Cookies used on the site are categorized and below you can read about each category and allow or deny some or all of them. When categories than have been previously allowed are disabled, all cookies assigned to that category will be removed from your browser. Additionally you can see a list of cookies assigned to each category and detailed information in the cookie declaration.
Necessary cookies
Some cookies are required to provide core functionality. The website won't function properly without these cookies and they are enabled by default and cannot be disabled.
Preferences
Preference cookies enables the web site to remember information to customize how the web site looks or behaves for each user. This may include storing selected currency, region, language or color theme.
Analytical cookies
Analytical cookies help us improve our website by collecting and reporting information on its usage.
Marketing cookies
Marketing cookies are used to track visitors across websites to allow publishers to display relevant and engaging advertisements. By enabling marketing cookies, you grant permission for personalized advertising across various platforms.
Other cookies
The cookies in this category have not yet been categorized and the purpose may be unknown at this time.
Cookies used on the site are categorized and below you can read about each category and allow or deny some or all of them. When categories than have been previously allowed are disabled, all cookies assigned to that category will be removed from your browser. Additionally you can see a list of cookies assigned to each category and detailed information in the cookie declaration.
Necessary cookies
Some cookies are required to provide core functionality. The website won't function properly without these cookies and they are enabled by default and cannot be disabled.
Name | Hostname | Path | Expiry | Tags |
---|---|---|---|---|
m | m.stripe.com | / | 400 days | 3rd party |
Used by Stripe Payment Services for fraud prevention and detection. | ||||
__stripe_mid | .meditopia.com | / | 365 days | |
Stripe is used to making credit card payments. Stripe uses a cookie to remember who you are and to enable the website to process payments without storing any credit card information on its own servers. | ||||
__stripe_sid | .meditopia.com | / | 1 hour | |
Stripe is used to making credit card payments. Stripe uses a cookie to remember who you are and to enable the website to process payments without storing any credit card information on its own servers. | ||||
cookiehub | .meditopia.com | / | 365 days | |
Used by CookieHub to store information about whether visitors have given or declined the use of cookie categories used on the site. | ||||
__cf_bm | .calendly.com | / | 1 hour | 3rd party |
The __cf_bm cookie supports Cloudflare Bot Management by managing incoming traffic that matches criteria associated with bots. The cookie does not collect any personal data, and any information collected is subject to one-way encryption. | ||||
__cfruid | .calendly.com | / | Session | 3rd party |
This cookie is set by Cloudflare for rate limiting policies. | ||||
__cf_bm | .flexoffers.com | / | 1 hour | 3rd party |
The __cf_bm cookie supports Cloudflare Bot Management by managing incoming traffic that matches criteria associated with bots. The cookie does not collect any personal data, and any information collected is subject to one-way encryption. | ||||
_cfuvid | .calendly.com | / | Session | 3rd party |
Used by Cloudflare WAF to distinguish individual users who share the same IP address and apply rate limits |
Preferences
Preference cookies enables the web site to remember information to customize how the web site looks or behaves for each user. This may include storing selected currency, region, language or color theme.
Name | Hostname | Path | Expiry | Tags |
---|---|---|---|---|
lang | meditopia.com | / | 365 days | |
Session-based cookie that remembers the user's selected language version of a website. | ||||
lidc | .linkedin.com | / | 1 day | 3rd party |
Used by LinkedIn for routing. | ||||
li_gc | .linkedin.com | / | 180 days | 3rd party |
Used by LinkedIn to store consent of guests regarding the use of cookies for non-essential purposes | ||||
sync_cookie_csrf | .mc.yandex.com | / | 1 hour | 3rd party |
This is a Yandex Cookie. It is used for security purposes in order to avoid Cross-Site Request Forgery, (CSRF). | ||||
sync_cookie_csrf | .mc.yandex.ru | / | 1 hour | 3rd party |
This is a Yandex Cookie. It is used for security purposes in order to avoid Cross-Site Request Forgery, (CSRF). |
Analytical cookies
Analytical cookies help us improve our website by collecting and reporting information on its usage.
