Privacy Policy (AT)
Introduction and Overview
We have written this privacy policy (version 29.09.2025-123062646) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we as the controller — and the processors commissioned by us (e.g., providers) — process now and in the future, and which lawful options you have. The terms used are to be understood as gender-neutral.
In short: We inform you comprehensively about the data that we process about you.

Privacy policies usually sound very technical and use legal terminology. This privacy policy, however, is intended to describe the most important things to you as simply and transparently as possible. Where it helps transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. In clear and simple language, we inform you that, in the course of our business activities, we only process personal data when there is a corresponding legal basis. That is certainly not possible if one provides statements that are as brief, unclear, and legal-technical as is often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or another piece of information that you did not yet know.

If questions remain nonetheless, we ask you to contact the controller named below or in the imprint, to follow the available links, and to view further information on third-party sites. You will of course also find our contact details in the imprint.

Scope of Application
This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data we mean information within the meaning of Art. 4(1) GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of application of this privacy policy includes:

  • all online presences (websites, online shops) we operate
  • social media presences and email communication
  • mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in the company via the channels mentioned. Should we enter into legal relationships with you outside these channels, we will inform you separately if necessary.

Legal Bases
In the following privacy policy, we provide you with transparent information regarding the legal principles and provisions — i.e., the legal bases of the General Data Protection Regulation — that allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. One example would be the storage of the data you entered in a contact form.
  2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase agreement with you, we need personal information in advance.
  3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to retain invoices for accounting purposes. These generally contain personal data.
  4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data in order to operate our website securely and economically efficiently. This processing is thus a legitimate interest.

Other conditions such as the performance of a task carried out in the public interest or in the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. If such a legal basis should nevertheless be relevant, this will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated DSG.
  • In Germany, the Federal Data Protection Act, abbreviated BDSG, applies.

If further regional or national laws apply, we will inform you in the following sections.

Contact Details of the Controller
If you have questions about data protection or the processing of personal data, you will find the contact details of the controller pursuant to Article 4(7) EU General Data Protection Regulation (GDPR) below:

Storage Period
It is a general criterion for us that we only store personal data for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to apply — for example, for accounting purposes.

If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you about the specific duration of the respective data processing further below, insofar as we have further information on this.

Rights under the General Data Protection Regulation
In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent processing of data:

  • Under Article 15 GDPR, you have the right to obtain confirmation as to whether we process data concerning you. If this is the case, you have the right to receive a copy of the data and to learn the following information:
    • the purpose for which we carry out the processing;
    • the categories, i.e., the types of data that are processed;
    • who receives this data and, if the data are transferred to third countries, how security can be guaranteed;
    • how long the data are stored;
    • the existence of the right to rectification, erasure, restriction of processing, and the right to object to processing;
    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
    • the source of the data, if we did not collect them from you;
    • whether profiling is carried out, i.e., whether data are automatically evaluated to arrive at a personal profile of you.
  • Under Article 16 GDPR, you have the right to rectification of the data, which means that we must correct data if you find errors.
  • Under Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.
  • Under Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use them further.
  • Under Article 20 GDPR, you have the right to data portability, which means that, upon request, we provide your data to you in a common format.
  • Under Article 21 GDPR, you have the right to object, which, once exercised, results in a change in processing.
    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
    • If data are used for direct marketing, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
    • If data are used for profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
  • Under Article 22 GDPR, you may, under certain circumstances, have the right not to be subject to a decision based solely on automated processing (for example, profiling).
  • Under Article 77 GDPR, you have the right to lodge a complaint. This means that you can contact the data protection authority at any time if you are of the opinion that the processing of personal data violates the GDPR.

In short: You have rights — do not hesitate to contact the controller listed above at our company!

If you believe that the processing of your data violates data protection law or your data protection rights have been infringed in some other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Explanation of Terms Used
We always endeavor to draft our privacy policy as clearly and understandably as possible. Especially with technical and legal topics, however, this is not always easy. It often makes sense to use legal terms (e.g., personal data) or certain technical expressions (e.g., cookies, IP address). We do not wish to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in the preceding privacy policy. If these terms are taken from the GDPR and are definitions, we will also include the GDPR texts here and, where appropriate, add our own explanations.

Processor
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process about you. In addition to controllers, there can also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore include, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: On websites, such consent is usually obtained via a cookie consent tool. You are surely familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to data processing. In most cases, you can also make individual settings and thus decide yourself which data processing you allow and which you do not. If you do not consent, no personal data may be processed. Of course, in principle, consent can also be given in writing, i.e., not via a tool.

