another data controller without any obstacles from the original controller, as long as the processing of the data is based on your consent or a contract, and it is done automatically. However, this right does not apply if the processing is necessary for a task carried out in the public interest or in the exercise of official authority by the controller. Additionally, when exercising your right to data portability according to Article 20(1) of the GDPR, you have the right to directly transmit your personal data from one controller to another, as long as it is technically feasible and does not negatively impact the rights and freedoms of others.
Objection
You are entitled to raise an objection, based on your specific circumstances, at any time, to the processing of your personal information that is carried out under point (e) or (f) of Article 6(1) of the GDPR. This also applies to any profiling activities that are based on these provisions. If you object to the processing of your personal data, Mind & Business Mastery will cease processing it, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or if it is necessary for the establishment, exercise, or defense of legal claims. If Mind & Business Mastery processes your personal data for direct marketing purposes, you have the right to object to such processing at any time. This also includes any profiling activities related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, Mind & Business Mastery will no longer process your data for these purposes. Furthermore, you have the right to object, based on your specific circumstances, to the processing of, your personal data by Mind & Business Mastery for scientific or historical research purposes, or for statistical purposes as outlined in Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest. To exercise your right to object, you can contact Mind & Business Mastery. Additionally, you have the freedom to use your right to object through automated means using technical specifications, even in the context of using information society services, and without being bound by Directive 2002/58/EC.
Revocation
You have the right to withdraw your consent to the processing of your personal data at any time.
Complaint
If you believe that the processing of your personal data violates the GDPR, you have the right to file a complaint with a supervisory authority in accordance with Article 77 of the GDPR. Generally, you can contact the supervisory authority of your usual place of residence or work, or the supervisory authority at the place of our registered office.
A detailed description of how your data is processed
In the following section, we will provide you with comprehensive information on the distinct processing activities, the extent and purpose of data processing, the legal basis, the necessity to provide your data, and the duration of storage. Please note that there is no automated decision-making, including profiling, involved in individual cases.
Our Website
When you access and use our website, we collect personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
IP-address,
Date and time of the request,
Name and URL of the retrieved file,
The website that the request is coming from (Referrer-URL),
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is hosted by webgo GmbH, Heidenkampsweg 81, 20097 Hamburg. They handle the processing of the mentioned data on our behalf following Article 28 of the GDPR.
In compliance with Article 6 (f) of the GDPR, we process data to protect our overriding legitimate interest in displaying our website and ensuring its security and stability. The collection and storage of data in log files are indispensable for the proper functioning of the website. It is important to note that there is no right to object to this processing, as it falls under the exception outlined in Article 21 (1) of the GDPR. If the continued storage of log files is required by law, the processing is conducted based on Article 6, Paragraph 1, Clause c of the GDPR. While there is no legal or contractual obligation to provide the data, it is technically impossible to access our website without providing the necessary information.
The aforementioned data will be stored for the duration that the website is displayed.
Newsletter
If you register on our website to receive our newsletter, we collect your email address and your name and store this information together with the date of registration and your IP address. You will then receive an email in which you must confirm your registration for the newsletter (double opt-in). If you do not confirm your registration, the data will not be processed and stored.
To send our newsletter, we use a service from
Systeme.io/ITACWT Limited, Cruise Park Rise, Tyrrelstown, Dublin 15, Irland, which processes your personal data on our behalf following Art. 28 GDPR. Your data will not be passed on to third parties.
In compliance with Article 6 (1) (a) of the GDPR, we process your data to send newsletters based on your consent. If you decide to unsubscribe from the newsletter, you have the right to revoke your consent at any time, as stated in Article 7 Para. 3 of the GDPR. It is important to note that providing your data is not a legal or contractual requirement, but without it, we are unable to send you the newsletter.