Name | Hostname | Path | Expiry | Tags |
---|---|---|---|---|
_gid | .meditopia.com | / | 1 day | |
Contains a unique identifier used by Google Analytics to determine that two distinct hits belong to the same user across browsing sessions. | ||||
_ga_* | .meditopia.com | / | 400 days | |
Contains a unique identifier used by Google Analytics 4 to determine that two distinct hits belong to the same user across browsing sessions. | ||||
_ga | .meditopia.com | / | 400 days | |
Contains a unique identifier used by Google Analytics to determine that two distinct hits belong to the same user across browsing sessions. | ||||
_ym_uid | .meditopia.com | / | 365 days | |
Used by Yandex.Metrika to identify site users | ||||
_ym_d | .meditopia.com | / | 365 days | |
Used by Yandex.Metrika to save the date of the user's first site session | ||||
yandexuid | .yandex.ru | / | 400 days | 3rd party |
This cookie is used by Yandex.Metrica to identify the users. This cookie collects information about how visitors use the website. This information is used for internal analysis and site optimisation. | ||||
_ym_isad | .meditopia.com | / | 20 hours | |
Used by Yandex.Metrika to determine whether a user has ad blockers | ||||
_scid | .meditopia.com | / | 395 days, 17 hours | |
Snapchat pixel unique ID of the user, similar to how the _ga cookie works with Google Analytics | ||||
sc_at | .snapchat.com | / | 390 days | 3rd party |
Used to identify a visitor across multiple domains. | ||||
_dc_gtm_* | .meditopia.com | / | 1 hour | |
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager | ||||
_hjSessionUser_* | .meditopia.com | / | 365 days | |
Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | ||||
_hjSession_* | .meditopia.com | / | 1 hour | |
Used by Hotjar to hold current session data. | ||||
CLID | www.clarity.ms | / | 365 days | 3rd party |
Identifies the first-time Clarity saw this user on any site using Clarity. | ||||
bcookie | .linkedin.com | / | 365 days | 3rd party |
This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media. | ||||
SM | .c.clarity.ms | / | Session | 3rd party |
This cookie is installed by Clarity. The cookie is used to store non-personally identifiable information. The cookie is used in synchronizing the MUID (Microsoft unique user ID) across Microsoft domains. | ||||
MUID | .clarity.ms | / | 390 days | 3rd party |
Microsoft User Identifier tracking cookie used by Bing Ads. It can be set by embedded microsoft scripts. Widely believed to sync across many different Microsoft domains, allowing user tracking. | ||||
_clck | .meditopia.com | / | 365 days | |
Persists the Clarity User ID and preferences, unique to that site, on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | ||||
_clsk | .meditopia.com | / | 1 day | |
Connects multiple page views by a user into a single Clarity session recording. | ||||
MUID | .bing.com | / | 390 days | 3rd party |
Microsoft User Identifier tracking cookie used by Bing Ads. It can be set by embedded microsoft scripts. Widely believed to sync across many different Microsoft domains, allowing user tracking. | ||||
YSC | .youtube.com | / | Session | 3rd party |
This cookie is set by YouTube video service on pages with YouTube embedded videos to track views. | ||||
MR | .c.bing.com | / | 7 days | 3rd party |
Used by Microsoft Clarity to indicate whether to refresh MUID. | ||||
MR | .c.clarity.ms | / | 7 days | 3rd party |
Used by Microsoft Clarity to indicate whether to refresh MUID. | ||||
yandexuid | .yandex.com | / | 365 days | 3rd party |
This cookie is used by Yandex.Metrica to identify the users. This cookie collects information about how visitors use the website. This information is used for internal analysis and site optimisation. | ||||
sync_cookie_ok | .mc.yandex.com | / | 1 day | 3rd party |
Used by Yandex Metrica to survey and track user behavior. | ||||
_gat_* | .meditopia.com | / | 1 hour | |
Used by Google Analytics to throttle request rate (limit the collection of data on high traffic sites) | ||||
yp | .yandex.ru | / | 400 days | 3rd party |
Marketing cookies
Marketing cookies are used to track visitors across websites to allow publishers to display relevant and engaging advertisements. By enabling marketing cookies, you grant permission for personalized advertising across various platforms.
