Privacy Policy

1. Introduction

a) Contact and Data Collection

NFT Media Labs UG (haftungsbeschränkt), operating as "Dream Business" ("we," "us," or "our"), is committed to protecting your privacy and handling your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).
This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, use our services, complete our quizzes or intake forms, subscribe to our email marketing, or otherwise interact with us. By using our website and services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

DATA CONTROLLER
The data controller responsible for your personal data is:
NFT Media Labs UG (haftungsbeschränkt) Operating as "Dream Business" Bahnhofstr. 3A 82166 Gräfelfing Germany
Email: office@dreambusiness.xyz ; office@nftmedialabs.com
Website: dreambusiness.xyz
‍Managing Director: lONUT MlCHl
Commercial Register: HRB 286406, Amtsgericht München
For all data protection inquiries, questions about your personal data, or to exercise your rights under GDPR, please contact us at: office@dreambusiness.xyz
‍
‍PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data:
1. Information You Provide Directly. Contact Information: Full name (first name and last name), Email address, Any other contact information you voluntarily provide.
Business Quiz Responses:Answers to quiz questions about your business preferences
Business goals and aspirations
Work style preferences
Time availability and commitment level
Financial risk tolerance
Current life situation specific to new business launch intention
Business development stage
Other information you provide in quiz responses
Service Intake Forms: Business preferences and goals, Current business situation, Business creation stage, Challenges and frustrations, Learning preferences, Decision-making approaches, Information about your current or planned business, Any other information you provide in intake forms.
Communication Data: Content of emails you send to us & Records of your communications with us
Feedback, questions, or inquiries you submit
Newsletter and Email Marketing: Email subscription preferences & Email open rates and click-through rates
Engagement with our email content
2. Information Collected AutomaticallyTechnical Data: IP address, Browser type and version, Operating system, Device type (desktop, mobile, tablet), Screen resolution, Time zone setting and location, Browser plug-in types and versions, Platform information
Usage Data: Pages you visit on our website, Time and date of visits, Time spent on pages, Referring website addresses, Click patterns and navigation paths, Quiz completion status, Form interactions.
Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 8 for details)
3. Information From Third Parties: We may receive information about you from third-party services we use, including:Typeform: Quiz responses and form submissions, MailerLite: Email engagement dataMake (Integromat): Automation workflow data, Google Analytics: Website usage statistics and analytics, Stripe: Payment processing data (transaction details, but not full card information)

b. Legal Basis for Processing

Under GDPR, we must have a legal basis to process your personal data. We process your data based on the following legal grounds:
1. Consent (Article 6(1)(a) GDPR)When you: Complete our quiz or intake forms, Subscribe to our newsletter or email list, Submit a contact form, Opt in to receive marketing communications, Accept cookies (where required)
You provide explicit consent for us to process your personal data for the specified purposes. You have the right to withdraw your consent at any time.
2. Contract Performance (Article 6(1)(b) GDPR) When you: Purchase our services, Engage us for business consulting, Enter into a service agreement with us, We process your data to fulfill our contractual obligations, deliver services, and communicate with you about your service.
3. Legitimate Interests (Article 6(1)(f) GDPR): We may process your data based on our legitimate business interests, including: Improving our website and services, Analyzing user behavior and preferences, Preventing fraud and ensuring security, Direct marketing to existing customers, Business development and growth, Maintaining business records.
We ensure that our legitimate interests do not override your rights and freedoms.4.4 Legal Obligations (Article 6(1)(c) GDPR)
We may process your data to comply with legal obligations, including: Tax and accounting requirements, Record-keeping obligations, Responding to legal requests from authorities.

2. How We Use Your Personal Data

We use your personal data for the following purposes:
1. Service Delivery:
To provide quiz results: We process your quiz responses to calculate your business type profile and send you personalized results.
To deliver our services: When you purchase consulting, coaching, or other services, we use your information to deliver those services effectively.
To communicate with you: We use your contact information to respond to inquiries, provide customer support, and communicate about your services.
2. Email Marketing
To send you relevant content: Based on your quiz results and preferences, we send you targeted email content about business development, entrepreneurship strategies, and our services.
To nurture relationships: We maintain ongoing communication with prospects and clients to provide value and build business relationships.
To promote our services: We may send you information about our services, courses, programs, or products that may be of interest to you.
You can unsubscribe from marketing emails at any time using the unsubscribe link in every email or by contacting us directly.
3. Analytics and Improvement:
To analyze website usage: We use analytics tools to understand how visitors interact with our website, which pages are most popular, and how we can improve user experience.
To improve our services: We analyze quiz responses and feedback to enhance our services, develop new offerings, and better understand our audience's needs.
To optimize marketing: We track email engagement metrics to improve the relevance and effectiveness of our communications.
4. Business Operations:
To maintain records: We keep records of transactions, communications, and business interactions for accounting, legal, and operational purposes.
To prevent fraud: We monitor for suspicious activity and take measures to protect against fraudulent transactions or misuse of our services.
To comply with legal obligations: We process data as required by tax laws, commercial regulations, and other legal requirements.
5. Research and Development:
To develop new services: We may analyze aggregated, anonymized data to identify trends, develop new services, and improve our business offerings.
To create content: We may use aggregated, non-identifiable data to create blog posts, case studies, or educational content (always anonymized).

