Mind University (mdu.lt) is an online educational platform offering courses, memberships, digital products and an educational community. Platform operations are carried out by three data controllers, each of which processes certain personal data about you within its area of responsibility.
Multiverse LTD
Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, P.O. Box 1405, Marshall Islands
Area of responsibility: platform operations, user accounts, access rights administration, community content.
BIOMIND BY PROFESSIONALS Sp. z o.o.
ul. Chmielna 2/31, 00-020 Warsaw, Poland
NIP: PL1182307005 · REGON: 541902732
Area of responsibility: order processing, invoicing, payments, delivery, customer service.
Asociacija Firmus Medicus
Code: 305168407
T. Masiulio g. 21B, LT-52436 Kaunas, Lithuania
Area of responsibility: administration of educational initiatives funded by donations and contributions, and the cultural revival project of Lentvaris Manor.
General contact: [email protected]. We respond within 30 calendar days of receiving your request.
We collect only the data necessary to achieve a specific purpose.
2.1 Account Data
First name, last name, email address, chosen username (display name), password hash (we do not store the original), profile picture (optional), account creation date, last login timestamp.
2.2 Technical Data
IP address, browser type and version, operating system, device identifier, page view logs, session duration, error reports. This data is collected automatically each time you visit the platform.
2.3 Community Content
Comments, community space posts, feedback forms, Q&A material, course completion certificates, progress data. Processing of this content is described in more detail in Section 11.
2.4 Purchase and Payment Data
Order number, purchased products or courses, payment amount and currency, payment method (card type, last 4 digits), invoice data, transaction date and status. Full payment card data is processed only within the payment processor’s (Stripe) infrastructure — we do not store or have access to it.
2.5 Communication Data
Emails and requests you send us; automated system notifications (registration confirmation, password recovery, order confirmation); marketing newsletters if you have given consent.
2.6 Cookie and Tracking Data
Described in detail in Section 9 (Cookie Policy).
We deliberately do not collect special category data (e.g. health, religious beliefs or biometric data) unless you voluntarily submit it in community content. Such data is processed only with your explicit consent (GDPR Art. 9(2)(a)).
Each processing purpose has a clear legal basis under the GDPR (2016/679).
| Processing Purpose | Legal Basis (GDPR) | Responsible Controller |
|---|---|---|
| Account creation and administration | Art. 6(1)(b) – Performance of contract | Multiverse LTD |
| Provision of courses and content | Art. 6(1)(b) – Performance of contract | Multiverse LTD |
| Payment processing | Art. 6(1)(b) – Performance of contract | BIOMIND BY PROFESSIONALS |
| Invoicing and accounting | Art. 6(1)(c) – Legal obligation | BIOMIND BY PROFESSIONALS |
| Administration of donations and contributions | Art. 6(1)(b) and (c) | Asociacija Firmus Medicus |
| Platform security and fraud prevention | Art. 6(1)(f) – Legitimate interest | Multiverse LTD |
| Technical logs and fault diagnostics | Art. 6(1)(f) – Legitimate interest | Multiverse LTD |
| Marketing newsletters | Art. 6(1)(a) – Consent | Multiverse LTD / BIOMIND |
| Analytics and statistics (aggregated) | Art. 6(1)(f) – Legitimate interest | Multiverse LTD |
| Analytical and marketing cookies | Art. 6(1)(a) – Consent | Multiverse LTD |
| Defence of legal claims | Art. 6(1)(f) – Legitimate interest | All three controllers |
Where processing is based on legitimate interest, we carry out a balancing test. You may request a summary by email at [email protected].
We do not sell or exchange your data for commercial purposes. Data is transferred only in the following cases:
We enter into a GDPR-compliant Data Processing Agreement (DPA) with each data processor.
| Processor | Purpose | Data Location | Safeguards |
|---|---|---|---|
| Stripe, Inc. | Payment processing, fraud prevention | USA / EU | EU–US DPF; PCI DSS Level 1 |
| Hostinger | Website and database hosting | EU (LT / NL) | SCCs, physical security |
| Brevo (Sendinblue) | Email delivery | EU (Paris) | GDPR DPA; data in EU |
| Meta Platforms Ireland Ltd. | Meta Pixel — conversion tracking, retargeting | EU / USA | EU–US DPF; SCCs; Meta GDPR DPA |
| Google Ireland Ltd. | Google Analytics 4 — traffic statistics | EU / USA | EU–US DPF; IP anonymisation enabled |
Some processors operate outside the European Economic Area (EEA). Such transfers are subject to GDPR Chapter V safeguards:
You may request copies of the specific SCCs by email at [email protected].
