Private Policy

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can personally identify you. For detailed information on data protection, please refer to our privacy policy below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the "Notice on the Responsible Party" section of this privacy policy.

How do we collect your data?

Your data is collected in two ways:

Data you provide to us, e.g., data you enter in a contact form.

Other data is collected automatically or with your consent when you visit the website. This primarily includes technical data (e.g., browser type, operating system, or time of access). This data is collected automatically as soon as you visit the website.

For what purposes do we use your data?

Some data is collected to ensure the error-free provision of the website. Other data may be used to analyze user behavior. If contracts can be initiated or concluded via the website, the transmitted data will also be processed for contractual offers, orders, or other requests.

What are your rights regarding your data?

You have the right to receive information about the origin, recipients, and purposes of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can withdraw it at any time with future effect. Additionally, you have the right, under certain circumstances, to demand the restriction of processing your personal data. You also have the right to lodge a complaint with the appropriate supervisory authority.

For further questions regarding data protection, you can contact us at any time.

Analytics and Third-Party Tools

Your browsing behavior may be statistically analyzed when you visit this website. This analysis is primarily conducted using analytics tools.

Detailed information about these analytics tools can be found in the following privacy policy.

2. Hosting

We host our website with the following provider:

Amazon Web Services (AWS)

Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg ("AWS").

When you visit our website, your personal data is processed on AWS servers. This may also involve the transfer of personal data to AWS's parent company in the USA. The data transfer to the USA is based on the EU Standard Contractual Clauses.

Details: AWS GDPR Data Processing Addendum.

More information is available in AWS's privacy policy: AWS Privacy Policy.

The use of AWS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If consent is requested, data processing is exclusively based on Art. 6(1)(a) GDPR and § 25(1) TDDG (German Telecommunications Telemedia Data Protection Act) where consent includes the storage of cookies or access to information on your device (e.g., device fingerprinting). Consent can be withdrawn at any time.

AWS is certified under the "EU-US Data Privacy Framework" (DPF), which ensures compliance with European data protection standards for data processing in the USA. Certified companies must adhere to these standards. Further details: EU-US DPF Information.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can personally identify you. This privacy policy explains what data we collect and for what purposes. It also explains how and why this happens.

We point out that data transmission over the Internet (e.g., email communication) can have security gaps. Complete protection of data from access by third parties is not possible.

Notice on the Responsible Party

The responsible party for data processing on this website is:

Dominik Grau

Weinsberger Str. 101

74076 Heilbronn

Phone: 015560259309

Email: dominik.grau@mindmed.ai

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Retention Period

Unless a specific retention period is mentioned in this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons to retain your personal data (e.g., tax or commercial retention periods). In the latter case, the data will be deleted once these reasons no longer apply.

General Notes on the Legal Bases for Data Processing on This Website

If you have given consent to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data under Art. 9(1) GDPR are processed. In the case of explicit consent to transfer personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If consent for the storage of cookies or access to information on your device (e.g., via device fingerprinting) is given, data processing is also based on § 25(1) TDDG. Consent can be withdrawn at any time.

If your data is required to fulfill a contract or to carry out pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, if your data is required to fulfill a legal obligation, processing is based on Art. 6(1)(c) GDPR. Additionally, data processing may be based on our legitimate interest under Art. 6(1)(f) GDPR.

Information on the relevant legal basis for each case can be found in the following sections of this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external entities. This may require the transfer of personal data to these external entities. Personal data is only transferred if it is necessary to fulfill a contract, if we are legally obligated to do so (e.g., transferring data to tax authorities), if we have a legitimate interest under Art. 6(1)(f) GDPR, or if another legal basis permits the transfer of data. When using data processors, we only transfer personal data based on a valid data processing agreement. If joint processing is involved, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can withdraw your consent at any time. The legality of the data processing carried out before the withdrawal remains unaffected by the withdrawal.

Right to Object to Data Collection in Special Cases and Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING IS FOR THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to File Complaints with Regulatory Authorities

If there are violations of the GDPR, data subjects have the right to file a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or the location of the alleged violation. This right is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process based on your consent or in the performance of a contract automatically delivered to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another controller, this will only occur if it is technically feasible.

