Privacy policy

This privacy policy informs about the data processing during the use of our website as well as your personal data as an applicant or prospect / customer.

In the course of developing our web pages and implementing new technology, it may be necessary to make changes to this privacy policy. We therefore recommend that you re-read this privacy policy from time to time.

BESTMINDS GmbH Privacy Policy

 

§ 1 – Definitions and contact information

 

1. Personal data is any data related to or obtainable about you personally, e.g. name, address, email addresses, user behaviour.

2. The controller for data processing is BESTMINDS GmbH.

The controller can be contacted at

Address: Basler Straße 65, D 79100 Freiburg

Tel.: +49 761 888 51 23 0

Email: info@bestminds.de

 

3. The data protection officer for BESTMINDS GmbH is DataSEKure Rechtsanwaltsgesellschaft mbH

The data protection officer can be contacted at

Solicitor Marc E. Evers

DataSEKure Rechtsanwaltsgesellschaft mbH

Address: Weilerstraße 9, D 79252 Stegen

Tel.: +49 7661 97 29 10

Email: datenschutz@datasekure.de

 

§ 2 – Purpose and legal basis for data processing

 

1. Personal data collected when visiting the website

 

When merely using the website for information purposes, i.e. when you visit our website, we do not process personal data with the exception of data transmitted by your browser to allow you to visit the website. This means we only store access data in so-called server log files which are stored until they are automatically erased. These are:

  • IP address
  • date and time of the request
  • time zone difference to Greenwich Mean Time (GMT)
  • nature of the requirement (precise page)
  • access status/http status code
  • data volume transferred
  • website where the request originated
  • browser
  • operating system and interface
  • language and version of the browser software.

 

We process this data for the following purposes:

  • ensuring a smooth connection to the website
  • ensuring easy website navigation
  • analysing system security and stability as well as
  • other administrative purposes

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest results from the above purposes for data collection. We never use the collected data to trace you personally.

Our website also uses cookies and analytical services. For more details, please see §6 and 7 of this privacy policy.

2. Personal data collected when using the "Contact form" feature of our website

 

In addition to using our website for purely informational purposes, we also offer the option to contact us directly and send us your enquiry. In this case you will typically need to provide additional personal data which we only use to provide the respective service. This data is:

  • title
  • first name and surname
  • email

Areas where additional voluntary information can be provided are marked accordingly.

Data processing for contact purposes is only undertaken based on your voluntary consent as per Article 6 (1) (a) GDPR.

Personal data collected to use the contact form is automatically erased after processing your enquiry.

3. Personal data collected from email, phone or fax enquiries

 

When contacting us by email, phone or fax, we process your enquiry and your data resulting from the enquiry for the purpose of processing your enquiry.

The legal basis for this is Article 6(1)(b) GDPR if your enquiry is related to the fulfilment of a contract or is necessary for pre-contractual measures. Otherwise, processing is based on our legitimate interest in processing the enquiries submitted to us as per Article 6(1)(f) GDPR.

The personal data necessary for the submitted enquiry is erased after storage is no longer needed or processing will be restricted if statutory retention obligations apply.

§ 3 – Who receives your data

 

1. Your data will not be disclosed to third parties without your express consent. In some cases we use external service providers to process your data. These have been carefully selected and assigned by us, are bound to our instructions and are regularly audited. Your personal data will not be transmitted to third parties for purposes other than those specified below.

We only transmit your personal data to third parties:

  • with your express consent as per Article 6(1)(a) GDPR ,
  • where disclosure is necessary as per Article 6(1)(f) GDPR to assert, exercise or defend against legal claims and there is no reason to believe you have an overriding interest in your data not being disclosed,
  • in the event that there is a legal obligation for disclosure as per Article 6(1)(c) GDPR, and
  • where permitted by law and necessary for the conclusion of a contractual relationship with you as per Article 6(1)(b) GDPR.

2. We may also disclose your personal data to third parties when we offer participation in campaigns, contests, conclusion of contracts or similar services together with partners. Additional information about this is available when providing your personal data or at the bottom of the description of the offer.