Personal Data
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data are therefore all data that can identify you as a person. These are usually data such as:

  • Name
  • Address
  • Email address
  • Postal address
  • Telephone number
  • Date of birth
  • Identification numbers such as social insurance number, tax identification number, ID card number, or matriculation number
  • Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, you as the connection owner. Therefore, even the storage of an IP address requires a legal basis within the meaning of the GDPR. There are also the so-called “special categories” of personal data, which are particularly worthy of protection. These include:

  • racial and ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data, such as data obtained from blood or saliva samples
  • biometric data (this is information about psychological, physical, or behavioral characteristics that can identify a person)
  • health data
  • data concerning a person’s sex life or sexual orientation

Profiling
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: In profiling, various pieces of information about a person are compiled in order to learn more about that person. In the web context, profiling is often used for advertising purposes or for credit checks. Web or advertising analytics programs, for example, collect data about your behavior and your interests on a website. This results in a specific user profile that can be used to display advertising to a target group in a targeted manner.

Controller
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and are therefore the “controller.” If we pass on collected data for processing to other service providers, they are “processors.” For this, a “data processing agreement (DPA)” must be signed.

Processing
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we speak of processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR definition, this includes not only the collection but also the storage and processing of data.

All texts are protected by copyright.
Source: Privacy policy created with the Privacy Generator for Austria by AdSimple

Privacy Policy (US)

Effective date: September 29, 2025
Who we are: Luminant Mind, Youns Murhidj, Johannagasse 29–35/14/5, 1050 Vienna, Austria
Email: office@luminantmind.comPhone: +43 688 64396175

1) Scope

This policy explains how we collect, use, and disclose personal information of visitors and customers in the United States when you use our website, contact us, book an appointment, or work with us.

2) Information We Collect

  • Identifiers & contact data: name, email, phone, company, job title, billing details.
  • Commercial info: inquiries, orders, invoices, services purchased.
  • Internet/technical data: IP address, device/browser info, pages viewed, timestamps, cookies or similar technologies.
  • User content: messages you send via forms or email.
    We do not intentionally collect sensitive personal information (e.g., health, precise geolocation, biometrics).

3) Sources

Directly from you; automatically from your device (cookies/analytics); and from service providers (e.g., payment, scheduling, analytics, hosting).

4) How We Use Information

  • Provide and improve our services and website
  • Respond to inquiries and proposals
  • Scheduling, billing, and accounting
  • Security, fraud prevention, and legal compliance
  • With your consent, send updates or marketing (you can opt out anytime)

5) Disclosure of Information

We share personal information with service providers who work on our behalf (hosting, analytics, email, scheduling, payments) under contracts that restrict use. We may disclose if required by law or for legal claims.
We do not sell personal information and we do not share it for cross-context behavioral advertising as defined by U.S. state privacy laws. If this changes, we will update this policy and provide a “Do Not Sell or Share My Personal Information” link.

6) Retention

We keep personal information only as long as needed for the purposes above and to meet legal/financial recordkeeping requirements.

7) Your Privacy Rights (U.S. States)

Depending on your state (e.g., CA, CO, CT, VA, UT), you may have rights to:

  • Know/Access the categories and specific pieces of personal information we hold about you
  • Correct inaccurate information
  • Delete information
  • Portability of certain data
  • Opt out of targeted advertising, sales, or profiling (we currently do not engage in these)
  • Appeal a decision (where applicable)

To exercise rights, email office@luminantmind.com with your request and state of residence. We will verify your identity and respond as the law requires. Authorized agents may submit requests with proof of authorization.

California Notices

  • We have collected the categories listed in Section 2 in the last 12 months for the purposes in Section 4.
  • We have not sold or shared personal information for cross-context behavioral advertising and have not used or disclosed sensitive personal information beyond permitted, limited purposes.
  • “Shine the Light”: We do not share personal information with third parties for their own direct marketing.

8) Cookies & Analytics

We (and our providers) may use cookies or similar technologies to operate the site and measure traffic. You can manage cookies in your browser settings. If we use third-party analytics, they may collect IP address and usage data to help us understand site performance.

Do Not Track: Your browser’s DNT signal may not be recognized by all services; we follow applicable law regarding opt-outs described above.

9) Children’s Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child provided data, contact us to delete it.

10) Security

We use reasonable administrative, technical, and physical safeguards appropriate to the nature of the information. No system is 100% secure.

11) International Transfers

We are based in Austria and may process data outside your state or country. We take steps to ensure appropriate protections for these transfers.

12) Changes

We may update this policy from time to time. We will post the new effective date when we do.

13) Contact

Questions or requests?
Email: office@luminantmind.com
Mail: Luminant Mind, Johannagasse 29–35/14/5, 1050 Vienna, Austria