Data protection

Name and address of the controller according to EU-DSGVO

We own the domain:

1. Introduction

We at ReflectiveMinds take data protection very seriously. The processing of personal data, such as the IP address, name, e-mail address, or telephone number of a data subject shall always be in line with the German Data Protection Act and in accordance with German data protection regulations. With this data protection declaration, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, with this data protection declaration we inform you about the rights to which you are entitled.

2. Security measures

We take technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

However, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps (e.g. due to so-called 0-day gaps). Complete protection of data against access by third parties is not possible.

Encrypted transmission of data.

User-related data is encrypted according to TLS 1.2 standard or higher (our servers are all TLS1.3 ready) and transmitted to our servers located within Germany. Furthermore, we test at regular intervals with commercially available tools, such as Qualys SSL Labs (A+ ranking) or the Mozilla Observatory (B+ ranking), whether we offer our users of our tools and visitors to our website up-to-date encryption and security.

Our open-source web applications contain the latest updates and are EU-DSGVO compliant according to the manufacturer.

3 Cookies and website analysis

We use so-called “web analytics” services to analyse call-up data, e.g. through the on-premise service Matomo. We use so-called cookies for tracking, with the aim of offering all our users the best possible website experience. We have explicitly chosen Matomo (formerly Piwik) in order to prevent user-related data from leaving the web server. We do this by using the web analytics on the same server hosted in Germany. On the other hand, Matomo offers full DSVGO-compliant operation in its configuration; all data is anoymised when the website is visited and summarised purely statistically. In addition, we respect the “Do-Not-Track” function of modern browsers.

Please see the “Cookie Policy (EU)” page for a detailed list of potentially other cookies used. As a general rule, any use of cookies serves us only to ensure the smooth functioning and presentation of our web interfaces. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Long description according to DSVGO: Data collection in general.

Every access to our homepage and every retrieval of a file stored on the homepage is logged. The storage serves internal system-related and statistical purposes. Logged are:

  • Anoymised IP address,
  • name of the retrieved file incl. date and time of retrieval,
  • amount of data transferred,
  • message about successful retrieval,
  • Web browser and requested domain or page (subpage).
  • Further personal data is only collected if you provide this information voluntarily, for example in the context of an enquiry by email, use of the contact form or registration.

About cookies

The website uses cookies. Cookies are text files that are placed and stored on a computer system via an internet browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

Through the use of cookies, we can provide you with more user-friendly services on our website that would not be possible without the cookie setting. Cookies enable us, as already mentioned, to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping basket in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.

You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via your internet browser or other software programmes. This is possible in all common internet browsers. If you deactivate the setting of cookies, you may not be able to use all the functions of our website to their full extent.

About Analytics

Google Analytics

Where you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The data controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of processing

Google Analytics uses cookies to help analyse how you use our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there. The collected data is used exclusively for the internal evaluation of the use of this website in order to be able to continuously improve our offer. No data is passed on to third parties!

The IP address is regularly deleted immediately after processing within the legal framework as soon as it is no longer required for evaluation.

Our website and the associated analytics tools have a data protection-compliant setup and are self-hosted. We work exclusively with European server providers so that retrieval data remains within the EU. Due to the fact that the data is stored on a self-hosted web analytics system, user data is stored via a first-party cookie.

There is no query or storage and disclosure to a third party. Access from the outside is not possible.

Data protection is important to us:

Cookie notice is not required for self-hosted software. This cookie notice, which has been required since 2009, is covered by the ePrivacy Directive 2002/58/EC. By using self-hosted analytics software, we would not have to display a cookie notice to the user and ask for permission each time the user visits the website, as other companies do. However, we have decided to explicitly ask for your permission.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

Do-Not-Track function:

By activating the Do-Not-Track function by default, we respect the privacy of our users. Only users who have deactivated the do-not-track function in their browser are tracked. IP anonymisation is also set by default.

4 Log files and logging

Our web servers collect a series of general data and information with each call-up of our Internet pages. This general data and information is stored in the server’s log files. The following can be recorded:

  • browser types and versions used,
  • the operating system used by the accessing system,
  • the date and time of an access to the internet page,
  • an Internet protocol address (IP address),
  • the Internet service provider of the accessing system, and
  • other similar data and information that serve to avert danger in the event of attacks on our information technology systems.(Art. 6 para. 1 lit. f. DSGVO).

When using these general data and information, we at do not draw any conclusions about the data subject. Rather, this information is required in order to:

  • deliver the contents of our website correctly,
  • optimise the contents of our website,
  • ensure the long-term functionality of our information technology systems and the technology of our website,
  • to be able to fend off so-called “brute force” attacks,
  • as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

This anonymously collected data and information is therefore evaluated by us on the one hand statistically and on the other hand with the aim of increasing the data protection and data security on our server in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

5. contact possibility via the internet pages

Based on statutory provisions, the website contains data that enable a quick electronic contact to us as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If you contact us by e-mail or via a contact form, the personal data you provide will be stored automatically. Such personal data transmitted by you to us on a voluntary basis will be stored for the purpose of processing or contacting you. This personal data will not be passed on to third parties.

6. routine deletion and blocking of personal data

We process and store personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which the controller is subject. The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract. If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Ordinance or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

7. Overview of your rights

Right of withdrawal.

You can revoke your consent to the collection, processing and use of your data for the future at any time by sending an email to

Right to information.

Upon written request, we will be happy to inform you about the data stored about you. If you have any questions on the subject of data protection, you can contact us at any time via We make every effort to store your personal data in such a way that it is not accessible to third parties by taking all technical and organisational measures. When communicating by e-mail, we cannot fully guarantee complete data security. We recommend that you send your data in encrypted form using standard methods such as PGP.

Right to erasure (right to be forgotten).

Every person affected by the processing of personal data has the right to demand from the controller that the personal data concerning him or her be erased immediately, insofar as the processing is not necessary.

8. handing over data to investigating authorities.

We protect free communication against eavesdropping through minimal data storage and other technical measures, including consistent encryption. We do educational work and motivate people to make broad use of the technical means of protection.

According to §113 TKG, public prosecutors and police have relatively easy access to the so-called inventory data of a telecommunications provider like us. Simple requests for information are sufficient here, without the need for a judge’s prerogative. According to §113 TKG, a telecommunications provider cannot legally defend itself against this request for information – it must be complied with. It should be noted that according to §113 II TKG, the provider must maintain silence about the request and may not inform the customer concerned about the access.

Access to the log data of mail or web servers or the email inventory of a mailbox require a surrender/search warrant from a judge, unless the investigating authorities can directly claim “imminent danger”. Even against the search warrant, the TC provider has no legal means at his disposal, he cannot defend himself further against the “seizure” of the log data.

We have no other choice but to hand over data to the investigating authorities under the conditions described here; otherwise, there is the threat of seizure of entire servers in the context of a house search or possibly even coercive detention against the company’s employees.

Conversely, we will not hand over any data if the legal requirements for such a handover are not necessarily met (so-called “anticipatory obedience”). Corresponding police requests for (v)information without a court order will definitely be rejected by us, as in these cases the release of the data by us would be illegal. All requests for the release of data will be strictly and critically examined by us or our lawyers.

However, we are not in a position to judge whether the inventory data you provided when registering is accurate and correct. If you encrypt your e-mails with PGP, we will also not be able to make the content of these e-mails readable.

9. Data protection officer

If you have any questions about data protection, please contact us at