Personal data is required for the purpose of communication, exchanging information and services, fulfilling contractual matters and other purposes associated with a new or existing business relationship.
The controller for data processing is BESTMINDS GmbH. The company is represented by the managing directors: Siegfried Faix and Christian Männlin. The controller and its representatives can be contacted at:
BESTMINDS GmbH has assigned the following external data protection officer:
Solicitor Marc E. Evers
DataSEKure Rechtsanwaltsgesellschaft mbH
Tel.: +49 7661 97 29 10
The following personal data of clients and employees of clients may be processed, provided the data has actually been collected:
The personal data processed does not originate from public sources. The data being processed originates directly from the client's domain.
The legal basis is the following permission as per Article 6(1) General Data Protection Regulation (GDPR):
Data is collected, processed and used for the purpose of customer relationship management, billing, communicating with the client and fulfilling and maintaining the contractual relationship.
We store the collected data on our in-house IT and physically in the departments. If data is relocated, e.g. to the cloud, we will notify the respective customer separately. We use organisational and technical safeguards in compliance with the law to protect the collected personal data against unauthorised access.
Individual personal data is disclosed to the data processing companies we have contracted (e.g. IT service providers; shredders).
Apart from this, personal data will only be transmitted as required by the law.
We only disclose your personal data to third parties:
We do not intend to transmit the personal data of our customers to a third-party country or international organisation.
Our company has implemented suitable technical and organisational measures to ensure data is secure, including company policies and, in the case of commissioned data processing, contract stipulations with the external service provider.
The customer's stored personal data is stored for the time required to process the general contact request or the respective request for information or to fulfil the contracts with the customer. Data is only stored so long as it is required to fulfil the respective purpose. Once the processing or the contract relationship has come to an end or the customer exercises their rights below, the customer's data is handled in compliance with the exercised right and, where applicable, erased unless statutory provisions stipulate longer retention periods.
Once these retention periods, particularly retention periods under tax and commercial law, have expired, the customer's personal data is always erased.
Data is erased as part of our defined erasure routine. We have implemented an internal erasure concept.
The respective processing activity for personal data is logged in so-called records of processing activities.
If processing personal data is based on a balance of interests, the customer can object to processing as per Article 21 GDPR. When objecting, please provide the reasons why we should not process the personal data as we have done. If the objection is justified, we will investigate the situation and will either stop or modify data processing or present the customer with our compelling legitimate reasons for continuing to process data.
We do not use automated decision-making or profiling. In the event that these methods are used, the customer will be notified separately.
Customers are not required by law to provide us with personal data. However, if the data necessary for the conclusion and fulfilment of the contract and the data which must be collected by law is not provided, we will typically not be able to enter into the contract.