The following data privacy information explains which data is used by our Netmind Core product and how it is used. This gives you an insight into the sophisticated technology behind the compilation, storage and use of the tracking data, while ensuring compliance with stringent GDPR-data privacy requirements.

We would also like to give you some tips and advice on how to inform your website users about tracking using Netmind Core.


How does Netmind Core collect the data?

The Netmind Core tracker supports three types of data collection: Reverse Proxy Tracking, JavaScript Tracking and Hybrid Tracking, which combines the benefits of JavaScript Tracking with those of Reverse Proxy Tracking. Each of these three technologies has its own specific benefits. Depending on requirements and demand, Mindlab recommends that its customers get the technology that provides them with the best possible results.



The reverse proxy is added to the server architecture and, similar to the case of firewalls, is located in the data stream between a Web-based application and the user’s browser. The reverse proxy can analyse the content of the HTML pages and also write metatags and page titles as well as any type of headers. The information that is compiled must be configured specifically in the tracker. In the case of a cloud/SaaS solution, the reverse proxy needs to be installed with the customer, and the log data is then sent to the analysis machine operated by Mindlab (via an encrypted SCP connection by default).


Netmind Core JavaScript Tracking is primarily used for client-side actions (mobile tracking, video players, etc.). The Netmind server is also a Netmind Core tracker, which is not activated before the application server, but is exclusively responsible for delivering the pixel.

How does Netmind Core identify a unique user and corresponding session?

With its various tracking procedures, Mindlab also provides its customers with various options to define a related session.


Tracking with the Netmind Core tracker enables the user’s first click to be detected and adds a globally unique session ID to the delivered URL. The session ID does not contain any client-related data or other information about the user. The session ID is transmitted on every click by the user, removed from the request and added again on delivery to the user. This technique is known as URL rewriting. The Netmind Core tracker operates in a similar way to a reverse proxy.

As an alternative to URL rewriting, Netmind Core also allows session IDs to be cached on the client machine using cookies. By means of an additional persistent cookie, this procedure also has the added benefit that users can be identified across multiple sessions (unique visitors). This version is also the most popular and most used solution by our customers.

What are cookies?

Cookies are small text files transmitted between a browser and the same domain which contain information which is processed. Cookies are automatically enabled in most browsers. You can delete cookies on your device at any time. To learn how this specifically works, please consult the instructions for your browser or device manufacturer.

Which cookies does Netmind Core store in the browser?

The following two cookies are set in the user’s browser for Netmind Core to guarantee session coherence and the detection of unique visitors.



Tag the individual visitor by means of a pseudonymised session ID


Performance cookies




Tag the visit

Performance cookies

Cookies can be divided into the following four categories depending on their function and purpose: essential cookies, functional cookies, performance cookies and third-party cookies.


  • Essential cookies are required to navigate around the website and make use of the basic functionality of the website.
  • Functional cookies enable the convenience and performance of the website to be improved and provide various types of functionality.
  • Performance cookies collect information about the usage of the website, e.g. Web browser and operating system used, domain name of the website the user came from, number of visits, average stay duration, pages accessed. Performance cookies are used to enhance the user-friendliness of a website and thus improve the user experience.
  • Third-party cookies are set by third parties (e.g. social networks).

The cookies used by Netmind Core can be classified as performance cookies. Additional cookies from other categories are not used or required by Netmind Core.

How does Netmind Core save data?

To answer this question, we would like to introduce and explain the two types of data which differ in relation to data protection legislation.



Personal data involves individual information about the personal or material circumstances of an identified or identifiable natural person (affected party) (section 3 of the Federal Data Protection Act (BDSG - Bundesdatenschutzgesetz). ( §3 BDSG)

In online practice, in addition to name, address and telephone numbers, personal data also includes email and IP addresses, as these, particularly in combination with one another, enable clear inferences to be made regarding individual people. Semantic information such as political opinions, ethnic origin or philosophical beliefs also constitutes personal data as defined by law.



Non-personal data includes any information that is anonymously recorded, processed and stored, and thus does not allow inferences to be made regarding an individual. This particularly includes aggregated data composed from numerous individual sessions and which excludes references to individual users. These provide the basis for analysing page usage, such as the number of (unique) visitors and page views or average stay duration. It is neither possible nor desirable to attribute the data to a unique individual.

What information does Netmind Core store?

In general, the following information is always collected when a website tracked by Netmind is opened and used:

  • Server name
  • Time stamp of access
  • First-party cookies
  • If a reverse proxy is used, these are all the cookies stored under the same domain. In the case of pixel tracking, it is just the Netmind session/UV ID cookies.
  • Request and URI
  • Status
  • Data volume transmitted
  • Origin of page access
  • Anonymised IP address
  • HTTP – header
  • Individual information depending on the customer (process parameters, target attainment, e-commerce data)

In the case of all information, all personal data is eliminated or anonymised.

How are the IP addresses anonymised?

In the digital network, the IP address also constitutes personal data and must therefore be stored in anonymous form, to ensure that no inferences may be made regarding individual visitors. With Netmind Core, the IP addresses are anonymised directly during tracking and are only then stored.


