The following data privacy information explains which data is used by our Netmind Core product and how it is used. This gives you an insight into the sophisticated technology behind the compilation, storage and use of the tracking data, while ensuring compliance with stringent GDPR-data privacy requirements.
We would also like to give you some tips and advice on how to inform your website users about tracking using Netmind Core.
The reverse proxy is added to the server architecture and, similar to the case of firewalls, is located in the data stream between a Web-based application and the user’s browser. The reverse proxy can analyse the content of the HTML pages and also write metatags and page titles as well as any type of headers. The information that is compiled must be configured specifically in the tracker. In the case of a cloud/SaaS solution, the reverse proxy needs to be installed with the customer, and the log data is then sent to the analysis machine operated by Mindlab (via an encrypted SCP connection by default).
With its various tracking procedures, Mindlab also provides its customers with various options to define a related session.
Tracking with the Netmind Core tracker enables the user’s first click to be detected and adds a globally unique session ID to the delivered URL. The session ID does not contain any client-related data or other information about the user. The session ID is transmitted on every click by the user, removed from the request and added again on delivery to the user. This technique is known as URL rewriting. The Netmind Core tracker operates in a similar way to a reverse proxy.
As an alternative to URL rewriting, Netmind Core also allows session IDs to be cached on the client machine using cookies. By means of an additional persistent cookie, this procedure also has the added benefit that users can be identified across multiple sessions (unique visitors). This version is also the most popular and most used solution by our customers.
Cookies are small text files transmitted between a browser and the same domain which contain information which is processed. Cookies are automatically enabled in most browsers. You can delete cookies on your device at any time. To learn how this specifically works, please consult the instructions for your browser or device manufacturer.
The following two cookies are set in the user’s browser for Netmind Core to guarantee session coherence and the detection of unique visitors.
Tag the individual visitor by means of a pseudonymised session ID
Tag the visit
Cookies can be divided into the following four categories depending on their function and purpose: essential cookies, functional cookies, performance cookies and third-party cookies.
The cookies used by Netmind Core can be classified as performance cookies. Additional cookies from other categories are not used or required by Netmind Core.
To answer this question, we would like to introduce and explain the two types of data which differ in relation to data protection legislation.
Personal data involves individual information about the personal or material circumstances of an identified or identifiable natural person (affected party) (section 3 of the Federal Data Protection Act (BDSG - Bundesdatenschutzgesetz). ( §3 BDSG)
In online practice, in addition to name, address and telephone numbers, personal data also includes email and IP addresses, as these, particularly in combination with one another, enable clear inferences to be made regarding individual people. Semantic information such as political opinions, ethnic origin or philosophical beliefs also constitutes personal data as defined by law.
Non-personal data includes any information that is anonymously recorded, processed and stored, and thus does not allow inferences to be made regarding an individual. This particularly includes aggregated data composed from numerous individual sessions and which excludes references to individual users. These provide the basis for analysing page usage, such as the number of (unique) visitors and page views or average stay duration. It is neither possible nor desirable to attribute the data to a unique individual.
In general, the following information is always collected when a website tracked by Netmind is opened and used:
In the case of all information, all personal data is eliminated or anonymised.
In the digital network, the IP address also constitutes personal data and must therefore be stored in anonymous form, to ensure that no inferences may be made regarding individual visitors. With Netmind Core, the IP addresses are anonymised directly during tracking and are only then stored.
The IP address are analysed by removing the final byte, e.g.
userip=192.168.5.236 is anonymised to: userip=192.168.5.0
Mindlab also gives its customers the option of completely dispensing with IP addresses. This can be set by changing the configuration in the Netmind Core tracker. If this is required, please get in touch with your point of contact. However, all geographical information is lost if this option is selected. A similar variant, but one which is more effective for the analysis, involves using the tracker to resolve the IP directly based on geographical information and then completely removing the IP address when the log files are saved.
As the customer is generally the sole owner of the recorded data, the duration of the storage is in accordance with the customer’s wishes. In general, all data is stored since the commencement of tracking recording for this website. In the case of the Netmind cloud solution, the data is permanently deleted by Mindlab servers on expiry of the contract with the customer. The stored data can be shared with the customer.
