Privacy Statement Mindbreeze | Mindbreeze InSpire

Data protection is of particularly high importance to the Fabasoft Group. Fabasoft AG and its subsidiary companies (known as: “Fabasoft”) have dedicated themselves to the protection of data and, in particular, of personal data. Mindbreeze GmbH is a subsidiary of Fabasoft AG (in the following referred to as “Mindbreeze”). Exactly how Mindbreeze uses and protects personal data, such as first and surnames, email addresses or telephone numbers, will be outlined in more detail in this privacy statement. The use of personal data complies with the requirements of the EU’s General Data Protection Regulation also referred to in the following as "GDPR" and the relevant country-specific data protection regulations. The transfer of data for processing, both within and outside Mindbreeze, for the purpose of job processing, is exclusively based on data processing agreements.

Valid as of June 2023 | PDF Download of the Mindbreeze Privacy Statement (304 KB)

A. General Information

A.1 Who is responsible for data processing? - The Group’s Structure

Depending on which Group company is entrusted with data processing, this company is deemed to be the data controller.

You will find all Fabasoft companies listed via the following link:
https://www.fabasoft.com/en/about-us/locations

Additional Information:

This privacy statement serves to elaborate on the general privacy statement of Fabasoft (available at www.fabasoft.com/privacy), the general privacy statement of Fabasoft 4teamwork (available at https://www.4teamwork.ch/datenschutzerklaerung/), the general privacy statement of Mindbreeze (available at www.mindbreeze.com/privacy), the general privacy statement of Xpublisher (available at www.xpublisher.com/privacy), the general privacy statement of KnowledgeFox (available at https://knowledgefox.net/dsgvo/) and to provide more information for applicants.

Contact Data Privacy Team

Mindbreeze has a data security team (“Privacy Team”) entrusted with legal data security issues. You can contact the Privacy Team as follows:

privacy@mindbreeze.com
Mindbreeze GmbH, c/o Privacy Team, Honauerstrasse 2, 4020 Linz, Austria

If required by EU-GDPR or national regulations, Mindbreeze has appointed data protection officers whom you can contact directly using the contact data below:

Austria:
Hochleitner Rechtsanwälte GmbH
dpo-at@mindbreeze.com,
Mindbreeze GmbH, c/o Data Protection Officer AT, Honauerstrasse 4, 4020 Linz, Austria

A.2 Which data are processed? Where does the data come from (the data sources)?

1. Data collected from the data subject

Mindbreeze processes the following personal data that has been collected directly from the data subject.

Mindbreeze processes personal data that it obtains through its business relations (with customers, suppliers, partners or support requests) in order to fulfil a contract or to implement pre-contract procedures.
Mindbreeze processes personal data supplied directly by the customers.
Mindbreeze processes personal data that are required in order to fulfil a legal obligation.
Mindbreeze processes personal data for which consent has been granted, for various reasons, by the data subject.

Personal data includes: title, first name(s), surname, email address(es), home address(es), telephone number(s), fax number, date of birth (if provided), contract details (incl. contact details of the contracting parties as well as contact persons), company details, other relevant information (correspondence history, contact details, data relating to reminders and actions).

When you make use of our support, we process data about your support inquiry (problem description, log files, attachments, screenshots, communication, documentation of troubleshooting, contact details of the involved persons).

2. Data not directly collected from the data subject

In addition, Mindbreeze processes personal data that is not directly obtained from the data subject. This includes the following data: telephone numbers, job titles, gender, company name, size of the company, titles, industry, street, post code, locations and country.

This data comes from publicly accessible registers, company websites and information published by individuals on business platforms (XING, LinkedIN) or on social media platforms.

A.3 Why is personal data processed and what is the legal basis for doing this?

The fulfilment of contractual and pre-contractual obligations.
Processing personal data is important for providing products and services that are appropriate for the required/commissioned scope of the project. The purpose of data processing is strictly aligned with the commissioned product or service. You will find more detailed information on this topic on our website www.mindbreeze.com. Personal data are processed for the purpose of fulfilling existing contracts or within the framework of initiating new contracts.
The fulfilment of legal obligations.
As far as the processing of personal data is necessary to fulfil a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO applies as the legal basis for data processing.
Safeguarding legitimate interests
It is in Mindbreeze’s interest to continuously improve its products and services. In order to obtain feedback, Mindbreeze encourages its customers and partners voluntary participation in surveys. Participation in the survey can take place without the disclosure of personal data. Should personal data nonetheless be disclosed, such disclosure is voluntary and is not necessary for participation in the survey. The results of the survey serve to further improve Mindbreeze’s products and services.