Name | Hostname | Path | Expiry | Tags |
---|---|---|---|---|
test_cookie | .doubleclick.net | / | 1 hour | 3rd party |
Used to check if the user's browser supports cookies | ||||
UserMatchHistory | .linkedin.com | / | 30 days | 3rd party |
Contains a unique identifier used by LinkedIn to determine that two distinct hits belong to the same user across browsing sessions. | ||||
AnalyticsSyncHistory | .linkedin.com | / | 30 days | 3rd party |
Used by LinkedIn to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries | ||||
_fbp | .meditopia.com | / | 90 days | |
Facebook Pixel advertising first-party cookie. Used by Facebook to track visits across websites to deliver a series of advertisement products such as real time bidding from third party advertisers. | ||||
SRM_B | .c.bing.com | / | 390 days | 3rd party |
This cookie is installed by Microsoft Bing. Identifies unique web browsers visiting Microsoft sites. | ||||
ANONCHK | .c.clarity.ms | / | 1 hour | 3rd party |
Used to store session ID for a users session to ensure that clicks from adverts on the Bing search engine are verified for reporting purposes and for personalisation | ||||
_uetsid | .meditopia.com | / | 1 day | |
This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site. | ||||
_uetvid | .meditopia.com | / | 390 days | |
Used by Microsoft Advertising to store a unique, anonymized visitor ID to personalize marketing. | ||||
IDE | .doubleclick.net | / | 390 days | 3rd party |
Used by Google's DoubleClick to serve targeted advertisements that are relevant to users across the web. Targeted advertisements may be displayed to users based on previous visits to a website. These cookies measure the conversion rate of ads presented to the user. | ||||
_ttp | .tiktok.com | / | 390 days | 3rd party |
Used by Tiktok to measure and improve the performance of advertising campaigns and to personalize the user's experience (including ads) on TikTok. | ||||
_tt_enable_cookie | .meditopia.com | / | 390 days | |
Cookie set by TikTok | ||||
_ttp | .meditopia.com | / | 390 days | |
Used by Tiktok to measure and improve the performance of advertising campaigns and to personalize the user's experience (including ads) on TikTok. | ||||
bscookie | .www.linkedin.com | / | 365 days | 3rd party |
Used by the social networking service, LinkedIn, for tracking the use of embedded services. | ||||
VISITOR_INFO1_LIVE | .youtube.com | / | 180 days | 3rd party |
Set by YouTube and used for various purposes, including analytical and advertising. | ||||
li_sugr | .linkedin.com | / | 90 days | 3rd party |
Used by LinkedIn to make a probabilistic match of a user's identity outside the Designated Countries | ||||
yabs-sid | mc.yandex.com | / | Session | 3rd party |
This cookie is used by Yandex to record data on the behavior of the website visitor on the Website. | ||||
yuidss | .yandex.com | / | 365 days | 3rd party |
Used by Yandex for identifying site users | ||||
ymex | .yandex.com | / | 365 days | 3rd party |
Registers data on visitors' website-behaviour. This is used for internal analysis and website optimization. | ||||
_gcl_au | .meditopia.com | / | 90 days | |
Used by Google AdSense to understand user interaction with the website by generating analytical data. | ||||
MSPTC | .bing.com | / | 390 days | 3rd party |
receive-cookie-deprecation | .yandex.com | / | 365 days | 3rd party |
Privacy Sandbox testing cookie to preview how site behavior and functionality work without third-party cookies. | ||||
tuuid | .company-target.com | / | 400 days | 3rd party |
This cookie is mainly set by bidswitch.net to make advertising messages more relevant to the website visitor. | ||||
tuuid_lu | .company-target.com | / | 400 days | 3rd party |
This cookie is usually provided by bidswitch.net and is used for advertising purposes. | ||||
CMID | .casalemedia.com | / | 365 days | 3rd party |
