Privacy Policy

A. INTRODUCTION

1. Scope of the Privacy Policy

This Privacy Policy provides information on the processing of personal data by MeisterLabs GmbH, Zugspitzstraße 2, 85591 Vaterstetten (hereinafter referred to as “Meister” or “we”) obtained in connection with a visit to our websites (‘www.meisterlabs.com’, ‘www.mindmeister.com’, ‘www.meistertask.com’, ‘www.meisternote’, “websites”), use of our community platform (‘community.meister.co’, “platform”) or use of our web-services and mobile applications. We provide separate information for certain specific data processing activities.

We reserve the right to change this Privacy Policy any time.

2. Controller and Contact Data

The Controller responsible for the processing activities described in this Privacy Policy is

MeisterLabs GmbH

Zugspitzstraße 2

85591 Vaterstetten

In case of questions or concerns on this privacy notice or to execute your rights (see section F.), please contact us by e-mail at: [email protected].

Insofar as we and another company are jointly responsible for a data processing activity, i.e. we have jointly laid down the purposes and means of the processing, we specifically point this out in Section C.

B. GENERAL INFORMATION

Unless otherwise stated in this Privacy Policy, we (or our processors) collect your personal data directly from you and not from third parties.

We are very aware of the great value of your data and therefore generally do not pass them on to third countries or international organisations. If, however, individual processing activities involve the transfer of your data to a third country, we expressly inform you thereof in this Privacy Policy and of the measures we have taken to ensure the necessary level of protection for your data.

You are not generally obliged to provide us with your personal data. If you are legally or contractually obliged to provide your data, or if this is necessary in order for you to enter into a contract with us, then this is expressly stated in this Privacy Policy. In this case, we inform you of the possible consequences of not providing your data.

We do not make use of automated decision-making and profiling.

In principle, your personal data will not be further processed for any other purpose than that for which these data were collected. Should an individual processing activity nevertheless be further processed, we inform you thereof in this Privacy Policy.

We will retain your personal data as long as this is necessary to achieve the purpose or due to legal or regulatory requirements (e.g. tax and accounting obligations). Your data will be retained in accordance with our internal data retention policy.

Our services are not intended for minors. If, contrary to expectations, our services are used by minors, we will stop processing personal data without undue delay as soon as we become aware.

C. PROCESSING ACTIVITIES

1. Provision of our websites

Whenever you visit our websites, we collect and store several types of information, including information by which you may be personally identified. We use this data to enable you to use our website and, if necessary, to check and enforce our rights and the rights of third parties in the event of damage or infringement of legal regulations, our terms of use and the rights of third parties.

The following data are collected:

Categories of data:E.g.: details of your visits to our websites, including traffic data, location data, logs and other communication data and the resources that you access and use on the websites, usage data. Information about your computer and internet connection, including your IP address, operating system, browser type and browsing history as related to our websites.
Legal Basis: The legal basis for the collection of data and the storage in log files is our overriding legitimate interest, Art. 6 sec. 1 lit. f GDPR. Furthermore, the collection and storage of data is necessary according to § 25 sec. 2 no. 2 TDDDG for the operation of our websites.
Categories Recipients:Hosting Provider, Provider of Infrastructure Services
Storage period:The log files are stored for as long as is necessary for the respective purpose, generally no longer than 30 days.

2. Use of our web-services and apps

2.1. Registration of user accounts

If you visit our websites, you may voluntarily create a user account for our web-based services. Therefore, you have to provide some personal data which is entered into an online registration form before being transferred to us and stored on our system. As part of the registration process, we collect and process the following data to set up the respective user account for our services:

Categories of data:Name, company, method and data needed to access your account (incl. e-mail-address and if applicable password), userID, teamID, team name, product usage purpose, industry/department/role, IP-address, date, time and location of registration, data that the user may voluntarily provide during the registration process.
Legal Basis:The legal basis for processing is its necessity for the performance of the respective contract which you entered during the registration process (Art. 6 sec. 1 lit. b GDPR).
Categories of Recipients:Hosting Provider, Providers of Infrastructure Services, Customer Relationship Management Providers
Storage period:Data will be stored upon 30 days after termination of the contract.