It is in the interest of Mindbreeze customers and interested persons/companies to provide the best possible information about market trends and market developments. Mindbreeze also makes comprehensive research papers available for download free of charge in which Mindbreeze products and services have been evaluated by renowned analyst firms. In addition, Mindbreeze strives to provide the best possible support and advice for customers and interested persons/companies. In this context, Mindbreeze or a responsible Mindbreeze partner will contact you by e-mail, provided that you have given your consent (this consent can be revoked at any time; the data processing that has been carried out until such time remains lawful).
Data processing and consent
Irrespective of the above-mentioned legal bases, Mindbreeze may require consent for certain processing operations and obtain it from the person concerned. If Mindbreeze is granted consent to the processing of personal data, the data will be processed exclusively for the purposes specified in this consent, such as sending information in the Mindbreeze newsletter, information on webinars, events, blog articles, downloading resources or research reports. The consent may be revoked at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.

In the interest of Mindbreeze customers (contractual relationship) and potential customers (pre-contractual measures), it is important for Mindbreeze to provide regular information on the ongoing development of their products and services as well as on trends in this sector and topics that are relevant to the market. Mindbreeze also hosts their own events, presents the company at events, holds webinars, and provides information by means of e-mail newsletters.

Those data received by Mindbreeze in the course of its contractual relationship with the customer, will be processed by Mindbreeze in order to send emails, letters or advertising brochures to customers for the purpose of depicting and presenting Mindbreeze products (Art. 6 (1)(f) GDPR). The customer has the right to object to this processing of the customer's data for the purpose of direct advertising, said right can be exercised at any time without giving reasons by means of letter to Mindbreeze c/o Privacy or email to privacy@mindbreeze.com. Mindbreeze will process the customer data for this purpose for as long as the customer lodges no objection, however, up to a maximum of 3 years after termination of the contract. Where other forms of direct advertising are concerned, Mindbreeze will only process the customer data if the customer has expressly given its express consent to the processing of its data (Art. 6 (1)(a) GDPR). If the customer has given its consent to the data processing, it can revoke this consent without giving reasons by means of letter to Mindbreeze or email to privacy@mindbreeze.com. The processing performed until objection is made against such processing or until consent is revoked shall remain lawful. The processing of the personal data of the customer for the purpose of direct advertising is not necessary for the execution of the contractual relationship.

A.4 Who receives the personal data?

The individual employees, departments or Fabasoft companies, that require it in order to fulfil contractual or legal obligations, such as legitimate interests, receive the personal data.

Furthermore, if necessary, Mindbreeze will transfer your data to tax consultants and auditors for purposes of tax consultancy and auditing and, in individual cases, to lawyers and courts, if necessary for legal advice or law enforcement purposes. In individual cases, we also forward your data to our data protection officer in Austria or Germany in order to obtain advice on the implementation of data protection regulations, e.g. if you assert claims against us. In addition, Mindbreeze employs various sub-contractors, to whom personal data is transferred to enable them to effectively carry out their respective services.

All sub-contractors are required to use the data solely for the purpose of providing the service that has been clearly defined by Mindbreeze.

Through contractual agreements, Mindbreeze collaborates with the following providers when dealing with marketing and communication:

Act-on Software, located in Portland, Oregon, USA.
Service: The forwarding of marketing information material, for example newsletters, webinar invitations and product information, as well as product information concerning client relations (for example, tips on new releases)
Data storage and email forwarding: via Act-On’s Data Centre in Frankfurt; in case the mail stack in Frankfurt is unavailable, via a backup US based mail stack (data storage up to a maximum of 48 hours)
LogMeIn. Inc, located in Boston, Massachusetts, USA
Service: Platform for the organisation and implementation of webinars.
Information on compliance with the GDPR: https://www.logmeininc.com/gdpr/gdpr-compliance
Lewis Communications GmbH, located in Düsseldorf, Germany.
Service: The agency provides services for Mindbreeze concerning public relations
Fabasoft International Services GmbH
Service: The provision of services for the whole Fabasoft Group. In terms of data protection law, for example, maintenance of a group procedure directory, provision of a central contact point for data subjects in compliance with § 26 (1)(3) GDPR and the assumption of liability for claims asserted by data subjects and regular updating and management of technical and organisational measures (see A.7).