Cookie is set by Casale Media. The main business activity is linked to advertising and tracking the products users are looking at. | ||||
CMPS | .casalemedia.com | / | 90 days | 3rd party |
Cookie is set by Casale Media. The main business activity is linked to advertising and tracking the products users are looking at. | ||||
CMPRO | .casalemedia.com | / | 90 days | 3rd party |
Cookie is set by Casale Media. The main business activity is linked to advertising and tracking the products users are looking at. | ||||
tvid | .tremorhub.com | / | 365 days, 6 hours | 3rd party |
Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. | ||||
tv_UIDM | .tremorhub.com | / | 400 days | 3rd party |
Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. | ||||
yuidss | .yandex.ru | / | 400 days | 3rd party |
Used by Yandex for identifying site users | ||||
ymex | .yandex.ru | / | 365 days | 3rd party |
Registers data on visitors' website-behaviour. This is used for internal analysis and website optimization. |
Other cookies
The cookies in this category have not yet been categorized and the purpose may be unknown at this time.
Name | Hostname | Path | Expiry | Tags |
---|---|---|---|---|
X-AB | sc-static.net | /scevent.min.js | 1 day | 3rd party |
i | .yandex.ru | / | 400 days | 3rd party |
auth.strategy | meditopia.com | / | Session | |
amp_2ec194 | .meditopia.com | / | 365 days | |
_p2s_uvi | .meditopia.com | / | 365 days | |
UTMparams | meditopia.com | / | Session | |
_scid_r | .meditopia.com | / | 395 days, 17 hours | |
i | .yandex.com | / | 400 days | 3rd party |
bh | .yandex.com | / | 365 days | 3rd party |
yashr | .yandex.ru | / | 365 days | 3rd party |
yashr | .yandex.com | / | 365 days | 3rd party |
VISITOR_PRIVACY_METADATA | .youtube.com | / | 180 days | 3rd party |
General Information
Thank you for visiting our website and using our App! The protection of personal data is of high importance for us. In fact, Meditopia is committed to protecting your personal data and treating it with the utmost care and respect. This Privacy Policy shall inform you about the processing of personal data on our website and in our App according to Art. 13, 14 GDPR. Personal data ("data") is any information relating to an identified or identifiable person. “Processing" of data means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This Privacy Policy can be accessed and printed out at any time on the website. We reserve the right to amend this Privacy Policy to ensure compliance with the statutory provisions.
Controller
The Controller of your personal data is
The Meditation Company GmbH
Address: Brandenburgische Strasse 86/87
10713 Berlin Deutschland
Email: hello@meditopia.com
Controller is any natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. The Meditation Company GmbH is the controller in connection with the use of Meditopia’s services and products in the European Union.
Data Protection Officer
For the protection of your data we Appointed a Data Protection Officer DPO.
You can reach our DPO at any time here: gdpr@meditopia.com
Scope of Data Processing
We only process the data as necessary and only for the purpose of providing a functional and user-friendly website and App as well as for the provision of our content and services. The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation", GDPR) as well as in the German Federal Data Protection Act (BDSG) and the German Act on Data Protection in Telecommunication and Telemedia (TTDSG).
We use various third-party providers, e.g. in the areas of hosting or mailing services, each of which processes data on our behalf. We have concluded corresponding order processing agreements with these third-party providers, which ensure that an adequate level of data protection is also guaranteed with respect to our (sub-)processors (Art. 28 GDPR). For more information on the third-party providers used, please feel free to contact our DPO.