Mindlab offers two options to ensure maximum protection of data. Using the Netmind Core solution as an in-house/on-premises solution ensures maximum security, similar to the Netmind cloud (SaaS) solution. While the data is recorded, processed and stored in the customer’s data centre in the case of the in-house solution, Netmind Core can alternatively be operated as a cloud solution from Microsoft Azure Infrastructure. Mindlab Solutions has a data processing agreement (DPA) with Microsoft Ireland Operations Limited (Ireland). In the case of a cloud/SaaS solution, the Netmind Core tracker needs to be installed with the customer, and the log data is then sent to the analysis machine operated by Mindlab (via an encrypted SCP connection by default).
With this question, we want to demonstrate how you can give your customers an opt-out option with Netmind Core.
The GDPR commits to those responsible to point out the relevant right to opt-out under Art. 21 GDPR at the time of the first communication. The reference to the opt-out of the data processing must be clear and separate from other information.
To block your tracking, Netmind needs to install a cookie on your computer. Cookies are small text files read by various types of software, which contain information which is processed. Visitors who therefore have the cookie ‘nmdnt’ with the value 1 set in their browser are ignored by Netmind Core tracking. As a cookie may only be used for the same domain, you will need to implement the use of the cookie on the website from a technical perspective.
In general, it should be noted that the opt-out only applies to the device and Web browser on which the cookie was set. If the user uses multiple browsers or devices, they will need to opt out again. You can find a sample implementation further below in this document.
Die durch die Standardsoftware erfassten, verarbeiteten und erzeugten Daten (inkl. der Rohdaten) werden auf den Servern des Rechenzentrums des Kunden oder bei Mindlab gespeichert. Der Kunde bleibt in jedem Fall Alleinberechtigter an den Daten und kann daher von Mindlab jederzeit, insbesondere nach Kündigung des Vertrags, die Herausgabe einzelner oder sämtlicher Daten verlangen, ohne dass ein Zurückbehaltungsrecht von Mindlab besteht.
Im Fall der Netmind Cloud Lösung hat Mindlab das Recht, die Daten im Namen des Kunden bis zum Vertragsende zu verarbeiten.
Die erfassten Daten werden bei beiden Varianten pro Kunde gespeichert und verwendet. Eine übergreifende Auswertung findet nicht statt. Zudem werden unsere Kundendaten keineswegs für eigene Zwecke eingesetzt.
No. The data that is collected and stored by the Netmind Core components is available exclusively to the customer and to Mindlab and is therefore not shared with third parties. Any sale or forwarding of this data to third parties is expressly excluded by Mindlab and is not supported at any time.
[Company name] is constantly striving to optimise its online services. To provide precisely the information that is searched for and demanded and to continually improve our website, we analyse visitor behaviour on our homepage. We use Netmind Core technologies to conduct analyses.
With Netmind Core, IP addresses are anonymised for the analyses so that they can no longer be attributed to an individual person.
You can opt out of the analysis of your website visit at any time by clicking on this link. To block your tracking, Netmind needs to install a cookie on your computer. Cookies are small text files read by various types of software, which contain information which is processed. Please perform the corresponding browser settings to enable this if you choose to opt out of the analysis.
We guarantee now and in the future that the data collected by Netmind Core on this website will only be used for the purposes of market research and for making optimisations. The data is stored on Mindlab’s servers in Germany, where we guarantee maximum security against external access. No data is transmitted abroad. As IP addresses are anonymised by Netmind Core, it is no longer technically possible for them to be subsequently attributed to individual data records. Any sale or forwarding of this data to third parties is therefore pointless, is expressly excluded by [Company Name] and is not supported at any time.
The technical and organisational measures used by Mindlab to ensure that it acts in accordance with data privacy regulations is described in a separate document entitled: ‘Technical and organisational measures according to section 9 of the BDSG’.
If you wish, you can request this document using the contact form below. Simply send us a message or get in touch with your personal contact at Mindlab.
Please write us an email at datenschutz [at] mindlab.de or send us a message using our contact form.
We will get back to you quickly.