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Duration of account + 3 years | Legitimate interest |
| Purchase and payment data | 10 years | Accounting Act |
| Invoices | 10 years | Tax law (LT, PL) |
| Technical logs | 12 months | Security diagnostics |
| Marketing consents | Until withdrawal + 3 years (as evidence) | GDPR Art. 7(1) |
| Donation and contribution data | 10 years | Public body accounting requirements |
| Cookie data (analytical) | 13 months | Consent |
| Deleted account | 30 days, then permanently erased | Right to erasure (GDPR Art. 17) |
As a data subject you have the following rights, which you may exercise at any time:
Submit requests by email to [email protected]. We respond within 30 days (in complex cases within 90 days with advance notice). You also have the right to lodge a complaint with a supervisory authority — see Section 17.
Cookies are small text files stored on your device. We use them to ensure platform functionality, your convenience and analytics.
Essential cookies (always active) — technically necessary for the platform to function. Without them you cannot log in, make a payment or use course materials.
| Cookie | Purpose | Duration |
|---|---|---|
| wordpress_logged_in_* | Login session maintenance | Session / 14 days |
| woocommerce_cart_hash | Shopping cart identification | Session |
| woocommerce_session_* | Purchase process cart | 2 days |
| PHPSESSID | PHP session management | Session |
Analytical cookies (consent required) — collect anonymous information about how users interact with the platform.
| Cookie | Source | Duration |
|---|---|---|
| _ga, _ga_* | Google Analytics 4 | 2 years |
| _gid | Google Analytics | 24 hours |
Marketing cookies (consent required) — used for targeted advertising on social networks and Google platforms.
| Cookie | Source | Duration |
|---|---|---|
| _fbp, _fbc | Meta Pixel | 3 months |
On your first visit you will see a cookie consent banner. You can change your preferences at any time via the “Cookie Settings” link at the bottom of the page. You can opt out of Google Analytics via this tool; Meta advertising via
.To ensure data security we apply technical and organisational measures in accordance with GDPR Art. 32:
We recommend using strong, unique passwords and enabling two-factor authentication.
By publishing content on the platform (comments, questions, reviews) you retain copyright in your creations. However, you grant Multiverse LTD a non-exclusive licence to display that content for platform operating purposes.
Multiverse LTD reserves the right to remove without prior notice any content that infringes intellectual property rights, is defamatory, discriminatory or otherwise unlawful. If you see content that violates your rights, contact us at [email protected] — we respond within 5 business days.
When you purchase a membership or subscription, the following data is processed: chosen membership plan, subscription start and end date, auto-renewal status, tokenised payment card identifier (Stripe Token — not the card number), payment history.
If you have chosen auto-renewal, you will receive a reminder by email at least 3 days before each payment (in case of price or terms changes). You may cancel your subscription at any time via account settings.
The platform is intended for persons aged 16 and over. We do not knowingly collect data from younger individuals. If we learn that a person under 16 has created an account, we will delete that account without delay. If you are a parent or guardian and believe your child has created an account, please contact us: [email protected].
We currently do not carry out automated decision-making as defined in GDPR Art. 22 that would have legal or similarly significant effects on you. We use limited profiling for content personalisation (course recommendations) and newsletter segmentation — this can be disabled at any time via account settings.
The platform may contain links to external websites. This privacy policy applies only to the mdu.lt platform. Third-party privacy practices are solely their own responsibility — we recommend reviewing their policies before submitting personal data.
Minor changes (spelling, formatting, clarifications) — take effect immediately; the date at the top of the document is updated.
Material changes (new data categories, new controllers, new purposes) — we notify all active account holders by email at least 30 days before the effective date.
Previous versions are retained and provided on request. Your continued use of the platform after changes take effect confirms that you have read the new version.
General data protection contact:
[email protected]
Response time: 30 days from receipt of request.
Multiverse LTD
Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, P.O. Box 1405
BIOMIND BY PROFESSIONALS Sp. z o.o.
ul. Chmielna 2/31, 00-020 Warsaw, Poland
Asociacija Firmus Medicus
T. Masiulio g. 21B, LT-52436 Kaunas, Lithuania
Supervisory authorities:
State Data Protection Inspectorate (Lithuania) — vdai.lt · [email protected]
Urząd Ochrony Danych Osobowych (Poland) — uodo.gov.pl
Weekly insights. One essay. One practice. No noise.
Why are you reporting this content?