We process contact information, usage data or other information that you provide to us. Details are set out in the table below or as otherwise described in this Privacy Policy or to you:
Data |
Purpose |
Legal Basis |
contact data (e.g. name, address, telephone number), other contract data (e.g. orders) |
communication or storage/processing of data in order to establish, implement and/or handle a contractual relationship; this may also include our online services |
Art. 6 (1) b) GDPR |
contact, contract and usage data |
analysis of data on the basis of our legitimate interests in the form of quality assurance and marketing |
Art. 6 (1) f) GDPR |
data that you provide on the basis of consent (e.g. within the scope of registration) |
with your consent for the purposes stated when giving it; this Applies, for example, to the data you provide voluntarily |
Art. 6 (1) a) GDPR |
We only process your data if this is necessary for the stated purposes. Failure to provide the data may have legal disadvantages, such as the loss of legal positions, for example, no response to your enquiry or the impracticability of a contract.
As a matter of principle, we will only transfer or disclose your data to third parties if we have obtained your consent or if there is another legal basis for doing so. We process your data only through our German entity thus process personal data within the EU/EEA. In case your data is processed outside the EU/EEA, e.g. when using third party tools (like Google), compliance with the Applicable laws is ensured in each case. If your data is transferred to third countries, such as the United States, we ensure that the legal requirements according to Art. 44 ff. GDPR for such a transfer are met and that your data is processed in the third country in accordance with the European data protection standards. For this purpose, we generally use the so-called EU standard contractual clauses (SCCs) that we conclude with the respective provider. Further, in accordance with the requirements of the ECJ following the "Schrems II" decision, a case-by-case risk analysis is carried out with regard to the respective third country. For further information, you can also contact our DPO.
Furthermore, we have taken technical and organizational measures to ensure that the regulations on data protection are observed both by us and by external service providers. For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption.
Visiting the Website
We collect data about every visit to our website (so-called server log files). The data listed below is processed as follows:
Data |
Purpose |
Legal Basis |
name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, operating system/version, referrer URL (the previously visited page), IP address and the requesting provider, country code, language, device name, if Applicable. |
statistical evaluations for the purpose of optimizing our website, ensuring the stability and operational security of the website |
Art. 6 (1) f) GDPR based on our legitimate interest in fraud prevention and quality assurance |
fulfillment of legal obligations, for reasons of data security |
Art. 6 (1) c) GDPR |
Contact and Emails
If you send us an email or contact us via the contact form, the information from the respective enquiry, including the contact data provided, will be stored by us for the purpose of processing the enquiry as follows:
Data |
Purpose |
Legal Basis |
your enquiry, contact details (e.g. name, company, country, email address) or other data provided in the enquiry |
communicating or storing/processing data in order to determine company enquiries, to establish, perform and/or settle a contractual relationship; this may include responding to your enquiry or making a refund |
Art. 6 (1) b) GDPR |
processing of data based on your consent to respond to the request |
Art. 6 (1) a) GDPR |
Download and Use of the App
When downloading the App in the App Store or Play Store, the required information is transferred to the respective store provider in particular
We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the App to your mobile device. When using the App, we collect the personal data described below in order to enable convenient use of the functions:
Data |
Purpose |
Legal Basis |
IP address, Date and time of the request, Time zone, Contents of the request, Access status/HTTP status code, amount of data transferred in each case, website from which the request originates, browser, Operating system and its interface, Language and version of the browser software |
Providing our services |
Art. 6 (1) b) GDPR |
Ensuring of usability and stability of our system |
Art. 6 (1) f) GDPR |
Further we need your device identification, unique number of the terminal (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile terminal, e-mail address. When using the App, the device ID number is assigned to each registered device. Our access to the device ID number is necessary to identify the device and the user account in order to improve the use of the App and to deactivate the App on stolen or lost devices.