Insofar personal data are to be transmitted to the USA or any other country with a less stringent level of data protection, Mindbreezes ensures in advance that a suitable level of data protection is in place. The appropriate or reasonable guarantees agreed in individual cases, as well as the possibility of obtaining a copy, are available at privacy@mindbreeze.com.

Mindbreeze’s partner network

Mindbreeze maintains an extensive partner network and places a high value on exclusivity and quality; there are only a small number of partners in each country or area who ideally complement Mindbreeze, in particular in terms of technological expertise and sales strength. In order to provide the best possible service to international customers and potential customers in their national language and in their own time zone, Mindbreeze recruits partners in the respective country or region and provides them with the necessary voluntarily provided personal data such as first name, last name, e-mail address, business address, telephone number, and company name in a separate secure system. The data will only be disclosed to these select partners with your prior consent. In this case, we always ask you for a consent. Personal data will only be processed to the extent that is contractually agreed with our partners. All partners of Mindbreeze are contractually obliged to use this data for the specific intended purpose(s) only (contact on behalf of Mindbreeze and its products) and not to disclose it to third parties. An overview of all current Mindbreeze partners is available at: https://www.mindbreeze.com/our-partner.html

A.5 For how long is data stored?

Mindbreeze stores personal data for as long as is necessary for the duration of the entire business relationship, from the initiation to the execution through to termination of the contract as well in compliance with the legal retention and documentation obligations, which stem, for example, from the legal business and fiscal retention requirement (usually a period of 10 years) or from the limitation periods in compliance with European or national laws or other regulations to which the controller is subject (up to 30 years).

Personal information (for example for a newsletter, announcement, webinar etc) that is submitted to Mindbreeze with consent will be stored for a maximum of three years after its last use, provided that it is not withdrawn before this period ends.

A.6 Where is the data stored?

Mindbreeze stores data on hardware owned by Fabasoft in highly secure, external data centres in Germany, Austria and Switzerland.

A.7 What are the data subject’s data protection rights?

You have the right to disclosure, correction, removal or restriction in the processing of the stored information. You have the right to object to the use of your personal information as well as the right to data portability in accordance with the requirements of the data protection law.

In the event that you withdraw consent to use your personal information, Mindbreeze will immediately stop using this data, provided that the use of this data is solely based on your consent. Exceptions arise as a result of legal or contractual obligations, which render storing data necessary, but this is only in the event of the aforementioned obligations. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.

All rights listed above can be claimed through the following channels.

By email: privacy@mindbreeze.com
By post: Mindbreeze GmbH, c/o Privacy, Honauerstrasse 2, 4020 Linz, Austria

All rights asserted against Mindbreeze must be submitted in writing. To prevent any misuse of these rights by unauthorised parties, you are obliged to verify your identity vis-à-vis Mindbreeze in a suitable manner if we are not able to ascertain this beyond doubt. Every person has the right of access.

Mindbreeze is free to continue to use the personal data concerned provided they have been anonymised prior to such use in such a way that it is no longer possible to relate the data to an identified or identifiable individual.

Complaints should be directed to the Austrian Data Protection Authority or to another data protection authority within the European Union or Switzerland, preferably where you live or work.

There are different interfaces and data processing steps within the Fabasoft Group, in which the different individual personal data processing services are carried out among the companies within the group. The regulations defined in the “Framework agreement for internal data processing within the Fabasoft group” reflect the respective roles of the companies of the Fabasoft Group as joint controllers in a transparent manner pursuant to Art. 26 GDPR or as controller and processor pursuant to Art. 28 GDPR as well as the lawful form of this legal relationship, in particular in compliance with the regulations of the GDPR or the respective national data protection regulations. In the case of a breach of the framework agreement and/or applicable data protection provisions, Fabasoft International Services GmbH, FN 271303a, Honauerstraße 4, 4020 Linz, has undertaken to assume liability for claims by a data subject. Thus, a place of jurisdiction within the EU is available to the data subjects for the assertion of their rights.

