Privacy

Privacy Policy

Effective date: 27 October 2025
Last updated: 27 October 2025

1. Who we are

This Privacy Policy explains how your personal data is collected, used and protected when you visit or use the “Mind University” website or its mobile applications (collectively – the “Platform”), or when you purchase goods or services.

Data Controllers

  • Multiverse LTD
    Trust Company Complex,
    Ajeltake Road, Ajeltake Island, Majuro,
    P.O. Box 1405
    – responsible for operation of the Platform, user accounts and community content.
  • BIOMIND BY PROFESSIONALS Sp. z o.o.
    ul. Żółwia 22, lok. 73, 01-927 Warsaw, Poland
    VAT ID (NIP): PL1182307005
    REGON: 541902732
    – responsible for order processing, billing, payments, delivery, and customer support.

Depending on your interaction (browsing, creating an account, or purchasing), one or both companies may act as joint controllers under Article 26 GDPR.

Contact email for all privacy matters: [email protected]

2. Categories of personal data we collect

2.1 Account and Profile Data

Name or pseudonym, email address, password (hashed), country, preferred language, profile information you voluntarily provide, and any settings saved in your account.

2.2 Usage and Technical Data

IP address, browser type, operating system, device identifiers, time zones, referring URLs, page interactions, features used, and logs generated while using the Platform.

2.3 Content and Interactions

Posts, comments, messages, uploaded files, ratings, or other user-generated content (UGC), plus metadata (upload date, file name, location if enabled).

2.4 Purchase and Billing Data

Order details, payment amount, currency, VAT number (if applicable), invoice data, delivery address, and chosen payment method. Payments themselves are processed by external payment providers who act as separate controllers; we never store full credit-card numbers.

2.5 Communication Data

Emails, support requests, surveys, and any correspondence you exchange with us.

2.6 Cookie and Analytics Data

Small text files and similar technologies that collect statistical or marketing information about website traffic, preferences, and performance (see Section 9).

We do not intentionally collect sensitive data unless you voluntarily provide it (e.g., beliefs or health-related information in your posts). Such data is processed only with your explicit consent (Art. 9 §2 a GDPR).

3. Purposes and legal bases of processing

Purpose Legal basis (GDPR)
Account creation and user authentication Art. 6 §1(b) – Contract performance
Order handling, invoicing and delivery Art. 6 §1(b) – Contract performance
Customer support and communication Art. 6 §1(b) / (f) – Contract / Legitimate interest
Platform maintenance, security and fraud prevention Art. 6 §1(f) – Legitimate interest
Marketing newsletters (if subscribed) Art. 6 §1(a) – Consent
Compliance with tax, accounting and legal obligations Art. 6 §1(c) – Legal obligation
Analytics, product improvement Art. 6 §1(f) – Legitimate interest
Community moderation & removal of unlawful content Art. 6 §1(c) / (f) – Legal obligation / Legitimate interest

You can withdraw your consent at any time; withdrawal does not affect processing carried out before withdrawal.

4. How we share data

We share data only when necessary and under strict contractual safeguards:

  • Payment processors (e.g., Stripe, PayPal, Wise) – for secure transaction handling.
  • IT and hosting providers – to operate the Platform.
  • Analytics and marketing partners – only where cookies/consent allow.
  • Public authorities or courts – when legally obliged.
  • Professional advisors – auditors, accountants, lawyers, under confidentiality.

We never sell your personal data. If ownership of the Platform changes, personal data may transfer to the new controller under equivalent privacy safeguards.

5. International data transfers

Data may be processed outside the European Economic Area (EEA). Where transfers occur, we rely on:

  • Adequacy decisions by the European Commission, or
  • Standard Contractual Clauses (SCCs) approved under Art. 46 GDPR, plus supplementary security measures.

A copy of applicable safeguards is available upon request.

6. Data retention

Category Retention period
Account data Until deletion of the account or 2 years of inactivity
Orders & invoices 5–10 years (tax / accounting law)
Support communication Up to 3 years after closure
Marketing data Until consent is withdrawn
Security logs Up to 12 months unless needed longer for investigation

When data are no longer required, they are securely erased or anonymised.

7. Your rights under GDPR

You have the following rights:

  • Access – obtain a copy of your data (Art. 15)
  • Rectification – correct inaccurate data (Art. 16)
  • Erasure (“right to be forgotten”) (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing based on legitimate interest or direct marketing (Art. 21)
  • Withdraw consent (Art. 7 §3)

To exercise any right, contact [email protected]. We may need to verify your identity before acting on your request. You also have the right to lodge a complaint with your local supervisory authority (for example, the President of the Personal Data Protection Office in Poland or your national DPA).

8. Data security

We use appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure or destruction, including encrypted connections (HTTPS), firewalls, access-control policies, regular audits, and staff confidentiality training. However, no system can guarantee absolute security; you share information at your own risk.

9. Cookies and similar technologies

Cookies are used for:

  • Essential functions – login, shopping cart, language preference.
  • Analytics – measuring traffic and performance (e.g., Google Analytics 4, Matomo).
  • Marketing – personalised offers, retargeting (only with consent).

When you first visit the Platform, a cookie banner allows you to choose or reject categories. You can later change your preferences or delete cookies in your browser settings. A detailed list of cookie types, providers, and lifetimes is available in our Cookie Policy.

10. Children’s data

The Platform is intended for persons aged 16 or over. If you are under 16, please obtain parental consent before registering. We do not knowingly collect data from children under 16; if such data is discovered, it will be erased promptly.

11. Automated decision-making

We do not perform automated decision-making or profiling that produces legal or similarly significant effects. If this changes, we will notify you and provide all information required by Articles 13–22 GDPR.

12. Third-party links

The Platform may contain links to third-party websites. We are not responsible for their privacy practices or content; please review their own policies before providing personal data.

13. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always appear on this page with the effective date above. Substantial changes will be announced through the Platform or by email (if feasible). Continued use of the Platform after updates means you accept the revised Policy.

14. Contact

For any privacy question or to exercise your rights, please contact:

Email: [email protected]
Postal address (for both controllers):
BIOMIND BY PROFESSIONALS Sp. z o.o., ul. Żółwia 22, lok. 73, 01-927 Warsaw, Poland

Version 1.0 – adopted 27 October 2025