Data protection notice

Data protection, responsibility and scope of application

We respect the privacy of our customers and other interested parties and comply with the applicable laws to protect your privacy. These laws include in particular

• the General Data Protection Regulation of the European Union („GDPR“)

This data protection notice includes:

• Website: metasoul.com

The following categories of data subjects are covered by this data protection notice:

• Website visitors

The controller responsible for the processing of your personal data within the scope of this privacy policy is

Metasoul GmbH
info@mindsetters.com

It is explained below:

• the purpose for which personal data is collected and processed.
• which categories of personal data are affected by the collection and processing.
• the legal basis on which we process personal data.
• which third parties are involved as processors in the processing of personal data.
• To which third parties personal data is transmitted.
• further information such as storage duration, data subject rights and other information that helps to inform about the data processing described.

Purposes for which personal data is processed

Website hosting

We use website hosting services to enable you to access our website and to ensure its secure and reliable operation. This includes the storage of website content, the management of the technical infrastructure and the processing of certain personal data that is automatically transmitted when you visit our website. The processing of this data is necessary to maintain the functionality, security and performance of our website and to recognise and prevent misuse or technical problems.

Categories of personal data that are processed:

• User behaviour relevant for error analysis
• Device information
• Log data
• Technical information

Legal basis for the processing:

• Legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR

Processors involved:

• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen

Further information:

• Our legitimate interest is to ensure the security, stability and proper functioning of our website and to detect and prevent misuse, technical faults or unauthorised access.
• Location of the data centre where the website is hosted: Germany

Website maintenance

In order to ensure the proper functioning, security and continuous improvement of our website, we process personal data as part of the ongoing maintenance work on the website. This includes monitoring website performance, identifying and resolving technical issues and carrying out updates to improve the user experience and protect the website from unauthorised access or cyber threats. These activities are essential to provide all users with a reliable and secure online environment.

Categories of personal data that are processed:

• Log data
• Technical information

Legal basis for the processing:

• Legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR

Processors involved:

• Seel OG, Urstein Süd 15, 5412 Puch near Hallein

Further information:

• Our legitimate interest in processing personal data for the maintenance of the website is to provide a secure and reliable website, to protect against cyber threats and to continuously improve our services.

Use of a content delivery network (CDN) to optimise content loading times

To ensure that our website loads quickly and reliably for all users, we use a Content Delivery Network (CDN). A CDN is a network of servers distributed across different locations that help to deliver website content efficiently by storing copies of our website closer to the user's location. This improves website performance, reduces load times and improves the overall user experience.

Categories of personal data that are processed:

• Browser information
• Cookies and similar technologies
• IP address
• Log data
• Online activity data

Legal basis for the processing:

• Legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR
• EU-US Data Privacy Framework on the basis of Art. 45 para. 3 GDPR
• Consent of the data subject on the basis of Art. 6 para. 1 lit. a GDPR

Processors involved:

• Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany

Further information:

• Our legitimate interest is to ensure the efficient, secure and reliable delivery of website content, to optimise website performance and to protect our website and users from cyber threats.
• Data may be transferred to servers in different countries as part of the CDN's global infrastructure. Appropriate security precautions are taken to protect your personal data during such transfers.

Contact via email

We process your personal data when you contact us by e-mail in order to answer your enquiries, provide you with the requested information or communicate with you in any other way. This enables us to process your questions or other concerns efficiently and effectively.

Categories of personal data that are processed:

• Information that you send us by e-mail
• Contact details

Legal basis for the processing:

• Legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR
• EU standard contractual clause on the basis of Art. 46 para. 2 lit. c and d GDPR
• EU-US Data Privacy Framework on the basis of Art. 45 para. 3 GDPR

Processors involved:

• Microsoft Ireland Operations Limited, One Microsoft Place, D18 P521 Dublin

Further information:

• Interest based on the legal basis: Enabling effective communication with you in order to respond to your enquiries.
• We request that you do not transmit any particularly sensitive categories of personal data when contacting us. These categories include the following data:
  • Ethnic origin.
  • Political opinions.
  • Religious or ideological beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data.
  • Health data.
  • Data on sexual life or sexual orientation.
• Should we become aware of the transfer of particularly sensitive categories of personal data, taking into account a reasonable effort, we will arrange for these to be deleted.

Operation of a consent management system

To ensure compliance with data protection regulations and to respect your privacy preferences, we operate a consent management system on our website. This system enables you to make informed decisions about the collection and use of your personal data, records your consent decisions and ensures that your preferences are honoured throughout your use of our website.

