Privacy policy
Status: 01/2026
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data-protection laws of the Member States, as well as other data-protection provisions, is:
MindBytes GmbH
Probststraße 15
70567 Stuttgart
Germany
General information on data processing
Scope of processing of personal data
As a rule, we process our users’ personal data only to the extent necessary to provide a functional website and our content and services. Processing is carried out on the basis of (pre-)contractual necessity. In individual cases, we also rely on our legitimate interests or on the consent of the data subject concerned. In these cases, users are specifically informed about the processing and about their rights to object or withdraw consent.
Legal basis for processing personal data
When you visit the website, this constitutes a free-of-charge user agreement, meaning that Art. 6(1)(b) GDPR generally serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6(1)(f) GDPR serves as the legal basis for processing. In this case, the data subject has the right to object pursuant to Art. 21 GDPR.
If processing is based on consent, Art. 6(1)(a) GDPR is the appropriate legal basis. Consent is generally voluntary and can be withdrawn at any time without stating reasons, with effect for the future.
Data deletion and retention period
We delete a data subject’s personal data as soon as the purpose of storage no longer applies and any applicable retention periods have expired. Storage may also take place beyond this if it has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject. If deletion is not yet legally possible, we can and will block the data in individual cases. This restriction reduces access to the data and its processing to an absolute minimum, e.g. archiving for potential legal disputes or statutory retention periods for official audits.
Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s IP address
- Date and time of access
- Websites from which the user’s system accesses our website
The data is stored in our system’s log files to ensure the proper and secure operation of our pages and to be able to investigate possible disruptions. This data is not stored together with other personal data of the user. The log files are automatically deleted after 30 days.
The legal basis for the temporary storage of data and log files is Art. 6(1)(b) in conjunction with Art. 32 GDPR.
Temporary storage of the IP address by the system is necessary to deliver the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session. Subsequent storage in log files is carried out to ensure the functionality of the website. In addition, the data helps us ensure the security of our systems. No further evaluation of the data for marketing purposes takes place in this context.
Users’ personal data is processed and stored in log files for a maximum of 30 days and then automatically deleted. Further storage is only possible in special individual cases if there are concrete indications of incidents that require investigation. In this case, users’ IP addresses are deleted or anonymized where possible so that the accessing client can no longer be identified.
Configurator
We provide a configurator on our website that allows our services to be compiled into a single request. The aim is to give our users the easiest possible access to our offerings. Information entered by users in a text field and sent to us is used to create a subsequent offer.
The legal basis for the temporary storage of the data is Art. 6(1)(b) GDPR.
The information entered is automatically deleted from our web server no later than 30 days. Further storage is only possible in special individual cases if there are concrete indications of incidents that require investigation. In addition, the data from a request submitted via the configurator is stored and processed by us to prepare a suitable offer and to further handle your inquiry. This data remains with us until you request deletion, withdraw your consent to storage, or the purpose for storing the data no longer applies. Mandatory statutory provisions—especially statutory retention periods—remain unaffected.
Analytics – Matomo
To measure the reach of this website and generate access statistics, we use Matomo. This is an open-source analytics software that runs on the same web server as the website.
Based on the technical information described above (among other things) under Provision of the website and creation of log files, Matomo can create pseudonymous profiles and, for example, identify which subpages are accessed more frequently, whether the website is visited mainly from mobile devices or desktop computers, or from which region the website is frequently accessed. Matomo uses cookies for this purpose. Details are described in the section Cookies, Local and Session Storage.
Data processing for statistical and reach measurement purposes is carried out based on the user’s consent. The legal basis for collecting the data is therefore Art. 6(1)(a) GDPR.
Cookie banner
Our website uses the consent tool “Real Cookie Banner” to obtain your consent to store certain cookies on your device or to use similar technologies, and to document this in compliance with data-protection requirements.
Real Cookie Banner is installed locally on our servers, so no connection is made to the provider’s servers. Real Cookie Banner stores a cookie in your browser in order to assign the consents you have given and any revocations. The data collected in this way is stored until you request deletion, delete the Real Cookie Banner cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
The legal bases for processing personal data in this context are Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Cookies, Local and Session Storage
For operating our website, information is stored in the browser. The following table provides an overview of the stored information and its purpose, retention period and location. In some cases, the information is only stored after the user’s consent or when certain pages are accessed.
