We are pleased that you would like to apply via us. In the following, we explain how we process your personal information in an application and provide other relevant information in this context.

By entering your personal data into our online registration form and uploading your details onto this website, you consent to BESTMINDS GmbH Executive Search processing (storing, editing, transmitting and using) your data.

You hereby confirm that the data you have provided is correct. You understand that false statements may lead to the termination of any eventual employment contract.

All the information you share with us shall be encrypted and stored on secure servers that are inaccessible to unauthorized third parties.

You may ask us for information about any of the personal data that we have stored or processed for you at any time.

We shall treat the data you share with us as strictly confidential and shall only transfer it to third parties – i.e. potential employers – with your consent. We shall only use the information you transfer to us for the purpose for which it was disclosed, i.e. for recruitment purposes. We shall never transfer your data to other third parties, e.g. for advertising purposes, without your express consent.
If, with your consent, we transfer your data to third parties, e.g. potential employers, we shall make these third parties aware that they are obliged to keep your data confidential. Nevertheless, we cannot accept any liability if these third parties misuse the data supplied to them with your consent.

In the event that BESTMINDS GmbH Executive Search is unable to offer you any appropriate position at the present time, you consent to your application data being stored until further notice. You may revoke your consent in writing or electronically (e.g. by email) at any time.

We would also like to expressly point out that we are not, under any circumstances, legally obliged to communicate any vacancy or job opportunity to you, no matter the nature of the position.

Personal data is required for the purpose of communication, exchanging information and services, fulfilling contractual matters and other purposes associated with a new or existing business relationship.

1. Controller

The controller for data processing is BESTMINDS GmbH. The company is represented by the managing directors: Christian Männlin. The controller and its representatives can be contacted at:

Address: Maximilianstr. 2, D-79100 Freiburg
Phone: +49 761 888 51 23 0
Email: info@bestminds.de
Website: www.bestminds.de/en/

2. Data protection officer

BESTMINDS GmbH has assigned the following external data protection officer:

Solicitor Marc E. Evers
DataSEKure Rechtsanwaltsgesellschaft mbH
Weilerstraße 9
79252 Stegen
Tel.: +49 7661 97 29 10
Email: datenschutz@datasekure.de

3. Categories of personal data

The following personal data of clients and employees of clients may be processed, provided the data has actually been collected:

• surname, first name, gender
• date and place of birth
• signature
• photos
• telephone number, fax number, email address
• business address and contact information
• job title, company name, department, position
• time and attendance, e.g. when attending events
• other data provided in connection with the contractual relationship

The personal data processed does not originate from public sources. The data being processed originates directly from the client's domain.

4. Legal basis for processing personal data

The legal basis is the following permission as per Article 6(1) General Data Protection Regulation (GDPR):

• Article 6(1)(a) GDPR (client's consent),
• Article 6(1)(b) GDPR (fulfilling a contract with the client),
• Article 6(1)(c) GDPR (fulfilling a legal obligation, which we are bound to),

and/or

• Article 6(1)(f) GDPR (protecting our legitimate interest or that of a third party without overriding interests of the interests and basic rights of the client).

5. Purpose of data processing and data storage

Data is collected, processed and used for the purpose of customer relationship management, billing, communicating with the client and fulfilling and maintaining the contractual relationship.

We store the collected data on our in-house IT and physically in the departments. If data is relocated, e.g. to the cloud, we will notify the respective customer separately. We use organisational and technical safeguards in compliance with the law to protect the collected personal data against unauthorised access.

6. Who receives the personal data?

Individual personal data is disclosed to the data processing companies we have contracted (e.g. IT service providers; shredders).

Apart from this, personal data will only be transmitted as required by the law.

We only disclose your personal data to third parties:

• with the customer's express consent (Article 6(1)(a) GDPR),
• where necessary to fulfil contractual relationships with the customer (Article 6(1)(b) GDPR)
• where we are legally obligated to disclose the data (Article 6(1)(c) GDPR),
• where processing is necessary to protect the vital interests of a customer's employee or other natural person (Article 6(1)(d) GDPR),
• or where disclosure is necessary to protect our legitimate interests or those of a third party except if the customer has an overriding legitimate interest not to have the data disclosed. It is our legitimate interest to maintain the performance and profitability of our company (Article 6(1)(f) GDPR).

7. Data transmission to third-party countries

We do not intend to transmit the personal data of our customers to a third-party country or international organisation.

8. Security of processing

Our company has implemented suitable technical and organisational measures to ensure data is secure, including company policies and, in the case of commissioned data processing, contract stipulations with the external service provider.

9. Retention period for personal data

The customer's stored personal data is stored for the time required to process the general contact request or the respective request for information or to fulfil the contracts with the customer. Data is only stored so long as it is required to fulfil the respective purpose. Once the processing or the contract relationship has come to an end or the customer exercises their rights below, the customer's data is handled in compliance with the exercised right and, where applicable, erased unless statutory provisions stipulate longer retention periods.

Once these retention periods, particularly retention periods under tax and commercial law, have expired, the customer's personal data is always erased.

Data is erased as part of our defined erasure routine. We have implemented an internal erasure concept.

10. Records of processing activities

The respective processing activity for personal data is logged in so-called records of processing activities.

11. The customer has the following data subject rights:

• as per Article 7(3) GDPR to at any time withdraw the consent they have given us. As a result, data processing based on this consent must be discontinued;
• as per Article 15 GDPR to request information about the personal data processed by us;
• as per Article 16 GDPR to request the prompt correction or completion of personal data we have stored;
• as per Article 17 GDPR to request the erasure of personal data we have stored unless processing is required to exercise the right to free expression and information, to fulfil a legal obligation, for reasons in the public interest, or to assert, exercise, or defend legal claims;
• as per Article 18 GDPR to request the restriction of the processing of personal data subject to the requirements specified in the article
• as per Article 20 GDPR to obtain the personal data we have been provided in a structured, common and machine-readable format or to request the transmission of the data to another controller subject to the requirements in the article
• as per Article 77 GDPR to lodge a complaint with a supervisory authority. The competent supervisory authority for us is: Landesbeauftragte für den Datenschutz Baden-Württemberg, Dr. Stefan Brink, Königstraße 10 a, 70173 Stuttgart, Phone: +49 711 615 54 10.

12. Right to object:

If processing personal data is based on a balance of interests, the customer can object to processing as per Article 21 GDPR. When objecting, please provide the reasons why we should not process the personal data as we have done. If the objection is justified, we will investigate the situation and will either stop or modify data processing or present the customer with our compelling legitimate reasons for continuing to process data.

13. Notice of automated decision-making including profiling as per Article 22 (1) and (4) GDPR

We do not use automated decision-making or profiling. In the event that these methods are used, the customer will be notified separately.

14. No obligation to provide data

Customers are not required by law to provide us with personal data. However, if the data necessary for the conclusion and fulfilment of the contract and the data which must be collected by law is not provided, we will typically not be able to enter into the contract.