Categories of personal data that are processed:

• Records of consents
• User IDs
• Data on website visits
• Device information
• IP address
• Location data
• Technical information
• Behavioural data

Legal basis for the processing:

• Consent of the data subject on the basis of Art. 6 para. 1 lit. a GDPR

Processors involved:

• Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg

Analysis of the behaviour of website visitors

We analyse how users interact with our website to better understand usage patterns, identify opportunities for improvement and enhance the overall user experience. This enables us to ensure that our website functions effectively, is user-friendly and meets the needs of our visitors.
We may use technologies in the form of code snippets to monitor and optimise advertising campaigns and to acquire new customers.
The following technologies are in use:

• Google Analytics
• Google Tag Manager
• Matomo On-Premise

We use a self-hosted version of the service to analyse user behaviour using „Matomo“.

Categories of personal data that are processed:

• Browser information
• Cookies and similar technologies
• Data on website visits
• Data on user behaviour and interactions
• Event data
• Device information
• IP address
• Customer conversion data
• Location data
• Technical information
• Behavioural data
• Access statistics

Legal basis for the processing:

• EU-US Data Privacy Framework on the basis of Art. 45 para. 3 GDPR
• Consent of the data subject on the basis of Art. 6 para. 1 lit. a GDPR

Processors involved:

• Listed hosting service provider
• Google Ireland Limited, Gordon House, Barrow Street, D04 E5W5 Dublin

Further information:

• Further information on data protection in connection with Google services can be found on the Google support website can be found.
• Further information on data processing using Google services is available via the Google Privacy Policy to find.

Offering a contact form

To enable users to contact us, we provide a contact form on our website/application. The information submitted via this form will only be used to process and respond to your enquiry, request or feedback. This helps us to answer your questions, provide you with support or process your enquiry efficiently and securely.

Categories of personal data that are processed:

• Identification data
• Information that you provide as free text
• Contact details

Legal basis for the processing:

• Legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR

Further information:

• Our legitimate interest is to provide efficient customer service and communication, which is essential for the operation and improvement of our services.
• Personal data submitted via the contact form will only be passed on to authorised employees or service providers who are involved in processing your enquiry. We will not use the information for marketing purposes unless you have expressly given your consent.

Protection against spam and bots

To ensure the security and integrity of our website and its services, we process personal data to detect, prevent and mitigate spam, automated abuse and malicious bot activity. This helps to protect our users, maintain the quality of our services and protect our systems from unauthorised or malicious activities.

Categories of personal data that are processed:

• Enquiry and usage data
• Cookies and similar technologies
• Technical information
• Behavioural data

Legal basis for the processing:

• Legitimate interest on the basis of Art. 6 para. 1 lit. f GDPR

Processors involved:

• Captcha GmbH, Muthgasse 2, 1190 Vienna

Further information:

• Our legitimate interest in processing your data to protect against spam and bots is to ensure the security, reliability and availability of our website and services. This processing is necessary to prevent unauthorised access, misuse and disruption by automated systems or malicious actors.

Further information

Cookies

This website uses cookies and similar technologies to store and process personal data and information. Cookies can be used for various purposes, including ensuring the basic functionality of the website, analysing usage, personalising content and providing targeted advertising - depending on the purpose or function you are using.
The processing of personal data using cookies takes place on the legal basis specified for the respective service, as explained in more detail in this data protection notice. For cookies that are not absolutely necessary (e.g. those used for analysis or marketing purposes), we will only process your personal data if you have given us your express consent to do so. Strictly necessary cookies, which are technically necessary for the operation of the website, are set without your prior consent, but are limited to the extent necessary for the provision of the service.
You have the right to control the use of cookies at any time. You can use our cookie settings tool to manage your preferences and accept, reject or customise your selection for different categories of cookies. You can revoke your consent at any time with effect for the future without affecting the legality of the processing carried out up to the revocation.
In addition, you can configure your web browser settings to control how cookies are handled - including blocking or deleting cookies, restricting storage processes and determining how long cookies are stored on your device. Please note that disabling certain cookies may affect the functionality of this website.

Storage duration

We only store your personal data for as long as is necessary to fulfil the purposes stated in this data protection notice or as required by statutory or contractual retention periods. As soon as your personal data is no longer required for these purposes or the corresponding retention periods have expired, your data will be deleted or anonymised in accordance with the applicable data protection laws.