Access, Rectification, and Erasure

Within the framework of applicable legal provisions, you have the right to receive information free of charge about your stored personal data, its origin, recipients, and purposes of data processing and, if necessary, a right to rectify or delete this data. For further questions about personal data, you can contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time regarding this matter. The right to restrict processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

If you have filed an objection under Art. 21(1) GDPR, a balancing of your and our interests must be carried out. As long as it has not been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data has been restricted, such data may only be processed – apart from their storage – with your consent or for the establishment, exercise, or defense of legal claims or for protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. An encrypted connection is recognizable by the browser's address line changing from "http://" to "https://" and the lock icon in your browser line.

When SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Objection to Promotional Emails

The use of contact data published as part of the legal notice obligation for sending unsolicited advertising and informational materials is hereby prohibited. The site operators expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called "cookies." Cookies are small data packets that do no harm to your device. They can be stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them or your web browser deletes them automatically.

Cookies may originate from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services provided by third parties within websites (e.g., cookies for processing payment services).

Cookies serve different purposes. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies are used to analyze user behavior or for advertising purposes.

Cookies that are required to carry out electronic communication, to provide certain functions requested by you (e.g., for the shopping cart), or to optimize the website (e.g., cookies to measure web audience) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies to ensure a technically error-free and optimized service. If consent to store cookies or similar recognition technologies has been requested, processing is solely based on this consent (Art. 6(1)(a) GDPR and § 25(1) TDDG); the consent can be withdrawn at any time.

You can configure your browser to notify you about the placement of cookies, to allow cookies only in individual cases, to exclude cookies in certain cases or generally, and to enable the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.

Detailed information about the cookies and services used on this website can be found in this privacy policy.

Server Log Files

The provider of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

-Browser type and version

-Operating system used

-Referrer URL

-Hostname of the accessing computer

-Time of the server request

-IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website, for which the server log files must be recorded.

Contact Form

If you send us inquiries via the contact form, the information provided in the form, including the contact details you provide, will be stored by us for the purpose of processing your inquiry and for possible follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent can be withdrawn at any time.

The data you enter in the contact form will remain with us until you request us to delete it, withdraw your consent to store it, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Inquiry by Email, Telephone, or Fax

If you contact us via email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent can be withdrawn at any time.

The data you send us via contact inquiries will remain with us until you request us to delete it, withdraw your consent to store it, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially statutory retention periods – remain unaffected.

5. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. Further data is either not collected or only on a voluntary basis. We use this data solely for sending the requested information and do not share it with third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can withdraw your consent to the storage of data, email address, and their use for sending the newsletter at any time, for example, via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the withdrawal.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing or after the purpose ceases to exist. Data that we have stored for other purposes remains unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not combined with other data. This serves both your interest and our interest in compliance with legal requirements when sending newsletters (legitimate interest under Art. 6(1)(f) GDPR). Blacklist storage is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

6. Plugins and Tools

Google Fonts

This website uses so-called Google Fonts for the uniform display of fonts, which are provided by Google. When you access a page, your browser loads the required fonts into its browser cache to correctly display texts and fonts.

For this purpose, the browser you use must connect to Google's servers. This informs Google that your IP address was used to access this website. Google Fonts are used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of fonts on their website. If consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDG, provided the consent includes the storage of cookies or access to user devices (e.g., device fingerprinting) under the TDDG. Consent can be withdrawn at any time.

If your browser does not support Google Fonts, a default font installed on your computer will be used. Further information about Google Fonts can be found here: Google Fonts FAQ and in Google's privacy policy: Google Privacy Policy.

Google is certified under the "EU-US Data Privacy Framework" (DPF), which ensures compliance with European data protection standards for data processing in the USA. Certified companies must adhere to these standards. More details can be found here: EU-US Data Privacy Framework.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether the data entered on this website (e.g., in a contact form) is being provided by a human or by an automated program. reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the visitor enters the website. For the analysis, reCAPTCHA evaluates various data (e.g., IP address, duration of the visitor's stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses take place completely in the background. Website visitors are not informed that such an analysis is taking place.

The storage and analysis of this data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated surveillance and spam. If consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDG, provided the consent includes the storage of cookies or access to user devices (e.g., device fingerprinting) under the TDDG. Consent can be withdrawn at any time.

For more information about Google reCAPTCHA, please refer to Google's privacy policy and terms of use at the following links: Google Privacy Policy and Google Terms of Use.

Google is certified under the "EU-US Data Privacy Framework" (DPF), which ensures compliance with European data protection standards for data processing in the USA. Certified companies must adhere to these standards. More details can be found here: EU-US Data Privacy Framework.