3. If our service provider or partner is located in a state outside the European Economic Area (EEA), we will notify you of the consequences of this circumstance in the description of the offer.

4. Notice on data transmitted to the USA

We have embedded tools from companies based in the USA on our website. Your personal data can be transmitted to the U.S. servers of the respective companies if these tools are enabled.

U.S. companies are obliged to disclose personal data to the National Security Agency. As the data subject you are unable to object to this and have no legal recourse.

We cannot rule out the possibility that U.S. authorities (e.g. Secret Service) may access your personal data on U.S. servers and analyse and store it permanently.

Therefore please note that the USA is not a secure third-party country as defined by EU data privacy laws.

§ 4 – Data storage period

 

1. When contacting us by email, we store the data provided by you (your email address and where applicable your name and telephone number) to respond to your enquiry. We delete the data obtained in this context after its storage is no longer necessary or restrict its processing if there are statutory retention obligations.

2. Your stored personal data is further stored for the duration of the business relationship with you or for the duration required by law.

Once the contractual relationship expires or you exercise your rights specified under §5, your data will be handled or where applicable erased based on your rights exercised as defined by §5, unless statutory provisions stipulate longer retention periods.

If statutory retention periods apply, the storage time for certain data may be up to 10 years irrespective of the purpose of processing.

§ 5 – Your rights

 

1. To information, correction, erasure, restriction or data portability

 

You have the right at any time to request information about the personal data concerning you we have stored, as well as its origin, recipients or categories of recipients this data is disclosed to and the purpose of storage. You have the right to request to view the personal data you have provided in a structured, common and machine readable format or to request that the data is transmitted to another controller.

You have the right to have the personal data concerning you that we have stored corrected, restricted or erased unless statutory retention periods require otherwise.

2. To object to or withdraw your consent to your data being processed at any time

 

(1) If you have consented to your data being processed, you may withdraw your consent at any time. Withdrawing your consent will affect how reliable future processing of your personal data is.

(2) Where we base the processing of your personal data on a balance of interests, you can object to processing. This applies if processing is not specifically required to fulfil a contract with you as illustrated by us in the following description of functions. When objecting, please provide the reasons why we should not process your personal data as we have done. If your objection is justified, we will investigate the situation and will either stop or modify data processing or present you with our compelling legitimate reasons for our data processing.

(3) Naturally, you may object to the processing of your personal data for advertising and data analysis purposes at any time.

3. To lodge a complaint with a data protection authority

 

If you do not agree with how we handle the data concerning you that we have stored, you have the right to lodge a complaint with the competent data protection authority.

All requests for information or objections to data processing should be sent to our data protection officer by email

Solicitor Marc E. Evers

DataSEKure Rechtsanwaltsgesellschaft mbH

Address: Weilerstraße 9, D 79252 Stegen

Tel.: +49 7661 97 29 10

Email: datenschutz@datasekure.de

§ 6 – Cookies

 

1. Our website uses cookies. Cookies are small files automatically set up on your browser and stored on your device (laptop, tablet, smartphone or similar) when visiting our website. Cookies are not harmful to your device and do not contain viruses, trojans or other malware.

2. Information related to the specific device used is stored in the cookie. This does not mean, however, that we receive any information directly related to your identity.

3. Session cookies are erased immediately after leaving our website. Temporary cookies remain stored on your device for a specific period. Permanent cookies remain stored on your device until erased by you or the web browser.

4. Cookies have various functions.

Many cookies are necessary for technical purposes to ensure the website is working properly. The data processed by cookies is required for the purposes specified and to protect our legitimate interests and those of others in accordance with Article 6 (1) (1f) of the GDPR.

We also use cookies which are not absolutely necessary. These allow us to anonymously analyse the use of our website. The legal basis for this is your consent as per Article 6(1)(a) GDPR.

5. If we request your consent to store cookies, your data will exclusively be processed based on this consent as per Article 6(1)(a). You may withdraw your consent at any time.

6. You can configure your browser to prevent cookies from being stored or to always be notified before a new cookie is added. You can also block cookies from being accepted in specific cases. You can also configure it to automatically erase cookies when closing your browser. However, blocking all cookies may prevent you from using all functions of our website.