Protection of personal data

We protect personal data using suitable technical and organisational measures in accordance with the applicable data protection laws and recognised industry standards. These measures include, where possible, in particular the pseudonymisation and encryption of personal data both during transmission and storage. Our security measures are regularly reviewed and updated to ensure the ongoing confidentiality, integrity and availability of personal data.

Revocation of a given consent

If you have given your consent to the processing of your personal data for a specific purpose on the basis of Art. 6 para. 1 lit. a GDPR, you can withdraw this consent at any time (revocation). The lawfulness of the processing of the personal data until the revocation is not affected by the revocation.

Data transfer

We will only transfer or disclose your personal data to third parties if this is required by applicable law, regulation or legal process or if this is necessary for the fulfilment or provision of our services to you. In all cases, we will ensure that any transfer of your personal data is in accordance with the relevant data protection laws, including the General Data Protection Regulation (GDPR), where applicable. Processors will only process personal data to the extent necessary to provide the agreed services, in accordance with our instructions and the applicable data processing agreements. We do not sell your personal data to third parties. If we intend to use your personal data for purposes that require your consent under applicable law, we will obtain your express consent in advance.

Rights of data subjects

Right to information

You have the right to request information about your personal data stored by us at any time and to receive a copy of this information. You also have the right to request confirmation as to whether the personal data in question is being processed.

Right to rectification

If your data is incorrect or incomplete, we will correct it on request.

Right to portability

If we process your personal data by automated means with your consent or on the basis of a corresponding agreement, you have the right to request a copy of your data in a structured, commonly used and machine-readable format, which will be sent to you or another party. This only applies to the personal data that you have provided to us.

Right to restriction of processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to cancellation

You have the right to have personal data processed by us deleted, insofar as this is legally permissible.

Right to object

You can object to the processing of your personal data, for example by not using certain services. If you object to the processing of your personal data for certain purposes, this may mean that the services concerned cannot be used.

Right to lodge a complaint

If you believe that we are not processing your personal data correctly, you can contact us. You also have the right to lodge a complaint with a supervisory authority. You can find more information about the supervisory authorities in the European Union at here.
All rights can be exercised via the e-mail contact mentioned at the beginning of this data protection notice.

Transfer of data to the USA and the Data Privacy Framework

To ensure the protection of your personal data when it is transferred outside the European Economic Area (EEA), we rely on recognised legal mechanisms in accordance with the General Data Protection Regulation (GDPR).

On 10 July 2023, the European Commission adopted an adequacy decision pursuant to Art. 45 (1) GDPR for the EU-US Data Privacy Framework (DPF). This means that personal data may be lawfully transferred from the EEA to organisations in the USA that participate in the DPF, as these organisations offer an adequate level of data protection equivalent to that of the EU.

What does that mean for you?

• If we use US-based service providers to process your personal data, we ensure that these providers are certified in accordance with the EU-US Data Privacy Framework. The certification obliges these organisations to comply with strict data protection principles and is subject to supervision and enforcement by US authorities.
• The adequacy decision provides a valid legal basis for these data transfers and ensures that your rights and the protection of your data are maintained in accordance with the GDPR.
• You can check at any time whether a US service provider is currently certified under the Data Privacy Framework by visiting the official Data Privacy Framework Website visit.

If we use a US service provider that is not certified under the Data Privacy Framework, we will expressly inform you of this in this data protection notice and indicate the alternative legal protection mechanisms applicable to such transfers (e.g. standard contractual clauses approved by the European Commission).

Regardless of the transfer mechanism, you retain all rights under the GDPR, including the right to access, rectify, erase or restrict the processing of your personal data and the right to lodge a complaint with a supervisory authority.

Further details on the EU-US Data Privacy Framework and the adequacy decision can be found on the Website of the European Commission.

Standard contract clauses

In order to enable data transfer to countries without an adequacy decision, the EU Commission has drawn up model contracts (standard contractual clauses). These standard contractual clauses oblige contractual partners to comply with a level of data protection comparable to that in the EU. These contractual texts are published via the Website of the European Commission made available. Standard contractual clauses are referred to as „Standard Contractual Clauses“ and are abbreviated to „SCC“.

Changes to this data protection notice

We will occasionally update this Privacy Notice to reflect changes in our data processing practices, legal requirements or other operational needs. Any changes will be posted on this page and the „Date of Publication“ below will be updated accordingly. We encourage you to periodically review this Privacy Notice to stay informed about how we are protecting your personal data.

Date of publication of the current version: 31.10.2025
This data protection notice was created by the Metasoul data protection generator generated and provided.