You are able to register to our services as described above, or via using your personal Facebook, Office365, Google or Biggerplate account (login via “Single Sign-on”). To provide you the possibility to register via these third party providers, we process your personal data as follows:

Categories of data (which is transferred by Third Party Provider to Meister):Name, username, e-mail-address, external user ID, avatar URL, access tokens, profile picture
Recipients:Hosting Provider, Providers of Infrastructure Services, Customer Relationship Management Providers
Categories of data (which we transfer to Third Party Provider):none
Legal Basis:The legal basis for processing is our legitimate interest to provide you with different methods to register an account for the use of our services (Art. 6 sec. 1 lit. f GDPR).
Storage period:Data will be stored upon 30 days after termination of the contract.

2.2. Invoicing and Payment

In order to be able to issue an invoice and for payment purpose, the following data will be processed:

Categories of data:Name, address, e-mail-address, banking account information, VAT number, tax number, internal ID-number (customer-ID)
Legal Basis:The legal basis for processing is its necessity for the performance of the respective contract (Art. 6 sec. 1 lit. b GDPR). Furthermore, we need to process these data to fulfil legal obligations (obligation to invoice and accounting; Art. 6 sec. 1 lit. c). As far as invoices are overdue, it is also our legitimate interest to collect outstanding fees by sending reminder notices (Art. 6 sec. 1 lit. f GDPR).
Categories of Recipients:Invoice management tools, payment processing providers, tax reporting and management tools, financial advisors, legal advisors, tax authorities
Storage period:Financial records are stored for a minimum period of 10 years due to legal retention requirements.

2.3. Provision and maintenance of our web-services

To provide you with the agreed service, by means of which you can collaborate with your team and store data or produce content, we collect the following data:

Categories of data:For hosting/deployment:Name, e-mail-address, IP-address, user created content on our services and uploaded files For (error) monitoring and analytics:IP-address, user ID, log of activities, country, region, city, language preference, device information (e.g. device family, device ID), browser type, site you last visited as well as pages you visit and links you click on within our services
Legal Basis:The legal basis for the collection and processing of data is its necessity for the performance of the respective contract (Art. 6 sec. 1 lit. b GDPR). Furthermore, it is our overriding legitimate interest to process these data in order to further develop and improve our services (Art. 6 sec. 1 lit. f GDPR).
Categories of Recipients:Hosting Provider, Provider of Infrastructure Services, Monitoring and error tracking providers Please note that other users who invite you to join their team can see your personal information like your name, e-mail address, avatar and the plan you are on.
Storage period:As long as it is necessary for the achievement of the purpose. After termination of the contract, your data will be deleted, unless legal regulations require the ongoing storage for a definite period of time.

2.4. Provision and maintenance of our mobile apps

If you are using our mobile apps, the following additional data are collected and processed to ensure functionality of our apps as well as to develop and improve them:

Categories of data:For deployment of the mobile apps: Order information (order ID, billing address with state, postal code, city), information on reviews (name, account picture, device, device language, app version)For monitoring/crash reports: Name, IP-address, e-mail-address, events user triggered, device information, country, region, city, language, user-ID, logs containing user generated data, app version
Legal Basis:The legal basis for the collection and processing of data is its necessity for the performance of the respective contract (Art. 6 sec. 1 lit. b GDPR). Furthermore, it is our overriding legitimate interest to process these data in order to further develop and improve our services (Art. 6 sec. 1 lit. f GDPR).
Categories of Recipients:Hosting Provider, Monitoring and (error) tracking providers
Storage period:As long as it is necessary for the achievement of the purpose. After termination of the contract, your data will be deleted, unless legal regulations require the ongoing storage for a definite period of time.

You are not obliged to provide these data under Section 2; however, if you do not provide them, you will not be able to make use of our mobile apps.