The Framework Agreement is available for download on the Fabasoft Website: https://www.fabasoft.com/en/about-us/transparency

A.8 Contact with Data Protection Officers

Mindbreeze has a data security team at its disposal that is dedicated to data protection issues (“Privacy Team”) The contact details for this privacy team are available at: https://www.mindbreeze.com/privacy The privacy team can be contacted at: privacy@mindbreeze.com

As far as the GDPR, or rather national regulations, require, a data protection officer will be appointed. The contact details of this data protection officer are available at: https://www.mindbreeze.com/privacy

A.9 Compulsory provision of personal information

In the context of the business contract or pre-contractual procedures, personal data necessary for the execution of the business contract, and to which Mindbreeze is legally obliged to collect, must be provided. If this information is not provided, the delivery of products and service, for example, will not be possible.

B. Additional Information About the Mindbreeze Website

B.1 Data collection

The Mindbreeze website collects general information with every visit. Such information includes, for example: the IP address, the type of browser used, the language, the login pages, the device used, the volume of data transmitted, the browsing history as well as the HTTP referrer.

Mindbreeze does not use this data to draw any conclusions about the data subject. This information will be needed in order to successfully deliver the content of the website, to guarantee the website is always functioning or to provide relevant information to the authorities.

In addition, the Mindbreeze website offers many opportunities to register your personal information or to get in contact with the company through the email addresses provided. The Mindbreeze GmbH is responsible for your data protection for the purposes listed in the tabular below:

For a better overview, the ways in which you can register will be outlined separately:

Ways to register	The purpose of data collection
To register for the Mindbreeze newsletter	To send information about Mindbreeze and the products such as Release Notes, approx. 1x/month
Register for webinars	To send information about webinars, access details for webinar participants, check the status of registrations, as well as progress reports, access to the webinar records archive and information about similar webinars
Register for Mindbreeze events	To send information about events, communicate the status of registrations, as well as progress reports and to distribute information about similar events
Register for participation in the affiliate program	Contact (legitimate interest) in the context of the collected personal data, transmission of further information about the Mindbreeze Partner Program
Register for Try & Buy	To provide Mindbreeze InSpire for a 28-day trial period
Register for software updates	To provide software updates in the context of a contractual relationship
Registration for developers	To provide SDK (Software Development Kit) for Mindbreeze InSpire
Online application	See separate privacy statement “Data protection for applicants during the application process”
Request help from sales or support team	Contact the support team
Further contact (via contact field on the right))	If you send a message via the contact field, it will be forwarded to the responsible persons for the purpose of processing your request.
Sign up for fee-based trainings	To send information about training, communicate the registration status, and to send information about similar trainings
Register for the download of selected information materials. After registration, documents such as case studies and research papers of analysts are available.	To transmit the download link for the requested document by e-mail. Contact by Mindbreeze or a Mindbreeze partner within the voluntarily provided data. See Partner network of Mindbreeze.
Providing information about products and services	To receive information about the technical advancements of products such as Release Notes, Software Product Information (SPI), Knowledge Base on a regular basis

When registering for one or more of the purposes mentioned above, personal data will only be collected in the form of first name(s), surname(s), email address, company, job title, gender, telephone number, street, postcode, location and country. This information contributes to providing an efficient service and will be processed if consent is granted.

B.2 Sending requests to general email addresses

On the Mindbreeze website, to contact Mindbreeze additional general email addresses will be provided. When you send us an email, it is automatically directed to the relevant person so that you query can be processed.

B.3 The use of cookies

If you click on "Accept and Continue" when you visit our website, you thereby accept all types of cookies or you click on "Manage Settings" to receive more detailed information and determine individually which cookies you consent to. You can manage the settings you have made at any time under the item "Cookie-Settings" in the footer of the website.

Cookies are small text files that are saved by the website server onto the user’s device hard drive (computer, notebook, tablet, smartphone etc) via your internet browser. This information is called up at subsequent visits to the website and enables the website to recognise your device. Both personal and non-personal data can be saved in cookies. User profiles can also be created through the placing of cookies.

Session cookies are delected at the end of the session, i.e. when you close your browser. They record navigation through the website so that the website "remembers" your entries. These session cookies are normally used to temporarily save the user’s entries when filling in online forms that span several pages or to temporarily save the information entered by the user when adding items to online shopping baskets. Such entries may include: data entered when placing an order, currency, login status or simply when navigating through the site.