In addition to the data mentioned above, cookies are stored on your device when using our App. Cookies are small text files that are stored in the device memory of your mobile device and assigned to the App you are using. Cookies allow certain information to flow to the location that sets the cookie (here: us). Cookies cannot execute programs or transmit viruses to your mobile device. They serve to make mobile Apps more user-friendly and effective overall. Our App uses transient and persistent cookies. Transient cookies are automatically deleted when you close our App. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests to your mobile App. This enables your mobile device to be recognized when you use our mobile App again. The session cookies are deleted when you log out or close the App. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can configure the settings of your mobile operating system and the App according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. Please note that you may not be able to use all functions of our mobile App in this case.
Registration / Use of our Service
You may register on our website in order to use our service. We process the data you share with us in the registration process based on your consent or, if Applicable, to fulfill our service contract with you:
Data |
Purpose |
Legal Basis |
Registration / login data (name, company name, date of birth, email address, phone number, password) |
fulfillment of our Service-Agreement |
Art. 6 (1) b) GDPR |
enabling you to register |
Art. 6 (1) a) GDPR |
We may also provide you with the option of putting in additional personal information, such as a photograph, and the information you may put into the “My Notes”.
You may be invited to complete a form or a survey, share your testimony, or participate in a promotion (like a contest or challenge) or a user-generated content (like podcasts), either through the Services or a third-party platform. If you participate, we will collect and store the data you provide as part of participating, such as your name, email address, date of birth and/or phone number.
Some of the information we ask you through questionnaires may be regarded as sensitive personal data, such as data concerning your health. We only process this information with your explicit consent (Art. 9 (2) a) GDPR). We use this information only to match you with appropriate mental health professionals and to allow your mental health professional to provide you with their best practice. When we are matching you with a mental health professional, we may use automated individual decision-making or manual methods. We do not use these data with information for any marketing purposes or any other purpose than your wellbeing. This information is only shared with your matched mental health professional and with no other third parties.
All data or information shared during (video) sessions with your mental health professional remain strictly confidential. We have no whatsoever access to this data/information and your mental health professional must not and will not share any of these data with us. The mental health professional will process your data only based on your consent. For scheduling sessions, we use Calendly (Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA). You will find further information on how Calendly processes your data here:https://calendly.com/de/pages/privacy. For the execution of video sessions with your mental health professional, we use the service Google Meet (Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043 United States; Privacy Policy:https://policies.google.com/privacy?hl=en-US). With regard to the video sessions we only process your IP address, the time and location and the duration of the session. Except for the aforementioned metadata, Google will not have no access to any information or data exchanged with your mental health professional.
Meditopia Soul
Our AI assisted chatbot Soul is powered by OpenAI’s ChatGPT. For this reason, if you choose to have a conversation with Soul, your conversations with Soul will be transferred to OpenAI’s servers, outside the EU, through an API connection. However, we will not transfer your conversations with any data that would allow OpenAI to identify you unless you specifically provide them within your conversations. We share your first name with OpenAI, so that Soul can address you properly, which is necessary for the user experience we aim for.
Some of the information you provide during your conversations might be considered sensitive data (Art. 9 GDPR). We will only process such information based on your consent and use such information only for the provision of our service to you. You may withdraw your consent at any time with effect in the future.
To comply with GDPR’s requirements, we have executed a Data Processing Agreement with OpenAI which includes the standard contractual clauses adopted by the EU Commission on June 4, 2021. We do not allow OpenAI to use your information for training or improving its models.
The data transfer between us and OpenAI is carried out throughSOC 2 Type 2 compliant API connection, which been audited by an independent third-party auditor against the2017 Trust Services Criteria for Security according to publicly available information from OpenAI (https://openai.com/policies/api-data-usage-policies).
OpenAI will retain your information sent through the API for a maximum of thirty (30) days, after which it will be deleted, except where OpenAI is required to retain copies under applicable laws, in which case OpenAI will isolate and protect that information from any further processing except to the extent required by applicable laws.
For further information on OpenAI’s API data usage policies, please refer to https://openai.com/policies/api-data-usage-policies.