2.5. Usage of third-party integrations (web-services and mobile)

Meister offers you the possibility to integrate our web-services and mobile apps with applications offered by third parties. When setting up such an integration, we might receive and process personal data about you which was collected by the respective third party provider.
Furthermore, depending on the integration, we may share your personal data such as your name, e-mail address or your user-generated content with these third parties in order to provide you with the desired integration. Please note, however, that this Privacy Policy does not apply to the processing of your personal data by third parties when you use the third-party integrations available through our services. Please visit the websites of these third parties for more information about their privacy practices.

2.6. Customer Relationship and Support

To manage our relationship with you and all related (support) communication, we collect and process the following data:

Categories of data:Name, e-mail-address, job title, log files, phone number, communication data (content that you sent to us, e.g. in case of support requests, feature requests, other feedback), contract information (e.g. subject/product, term, amount, signature)
Legal Basis:The legal basis for the collection and processing of data is its necessity for the performance of the respective contract, so that we are able to manage our relationship, support you in using our services, communicate with you and inform you in case of any changes or maintenance work of our services (Art. 6 sec. 1 lit. b GDPR). Furthermore, it is our overriding legitimate interest to process these data in order to understand our customers through analytics and reporting to further develop and improve our services (Art. 6 sec. 1 lit. f GDPR).
Categories of Recipients:Hosting Provider, Customer Relationship Management Providers, Providers of Customer Service and Ticketing Solutions, Feedback Management Provider
Storage period:As long as it is necessary for the achievement of the purpose. After termination of the contract, your data will be deleted, unless legal regulations require the ongoing storage for a definite period of time.

3. Use of our Webinar Services

We regularly provide customers as well as interested users with online webinars on various topics related to our web-services to help them get the most out of it. If you decide to register for one of our webinars, we need to collect and process your following personal data to be able to provide you with this webinar service:

Categories of data:Name, e-mail-address, user name, job title, phone number, region/country, IP address, preferred language, attendance/non attendance after initial registration, comments the user is posting during the webinar.
Legal Basis:The legal basis for the collection and processing of these data is your given consent via the registration process (Art. 6 sec. 1 lit. a GDPR).
Categories of Recipients:Hosting Provider, Webinar service provider
Storage period:As long as it is necessary for the achievement of the purpose.

You are not obliged to provide these data under Section 3; however, if you do not provide them, you will not be able to make use of our webinar services.

4. Consumer requests

You can contact us by means of the contact forms on our websites, as well as via e-mail, mail or telephone. The purpose of processing is to process your request internally and, if applicable, to reply to you.

Categories of data:Name, e-mail-address, phone, IP-address, user ID, team ID, log-files, language of communication with you, time you made contact, content of your message (e.g. also financial data in case you enquire about invoicing/payment).
Legal Basis:The data are processed on the basis of our overriding legitimate interests in processing and responding to consumer requests (Art. 6 sec. 1 lit. f GDPR). You have the right to object to the processing of your personal data (see Section E.). In case of customer or potential customer requests, the data are processed of its necessity for the performance of the contract (Art. 6 sec. 1 lit b GDPR).
Categories Recipients:Hosting Provider, Providers of Infrastructure Services, Providers of Customer Service and Ticketing SolutionsIn case of a customer request: Customer Relationship Management Providers
Storage period:We store the data collected in connection with consumer requests until the respective conversation with the user is terminated. The conversation is deemed as terminated once the respective situation is resolved. As far as the request is sent by a customer or potential customer, the data will be stored at least for the term of the contract, and beyond if necessary due to legal requirements.

You are not obliged to provide these personal data according to Section 4; however, if you do not provide any personal data, we will not be able to fully process your request and/or reply to you.

5. Use of our Community Platform

We provide customers with a community platform on https://community.meister.co, where they can communicate with each other and receive support on our services. Our platform especially helps us to better understand the needs of our customers, organize and streamline product insights, keep users updated on ideation status and increase retention and growth via community engagement.

To actively use the platform (post comments, communicate with other users), you have to log-in with your Meister account. During the registration process, you are required to read and accept the platforms’ Terms of Service. Please note that your comments (incl. your chosen username) are published on our platform and thus are publicly available. The respective postings can also be found via search engines.