| Name | Purpose | Retention period | Location |
|---|---|---|---|
| woocommerce_cart_hash | Store changes to the request in the configurator | Until the end of the session | Cookie |
| wp_woocommerce_session_* | Find the data of a request from the configurator in the database | 2 days | Cookie |
| woocommerce_items_in_cart | Detect changes to the request in the configurator | Until the end of the session | Cookie |
| wc_cart_hash_* | Store changes to the request in the configurator | Persistent | Local Storage |
| wc_cart_created | Timestamp of when the user added the first product to the request in the configurator | Until the end of the session | Session Storage |
| wc_fragments_* | Store HTML code of the current request summary | Until the end of the session | Session Storage |
| wc_cart_hash_* | Store changes to the request in the configurator | Until the end of the session | Session Storage |
| et-editor-available-post-* | Administrative activities on the website | 30 minutes | Cookie |
| real_cookie_banner-* | Unique assignment of consent within the cookie banner | 1 year | Cookie |
| _pk_id* | Store information for analytics purposes (e.g. the unique user ID) | 13 months | Cookie |
| _pk_ses* | Short-term storage of information for analytics purposes | 30 minutes | Cookie |
Hosting
We host the content of our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter “Hetzner”). When you visit our website, Hetzner collects log files including your IP addresses. This processing is carried out exclusively on our behalf and is secured by a data processing agreement in accordance with Art. 28 GDPR.
Application process
The application process requires applicants to provide us with the information necessary for assessing and selecting them. Which information is required is determined by the job description or, in the case of online forms, by the information provided there.
The required information generally includes personal details such as name, address, a contact option, and evidence of the qualifications required for the position.
If provided, applicants can submit their applications to us via an online form. The data is transmitted to us in encrypted form according to the state of the art. Applicants can also send us their applications by email. However, please note that emails sent over the internet are generally not encrypted. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received. We therefore cannot accept responsibility for the transmission path of the application between the sender and receipt on our server.
For the purpose of recruiting applicants, submitting applications and selecting candidates, we may, in compliance with legal requirements, use applicant management or recruitment software, platforms and services from third-party providers. For this, we work with the applicant platform of the service provider On-apply GmbH (Legal notice). Personnel placement on behalf of job seekers or employers is not commissioned processing, but the use of a third-party professional service by an independently responsible controller (LDA Bavaria, FAQ list dated 20 July 2018). Further information on data protection at On-apply GmbH can be found in their privacy policy.
If the application for a job posting is unsuccessful, you decline a job offer, withdraw your application, revoke your consent to data processing, or request deletion of the data, the information you submitted—including any remaining physical application documents—will be stored/retained for a maximum of 6 months after completion of the application process (retention period) in order to be able to trace the details of the application process in the event of discrepancies (Art. 6(1)(f) GDPR).
After the retention period has expired, the data will be deleted unless there is a statutory retention obligation or another legal basis for further storage. If it is apparent that retaining your data after the retention period will be necessary (e.g. due to an imminent or pending legal dispute), deletion will only take place once the data is no longer relevant. Other statutory retention obligations remain unaffected.
The legal basis for processing personal data in the application process is Art. 6(1)(b) GDPR. If the application is successful, the data you submit will be stored in our systems on the basis of Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship.
Receiving free content (lead magnet) and marketing outreach
If you request free content via our website (e.g. practical tips, whitepapers, checklists), we collect your email address. We collect and store the email address you provide to deliver the requested content and for subsequent marketing contact by email about similar offers or for sales purposes (e.g. consulting services).
Processing your email address to send the requested content is based on Art. 6(1)(b) GDPR. Any further marketing contact is based on your explicit consent (Art. 6(1)(a) GDPR) and only after you have downloaded the requested content (double opt-in process).
We store your data for as long as necessary to send the free content and for subsequent marketing communication, or until you withdraw your consent or object to the processing.
You can object to the use of your data for sales purposes at any time with effect for the future. To do so, send us an email to hallo@mind-bytes.de.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right of access, Art. 15 GDPR
You have the right to request confirmation as to whether data concerning you is being processed, and to obtain information about this data as well as further details and a copy of the data in accordance with legal requirements.
Right to rectification, Art. 16 GDPR
You have the right to rectification and/or completion vis-à-vis us if the personal data concerning you that is processed is inaccurate or incomplete.
Right to erasure and restriction of processing, Arts. 17, 18 GDPR
In accordance with legal requirements, you have the right to request that data concerning you be deleted without undue delay or, alternatively, to request restriction of processing in accordance with legal requirements.
Right to data portability, Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.
Right to object, Art. 21 GDPR
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) GDPR.
Right to lodge a complaint with a supervisory authority, Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with any data protection supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. The supervisory authority will forward complaints depending on its competence.
Changes to our data protection provisions
Our websites and security or data-protection measures may change over time. This may require changes to our privacy notices. We therefore always provide the current version of our privacy notice.