Mindbreeze uses the following cookies:

Essential cookies:

Essential cookies enable basic functions and are needed to ensure proper functioning of the website. These cookies are first-party cookies that belong to Fabasoft.

Cookie name	Purpose/Description	Lifespan
cookie_settings	Saves information concerning your cookie settings.	30 days
TEAMNX	Mindbreeze makes downloads available via public links from the product Fabasoft Cloud (product of the parent company). This cookie optimises performance distribution, so downloads can be provided with optimum performance.	9 hours
_apm:telemetryStatus#...:	Performance measurement app.telemetry (needed for the search function on www.mindbreeze.com) The last response of the web.telemetry requests is saved in this value. This includes in particular the information concerning which instrumentation level the Client instrumentation is to be recorded on. This information is important at the start of the Client, so that even the first request can already be collected in the selected recording level, because the first web.telemetry request is not generally effected until after the first application request has been sent.	unlimited
apm:guid	Session ID for app.telemetry (needed for the search function on www.mindbreeze.com) This is a GUID that enables the possibility of assigning telemetry data to a Client even when the page is reloaded or the Client uses the navigation to switch to other pages of the application.	unlimited

Tracking and Analytics cookies:

We use Google Analytics to collect anonymous statistical information such as the number of visitors to our website. Cookies added by Google Analytics are subject to the privacy policy of Google Analytics. See also in this respect point 2.4 in this privacy statement.

Cookie	Google Analytics
Provider	Google LLC
Purpose	Cookie from Google for website analyses. Generates statistical data about how visitors use the website.
Privacy Policy	https://policies.google.com/privacy
Cookie name	ga, _gat, _gid
Cookie lifespan	2 years

Data is not collected by Google Analytics unless consent has been given for the processing of personal data by clicking on the button "Accept cookies" or by a selection made under "Manage settings". This consent can be revoked at any time by changing the cookie settings (button "Manage settings" or "Cookie settings" in the footer of the website). You will find a detailed description of the use of analytics services under point B.4 in this privacy statement.

We use Act-on Beacon for the statistical evaluation of data for marketing purposes, as well as visitor access and for the identification of companies.

Cookie	Act-On Tracking Cookie
Provider	Act-On Software, Inc.
Purpose	Evaluation of visitor access, identification of companies
Privacy Policy	https://www.act-on.com/privacy-policy/
Cookie name	wp6806, wp45623
Cookie lifespan	1 year

Data is not collected by Act-on Beacon unless consent has been given for the processing of personal data by clicking on the button "Accept cookies" or by a selection made under "Manage settings". This consent can be revoked at any time by changing the cookie setting (button "Manage settings" or "Cookie settings" in the footer of the website). You will find a detailed description of the use of analytics services under point B.4 in this privacy statement.

B.4 The use of analytics services

Internet analytics service Google Analytics

We use Google Analytics, an internet analytics service by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google uses cookies. The information collected by cookies from the users about their use of online offers is normally sent to a Google server in the USA, where it is saved. At our request, Google will use this information to assess how users respond to online offers, to compile reports on the activity surrounding these online offers and to provide us with further information regarding the use of these online offers and services related to internet use. Through this, we can use this processed information to generate pseudonym profiles for users.

We only use Google Analytics when IP anonymization is in place. This means that, within other European Union Member States or countries in the European Economic Area, Google will ensure that only part of the user’s IP address is shown. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, where it is shortened. The IP address of the user’s browser will not be merged with other information collected by Google.

You can prevent cookies from being stored by changing the settings on your internet browser. In addition, you can prevent Google from collecting or processing information from your cookies and about your use of online offers by downloading and installing the following browser plugin at this link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can learn more about Google’s use of data for advertising purposes, the different ways to adjust your settings or to oppose the use of this information on Google’s website: https://www.google.com/intl/de/policies/privacy/partners/ (“Google’s use of the data collected from your visits to partner websites or Apps”), http://www.google.com/policies/technologies/ads (Using data for advertisement purposes”), http://www.google.de/settings/ads (“Managing the information that Google uses to show you advertisements”) and http://www.google.com/ads/preferences/ (“Determine which advertisements Google shows you”).