After registering for the newsletter, we store the data for a maximum of 24 hours until the registration is confirmed. After successful confirmation, we will store your data until you revoke your consent (unsubscribe from the newsletter). Further information can be found in the privacy policy for Systeme.io: https://systeme.io/privacy-policy
Membership
If you wish to access specific sections of our website, you can choose to create a member account. The necessary information for registration is collected from you when you purchase our products. Providing a username is a mandatory requirement for setting up a member account. When you register, your personal data will only be shared in accordance with our data protection policy.
To enable the restricted member area, we utilize the services of Systeme.io/ITACWT Limited, located at Cruise Park Rise, Tyrrelstown, Dublin 15, Ireland or the services of Podia by Podia Labs, Inc., 198 East 7th Street, New York, United States, which process your personal data on our behalf in compliance with Article 28 of the General Data Protection Regulation (GDPR).
We process your data to access our member area based on your contract with us following Article 6 Paragraph 1 Letter b GDPR. After providing member access, we store the data until the end of the contractual term. Further information can be found in the privacy policy for Systeme.io: https://systeme.io/privacy-policy and in the privacy policy for Podia: https://www.podia.com/privacy
Social Media
In order to keep you informed and offer you various ways to connect with us and learn about our offers, we have established fan pages, accounts, or channels on the social networks mentioned below. By accessing and using our fan pages/accounts, certain data may be processed by us or the respective social network. Details regarding this data processing will be provided below.
What personal data we process
When reaching out to us through messenger or direct message on the relevant social network, we typically collect and retain your user name for communication purposes. Additionally, we may store any other information you have shared with us that is essential for addressing your inquiry. This data processing is carried out in accordance with Article 6 Paragraph 1 Sentence 1 f) of the GDPR, which allows for the protection of our legitimate interests as the responsible party.
Statistics
We receive automated statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, information on page activity and post interactions, reach, video views/views and information on the proportion of men/women among our fans/followers. The statistics only contain aggregated data that cannot be related to individual people.
What personal data is processed by social networks
In order to view the contents of our fan pages, channels, or accounts, you usually do not have to be a member of the respective social network. Please note, however, that when you access the respective social network, the social network also collects and stores data from website visitors without a user account (e.g. technical data in order to be able to show you the website) and uses cookies and similar technologies, over which we have no influence have. For details, please refer to the privacy policy of the respective social network. If you want to interact with the content on our fan pages/accounts, e.g. comment on, share, or like our postings/contributions, and/or want to contact us via messenger functions, you must first register with the respective social network and provide the personal data required.
We have no influence on the data processing by the social networks when you use them. To the best of our knowledge, your data will be stored and processed in particular in connection with the provision of the services of the respective social network, as well as to analyze usage behavior (using cookies, pixels/web beacons, and similar technologies) based on your Interest-based advertising is displayed both within and outside the respective social network. It cannot be ruled out that your data will also be stored by social networks outside the EU/EEA and passed on to third parties. To learn about the processing of your personal data, including its scope and purposes, storage period/deletion, and guidelines on the use of cookies and similar technologies during registration and use, refer to the data protection regulations/cookie guidelines of the social networks. These guidelines also provide information about your rights and options for objection.
Google Fonts
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to Google Ireland Limited servers, whereby your IP address is transmitted.
Your use of Google Fonts is subject to your consent under Art. 6 Para. 1 lit. a. GDPR and Section 25 Paragraph 1 TTDSG. We may transfer your personal data to third countries outside the European Economic Area, particularly the USA. This transfer is carried out in accordance with Article 45 Para. 1 GDPR, based on the adequacy decision of the European Commission. The US companies and their subcontractors involved are registered under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) certification. In cases where there is no adequacy decision from the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed on other appropriate guarantees with the data recipients under Art. 44 ff. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can find a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/ DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE view. Before such a transfer to a third country, we obtain your consent under Article 49 Paragraph 1 Sentence 1 Letter a. GDPR, which you provide through the Consent Manager (or other forms, registrations, etc.). Please note that there may be unknown risks associated with third country transfers (such as data processing by security authorities in the third country, the extent of which and the consequences for you are unknown, over which we have no control, and which you may not be aware of).
