Privacy Notice

This website is operated by:

mind shift GmbH
Stollbergstrasse 22
80539 Munich, Germany
E-mail: info@mindgroup.com
‍
Responsible under the GDPR:
Philipp Kraft, Managing Director.
‍
We have not appointed a Data Protection Officer, as the legal thresholds under Art. 37 GDPR and § 38 BDSG do not apply. For any data protection matter, please contact us at the e-mail address above.

We respect your privacy and process personal data only to the extent necessary to operate this website, respond to your enquiries, and comply with applicable law. This website does not use analytics, advertising, or third-party tracking technologies.

When you access this website, our hosting provider automatically collects technical information that your browser transmits. This includes:  
‍
- IP address
- Date and time of the request
- Requested page or file
- Referrer URL
- Browser type and version
- Operating system

Purpose: to deliver the website, ensure technical stability, and protect against abuse and attacks.Legal basis: Art. 6 (1) (f) GDPR — legitimate interest in the secure and reliable provision of our website.Retention: Log data is stored for a maximum of 14 days and then automatically deleted, unless a specific security incident requires longer retention for investigation.

If you contact us by e-mail, the data you provide (name, e-mail address, message content, and any additional information you choose to share) will be processed exclusively for the purpose of handling your enquiry.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in responding to enquiries).

Retention: Correspondence is retained for as long as necessary to process your request, plus statutory retention periods under German commercial and tax law (typically 6 to 10 years, where applicable).

Our "Get in touch" button links to a scheduling page operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, USA). When you click the link, you leave our website and your data is processed by Google under Google's own terms and privacy policy.

If you book a meeting, Google receives the information you provide (such as name, e-mail address, and selected time slot) and shares it with us so we can attend the appointment. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (a) GDPR (consent, by clicking the link).

Data transfer to the USA: Google LLC is certified under the EU-U.S. Data Privacy Framework (DPF), which the European Commission has recognised as providing an adequate level of data protection (adequacy decision of
10 July 2023).

Google's privacy policy: https://policies.google.com/privacy

This website uses only technically necessary cookies required to deliver its core functionality. We do not use analytics cookies, advertising cookies, or any form of cross-site tracking.

Legal basis: § 25 (2) No. 2 TDDDG (technical necessity); no consent required.

We share personal data only with:  

- Our hosting provider (Webflow) as processor under Art. 28 GDPR
- Google, if you use the appointment booking function
- Public authorities, courts, or legal counsel where we are legally equired to do so or where necessary to establish, exercise, or defend legal claims
- Our tax advisors and auditors where required for statutory retention and audit purposese.

Some of our processors are based in the United States (see sections 5 and 6). These transfers are based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) or, where applicable, on Standard Contractual Clauses (Art. 46 (2) (c) GDPR) combined with additional safeguards.

Under the GDPR, you have the following rights:

 - Right of access (Art. 15 GDPR)
 - Right to rectification (Art. 16 GDPR)
 - Right to erasure (Art. 17 GDPR)
 - Right to restriction of processing (Art. 18 GDPR)
 - Right to data portability (Art. 20 GDPR)
 - Right to object to processing based on legitimate interest
   (Art. 21 GDPR)
 - Right to withdraw consent at any time (Art. 7 (3) GDPR), without affecting the lawfulness of processing prior to withdrawal

To exercise any of these rights, please contact us at
info@mindgroup.com.

You also have the right to lodge a complaint with a supervisory authority, in particular the authority of your habitual residence or place of work. The supervisory authority competent for mind shift GmbH is:

,Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, and misuse, in accordance with Art. 32 GDPR. Data transmitted through this website is encrypted in transit using TLS.

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. The current version is always available here: www.mindgroup.com/privacy.