7. You can at any time change or withdraw your consent from the Cookie Declaration on our website.

§ 7 – Data security

 

We use the widely used SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser when you visit our website. This is typically 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can determine whether a specific page of our website is transmitted in encrypted form by means of the closed key or lock icon in the bottom status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, corruption or unauthorised access by third parties. Our security measures are continuously enhanced to correspond with technological developments.

§ 8 Hosting

 

Our website is hosted by an external service provider. The personal data collected on the website (see §2 no. 1) is stored on the host’s servers.

As per Article 6(1)(f) GDPR, data processing in connection with using a host is based on our legitimate interest in secure, fast and efficient access to our website through a professional provider. The host will only process your personal data in accordance with our instructions.

We have entered into an data processing contract with our service provider.

§ 9 – Links to third-party websites

 

Our website includes links to the following third-party websites             

  • LinkedIn
  • Xing
  • Facebook
  • Twitter
  • Cookiebot
  • Google

We have no control over the contents and data processing on these websites. Please refer to the privacy policy of the respective website for the purpose and scope of data collection and further processing and use of the data as well as your rights and configuration options in this respect to protect your privacy.

§ 10 - Our services

 

1. Newsletter

 

1. With your consent, you can subscribe to our newsletter, with which we inform you about our current news. The content of the newsletter is named in the declaration of consent.

2. For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

3. Mandatory data for sending the newsletter are mentioned in the registration form. After your confirmation, we store your data for the purpose of sending the newsletter. The legal basis is Art.6 para.1 p.1 lit.a DSGVO.

4. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter email.

2. Registering on this website

 

You can register on our website to access additional functions. We only process the required information requested during registration for the purpose of using the respective offer or services you have registered for.

Processing of your personal data is based on the implementation of the use relationship established by the registration as per Article 6(1)(b) GDPR.

We store your personal data collected for this purpose as long as you are registered on our website. Statutory retention periods remain unaffected.

3. Applications

 

You can apply with us using the online application form on our website. You may also send your application by email or post.

When submitting your application, we process the data provided by you for the purpose of determining whether to begin an employment relationship. The legal basis for this is Article 6(1)(b) GDPR. Your personal data is only disclosed to individuals within our company who are responsible for processing your application.

 

If we do not offer you a position at our company or you withdraw your application, reject our offer or request that we erase your data, your application documents will be stored for a maximum of 6 months after the application process has been completed.

At the end of the retention period, the data will be erased unless statutory retention periods or other legal reasons for further storage apply. Statutory retention periods remain unaffected. If you have consented to further storage of your application data as per Article 6(1)(a) GDPR to enable you to be notified of suitable future vacancies, your data will be stored until your consent is withdrawn.

You may withdraw your consent at any time.

§ 11 - Analysis tools and advertising

 

1. Use of Google Analytics

 

With your consent, we use the web analysis service "Google Analytics" from Google LLC on our website.

Google Analytics uses so-called "Cookies", text files stored on your computer, which enable an analysis of your use of the website.

The information generated by the cookie regarding your use of this website will generally be transferred to a Google server in the USA and saved there. This is beyond our control.

We only use Google Analytics with IP anonymisation enabled. Google will therefore truncate your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and truncated there in exceptional cases.

Google will use this information on our behalf to analyse your use of the website, generate reports on website activity and provide the advertiser with additional services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, the following data in particular is collected:

  • your approximate location,
  • your truncated IP address
  • your user behaviour,
  • pages you have visited
  • technical information about your browser and device
  • your internet provider
  • the referring URL

The data and related cookies are erased after 14 months.

Data is automatically erased once a month at the end of their retention period.

You can configure your browser software to prevent cookies from being stored; however, in this case you may not be able to make full use of all functions of this website.

You can prevent data about your use of the website generated by the cookie (including your IP address) being collected by Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Data processing in connection with Google Analytics is based on your consent as per Article 6(1)(a) GDPR, which has been prompted for example when consenting to cookies being stored.

You may withdraw your consent at any time.

Google Analytics is used in compliance with the rules established between German data protection authorities and Google. We have concluded a data processing contract with Google.