For the provision of the platform, to manage the respective user accounts and to contact you in case of complaints about your posted content, we process the following data:

Categories of data:Name, e-mail-address, username, profile picture/avatar, IP-address, content posted on the platform, post attachments
Legal Basis:The legal basis for the collection and processing of data is its necessity for the performance of the respective contract with you to use the community platform (agreement on the Terms of Service, Art. 6 sec. 1 lit. b GDPR). Furthermore, the data are also processed on the basis of our overriding legitimate interests to advance our business by providing a community platform (Art. 6 sec. 1 lit. f GDPR).
Categories of Recipients:Community Platform Provider
Storage period:Data are stored as long as the user account is active. In the event that the Community Platform is no longer continued by MeisterLabs, the data will be permanently deleted within a period of 30 days after such event.

You are not obliged to provide these data according to Section 6; however, if you do not provide them, you will not be able to register on the platform and make use of our community.

6. Use of our Meister Academy Platform

We provide customers and partners with an online course platform on https://meister.coassemble.com where they can access educational content and exercise courses on our products and services.
For the provision of the online courses via the Meister Academy platform, we may process the following data:

Categories of data:Name, e-mail-address and/or phone number, profile image you uploaded, course status and result, preferences, opinions, browser session and geo-location data
Legal Basis:The legal basis for the collection and processing of data is its necessity for the performance of the respective contract with you to use the Meister Academy platform (Art. 6 sec. 1 lit. b GDPR). Furthermore, the data are also processed on the basis of our overriding legitimate interests to advance our business by providing an online course platform (Art. 6 sec. 1 lit. f GDPR).
Categories Recipients:Online course platform provider
Storage period:Data are stored as long as the Meister Academy user account is active.

7. Cookies and web tracking

7.1. Definition of cookies and other technologies

We use cookies to automatically collect data. Our website may contain cookies set by us or by third parties. A cookie is a text file containing a small amount of data. A website can send it to your browser, and it is then stored on your device as an anonymous tag that identifies your device. Some of the pages on our website use cookies in order to be able to offer you better services when you return. The data therefore stored and transferred in our cookies can be found in the cookies list.

In addition, we use web beacons, which are also known as 1×1 GIFs, clear GIFs or tags. Web beacons are tiny graphic images that may be embedded in our website. Web beacons allow us to optimise our products and services and to supply third-party partners with analysis data, e.g. how many users visit our website. We may also use web beacons in our email correspondence to determine whether you have opened an email or taken other actions. We also cooperate with other organisations and place our web beacons on their websites or advertisements. The aim of this is to derive statistics as to the number of times a visitor who clicks on an advertisement on a website of Meister GmbH or of an advertising partner actually follows up with a purchase or with some other interaction on the website of an advertising partner.

We use device IDs (“IDs”) to automatically collect data for our apps. An ID is a unique sequence of numbers and letters (“string”) that is associated with your device but does not identify you. The ID allows us and selected third parties to understand your behaviour when you use the app. Almost all apps use the ID technology. IDs have various purposes: For instance, they remember your preferences and generally improve your user experience; they tell us whether you have used our app before or whether it is your first visit; they ensure that the advertisements you see on our app are tailored to your interests. Consequently, IDs are extremely useful in improving your user experience.

7.2. Necessary cookies

Insofar as we use cookies and other tracking tools to provide our website and its basic functions (system cookies) and to store our cookie settings and login data, the legal base for the use of necessary cookies is § 25 sec 2 no. 2 TDDDG.

7.3. Other cookies

Provided that you have given us your consent to use cookies and other tracking tools (according to Art. 6 Sec. 1 lit. a GDPR and § 25 Sec. 1 TDDDG), we use them for targeting, profiling and advertising, to personalise our offers and display personalised advertisements, as well as for anonymised analyses of website use (“web statistics”), so that we can continue to improve our offers and better align them with the needs and interests of the website visitors.

7.4. Web analytics using Google (Universal) Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. We process your personal data on the basis of your given consent (Art. 6 sec. 1 lit a GDPR). The information generated by the cookie about your use of the website (including your IP address, sessions statistics, approx. geo-location, browser information and device type) will be transmitted to and stored by Google on servers in the United States. Google acts as our processor. The cookies used for this purpose expire after 24 months.