We may also invite you to participate in surveys in connection with your use of Meditopia Soul.
The information you provide during these surveys may be regarded as sensitive data (Art. 9 GDPR). We will rely on your explicit consent for processing this information and use it only for research and statistical purposes, and improving our services. We will never share this information with any third parties unless we anonymize it first. You may withdraw your explicit consent at any time with effect in the future.
Connection of third party Services / Single Sign-On Services
We may obtain certain information through your social media profiles or other online accounts you have permitted to be connected to our websites or mobile applications. If you login via Facebook or another third-party platform or service, we ask for your permission to access certain information which is already given under that account, such as your name, profile picture, account ID number, email address, location, physical location of your access devices, and birthday. Those platforms and services make information available to us through their APIs, and therefore, the information given to us is limited with the scope of your privacy settings in the platform or service. If you access or use our products or services through a third-party platform or service, the collection, usage, and sharing of your data will also be subject to the privacy policies and other agreements of that third party. We may also obtain information through third parties, which we have a business or legal relationship with, such as business partners, technical, payment and delivery service subcontractors, advertising networks, analytics providers or search information providers.
Meditopia for Work
If your employer has purchased “Meditopia for Work” for you to access Meditopia Premium Membership we may share your personal data (including without limitation, your name, surname, personal and/or corporate email address and IP) with your employer when it is necessary to affirm, validate, confirm or revoke the activation of your Premium Membership or to detect, prevent, or address fraud, abuse, or misuse of our Services. In such a case, we will always consider data minimization principle and we will never share any of your personal data not necessary to achieve the purposes specified under this paragraph. Without prejudice to the above, we will never share any non-aggregated or non-anonymized personal data with your employer, (such as the time spent on the Application and the content engaged with).
Your employer might have also purchased Meditopia Mindfulness Coaching or Meditopia Mental Wellbeing Coaching/Support Services. In that case, we might share with your employer the completed Session numbers, bookings, and similar information and issues that come up during the Sessions only in an anonymized form, without allowing anyone to match these data with you and identify you. Under no circumstances your employer will receive any data or information with regard to the content of your session with your mental health professional.
Newsletter / Newsletter tracking
With our newsletter we inform you about us and our offers. Only your email address is required to register for the newsletter. If you register for the newsletter, your email address will be transmitted to us (or our mail provider) and stored there. After registering, you will receive an email to confirm your registration ("double opt-in").
Data |
Purpose |
Legal Basis |
contact data (email address, name if Applicable), device data (device name, country code if Applicable, language, name of operating system and version), connection data (IP address, mail provider) |
advertising communication |
Art. 6 (1) a) GDPR |
You can withdraw your consent to the processing of Data for the purpose of sending the newsletter or evaluation of related data at any time. The withdrawal can take place over a link, which is contained in each newsletter, or by separate message to us. You will not incur any costs other than the transmission costs according to the basic tariffs.
Other information emails
If a contractual relationship has been established with us (for example, following successful registration on the website or via the App), we may send you emails with interesting information about similar goods or services. You can request at any time that you no longer receive such information emails from us. To do so, please contact us by message or click on the link at the end of the information emails. You will not incur any costs other than the transmission costs according to the basic rates.
Data |
Purpose |
Legal Basis |
contact data (email address), technical data, usage data |
communication to carry out a contractual relationship or on the basis of our legitimate marketing interests, including notification of similar goods or services. |
Art. 6 (1) b) or f) GDPR (if Applicable in conjunction with Section 7 (3) UWG), Art. 6 (1) a) GDPR |
Cookies and other third party tools
We use so-called cookies. Cookies are small text files that are stored on the end device used and saved by the browser. Cookies serve to make our offer more user-friendly, effective, and secure. There are different types of cookies that are used for different purposes. Some cookies ensure that our offers function properly or that you are recognized on your end device after successful registration ("necessary cookies”). By placing these necessary cookies, we make it easier for you to visit our offers and use the services available there. We place other cookies to analyze user preferences and thus improve our offers ("advanced cookies”).