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.
Google Analytics
Google Analytics collects and stores data automatically for website analysis. This data includes IP address, visit time, device and browser information, as well as details about your website usage. Pseudonyms are used to create usage profiles from this data. Cookies may also be utilized. Generally, your IP address is not merged with other data by Google. The processing of this data is carried out based on a data processing agreement with Google.
Google Tag Manager
Our website utilizes Google Tag Manager, a service provided by Google Ireland Limited. By using Google Tag Manager, we are able to seamlessly integrate various codes and services on our website in an organized and simplified manner. This tool effectively implements tags and triggers them when necessary. It is important to note that when a tag is triggered, Google may process information, including personal data. Additionally, there is a possibility that Google may transmit this information to a server located in a third country. The personal data processed by Google Tag Manager includes online identifiers such as cookie identifiers and IP addresses. You can access more detailed information about Google Tag Manager on the following websites: 1. https://www.google.com/analytics/terms/tag-manager/ 2. https://support.google.com/tagmanager/answer/7157428 3. https://www.google.com/intl/de/policies/privacy/index.html. Additionally, we have established a data processing agreement (DPA) with Google for the utilization of the Google Tag Manager in compliance with Article 28 of the GDPR. Google solely processes the data on our behalf to activate the stored tags and display the services on our website. If required by law or for data processing purposes, Google may share this information with third parties. If you have disabled specific tracking services (e.g., by setting an opt-out cookie), the deactivation will apply to all relevant tracking tags integrated through the Google Tag Manager. Google Tag Manager is a tool that enables us to incorporate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not generate user profiles, store cookies, or conduct independent analyses. Its sole purpose is to manage and display the integrated tools. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google’s parent company in the United States.
The utilization of the Google Tag Manager is based on Article 6 Paragraph 1 Clause f of the General Data Protection Regulation (GDPR). The operator of the website possesses a legitimate interest in efficiently and effortlessly integrating and managing various tools on their website. Your explicit consent, in accordance with Article 6 Paragraph 1 Clause a) of the GDPR, serves as the legal basis for processing personal data as described here. The purpose of processing the data collected during the consent declaration is to document your consent. Our legitimate interest, in accordance with Article 6 Paragraph 1 Clause f) of the GDPR, serves as the legal basis for processing the data obtained during the consent acquisition process. We have a legitimate interest in being able to substantiate the consent you have provided (Article 7 Paragraph 1 of the GDPR). Google is authorized to engage subcontractors as part of the order processing. A comprehensive list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/. The provision of personal data is neither legally nor contractually obligatory, and it is not necessary for the conclusion of a contract. You are not obligated to provide personal data, and failure to do so may result in limited or restricted access to our website.
The processed information will only be retained for as long as necessary to fulfill the intended purpose or as required by law. For additional details, please refer to Google’s privacy policy, accessible at www.google.com/policies/privacy/. Information regarding Google’s privacy settings can be found at: https://privacy.google.com/take-control.html?categories_activeEl=sign-in.
Facebook Pixel
Meta Platforms Ireland Ltd., located at 4 Grand Canal Square, Dublin 2, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”), utilizes the Facebook pixel as part of its technology. This pixel automatically collects and stores data such as IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or registering for a newsletter. This data is used to create usage profiles using pseudonyms. Additionally, information is hashed and stored for comparison purposes, which can identify individuals (e.g. names, email addresses, and telephone numbers) as part of the extended data comparison. When you visit our website, the Facebook pixel automatically sets a cookie, which enables your browser to be recognized when you visit other websites using a pseudonymous CookieID. Facebook (by Meta) combines this information with other data from your Facebook account to compile reports on website activity and provide personalized and group-based advertising. The information collected by Facebook (by Meta) technologies about your use of our website is usually transmitted to a server at Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. If the transfer of data to the USA is our responsibility, our cooperation is based on standard data protection clauses of the European Commission. There is no adequacy decision from the European Commission for the USA. For more information about data processing by Facebook, please refer to Facebook’s data protection information (by Meta) at https://de-de.facebook.com/policy.php.