Our websites use an IP anonymization feature provided by Google Analytics. Your IP address will therefore be truncated/anonymized by Google as soon as it receives it. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to us.

8. Direct Marketing: Newsletters

If you subscribe to our newsletters, we process the data listed below in order to be able to send you newsletters to inform you of our services. You are not obliged to provide these data; however, if you do not provide them, we will not be able to send you any news related to our products and services.

Categories of data:Name, e-mail-address, User ID, IP address, date and time of subscription to the newsletter service, information on unsubscribing, location (country of origin), time stamp when the subscriber opens the newsletter, information/analysis on subscribers’ behaviour (which articles are clicked on most frequently etc.)
Legal Basis:The processing is based on your consent, Art. 6 Sec. 1 lit. a GDPR, § 25 sec 1 TDDDG. You have the right to withdraw your consent (please see Section E.). You can unsubscribe newsletter via the link provided in the newsletter.
Categories Recipients:Customer Relationship Management Providers, Marketing Automation Tool
Storage period:Data are stored for as long as you remain subscribed to our newsletter.

9. Other marketing activities

9.1. Conducting surveys and prototype testing

We regularly carry out other marketing activities such as conducting (in-app) surveys on our services or creating possibilities to test prototypes. If you participate in those surveys or prototype testing, we may process the following data:

Categories of data:E-mail address, browser information, URL and title of the page where the form was submitted from, User ID, TesterID, Team ID, Country, City, operating system, device information, language information, survey/testing response and/or content which was uploaded by the user.Legal Basis:The processing is based on your consent (Art. 6 sec. 1 lit. a GDPR).Categories of Recipients:Feedback Management Provider, Product Research ProviderStorage period:As long as it is necessary for the achievement of the purpose.

You are not obliged to provide these data; however, if you do not provide them, you will not be able to participate in the surveys.

9.2. Online advertising and remarketing

We are using various cookie-based online advertising tools to offer our website users a more personalized and engaged web experience by offering advertisements on the respective social media channels that are more relevant to them.

Google Analytics Remarketing: Our websites and our services use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google Ads and DoubleClick. This service is provided by Google. This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google Ads and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behaviour on one device (e.g. your mobile phone), on other devices (such as a tablet or computer). Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging. To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.

We process your personal data like session statistics, approx. geo-location, browser information and device type on the basis of your given consent (Art. 6 sec. 1 lit. a GDPR). You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/ .

GoogleAds and Google Conversion Tracking: We use Google Ads which is an online advertising program of Google. In the context of Google Ads we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie will be set for the conversion tracking. Information about cookie lifespan can be found here. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user has clicked on the ad and has been redirected to this page. Each Google Ads customer gets a different cookie. The cookies can not be tracked over websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have chosen for Conversion Tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, we will not receive any information that can be used to identify users.

We process your personal data on the basis of your given consent (Art. 6 sec. 1 lit. a GDPR). You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/ .

Facebook Ads: We use Facebook Ads (Facebook Pixel & Facebook Custom Audience) provided by Meta Platforms Ireland Limited (formerly Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). We integrate snippets of code provided by Facebook that load a small library of functions (sometimes referred to as “tracking pixels”, i.e. transparent, pixel-sized images embedded in websites with a tracking functionality). These functions enable us to track your activities on our website, such as URLs visited, domains visited, device(s) used, and, in particular advertising conversions (i.e. actions counted when you interact with one of our ads, such as clicking it and purchasing our product afterwards). Furthermore, we process your personal data like IP address, browser information, page location, document referrer, pixel-specific data (pixel ID, Facebook Cookie). The functions rely on cookies placed by Facebook, which may also enable us to match our website visitors to respective user accounts on the respective social media platform. We may also use the “Custom Audience” service provided by Facebook for delivering targeted advertising to you. In this context, we would check whether you hold an account with Facebook for which you use the same email-address that you have provided to us and include you in a corresponding “custom audience” group. This works by us providing your email-address to Facebook in a hashed format, and this way making sure that Facebook will only process, as a data processor on our behalf, actual email-addresses of users that have already subscribed to their service (further information on this process can be found here).

