Privacy policy

This privacy policy informs about the data processing during the use of our website as well as your personal data as an applicant or prospect / customer.

In the course of developing our web pages and implementing new technology, it may be necessary to make changes to this privacy policy. We therefore recommend that you re-read this privacy policy from time to time.

BESTMINDS GmbH Privacy Policy

Use of our website generally does not require users to reveal personal data. In as far as personal data which can be related to you personally (for example names, addresses, email addresses, user behavior) are collected on our website, such data shall always be provided on a voluntary basis. These data shall only be passed on to third parties with your explicit consent. The purpose of processing is the operation of a website for the purpose of offering services in the field of recruitment consultancy, in particular recruitment services.

Please note that there may be security gaps when transferring data via the internet (e.g. communication by email). It is not possible to fully protect data from access by third parties.
Please read on for an explanation of how we process your personal data as an applicant when you apply for a position or as a prospect/customer, as well as other relevant information on this topic.

1. Who is responsible for processing your personal data?

Your consultant is responsible for the purposes of the data protection act, who commissions the BESTMINDS GmbH as a processor to fulfill his/her contractual obligations towards you. BESTMINDS GmbH, Basler Straße 65, D 79100 Freiburg, Tel. +49 761 888 51 23 0, Fax +49 761 888 51 23 99, info@bestminds.de, www.bestminds.de is your primary point of contact to reach out to your consultant.

2. Data protection contact

All issues related to the processing and protection of your personal data as well as issues related to the exercising of your rights in accordance with the GDPR can be discussed with our contact person Mr. RA Evers, DataSEKure Rechtsanwaltsgesellschaft mbH, Burgunder Straße 20, 79104 Freiburg at datenschutz@datasekure.de as well as online on www.datasekure.de.

3. For what purposes and on what legal basis do we process personal data?

We process personal data relating to you solely for the purpose of your application for employment with one of our clients, and only to the extent that this is necessary in order for the client to make a decision regarding your application. The legal basis for this is your consent pursuant to Article 6(1)(a) GDPR.

As a prospect / customer, we process personal data relating to you solely for the purpose of the fulfillment of our contract and business relationship with you and only insofar as this is necessary for the fulfillment of this purpose. The legal basis for this is the need to fulfill the underlying contract or similar contractual agreement between your consultant and you as a client to Article 6 (1)(b) GDPR.

4. What categories of personal data do we process?

We process data concerning you as an individual, information on your professional qualifications or other information that you transfer to us in connection with your application. We only process the data that you yourself provide to us via your application.

As a prospect / customer, we process data concerning your company, contact detail of employees named as contact persons for the contract, information regarding the position described in the contract and other information that you give us for the purpose of communicating with you, initiating business with you or performing the contract with you.

5. Where do we obtain personal data from, other than from you?

We only process the data that you yourself provide to us via your application.

Contact form

If you send us inquiries via the contact form, your input from the inquiry form, including the contact details given there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent. The processing of the data entered into the contact form is therefore exclusively based on your consent. You can revoke this consent at any time. To do so an informal message by e-mail to us is sufficient. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation. The data entered by you in the contact form will be stored in our database until you ask us to delete it, revoke your consent for storage or the purpose for the data storage is omitted (e.g. after completion of your request). Mandatory statutory provisions - especially retention periods - remain unaffected.

6. What are the categories of data recipients?

We may transmit your personal data, which you provide to us via your application, to clients of ours who are offering a role matching the one you are seeking.

We may transmit the contact details of the contact person in your organization to the applicants.

7. Will data be transferred to a third country?

We have no plans to transfer data to a third country.

8. How long are your data stored for?

We store your personal data for as long as this is necessary in order to make a decision on your particular application. The data will be erased after this purpose has been fulfilled, i.e. when the application process for the position in question ends, unless you explicitly state that you would like to be included in our talent pool until you withdraw your consent. If you send an unsolicited application and give your consent, you will be included in our talent pool directly and your data will be stored until you withdraw your consent. Your data will be erased immediately upon your request (withdrawal of consent) and can also be viewed or updated.

9. Are access data collected during internet use?

We, or our hosting provider, collect data regarding every instance of access to the server (log files) on the basis of legitimate interests (Article 6(1)(f) GDPR). The access data include the name of the website requested, file, date, time, quantity of data transferred, notification of successful request, browser type and version, user’s operating system, previously visited website, IP address and the provider making the request. Log files are stored for a maximum of seven days, for security reasons (e.g. to enable the investigation of attacks) and to enable troubleshooting, and are subsequently erased. They will only be used in other ways (in order to provide evidence) in the event of a security incident (e.g. an attack on the website).

10. Does this website use cookies?

Our website uses cookies on the basis of legitimate interests (Article 6(1)(f) GDPR). Cookies are text files that are stored in the user’s internet browser or stored in the user’s computer system by their internet browser. When a user accesses a website, a cookie may be stored in the user’s operating system. This cookie contains a unique character sequence which makes it possible to identify the specific browser when the website is accessed again.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some of our website’s functions cannot be made available without the use of cookies. For the purpose of these functions, it must be possible for the browser to be recognized again even after a page change.
We require cookies for the following applications: Google Analytics and Google DoubleClick. The functioning of Google Analytics is explained in the following section. The third-party DoubleClick cookie is used for Display Advertiser features provided by Google Analytics, such as remarketing. developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
These cookies store and transfer the following data: a unique ID, domain and path information and a parameter name with an associated value. The user data collected by technically necessary cookies are not used to create user profiles.