You can prevent Google Analytics from collecting information by clicking on the following link. An opt-out cookie will be available, which prevents the collection of further information when visiting the website. Deactivate Google Analytics

Privacy policy regarding the employment and use of Google Ads

Mindbreeze uses "Google Ads". Google Ads is an online advertising service that allows advertises to place ads in the search engine results of Google as well as in the Google advertising network. Google Ads allows an advertiser to pre-set keywords that will display an ad on Google's search engine results only when the search engine retrieves a keyword-related search result. In the Google advertising network, ads are distributed on topical web pages using an automated algorithm and according to the pre-defined keywords. On Google’s Display Network, advertisements are filtered by an automatic algorithm and taking into account key words that have been entered on similar internet sites.

The operating company that provides the Google Ads service is Google Ireland Limited („Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of using Google Ads is to advertise our website by placing interesting and relevant advertisements on third-party companies’ websites, onto Google’s search engine results page.

If one of Google’s advertisements succeeds in directing someone to our website, Google will file a so-called conversion cookie on this person’s device. Cookies have already been defined above.

A conversion cookie expires after thirty days and does not serve to identify the data subject. Provided that it has not yet expired, conversion cookies can be used to establish whether certain sub-sites, for example the basket in online shopping systems, are visited on our website.

Through conversion cookies, both we and Google can establish whether a data subject, who is directed to our website via an Ads advertisement, generates revenue, for example by making purchases in the basket or if they cancel them.

Google uses the data and information collected by conversion cookies in order to generate statistics on the number of visits to our website.

On the other hand, we use these statistics to determine the total number of people using our website and how many of them are directed to us by Ads advertisements. Therefore, we use this information to evaluate how successful various Ads advertisements are at directing people to our site and in order to streamline our Ads advertisements in the future. Neither our company nor Google Ads’ other advertisement customers receive information from Google that would enable a data subject to be identified.

Through conversion cookies, personal information, for example internet sites visited by the data subject, will be stored. With each visit to our website, personal information will therefore be sent to Google in the USA, including the IP address of the data subject’s Internet connection. This personal information will be stored by Google in the USA. Google will pass on the personal information collected through online activity to third-parties if necessary.

The data subject can prevent the use of cookies on our website, at any time by changing the relevant settings of the internet browser and thus permanently reject the use of cookies, as explained above.

This setting on the internet browser would also prevent Google from creating a conversion cookie on the data subject’s computer system. In addition, cookies that have been already established by Google Ads can be deleted via the internet browser, or other software programmes, at any time.

Furthermore, the data subject may reject personalised advertising from Google. To do so, the data subject must use the following link to remove the internet browsers they used and to set their desired settings: www.google.de/settings/ads

Additional information and Google’s current privacy policy can be found at this link: https://www.google.de/intl/de/policies/privacy/

Google Maps

This page uses the Google Maps map service via an API. The provider is Google Ireland Limited („Google”), Gordon House, Barrow Street, Dublin 4, Ireland. It is necessary to save your IP address in order to use the functions of Google Maps. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. Google Maps is used in the interest of presenting our online offers in an appealing manner and making it easier to find the locations we have indicated on the website. This constitutes a legitimate interest within the context of Art. 6 (1) (f) GDPR. You can find more information on the handling of user data in Google's data protection declaration: https://www.google.de/intl/de/policies/privacy/.

Internet analytics service Act-On

In order to analyse user access, information for marketing purposes and for identifying different companies, is collected using the tool Act-On, processed and stored in Act-On Software Inc’s data centre. In Germany. Act-On carries out checks on an address based on this information, but only if it has been established that it involves a company and not an individual. Cookies are also used here. In addition, Act-On collects information on the browsing activity of anyone who has submitted a form or registered for an email service. The following information is collected: which webpages are visited on www.mindbreeze.com, which emails from Mindbreeze are opened, which documents from Mindbreeze are downloaded and which forms are completed. This information will be collected as long as it is processed for a clearly specified purpose. This information will be used in order to continuously improve our services and to enhance the browsing experience.

B.5 Social Media Icons

Mindbreeze also provides links on this website to the following social media sites: Twitter, Facebook, YouTube, Xing, LinkedIn, Instagram. Some of these links are displayed as icons. When you click on these social media icons (links) you will be subsequently redirected from the Mindbreeze website to the respective social media site.