We process your personal data on the basis of your given consent (Art. 6 sec. 1 lit. a GDPR). You can revoke your consent. You may also opt-out of receiving targeted ads because you are part of a custom audience created by MeisterLabs through clicking a corresponding link when you select the “Why am I seeing this?” feature on the Facebook platform (see here).

Twitter Ads: We also use the ad service provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA (“Twitter”). We integrate snippets of code provided by Twitter that load a small library of functions (sometimes referred to as “tracking pixels”, i.e. transparent, pixel-sized images embedded in websites with a tracking functionality). These functions enable us to track your activities on our website, such as URLs visited, domains visited, device(s) used, and, in particular advertising conversions (i.e. actions counted when you interact with one of our ads, such as clicking it and purchasing our product afterwards). They rely on cookies placed by Twitter, which may also enable us to match our website visitors to respective user accounts on the respective social media platform.

We process your personal data on the basis of your given consent (Art. 6 sec. 1 lit. a GDPR). You can revoke your consent.

LinkedIn Ads: We also use the ad service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA (“LinkedIn”). We integrate snippets of code provided by LinkedIn that load a small library of functions (sometimes referred to as “tracking pixels”, i.e. transparent, pixel-sized images embedded in websites with a tracking functionality). These functions enable us to track your activities on our website, such as URLs visited, domains visited, device(s) used, and, in particular advertising conversions (i.e. actions counted when you interact with one of our ads, such as clicking it and purchasing our product afterwards). Furthermore, we process your personal data like IP address and browser information. However, IP-addresses are truncated or hashed and direct identifiers are removed within seven days in order to make the data pseudonymous. The functions rely on cookies placed by LinkedIn, which may also enable us to match our website visitors to respective user accounts on the respective social media platform.

We process your personal data on the basis of your given consent (Art. 6 sec. 1 lit. a GDPR). You can revoke your consent.

Microsoft Bing Ads and Universal Event Tracking (UET): We use the ad service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”). We integrate snippets of code provided by Microsoft that load a small library of functions. These functions enable us to track your activities on our website, such as URLs visited, domains visited, device(s) used, and, in particular advertising conversions (i.e. actions counted when you interact with one of our ads, such as clicking it and purchasing our product afterwards).

We process your personal data on the basis of your given consent (Art. 6 sec. 1 lit. a GDPR). You can revoke your consent. etailed information on how to exercise opt-out rights can be found here and here.

TikTok Pixel: We use TikTok Pixel on our website and services, a tool provided by TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway, London, England, WC2B 6NH and TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter referred to as “TikTok”). The TikTok Pixel is a piece of code that allows us to track your activities on our website (such as URLs visited, domains visited, device(s) used) and, in particular advertising conversions (i.e. actions counted when you interact with one of our ads, such as clicking it and purchasing our product afterwards). We rely on cookies placed by TikTok, which may also enable us to match our website visitors to respective user accounts on the social media platform TikTok. Therefore, personal data such as your IP address and email address, as well as other information such as deviceID, device related information (type, operating system, browser information) may also be transferred to TikTok. TikTok uses this information to identify users of our website and link their actions with a TikTok user account to be able to display targeted and personalized advertising to its users. For this purpose, a data sharing agreement has been concluded with TikTok. Your personal data will be processed within the EU or the EEA.. If and to the extent that data is transferred to group companies of TikTok outside the EU/EEA, this is based on the use of standard contractual clauses pursuant to Art 46 para 2 lit c GDPR. These standard contractual clauses oblige the respective company to process the data in such a way that a level of data protection comparable to that in the EU is ensured.

The use of the TikTok Pixel as well as the storage of “conversion cookies” is based on your given consent (Art. 6 (1) lit. a GDPR). You can revoke your consent.

You can opt-out for the use of all cookies which are not essential. However, this may result in the display of advertisements that are less interesting for you.