Inclusion of third-party services and content

Our online offering makes use of content or services offered by third parties in order to include this content or these services on the basis of our legitimate interests (Article 6(1)(f) GDPR). These third-party providers receive users’ IP addresses in order to be able to send the content to users’ browsers. We make every effort only to use content whose providers will use the IP addresses solely for the purpose of providing this content. Third-party providers may also use pixel tags (invisible graphics or “web beacons”) for statistical purposes. These make it possible to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device, may contain technical information concerning the browser and operating system, referring web pages and time of visit as well as other information on the use of our online offering, and may be combined with information of this nature from other sources.

Google Analytics

We use the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google uses cookies. The information generated in these cookies about the use of the online offering is generally transmitted to and stored on a Google server in the USA. Google is certified under the Privacy Shield Framework, which means that it has committed to complying with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will only use this information on our behalf in order to analyze the use of our online offering by users. We only use Google Analytics with IP anonymization activated. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser will not be merged with other Google data.

You may prevent the storage of cookies by selecting the appropriate settings in your browser software and your consent will be revoked at any time with effect for the future. You can use the following deactivation link: Disable Google Analytics

You can also prevent these data from being collected and used by installing this browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on the use of data by Google, on the settings you can use and on the possibility of making an objection, please see policies.google.com/technologies/partner-sites (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads?hl=en (“Advertising”), https://www.google.com/settings/ads (“Manage the information Google uses to show you ads”).

We have concluded a data processing contract with Google and implement the strict regulations of the German data protection authorities in full in our use of Google Analytics.

Google Maps

Our website offers maps from the service Google Maps provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: policies.google.com/privacy, ad personalization and opt-out: adssettings.google.com/authenticated.

Xing

Our online offering may include features and content belonging to the service Xing. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.

This may include content such as images, videos or text as well as buttons. If the user is a member of Xing, Xing may associate the access to the above-mentioned content and features with the user’s personal profile.

Xing Privacy Policy: https://privacy.xing.com/en/privacy-policy.

LinkedIn

Our online offering may include features and content belonging to the service LinkedIn. The provider is LinkedIn AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.

This may include content such as images, videos or text as well as buttons. If the user is a member of LinkedIn, LinkedIn may associate the access to the above-mentioned content and features with the user’s personal profile.

LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

LinkedIn is certified under the Privacy Shield Framework, which means that it guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Facebook

Within our online offer the so-called "Facebook pixel" of the social network Facebook is used due to our legitimate interests in the analysis and optimization and economical operation of our online offer and for these purposes. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

With the help of the Facebook pixel, it is on the one hand possible for Facebook to designate the visitors of our offer as a target group for the presentation of advertisements, so-called "Facebook Ads". Accordingly, we use the Facebook pixel to display the Facebook ads we have been sent, only to those Facebook users who are likely to be interested in the ad.

Our online offering may include features and content belonging to the service Facebook.
This may include content such as images, videos or text as well as buttons. If the user is a member of Facebook, Facebook may associate the access to the above-mentioned content and features with the user’s personal profile.

Facebook Data Policy: https://www.facebook.com/policy.php.

Twitter

Our online offering may include features and content belonging to the service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

This may include content such as images, videos or text as well as buttons. If the user is a member of Twitter, Twitter may associate the access to the above-mentioned content and features with the user’s personal profile.

Twitter is certified under the Privacy Shield Framework, which means that it has committed to complying with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).

Privacy Policy: twitter.com/en/privacy, opt-out: twitter.com/personalization.

11. What rights do you have?

You have the following data protection rights — subject to individual circumstances — and can contact us at any time using the contact details provided in Sections 1 and 2 above in order to exercise these rights.

a. Right of access

You have the right to obtain information regarding the personal data relating to you which we process and to obtain access to your personal data and/or copies of these data. This includes information on the purpose of use, the category of the data used, the recipients of the data and parties who are entitled to access the data and, where possible, the envisaged period of data storage, or, if not possible, the criteria used to determine that period.

b. Right to rectification, erasure or restriction of processing

You have the right to have incorrect personal data relating to you corrected or, if they are incomplete, completed by us without undue delay.

c. Right to object

Insofar as personal data relating to you are processed on the basis of Article 6(1)(f) GDPR, you have the right to object at any time, for reasons relating to your particular situation, to the processing of these data. We will then no longer process these personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the data are processed for the establishment, exercise or defense of legal claims.

d. Right to withdraw consent

Where the processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

e. Right to erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

  • You object to the processing pursuant to Section 8c above and there are no overriding legitimate grounds for the processing.

  • The personal data have been unlawfully processed.

  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.

This shall not apply to the extent that processing is necessary:

  • For compliance with a legal obligation which requires processing by Union or Member State law to which we are subject.
  • For the establishment, exercise or defense of legal claims.

f. Right to restriction of processing

You have the right to obtain from us restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you — restriction may then be obtained for a period enabling us to verify the accuracy of the personal data,

  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,

  • We no longer need the personal data for the purposes of processing, but they are required by you for the establishment, exercise or defense of legal claims, or

  • You have filed an objection to processing pursuant to Section 8c above — restriction may then be obtained for as long as it remains unclear whether our legitimate grounds outweigh yours.

Where processing has been restricted under this subsection e, such personal data shall — with the exception of storage — only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained a restriction of processing, we will inform you before lifting this restriction.

g. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.