Legal notice

Privacy policy

Last updated: May 2026

Looking for the app's privacy policy?

This page is the privacy policy for the website. The mind² ECHO mobile app processes data differently and has its own, detailed privacy policy.

Open the app privacy policy

With the following privacy policy, we inform you about the nature, scope, purpose, duration, and legal basis of the processing of personal data when visiting this website. Personal data is any information relating to an identified or identifiable natural person (Art. 4 (1) GDPR).

I. Controller

The controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Toowoxx IT GmbH
Krumbacher Str. 1
86489 Deisenhausen
Germany

Represented by: Christian Thoma, Jürgen Mayer, Oliver Wiemer
Commercial register: HRB 13224, Amtsgericht Memmingen

Phone: +49 8282 881299-0
Email: datenschutz@toowoxx.de

II. General notes on data processing

Scope of personal data processing

We process personal data of our users only insofar as necessary to provide a functional website. Beyond the cases described below, we do not collect any personal data.

Legal bases for processing

Where we process personal data, this is based on the following legal grounds: Art. 6 (1)(f) GDPR (legitimate interest) for the technically necessary provision of the website and the server log files.

III. Hosting and server log files

Hosting by GitHub Pages

This website is hosted on GitHub Pages, a service of GitHub, Inc., 88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA. GitHub, Inc. is a subsidiary of Microsoft Corporation.

When this website is accessed, GitHub, as the hosting provider, automatically processes data transmitted by your browser. In particular, GitHub logs and stores the IP address of the requesting device for security reasons — for example, to ensure the availability and integrity of the site and to defend against attacks. We do not operate our own server for this website and have no access to these logs.

Scope of processing

When the website is accessed, the following data is processed for technical reasons:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the file requested
  • Website from which access was made (referrer URL)
  • Browser used and, where applicable, your operating system

Legal basis

The legal basis for this processing is Art. 6 (1)(f) GDPR. Our legitimate interest lies in the secure, stable, and efficient provision of this website.

Data transfer to the USA

As GitHub also processes data in the USA, personal data may be transferred to a third country. Microsoft Corporation, of which GitHub is part, is certified under the EU-US Data Privacy Framework; in addition, the European Commission's Standard Contractual Clauses apply. For details on data processing by GitHub, please see the GitHub General Privacy Statement.

Retention

The log data generated during hosting is processed by GitHub and stored and deleted in accordance with GitHub's data protection provisions.

IV. SSL/TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.

V. Local storage of language preference

This website stores your chosen language (German or English) in your browser's localStorage so that the page is displayed in the same language when you visit again. This is purely technically necessary storage pursuant to § 25 (2)(2) TTDSG. No personal data is transmitted to us; the information remains exclusively in your browser. You can delete this storage at any time via your browser settings.

We use no cookies, no analytics tools, no trackers, and no marketing pixels.

VI. Locally hosted fonts

This website uses the Plus Jakarta Sans and Aleo fonts, which are hosted locally on the same server that delivers this page. No connections are made to external servers (in particular not to Google Fonts) to retrieve fonts. Consequently, no personal data is transferred to third parties in this context.

VII. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise your rights, please contact datenschutz@toowoxx.de.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
www.lda.bayern.de

VIII. mind² ECHO app

The mobile application mind² ECHO, which we offer via the Google Play Store and (in future) the Apple App Store, has its own detailed privacy policy. It is available inside the app's settings, on the respective store listings, and directly online as a web document.

For downloading the app, the privacy provisions of the respective platform provider (Google or Apple) additionally apply.

IX. Changes to this privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or in order to implement changes to our services, e.g. when introducing new services. The new privacy policy will apply on your next visit.