We operate the following profiles on various social media platforms with the purpose of advertising our company and services, provide a contact option via these platforms and enabling interaction with our customers and other social media users. Our social media partners provide us with statistics and analytics on the use of our social media offerings. These statistics do not contain any names or other information about individual users. With the help of these services we can analyse and improve our social media activities. This is our legitimate interest for using these statistics (Art. 6 (1) f) GDPR).

We do not use any social media share plugins by which information is automatically transferred to the provider of social media services when you visit our website. Any forwarding to social media providers such as Twitter, Facebook etc. takes place exclusively via link. We use the following Social media platforms:

Profile Social Media Platform and Provider
https://www.facebook.com/meistertask/
https://www.facebook.com/mindmeister/
https://www.facebook.com/meisternote/
“Facebook”, operated by Meta Platforms Ireland Limited (formerly Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, IrelandYou can find Metas’ Privacy Policy here. When processing Personal Information on our Facebook page, we and Meta act as so called “Joint Controllers” according to Art. 26 GDPR. We have therefore concluded a separate agreement. You can find more detailed information on the processing of personal data on page insights and the joint controllership agreement here. For any further processing of your data, Meta is the sole controller. We agreed that Meta will make the essence of this Page Insights Addendum available to data subjects (Art. 26 sec. 2 GDPR). This is currently done via the Information about Page Insights data which can be accessed from all pages. In addition, you can contact Meta to exercise your rights under the GDPR with regard to the processing of page insights data.

https://www.instagram.com/we_are_meister/
“Instagram”, operated by Meta Platforms Ireland Limited (formerly Instagram), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland You can find Metas’ Privacy Policy here.

https://twitter.com/meistertask https://twitter.com/mindmeister https://twitter.com/meisternote
“Twitter”, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. You can find Twitters’ Privacy Policy here. We offer a Twitter channel, which you can access via a link on this page. Our Twitter channel provides you and us with the opportunity to communicate with you, respond to our and your posts, comment on them, retweet them, and send private messages. We use the data you provide in this context and which may be accessible to us (e.g. Twitter username, images, content of tweets, interests if applicable, contact details) exclusively for the purpose of communication. The legal basis for processing Personal Information when using the Twitter channel is Art. 6 sec. 1 lit. f GDPR. Twitter itself is responsible for processing of your Personal Information related to your usage of the service. You can find more information about Twitter’s usage of your Personal Information in Twitter’s Privacy Policy.

https://www.youtube.com/c/Meistertask
https://www.youtube.com/@mindmeister
https://www.youtube.com/c/MeisterNote
“YouTube”, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland You can find YouTubes’ privacy policy here.

https://at.linkedin.com/company/meisterlabs-gmbh
“LinkedIn”, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA You can find LinkedIns’ Privacy Policy here. We use LinkedIn to communicate with you and to advertise our work. The legal basis is Art. 6 sec. 1 lit. f GDPR. When processing Personal Information on our LinkedIn page, we and LinkedIn act as so called “Joint Controllers” according to Art. 26 GDPR. We have therefore concluded a separate agreement that can be found here. For any further processing of your data, LinkedIn is the sole controller. If you wish to exercise your rights to information, deletion, etc. (see section “Your Rights”), LinkedIn is responsible for the fulfilment of your rights as part of our Joint Controllership.

10. Recruitment

If you send us a job application using the application form available on our website (https://meisterlabs.com) we process the personal data listed below to carry out the recruitment process and to ensure optimised staffing within our organisation.

Categories of data:Name, address, e-mail-address, phone number, birth date, nationality, application documents (CV incl. photo)
Legal Basis:We process your personal data in order to take steps prior to (eventually) entering into a contract with you (Art. 6 sec. 1 lit. b GDPR).
Categories of Recipients:Recruitment management toolprovider, telecommunication provider
Storage period:Depending on the applicants’ permission, but in principle data are stored no longer than 6 months after the end of the hiring process (in case no offer was made or the offer was not accepted by the applicant). If you have agreed to stay in our talent pool, we will keep your application including the respective personal data for a period of up to three years. The data will be automatically deleted afterwards.

You are not obliged to provide these data according to Section 10; however, if you do not provide them, we will not be able to process your job application.

