Privacy policy of the software CAAT

Please note: The English-language version of this privacy policy is our own translation. The German language versions arelegally binding and can be found at Datenschutzbestimmungen der Software CAAT (German). 

Status of data protection regulations: 24.02.2022

Mindscreen GmbH, Leopoldstraße 31, 80802 Munich (hereinafter: "We") operates the CAAT Portal software (app.caat.report) and is responsible for data protection pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR).


If you have any questions, please contact salon@caat.report.

As a data subject, you have the following rights with regard to your personal data. You have:

• A right to information, among other things, about the categories of data processed, the purposes of processing, the storage period and any recipients, in accordance with Art. 15 GDPR and Section 34 BDSG.
• A right to rectification or erasure of incorrect or incomplete data, in accordance with Articles 16 and 17 GDPR and Section 35 BDSG.
• Under the conditions of Art. 18 GDPR or Section 35 Para. 1 S. 2 BDSG a right to restriction of processing.
• A right to object to processing pursuant to Art. 21 (1) GDPR, provided that the data processing was based on a legitimate interest.
• A right to revoke consent given with effect for the future in accordance with Art. 7 (3) GDPR.
• A right to data portability in a common format in accordance with Art. 20 GDPR.
• According to Art. 22 GDPR, you have the right not to be subjected to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you. This also includes profiling within the meaning of Art. 4 No. 4 GDPR.
• You also have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR about our processing of your personal data, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

If you assert your rights under the GDPR and the German Bundesdatenschutzgesetzt (BDSG) against us, we will process the data you transmit to us in order to fulfill your claim.

We will then store the data you have sent to us and the data we have sent to you in return for documentation purposes until the expiry of the limitation period for administrative offenses (3 years).

The legal basis for the processing and storage of data is Art. 6 (1) (f) GDPR (legitimate interest in data processing). This legitimate interest arises from our obligation to comply with your request and the need to be able to exonerate ourselves in potential fine proceedings by proving that we have properly complied with your request.

You can object to the processing of your data based on our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the imprint. However, we would like to point out that the processing of your data is mandatory to demonstrate compliance with the data subject's rights within the meaning of Art. 21 (1) GDPR, as other means of verification do not exist or are not equally suitable.

We protect our systems – and thus your data – through technical and organizational measures against loss, destruction, access, alteration, or distribution by unauthorized persons. In particular, your personal data is transmitted over the internet in encrypted form. We use the TLS (Transport Layer Security) encryption system for this purpose.

However, the transmission of information over the Internet is never completely secure, which is why we cannot 100% guarantee the security of data transmitted by our software.

We process your personal data to the extent necessary for the establishment, content design, or modification of a contractual relationship between us and you (master data). Master data may include, in particular, your name, contact details (postal address, telephone number, email address), etc.

We also process your usage data. Usage data is data generated through your behavior when using our services, in particular your IP address, the start and end times of your use, and information about which content you have accessed in our software.

We collect the aforementioned data either directly from you (e.g. by accessing the software) or, to the extent permitted by data protection laws, from third parties or from publicly accessible sources (e.g. commercial and association registers, press, media, Internet).

All information we receive from or about you is generally processed on servers within the European Union. Your data will only be transferred to or processed in third countries without your express consent if this is provided for or permitted by law, if an appropriate level of data protection is ensured in the third country, or if contractual obligations exist through so-called EU standard data protection clauses. 

Please note that the USA is considered a so-called unsafe third country. Transferring personal data to the USA carries the risk that US security authorities may access this data under the "Cloud Act." EU citizens have no effective legal recourse against these measures in the USA or the EU.

We never share your personal data with third parties without authorization. However, we may share your data with third parties, in particular, if you have consented to the sharing of data, if the sharing is necessary to fulfill our legal obligations, or if we are authorized or obligated to share data due to legal provisions or official or court orders. This may, in particular, involve providing information for the purposes of law enforcement, averting danger, or enforcing intellectual property rights.

We may pass on the personal data collected from you to third parties, in particular in the context of contract processing, for example to the transport company commissioned with the delivery or the service used for payment, insofar as this is necessary to fulfil the contract.

We may also transfer your data to external service providers who process data on our behalf and in accordance with our instructions (processors) in order to simplify or reduce the burden on our own data processing. Each processor is bound by a contract in accordance with Art. 28 GDPR. This means, in particular, that the processor must provide sufficient guarantees that it will implement appropriate technical and organizational measures to ensure that processing complies with the requirements of the GDPR and that your rights as a data subject are protected. Despite engaging processors, we remain the controller for the processing of your personal data within the meaning of data protection laws.

We generally use the data only for the purpose for which it was collected. We may further process the data for another purpose unless this other purpose is incompatible with the original purpose (Article 5 (1) (c) GDPR).

Unless otherwise stated in detail, we only store data collected from you for as long as it is necessary for the respective purpose, unless statutory retention periods prevent deletion, e.g. under commercial or tax law.

In the following, we would like to explain to you as transparently as possible which of your data we process, for what reason, on what basis and for what purpose.

Each time you use our software, general information is automatically transmitted to the server that provides it. This data transmission occurs automatically and is a fundamental part of communication between devices on the Internet.

The data transferred by default includes, among other things, the following information: your IP address, product and version information about the browser and operating system used (so-called user agent), the website from which you accessed the site (so-called referrer), and the date and time of the request (so-called timestamp). Furthermore, the HTTP status and the amount of data transferred during this request are recorded.