When you click on one of these links, you will be redirected to the respective website and are thus allowing the respective site operator to access your personal information. No personal data are collected by Mindbreeze via these links.

Embedding YouTube videos in expanded data protection mode

YouTube videos are embedded (framing) on our website exclusively in “expanded data protection mode”. As soon as you open the page, a connection is made to YouTube and its DoubleClick network (responsible for the marketing of YouTube), which allows YouTube access to the browser storage. Due to the “expanded data protection mode” of YouTube, no cookies are placed as long as you do not click on the embedded video.

C. Data protection information for visitors to our Facebook Fan Page

If you visit our fan pages (https://www.facebook.com/Mindbreeze/) on Facebook, we will process personal data in connection with this visit, regardless of whether you are registered on Facebook or whether you are logged in or not. Fan pages are user accounts that can be set up by private individuals or companies on Facebook. This fan page allows us to present our company to Facebook users and individuals who visit our fan page, and also to communicate with these people. The data provided directly by you or by Facebook are used exclusively for the purpose of communication with customers and interested parties as an overriding legitimate interest according to Art. 6 (f) GDPR, putting us in a position to offer the most interesting information for you.

Facebook provides fan page administrators with the "Page Insights" function, which we use to receive anonymised statitstical data about the users and visitors to our fan page. These so-called "Page Insights" are summerised statistics created using specific "events" that are recorded by Facebook when users or visitors interact with our fan page and its linked contents.

These data are collected using so-called cookies. These are small text files that are saved by Facebook onto the website user’s device hard drive (computer, notebook, tablet, smartphone etc) via the browser. This information is called up at subsequent visits to the website and enables the website to recognise your device. The information saved in the cookies is received, recorded and processed by Facebook in personalised form.

The purpose of the use of cookies is to improve the Facebook advertising system on the one hand and on the other to enable the use of cookies made available to us by Facebook statistics to manage and improve the marketing of our activities.

By creating the fan page, we contribute to the processing of the personal data of visitors to our fan page, regardless of whether these are registered with or logged-in to Facebook or not. Although Facebook provides the data collected using cookies to us solely in an anonymised form, the production of these statistics relies on the prior processing of personal data. For this reason, we, as administrators of the fan page, are involved in deciding the purposes and means of processing the personal data of visitors to our fan page, and as such, we are joint data controllers with Facebook as defined by Article 26 of the GDPR with regard to this processing. The joint responsibility includes the processing of your data for the purpose of creating "Page Insights" in connection with a visit or other interaction with our fan page or contents linked with it. We have entered into an agreement with Facebook concerning the joint responsibility in compliance with Art. 26 GDPR, whereby Facebook undertakes, among other things, to provide the data protection informantion pursuant to Art. 13 GDPR as well as to observe the rights of the data subject.

The main content of the agreement between the joint controllers is provided by Facebook Ireland and can be accessed via the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Depending on the respective event that triggers a recording, we receive from Facebook the following data categories in anonymised form:

Actions of individuals

Viewing a page, a post, a video, a story or other content linked with a page
Interacting with a story
Subscribing or unsubscribing to a page
"Like" or "Unlike" a page or post
Recommending the page in a post or comment
Commenting on, sharing or reacting to a post on the page (including the type of reaction)
Hiding a post on a page or reporting it as spam
Hovering the cursor over a link to a page or the name or the profile picture of a page to see a preview of the page content
Clicking on the website, telephone number or "Route planner" button or another button on the page
Viewing the event of page, reacting to an event (including type of reaction), clicking on a link for an event
Starting a Messenger conversation with the page
Viewing or clicking on an article in a page shop

Information on the actions, the individuals who carried out the actions and on the browsers/apps used for the actions

Date and time of the action
Country/town (estimation based on the IP address or logged in users from the user profile)
Language codes (from the HTTP header of the browser and/or language setting)
Age/gender group (from the user profile, only in the case of logged in users)
Previously visited websites (from the HTTP header of the browser)
Whether the action was carried out on a computer or a mobile device (from the browser user agent or from app attributes)
Facebook user ID (only in the case of logged in users)

We have no access to personal data that are processed within the framework of "Events", only to the summerised Page Insights in the form of an anonymised statistical evaluation. As we have no access to personal data, we cannot transfer these to any third parties. Please find information on the legal basis of the data processing by any possible recipients or any possible transfers of your data by Facebook to third countries in Facebook’s privicy policy (https://www.facebook.com/privacy/explanation) and Facebook’s cookie policy (https://www.facebook.com/policies/cookies/). Please note, however, that we might be able to associate your profile picture with your "Like" fan page information if you marked the fan page with "Like" and set your "Like" page information to "Public".