11. Protection of our rights

We process your personal data (account data, contractual data, financial data, communication data) in case disputes may arise, e.g. for the assertion of legal claims or in defense of legal disputes. The legal basis for processing of the data is our overriding legitimate interests to protect our organisation and exercise our right by initiating or responding to claims (Art. 6 sec. 1 lit f GDPR). Your personal data may be transferred to legal advisors, courts and public authorities.

In such a case, data will be retained until the issue is resolved.

D. DATA SECURITY

We take technical and organisational measures to protect personal data from destruction, loss, alteration, disclosure and access. All data that you disclose to us and that we collect from you are stored on secure servers.

If you have a password to access our websites, apps or platform, you are responsible for keeping your password safe and confidential.

E. INTERNATIONAL DATA TRANSFERS

We may process your personal data within the European Economic Area (“EEA”) or in countries where the European Commission decided that they ensure an adequate level of protection.

For the purpose of

product analytics and monitoring of our services
tax compliance
customer support and customer relationship management
conducting surveys/feedback management
online advertising

we commission processors based in the US and other third countries.

Insofar as we transfer personal data to third countries outside of the EEA, we ensure an appropriate level of data protection through contractual measures (i.e., Standard Contractual Clauses approved by the European Commission).

F. YOUR RIGHTS

Insofar as we process your data on the basis of your consent, you have the right to withdraw your consent at any time. As of receipt of your withdrawal of consent, we will no longer process these data in the future. Your withdrawal of consent does not, however, affect the lawfulness of processing based on consent before its withdrawal.

2. Right of access to personal data

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed. Where that is the case, you have the right of access to these data; in particular, regarding the purpose of processing, the categories of personal data concerned, the recipients, the period for which the personal data will be stored, the source of the data, your rights with regard to these data, as well as, where personal data are transferred to a third country, the appropriate safeguards pursuant to Article 46 GDPR. Upon request, we will provide you with a copy of the personal data undergoing processing.

3. Right to rectification

If we process personal data that is inaccurate or incomplete, you have the right to obtain the rectification or completion of your personal data.

4. Right to erasure

You have the right to obtain the erasure of personal data concerning you. We will erase your data if:

these data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdraw consent on which the processing is based, and where there is no other legal ground for the processing;
you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;
your personal data have been unlawfully processed;
your personal data have to be erased for compliance with a legal obligation to which we are subject;
these data have been collected in relation to the offer of information society services to a child (Article 8(1) GDPR).

The right to erasure does not, however, apply to the extent that processing is necessary to comply with a legal obligation which requires processing, or for the establishment, exercise or defence of legal claims, among other things.

5. Right to restriction of processing

In certain cases, you have the right to obtain restriction of processing of your personal data (without erasure). In consequence, we will continue to store these data, but will only process them with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

You have the right to obtain restriction of processing if:

you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
you have objected to the processing of your data pending the verification whether legitimate grounds for processing prevail;
the processing is unlawful, but you oppose the erasure of the personal data;
we no longer need the personal data for the purpose of the processing, but do need them for the establishment, exercise or defence of legal claims.

6. Right to object

Even if the personal data concerning you are accurate and complete and are being lawfully processed by us, you have the right to object to the processing of your personal data on grounds relating to your particular situation at any time. You only have this right if we process these data on the basis of our legitimate interests. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

Moreover, you have the right to object if you receive direct marketing from us and no longer wish to receive this in the future. In this case, we will no longer process your personal data for these purposes.

7. Right to data portability

If the processing of your data is based on your consent or on a contract you entered into with us and the processing is carried out by automated means, you have the right to receive the personal data provided by you in a structured, commonly used and machine-readable format. You also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

8. Right to lodge a complaint

Although we do our utmost to ensure the confidentiality and integrity of your data, disagreements about the way we process your data cannot be excluded. If you believe that the processing of your data violates the applicable data protection law, you may to contact us via: [email protected]

In case of questions and in case of possible concerns about the data processing, you can also contact a supervisory authority. The responsible supervisory authority for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach

Last updated: March 2023