Facebook Analytics
Within Facebook Business Tools we generate statistics on visitor activities on our website using the data collected by the Facebook Pixel regarding your use of our website. This data processing occurs under a mutual agreement with Facebook (by Meta) for the purpose of optimizing the presentation and promotion of our website.
Facebook Ads Manager
This website utilizes Facebook Ads, provided by Meta, to advertise on Facebook and other platforms. We establish the parameters for each advertising campaign, while Meta is responsible for the precise execution, including the decision on ad placement for individual users. Data processing is conducted in accordance with an agreement between the parties involved, as outlined in Article 26 of the GDPR, unless otherwise specified for specific technologies. The joint responsibility is limited to data collection and transmission to Meta Platforms Ireland, excluding any subsequent data processing by Meta Platforms Ireland. To optimize our advertising efforts on Facebook (by Meta), we utilize Facebook Custom Audience, which involves determining the characteristics of specific target groups based on statistics derived from visitor activities on our website via Facebook Pixel. In the process of determining the target groups, Facebook (by Meta) acts as our processor, conducting an extended data comparison. Furthermore, we employ personalized advertising through Facebook Pixel Remarketing, utilizing the pseudonymous cookie ID set by the Facebook Pixel and the data collected on your website usage behavior. For web analysis and event tracking of your subsequent usage behavior after accessing our website through a Facebook Ads advertisement, we employ Facebook Pixel Conversions. This data processing is carried out based on a data processing agreement with Facebook (by Meta).
Calendly
You can make appointments with us on our website. We use the “Calendly” tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).
To book an appointment, enter the requested data and the desired date in the mask provided. The data entered will be used for planning, implementing and, if necessary, following up on the appointment. The appointment data is stored for us on Calendly’s servers, whose privacy policy you can view here: https://calendly.com/de/pages/privacy. The data you enter will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.The legal basis for data processing is Article 6 (1) (f) GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If consent has been requested, Art. 6 Para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://calendly.com/pages/dpa. We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in compliance with the GDPR.
Stripe
We offer the option of processing payments via the payment service provider Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 Para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe to the extent that it is necessary for the fulfillment of the contract (Art. 6 Para. 1 lit b. GDPR).
Name of Cardholder
E-mail address
Customer number
Order number
Bank details
Credit card details
Credit card validity period
Credit card verification number (CVC)
Date and time of the transaction
Transaction amount
Provider name
Location
The processing of the data provided under this section is not required by law or contract. Without submitting your personal data, we cannot process a payment via Stripe. [You have the option to choose another payment method.]
Stripe plays a dual role as controller and processor in data processing activities. As the controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (according to Art. 6 Para. 1 lit. f GDPR) and serves to execute the contract (according to Art. 6 Para. 1 lit. b GDPR). We have no influence on this process.
Stripe acts as a processor to be able to complete transactions within the payment networks. As part of the order processing relationship, Stripe acts exclusively according to our instructions and is contractually obliged to comply with data protection regulations in accordance with Article 28 GDPR.
Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).
Further information on objection and removal options against Stripe can be found at: https://stripe.com/privacy-center/legal
We will store your data until payment processing is completed. This also includes the time required to process refunds, manage claims and prevent fraud.
Copecart
On our website, you can purchase digital and downloadable products. One of the services we use for this purpose is Copecart, a service offered by CopeCart GmbH, Ufnaustraße 10, 10553 Berlin, Germany.
When redirecting from our website to sales or checkout pages via Copecart, the processing of personal data is in compliance with the legal requirements set forth in Article 6, Paragraph 1, Sentence 1, Letter b of the GDPR.
We have concluded a data processing agreement (DPA) with Copecart in accordance with Art. 28 GDPR. You can find Copecart’s privacy policy here: https://copecart.com/de/datenschutz