THIRD-PARTY SERVICE PROVIDERS:
We use the following third-party services that may access or process your personal data:
1. Typeform (Quiz and Form Platform)
Purpose: To collect quiz responses and intake form submissions
Data Shared: Name, email address, quiz responses, form submissions
Location: EU and US (with GDPR-compliant safeguards)
Privacy Policy: https://www.typeform.com/privacy/
2. MailerLite (Email Marketing Service)
Purpose: To manage our email list and send marketing communications
Data Shared: Name, email address, quiz results, email engagement data Location: EU (Lithuania)
Privacy Policy: https://www.mailerlite.com/legal/privacy-policy
3. Make / Integromat (Automation Platform)
Purpose: To automate workflows between different services (quiz to email)
Data Shared: Name, email address, quiz responses
Location: EU and US (with GDPR-compliant safeguards)
Privacy Policy: https://www.make.com/en/privacy-policy
4. Stripe (Payment Processor)
Purpose: To process payments for services
Data Shared: Name, email address, payment information, transaction details
Location: US (with GDPR-compliant safeguards under Standard Contractual Clauses)
Privacy Policy: https://stripe.com/privacy
Note: Stripe handles payment card information directly and securely. We do not store or have access to your full credit card details.
5. Google Analytics (Website Analytics)
Purpose: To analyze website traffic and user behavior
Data Shared: IP address (anonymized), browser information, pages visited, usage patterns
Location: US (with GDPR-compliant safeguards)
Privacy Policy: https://policies.google.com/privacy
We have configured Google Analytics to anonymize IP addresses and have disabled data sharing with Google for advertising purposes. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
6. Canva (Website Hosting)
Purpose: Website hosting and content delivery
Data Shared: Website visitor data, technical information
Location: Australia and global CDN
Privacy Policy: https://www.canva.com/policies/privacy-policy/
7. Future CRM and Marketing Tools: We may integrate additional customer relationship management (CRM) or email marketing tools in the future. When we do, we will update this Privacy Policy accordingly and ensure all tools comply with GDPR requirements. All third-party service providers are carefully selected and contractually required to: Process data only for specified purposes, Implement appropriate security measures, Comply with GDPR and applicable data protection laws, Not use your data for their own purposes, Delete or return data when services are terminated.

a) Data Transfers outside EU

Some of our third-party service providers are located outside the European Union or may transfer data to servers outside the EU, including the United States. When we transfer your personal data outside the EU, we ensure appropriate safeguards are in place: Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with service providers in countries without adequate data protection laws. Adequacy Decisions: We may transfer data to countries that have received an adequacy decision from the European Commission. Service providers in the US: We work with US-based providers that implement appropriate safeguards such as Standard Contractual Clauses and maintain robust data protection practices. Your Rights: Even when data is transferred outside the EU, you retain all your rights under GDPR, including the right to access, correct, and delete your data. Current international transfers: Stripe (US) - Standard Contractual Clauses, Google Analytics (US) - Standard Contractual Clauses, Make (US servers) - Standard Contractual Clauses, Typeform (US servers) - Standard Contractual Clauses