According to the relevant Facebook terms of use and its privacy policy and cookie policy, if you are registered and logged into Facebook you consent to the processing of your personal data by Facebook. We draw your attention to the fact that we have no influence over Facebook’s terms of use or data privacy and cookie policy. Facebook uses cookies to determine whether you are logged into Facebook.

However, even if you are not registered or logged into Facebook, it is neverteless possible that if you click on a sub-page within our fan page or carry our some action within our fan page, Facebook will undertake a statistical analysis of your personal data and and transfer these anonymised statistics to us. If you do not click on any sub-pages or carry out any actions on our fan page (e.g. clicking on a photo or video in a post), your personal data will not be collected via cookies.

Cookies placed by Facebook are stored for up to two years after being placed or updated. Cookies already stored can be deleted at any time. You can also prevent the installation of cookies via your browser settings.

You have the right to demand at any time information as to which of your data are processed (Art. 15 GDPR). You have the right to have incomplete data completed and inaccurate data rectified or erased (Art. 16, 17 GDPR). Under certain circumstances you can demand erasure of your data (Art. 17 GDPR). However, the right to erasure does not apply if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. Under certain circumstances you can also demand the restriction of the processing of your data (Art. 18 GDPR) and object to the processing of your data (Art. 21 GDPR). You have the right to receive the personal data which you have provided in a structured, commonly used and machine-readable format and to transmit these data to another controller or – if technically feasible – to allow Facebook to transmit the data (Art. 20 GDPR).

Insofar your data are processed based on your consent, you have the right to revoke this consent at any time. Such revocation shall in no way affect the legality of the data processing carried out until the time of the revocation.

For requests to exercise your rights as data subject, or to withdraw your consent in connection with the processing of data within the scope of Page Insights, please use the form linked in Facebook’s Data Policy for Page Insights data (https://www.facebook.com/legal/terms/information_about_page_insights_data) or contact Facebook Ireland by post at Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. You can always send your requests to us and we will then forward them to Facebook.

You have the right to lodge a complaint with the Irish Data Protection Commission, the Austrian Data Protection Authority or with another Data Protection Supervisory Authority in the EU, in particular at your habitual residence or place of work.

D. Data protection information for visitors to our Instagam account

Our Instagram presence allows us to present our company to the users of this network and to communicate with these individuals. The data provided directly by you or by Instagram are used exclusively for the purpose of communication with customers and interested parties as an overriding legitimate interest according to Art. 6 (f) GDPR, putting us in a position to offer the most interesting information for you.

Instagram is part of the Facebook corporate group and shares the infrastructure, systems and technology with Facebook Ireland and other Facebook companies.

If you visit our Instagram page, Instagram and its associated company Facebook collect your IP address and other personal data in the form of cookies. These are small text files that are saved by Instagram onto the website user’s device hard drive (computer, notebook, tablet, smartphone etc) via the browser. This information is called up at subseqent visits to the website and enables the website to recognise your device. The information saved in the cookies is received, recorded and processed by Facebook in personalised form. The purpose of the use of cookies is, among other things, to improve the Instagram advertising system. We have no influence on the the data collection and processing carried out by Instagram nor on the extent to which this occurs or the length of time these data are stored. Please find information on the legal basis of the data processing by any possible recipients or any possible transfers of your data by Facebook to third countries in the information on data protection (https://help.instagram.com/519522125107875) and the Instagram cookie policy (https://help.instagram.com/1896641480634370?ref=ig).

For requests to exercise your rights as data subject, or to withdraw your consent, please use the form linked in Instagram’s Data Policy (https://help.instagram.com/519522125107875) or contact Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland by post. You can always send your requests to us and we will then forward them to Facebook if necessary.

Mindbreeze GmbH, Honauerstraße 2, 4020 Linz is responsible for the content of our Instagram page.

You will find more detailed information about Mindbreeze and our data processing at https://www.mindbreeze.com/privacy