We only place advanced cookies with your consent. When you visit our services for the first time, you will see a pop-up explaining cookies. Once you click on the relevant consent button, you agree to our use of the particular cookies selected, each of which is described in the pop-up as well as in this Privacy Policy. If you want to manage your consent or receive further information on the cookies used on our website, click here. YOU MAY REVIEW ALL COOKIES USED ON OUR WEBSITE THROUGH THE SAME LINK.
In addition, you can adjust your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. You can manage many online ad cookies from companies via the US sitehttp://www.aboutads.info/choices/ or the EU sitehttps://www.youronlinechoices.com/de/. Please note that if you disable cookies, the functionality of this website may be limited.
Insofar as personal data is processed when "necessary" cookies are used, this is based on the legal basis Art. 6 (1) f) GDPR due to legitimate interests of quality assurance and a technically flawless presentation of the website. The processing of personal data when using so-called "advanced cookies" is based on your consent (legal basis: Art. 6 (1) a) GDPR).
Apple HealthKit
We use Apple’s HealthKit framework, which provides a central repository for health and fitness data on iPhone and Apple Watch and – with your explicit consent – lets Apps communicate with the HealthKit store to access and share this data. If you download and use the Apple Watch version of the Application, we may collect and process your heart rate data, obtained through the HealthKit framework and the Apple CoreMotion processor, with your explicit consent. New data attributes may be added to the HealthKit framework, which will be portrayed in the Application and which you have to consent to.
If you grant the App access to HealthKit, it can add information to certain sections of HealthKit, ie. adding the minutes of meditation that the User is listening to in the Application to the Awareness Time section in HealthKit.
Google Fit
We use Google’s Fit SDK which is an open platform that lets users control their fitness data. We do not collect or process any data from Google Fit. However, we may add information to certain sections of Google Fit, ie. adding the minutes of meditation that the User is listening to in the App to the Awareness Time section in Google Fit. New data attributes may be added to the Google Fit framework, which will be portrayed in the App and which you have to consent to.
Social Media
We are present on various social media platforms and process user data within this framework in order to communicate with users active there or to offer information about us. User data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and the interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take Appropriate measures and provide information directly. If you still need help, you can contact us.
Data |
Purpose |
Legal Basis |
inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) |
contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors), affiliate tracking. |
Art. 6 (1) f). GDPR. The use of common social media channels is in our legitimate interest in marketing our offer. |
Services used and service providers:
Data Processing of Applicants
In the event that you apply for a job with us, we will process certain data about you. This data includes your name, email, address and telephone number, gender, work history, qualifications, country of residence, language skills and any other personal information you provide in your interactions with us. We may also ask for additional information to assist us in our recruitment process and if you are offered a job, an example would be date of birth and employment documents.
We process your personal data to fulfill our contractual or pre-contractual obligations (based on Art. 6 (1) b) GDPR) or, where applicable, for the purpose of the employment relationship with you (Section 26 BDSG), in particular we use your data:
Storage and Deleting of Data
We only store your personal data for as long as it is necessary for the respective processing purpose and limit the storage period to the minimum necessary. You may delete your personal data at any time directly in the account settings on www.meditopia.com or our mobile application. In order to do so you have to click on the “Delete my account” button. Please note that you cannot delete your account/data in case of an active subscription as the processing of your data is necessary for the execution of the contract. If the processing purpose for your data lapsed or you actively decided to delete your data, we will only process your data, if we are obliged to do so under the statutory retention periods (for example, in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO)).
Your Rights
You have the following rights:
To exercise your aforementioned rights, you can send an email to gdpr@meditopia.com. In addition, you also have the right to lodge a complaint with a data protection supervisory authority.
If you have any questions with regard to the processing of your data, feel free to contact us at any time.
September 2023