3. Cookies and Tracking Technologies

a) What are cookies and types of cookies we use

Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website. Cookies allow the website to recognize your device and remember information about your visit.
Essential Cookies: These cookies are necessary for the website to function properly and cannot be disabled. They include cookies for basic website functionality and security.
Analytics Cookies (Google Analytics): We use Google Analytics to understand how visitors use our website. These cookies collect information about pages visited, time spent on pages, and navigation patterns. This data is aggregated and anonymized. You can control cookie preferences through your browser settings.
Please note that disabling cookies may affect website functionality.
Managing Cookies: You can control and manage cookies through your browser settings: Google Chrome: Settings > Privacy and Security > Cookies and other site data; Mozilla Firefox: Options > Privacy & Security > Cookies and Site Data; Safari: Preferences > Privacy > Cookies and website data; Microsoft Edge: Settings > Privacy, search, and services > Cookies and site data
To opt out of Google Analytics specifically: Install the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
‍Do Not Track Signals. Some browsers have a "Do Not Track" feature. Our website currently does not respond to Do Not Track signals, as there is no industry standard for how to interpret these signals. However, you can control tracking through your browser settings and the Google Analytics opt-out tool.
DATA RETENTION: We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.
1. Retention Periods: indefinitely or until you unsubscribe, as long as these records serve our business purposes. Email Marketing List: We retain your data indefinitely or until you unsubscribe from our email list. When you unsubscribe, we will delete or anonymize your data within 30 days, except for records we must keep for legal or accounting purposes. Service Clients: For clients who purchase services, we retain data for the duration of the service relationship and for 10 years thereafter to comply with German commercial and tax law (Handelsgesetzbuch - HGB and Abgabenordnung - AO). Quiz Responses: Quiz response data is retained indefinitely or until you request deletion. We use this data to provide ongoing value through email marketing. Transaction Records: Payment and transaction records are retained for 10 years to comply with German accounting and tax obligations. Communications: Emails and other communications may be retained as business records for up to 10 years. Technical Logs: Server logs and technical data are typically retained for 90 days for security and troubleshooting purposes
2. Deletion.
After Retention Period: After the applicable retention period expires, we will securely delete or anonymize your personal data. Anonymized data may be retained for statistical purposes, but it can no longer be linked to you as an individual.

a) Your Rights Under GDPR

Under the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
10.1 Right of Access (Article 15 GDPR): You have the right to request confirmation of whether we process your personal data and, if so, to access that data. You can request a copy of your personal data in a commonly used electronic format.
10.2 Right to Rectification (Article 16 GDPR)You have the right to request correction of inaccurate personal data and to have incomplete data completed.
10.3 Right to Erasure / "Right to be Forgotten" (Article 17 GDPR): You have the right to request deletion of your personal data in certain circumstances: The data is no longer necessary for the purposes it was collectedYou withdraw your consent (where processing was based on consent)You object to processing and there are no overriding legitimate groundsThe data was unlawfully processedDeletion is required to comply with a legal obligationNote: This right is not absolute. We may retain data if required by law (e.g., tax records) or if we have other legal grounds for processing.
10.4 Right to Restriction of Processing (Article 18 GDPR): You have the right to request restriction of processing in certain circumstances: You contest the accuracy of your data (restriction during verification); Processing is unlawful but you prefer restriction over deletion; We no longer need the data, but you need it for legal claims; You have objected to processing (restriction pending verification of legitimate grounds)
10.5 Right to Data Portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where: Processing is based on consent or contract; Processing is carried out by automated means.
10.6 Right to Object (Article 21 GDPR): You have the right to object to processing of your personal data: Processing based on legitimate interests: You can object at any time, and we must stop processing unless we can demonstrate compelling legitimate grounds that override your interestsDirect marketing: You can object to processing for direct marketing purposes at any time, and we will stop processing immediately
10.7 Right to Withdraw Consent (Article 7(3) GDPR): Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.
10.8 Right to Lodge a Complaint (Article 77 GDPR)You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred.In Germany, the relevant supervisory authorities are:For Bavaria: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)Federal level: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)Contact: https://www.bfdi.bund.de/
‍10.9 How to Exercise Your RightsTo exercise any of these rights, please contact us at: Email: office@dreambusiness.xyz Or write to: NFT Media Labs UG Attn: Data Protection / GDPR Request Bahnhofstr. 3A 82166 Gräfelfing Germany. We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension and reasons. To protect your privacy and security, we may ask you to verify your identity before processing your request.
DATA SECURITY: We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.
11.1 Security MeasuresTechnical Measures: Encryption of data in transit using SSL/TLS protocols (HTTPS). Secure data storage with access controls. Regular security updates and patches. Firewall protection and intrusion detection. Secure authentication mechanisms. Regular backups with encryption. Organizational Measures: Access to personal data limited to authorized personnel only; Confidentiality agreements with all personnel; Regular security training and awareness programs; Data breach response procedures; Vendor security assessments; Privacy by design principles in all systems; Third-Party Security: All third-party service providers are carefully vetted for their security practices and are contractually required to implement appropriate security measures.
11.2 Data Breach NotificationIn the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.
11.3 LimitationsWhile we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your personal data to the best of our ability.

4. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18 years of age.If you are under 18, please do not provide any personal information through our website, quiz forms, or services.If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information as soon as possible.If you believe we have inadvertently collected data from a child under 18, please contact us immediately at: office@dreambusiness.xyz
‍AUTOMATED DECISION-MAKING AND PROFILING
13.1 Quiz ResultsOur business quiz uses automated processing to calculate your business type profile based on your responses. This is a simple scoring algorithm that categorizes your answers into one of six business types (Freedom Business, Creative Business, Growth Business, Impact Business, Passive Income Business, or Predictable Income Business).This automated processing:Is based solely on your self-reported quiz responsesDoes not have legal effects or similarly significantly affect youIs designed to provide helpful guidance, not definitive adviceCan be reviewed and challenged by contacting us
13.2 Email Marketing PersonalizationWe may use automated systems to personalize email content based on:Your quiz resultsYour email engagement (opens, clicks)Your stated preferencesThis profiling:Is designed to provide more relevant contentDoes not have legal effectsCan be opted out of at any time by unsubscribing
13.3 Your RightsYou have the right to:Request human intervention in automated decision-makingExpress your point of viewContest the decisionRequest explanation of the logic involvedTo exercise these rights, contact us at: office@dreambusiness.xyz
‍MARKETING COMMUNICATIONS
14.1 Email MarketingWhen you complete our quiz or subscribe to our email list, you consent to receive email marketing communications from us, including:Your quiz results and personalized recommendationsEducational content about business developmentTips, strategies, and best practices for entrepreneursInformation about our services, programs, and offeringsPromotional offers and announcements
14.2 FrequencyWe send emails on a regular basis, typically 1-4 times per week, though frequency may vary based on campaigns and your preferences.
14.3 Unsubscribing: You can unsubscribe from our marketing emails at any time by: Clicking the "Unsubscribe" link at the bottom of any emailContacting us at: office@dreambusiness.xyzReplying to any email with "UNSUBSCRIBE"When you unsubscribe, we will stop sending you marketing emails within 48 hours. You may still receive transactional emails related to services you've purchased or important account information.
14.4 Legitimate Interest MarketingIf you are an existing customer, we may send you marketing communications based on legitimate interest (soft opt-in). You can opt out at any time using the methods above.
LINKS TO THIRD-PARTY WEBSITES
Our website may contain links to third-party websites, resources, or services that are not operated by us. This Privacy Policy applies only to our website and services.We are not responsible for the privacy practices or content of third-party websites. We encourage you to read the privacy policies of any third-party websites you visit.When you click on a third-party link and leave our website, you do so at your own risk, and any information you provide to third parties is governed by their privacy policies, not ours.

5. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.When we make material changes to this Privacy Policy, we will:Update the "Last Updated" date at the top of this pageNotify you by email (if you have subscribed to our email list)Display a prominent notice on our websiteRequest your renewed consent where required by lawWe encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.Continued use of our services after changes to this Privacy Policy constitutes acceptance of the updated policy.CONTACT USIf you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
Email: office@dreambusiness.xyz
Mail: NFT Media Labs UG Attn: Data Protection Officer / GDPR Inquiries Bahnhofstr. 3A 82166 Gräfelfing Germany
We aim to respond to all inquiries within 5 business days.
For GDPR-related requests (access, deletion, etc.), we will respond within one month as required by law.
SUPERVISORY AUTHORITYYou have the right to lodge a complaint with the data protection supervisory authority if you believe we have not handled your personal data appropriately.Relevant supervisory authority for Bavaria, Germany:Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach Germany Phone: +49 (0) 981 180093-0 Email: poststelle@lda.bayern.de Website: https://www.lda.bayern.de/Federal supervisory authority:Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) Graurheindorfer Str. 153 53117 Bonn Germany Phone: +49 (0) 228 997799-0 Email: poststelle@bfdi.bund.de Website: https://www.bfdi.bund.de/GERMAN VERSION / DEUTSCHE VERSION
This Privacy Policy is provided in English for the convenience of our international users. A German version of this Privacy Policy (Datenschutzerklärung) is available upon request. For the German version, please contact: office@dreambusiness.xyz
Die deutsche Fassung dieser Datenschutzerklärung ist auf Anfrage erhältlich. Bitte kontaktieren Sie uns unter: office@dreambusiness.xyzIm Falle von Abweichungen zwischen der englischen und der deutschen Version ist die deutsche Version rechtsverbindlich.
END OF PRIVACY POLICY
Copyright 2026 NFT Media Labs UG (Dream Business). All Rights Reserved.