This information is logged by the server, stored in a table, and temporarily saved there (so-called server log files). By analyzing these log files, we can identify and subsequently correct software errors, determine load at specific times and make adjustments or improvements based on this, and ensure server security by tracking the IP address from which attacks on our server were launched.

Your IP address is stored only for the duration of your use of the software and is then immediately deleted or partially obscured by shortening. The remaining data is stored for a limited period of time (usually 7 days).

The legal basis for the use of server log files is Art. 6 (1) (f) GDPR (legitimate interest in data processing). This legitimate interest arises from the necessity for the operation and maintenance of our software, as explained above. You can object to the processing of your data on the basis of our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the legal notice. However, we would like to point out in advance that the processing of your data in server log files is mandatory within the meaning of Art. 21 (1) GDPR, as otherwise the software cannot be operated at all.

We use so-called “cookies” in your browser to improve user-friendliness on our systems.

Very simply put, a cookie is a small text file that stores data about websites visited. Cookies can be used in a variety of ways. For example, they can store a kind of "user profile," i.e., things like your preferred language and other page settings that our website requires to provide you with certain services. The cookie file is stored on your device and can also help us recognize you when you visit our website again.

Cookies may also allow us to obtain information about your preferred activities on our website and thus tailor our website to your individual interests or even increase the speed of navigation on our website.

You can delete cookies manually at any time in your browser's security settings.

You can also prevent cookies from being saved by selecting the appropriate settings in your browser. Please note, however, that if you do this, you may not be able to fully use all of our website's functions, or that errors may occur in the display and use of the website.

It is possible that third-party providers with whom we design and operate our website, particularly through so-called plugins (see below in the "Third-Party Services" section), independently store their own cookies on your device. If you only want to accept our own cookies and not cookies from these third parties, you can prevent the storage of these cookies by selecting the appropriate "Block third-party cookies" option in your browser.

In detail, our software uses the following cookies:

Neos_Flow_Session: This cookie is used to identify users while using the software. The cookie is stored on your device until the end of the session.

The legal basis for the use of cookies that are absolutely necessary for the software to function (e.g., session cookies) is Art. 6 (1) (f) GDPR (legitimate interest in data processing). This legitimate interest arises from our need to be able to offer you functioning software. Cookies are necessary for this purpose because they are an integral part of current internet technology, and without them, many functions of current websites would not be available. We therefore need cookies to be able to provide you with the software upon your request.

You can object to the processing of your data based on our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the imprint.

However, we would like to point out that the processing of your data in certain cookies is mandatory within the meaning of Art. 21 (1) GDPR, as otherwise the software cannot function at all, and we are technically unable to prevent cookies from being placed on specific individual devices. However, you may be able to do this yourself in your browser. For further information, please refer to your browser's instructions.

To improve the user-friendliness of our systems, we use the so-called “web storage” of your browser.

Web storage is a technology for web applications that stores data in a web browser. Web storage can be viewed simply as an evolution of cookies, but differs in several respects.

Unlike cookies, which can be accessed by both the server and the client, web storage is completely controlled by the client. This means that data is not transferred to the server every time the website is accessed. Access occurs exclusively locally via scripts on the website. In concrete terms, this means that third parties cannot access the information stored on the website. Only you and we can access the locally stored data.

The legal basis for the use of web storage, which is absolutely necessary for the software to function, is Art. 6 (1) (f) GDPR (legitimate interest in data processing). This legitimate interest arises from our need to be able to offer you functioning software. Web storage is necessary for this because it is an integral part of current internet technology, and without it, many functions of current websites would not be available. We therefore need web storage to be able to provide you with the software upon your request.

You can object to the processing of your data based on our legitimate interest at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the imprint.

However, we would like to point out that the processing of your data in Web Storage may be mandatory under Art. 21 (1) GDPR, as otherwise the software cannot be operated at all, and we do not have the technical ability to prevent its use on specific individual devices. However, you may be able to do this yourself in your browser. For further information, please refer to your browser's instructions.

Use of our system is only available to our registered customers.

The legal basis for the data required to use the portal is Art. 6 (1) (b) GDPR (data processing for the performance of a contract).  The legal basis for the data you provide voluntarily is Art. 6 (1) (a) GDPR (consent of the data subject). You can revoke your consent at any time with future effect. Please use the contact details provided in the imprint to do so.

We may also process the data you provide to send you an email about updates and changes to the software.

The legal basis for using your contact details for this purpose is Art. 6 (1) (f) GDPR (legitimate interest in data processing). This legitimate interest arises from our need to provide you with interesting information about our services.

You can object to the processing of your data based on our legitimate interest in direct marketing at any time under the conditions of Art. 21 GDPR. To do so, please use the contact details provided in the imprint.

We use the anonymously collected data (IP address, browser information) to improve our software based on user preferences. We store the collected information exclusively on our own server and do not transmit it to third parties.

The legal basis for processing your data with regard to usage statistics is Art. 6 (1) (f) GDPR (legitimate interest in data processing). This legitimate interest arises from our need to be able to offer high-performance and user-friendly software.

If you do not agree to the storage and analysis of data during use, you can object to this storage and use in the software at any time under "Profile". In this case, an opt-out cookie will be stored in your browser, which means that no data related to your use will be collected.