The IP address are analysed by removing the final byte, e.g.

userip=    is anonymised to:    userip=

Mindlab also gives its customers the option of completely dispensing with IP addresses. This can be set by changing the configuration in the Netmind Core tracker. If this is required, please get in touch with your point of contact. However, all geographical information is lost if this option is selected. A similar variant, but one which is more effective for the analysis, involves using the tracker to resolve the IP directly based on geographical information and then completely removing the IP address when the log files are saved.

For how long is the recorded data stored?

As the customer is generally the sole owner of the recorded data, the duration of the storage is in accordance with the customer’s wishes. In general, all data is stored since the commencement of tracking recording for this website. In the case of the Netmind cloud solution, the data is permanently deleted by Mindlab servers on expiry of the contract with the customer. The stored data can be shared with the customer.

Where is Netmind Core data stored and processed?

Mindlab offers two options to ensure maximum protection of data. Using the Netmind Core solution as an in-house/on-premises solution ensures maximum security, similar to the Netmind cloud (SaaS) solution. While the data is recorded, processed and stored in the customer’s data centre in the case of the in-house solution, Netmind Core can alternatively be operated as a cloud solution from Microsoft Azure Infrastructure. Mindlab Solutions has a data processing agreement (DPA) with Microsoft Ireland Operations Limited (Ireland). In the case of a cloud/SaaS solution, the Netmind Core tracker needs to be installed with the customer, and the log data is then sent to the analysis machine operated by Mindlab (via an encrypted SCP connection by default).


How can I opt out of the collection of analysis data?

With this question, we want to demonstrate how you can give your customers an opt-out option with Netmind Core.

The GDPR commits to those responsible to point out the relevant right to opt-out under Art. 21 GDPR at the time of the first communication. The reference to the opt-out of the  data processing must be clear and separate from other information.

To block your tracking, Netmind needs to install a cookie on your computer. Cookies are small text files read by various types of software, which contain information which is processed. Visitors who therefore have the cookie ‘nmdnt’ with the value 1 set in their browser are ignored by Netmind Core tracking. As a cookie may only be used for the same domain, you will need to implement the use of the cookie on the website from a technical perspective.

In general, it should be noted that the opt-out only applies to the device and Web browser on which the cookie was set. If the user uses multiple browsers or devices, they will need to opt out again. You can find a sample implementation further below in this document.

How does Netmind Core use the stored data?

Die durch die Standardsoftware erfassten, verarbeiteten und erzeugten Daten (inkl. der Rohdaten) werden auf den Servern des Rechenzentrums des Kunden oder bei Mindlab gespeichert. Der Kunde bleibt in jedem Fall Alleinberechtigter an den Daten und kann daher von Mindlab jederzeit, insbesondere nach Kündigung des Vertrags, die Herausgabe einzelner oder sämtlicher Daten verlangen, ohne dass ein Zurückbehaltungsrecht von Mindlab besteht.

Im Fall der Netmind Cloud Lösung hat Mindlab das Recht, die Daten im Namen des Kunden bis zum Vertragsende zu verarbeiten.

Die erfassten Daten werden bei beiden Varianten pro Kunde gespeichert und verwendet. Eine übergreifende Auswertung findet nicht statt. Zudem werden unsere Kundendaten keineswegs für eigene Zwecke eingesetzt.

Does Mindlab share Netmind Core data with third parties?

No. The data that is collected and stored by the Netmind Core components is available exclusively to the customer and to Mindlab and is therefore not shared with third parties. Any sale or forwarding of this data to third parties is expressly excluded by Mindlab and is not supported at any time.

How can I provide information to visitors to my website in accordance with data privacy regulations?


[Company name] is constantly striving to optimise its online services. To provide precisely the information that is searched for and demanded and to continually improve our website, we analyse visitor behaviour on our homepage. We use Netmind Core technologies to conduct analyses.

With Netmind Core, IP addresses are anonymised for the analyses so that they can no longer be attributed to an individual person.

You can opt out of the analysis of your website visit at any time by clicking on this link. To block your tracking, Netmind needs to install a cookie on your computer. Cookies are small text files read by various types of software, which contain information which is processed. Please perform the corresponding browser settings to enable this if you choose to opt out of the analysis.

We guarantee now and in the future that the data collected by Netmind Core on this website will only be used for the purposes of market research and for making optimisations. The data is stored on Mindlab’s servers in Germany, where we guarantee maximum security against external access. No data is transmitted abroad. As IP addresses are anonymised by Netmind Core, it is no longer technically possible for them to be subsequently attributed to individual data records. Any sale or forwarding of this data to third parties is therefore pointless, is expressly excluded by [Company Name] and is not supported at any time.


The technical and organisational measures used by Mindlab to ensure that it acts in accordance with data privacy regulations is described in a separate document entitled: ‘Technical and organisational measures according to section 9 of the BDSG’.

If you wish, you can request this document using the contact form below. Simply send us a message or get in touch with your personal contact at Mindlab.


Please write us an email at datenschutz [at] or send us a message using our contact form.


We will get back to you quickly.