Third party information: Google Dublin, Google Ireland Ldt., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of use: https://marketingplatform.google.com/about/analytics/terms/gb/,

Privacy information: https://policies.google.com/privacy?hl=en,

and the privacy policy: https://policies.google.com/privacy.

2. Use of Google Conversion Tracking

 

The host of our website uses "Google Conversion Tracking" by Google LLC.

This allows us and Google to recognize if a user has executed an action and, if so, which action and which buttons they have clicked. This data is used to generate conversion statistics.

We do not receive any data which can be used to personally identify you. Google itself uses cookies or comparable recognition technologies for identification.

You data may be transmitted to servers in the USA and stored there. This is beyond our control. Google Conversion Tracking is used in compliance with the rules between German data protection authorities and Google. We have concluded a data processing contract with Google.

For more information, please refer to the Google privacy policy: https://policies.google.com/privacy?hl=en.

Data processing in connection with Google Conversion Tracking is based on your consent as per Article 6(1)(a) GDPR, which was prompted, for example, when consenting to cookies being stored. You may withdraw your consent at any time.

§ 12 – Plugins and tools

 

1. Use of Social Media plugins

 

Our website uses Social Media plugins ("plugins") from social media networks. To better protect your data when visiting our website, plugins are not unrestricted but merely embedded in the page using an HTML link (so-called "Sharrif solution" from c´t). This embedding ensures that when you open a page on our website containing these plugins, it does not immediately connect to the servers of the social network provider.

When clicking one of the buttons, a new window opens in your browser and opens the page of the respective service provider where you (where applicable after entering your login information) can confirm the Like or Share button, for example.

Please refer to the privacy policy of the provider for the purpose and extent of data collection and further processing and use of this data by the provider, as well as your rights and configuration options to protect your privacy.

http://www.facebook.com/policy.php

https://twitter.com/privacy

https://www.xing.com/privacy

http://www.linkedin.com/legal/privacy-policy

Your data may be transmitted to the respective servers in the USA and stored there. This is beyond our control.

The legal basis for using the respective social media plugin is our legitimate interest as defined by Article 6(1)(f) GDPR in an attractive website design and embedding our social media content on it.

2. Use of Google Maps

 

This website uses the "Google Maps" service of Google LLC. This allows us to provide you with interactive maps directly on the website and allows you to use the map function with ease.

When visiting the website, Google receives a notification that you have accessed the respective subpage of our website. In addition, the data specified under §2 of this policy is transmitted. This data is transmitted regardless of whether you are logged into or have a Google account. If you are logged into Google, you data will be linked directly to your account. If you do not wish to be linked to your Google account, you will need to log out before activating the button. Google stores your data as a usage profile and uses it for the purposes of advertising, market research and/or customizing its website. This analysis is particularly used (even for users who are not logged in) to provide custom advertising and notify other users on the social network about your activity on our website. You have the right to object to these user profiles being created, which must be exercised with Google.

This information may be transmitted to Google servers in the USA and stored there. This is beyond our control. Google Maps is used in compliance with the rules between German data protection authorities and Google. We have concluded a data processing contract with Google.

Please refer to the Google privacy policy for additional information about the purpose and extent of data collection and processing by Google as the plugin provider. It also contains additional information about your rights and configuration options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

Data processing in connection with Google Maps is based on your consent as per Article 6(1)(a) GDPR, which was prompted, for example, when consenting to cookies being stored. You may withdraw your consent at any time.

 

3. Integration of Google Fonts

 

On this website, we use the offer of "GoogleFonts" of Google Inc. This allows us to display various fonts directly on the website.

 

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under §2 of this declaration are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

 

This information may be transferred to Google servers in the USA and stored there. We have no influence on this. The use of Google Fonts is in accordance with the condition on which the German data protection authorities agree with Google. We have concluded an order processing contract with Google.

 

For more information on the purpose and scope of data collection and its processing by the plug-in provider Google, please refer to the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

 

The data processing in connection with Google Fonts is based on our legitimate interest in an appealing presentation of various fonts on our website in accordance with Art. 6 para.1 p.1 lit.f DSGVO.