Data Protection Statement
1. Information about data processing within the BestSecret Group
1.1. General information
Best Secret GmbH is part of the BestSecret Group.
As part of our business activities, it is therefore essential for data to be exchanged between branch locations and divisions on a regular basis in order to promote and facilitate cooperation within the Group. For this reason, central processes are not limited to a single Group company, but also include other Group member companies. Companies within the BestSecret Group therefore work together in many areas and act as so-called joint controllers within the meaning of data protection law.
1.2. Information about the primary contents of the contract in the case of joint controller authority within the BestSecret Group
In light of their joint role, the member companies of the BestSecret Group have concluded a contract as joint controllers within the meaning of Article 26 in conjunction with Article 4(7) GDPR to guarantee the security of processing and the effective exercise of your rights.
Without limitation, this contract addresses the following points:
- Subject, purpose, means and scope as well as competences and responsibilities with regard to data processing
- Providing information to data subjects
- Fulfilment of other rights of data subjects
- Security of processing
- Involvement of contract data processors
- Procedure in the event of personal data breaches
- Other common and reciprocal obligations
- Cooperation with supervisory authorities
- Liability
2. Who is responsible for the processing activities?
The BestSecret Group is the joint controller. You may invoke your rights by contacting the following controller in particular:
Best Secret GmbH
Margaretha-Ley-Ring 27
D-85609 Aschheim
3. How can I contact the data protection officer?
BestSecret Group has appointed a data protection officer for each company. You may contact the data protection officer as follows:
Best Secret GmbH
Data protection officer
Margaretha-Ley-Ring 27
D-85609 Aschheim
[email protected]
4. Which of your personal data do we use?
4.1. General data collection when calling up the website
If you use our website for information only, i.e. if you do not register or otherwise transmit any information to us, we will only collect the personal data your browser transmits to our server. These are technical data, such as:
- Operating system used
- Browser type
- Browser version
- Device
- Date and time of the call
- Internet protocol address
These data are technically necessary for us in order to show our website to you and to ensure stability and safety; the legal basis for this is our legitimate interest pursuant to point (f) of Article 6(1) GDPR. These are deleted automatically after a few days.
4.2. User account
In order to register on our website, we need the personal data requested in the login.
In particular, these are the following personal data:
- Form of address
- First name
- Last name
- Email address
- Password
- Company
- Function
- Address
- Country
- Phone number
- Category (Investor Relations)
The information on the website serves as a basis for decisions for a possible investment and therefore pre-contractual measures in accordance with point (b) of Article 6(1) GDPR. Data collection also serves to verify the user, since our Investor Relations website contains confidential and sensitive business data that are only made accessible to a selected group of users. Therefore, we base data collection and storage on our legitimate interest in accordance with point (f) of Article 6(1) GDPR.
You can have a user account that you have set up deleted at any time. Please send an email to [email protected].
4.3. Email distributor
In order to register for the email distribution list for Investor Relations information, the data requested in the registration process are processed.
After registration, you will receive a message on the indicated email address that will ask you to confirm your registration ("Double-Opt-In"). This is necessary to prevent third parties from registering with your email address.
You can revoke your consent to receive emails at any time. Please send an email to [email protected] with UNSUBSCRIBE in the subject line.
The legal basis for sending the emails is your consent in accordance with point (a) of Article 6(1) GDPR.
4.4. Data obtained within the context of our Investor Relations work
We also process data that we obtain within the context of our Investor Relations work, for instance via calling cards or publicly available sources.
These are personal data, such as:
- Form of address
- First name
- Last name
- Company
- Function
- Address
- Country
- Phone number
- Investment
Processing activities serve to maintain contact and convey relevant information within the context of our Investor Relations activity. The information serves as a basis for decision making for a possible investment and therefore constitutes a pre-contractual measure in accordance with point (b) of Article 6(1) GDPR. We also base data collection and storage on our legitimate interest in accordance with point (f) of Article 6(1) GDPR due to the purposes named above.
You may object to processing of your data at any time. Please send an email to [email protected].
4.5. Cookies
We use cookies in order to improve our advertising offer and to optimise it. Cookies are small text files that are stored on your computer's operating system when you call our website. Cookies contain, inter alia, a characteristic character sequence that permits unique identification of the browser when calling the website again.
We use cookies in order to make our website more user-friendly. Some elements of our website require identification of the calling browser even after a page change. Here, technical data such as:
- Operating system used
- Browser type
- Browser version
- Device
- Date and time of the call
- Internet protocol address
Some functions of the website cannot be used properly without these cookies, however. Therefore, the user has no way to object to this; deactivation of these cookies can take place by setting the respective browser.
The legal basis for this is our legitimate interest in accordance with point (f) of Article 6(1) GDPR.
These cookies will be deleted automatically after the end of the session.
5. Who will receive my data?
We give various external service providers access to your personal data in order to comply with our obligations.
Undertakings of BestSecret Group:
The following BestSecret Group companies may have access to your data within the scope of Group-wide cooperation:
Best Secret GmbH, Margaretha-Ley-Ring 27, 85609 Aschheim (for the provision of IT services)
External service providers:
- Service providers for websites
- Service providers for CRM systems
- IT service providers
If you have any further questions about the individual recipients, contact us at: [email protected]
6. Will my data be transmitted to any countries outside of the European Union (third countries)?
Data transfer to a country outside of the European Union (third country) does not take place.
7. How long are my data stored for?
We store your personal data so long as necessary to meet the above purpose.
If storage of the data is no longer necessary to meet these purposes, your data will be deleted, except if their further processing is required for the following purposes:
- Meeting archiving obligations under commercial and tax law.
- Preserving evidence within the context of the statutory expiration provisions.
8. What are my rights in connection with processing of my personal data?
Every data subject has the right to information according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to objection from Article 21 GDPR and the right to data portability from Article 20 GDPR. The right of access and right to erasure are subject to the restrictions pursuant to Sections 34 and 35 BDSG.
Furthermore, there is a right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).
You may revoke your consent granted to us for processing of personal data at any time. This shall also apply to revocation of declarations of consent that were granted to us before the application of the general data protection regulation, i.e. before 25 May 2018. Please note that the revocation will only be effective for the future. Processing that took place before the revocation is not affected by this.
9. Am I obligated to provide my personal data?
In order to visit the Investor Relations website, you must provide us with the personal data that are queried. If you do not provide these data, we cannot provide access to the Investor Relations website to you.
10. Will there be any automated decision-making or profiling?
Automated decision-making or profiling does not take place.
11. What are my rights in case of processing activities due to legitimate or public interest?
In accordance with Article 21(1) GDPR, you have the right to object to processing of personal data concerning you which is based on point (e) of Article 6(1) GDPR (Processing activities in the public interest) or point (f) of Article 6(1) GDPR (Processing activities to protect a legitimate interest), including profiling based on those provisions, on grounds relating to your particular situation, at any time.
If you object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
12. What are my rights in case of processing activities for operation of direct marketing?
If we process your personal data for direct marketing purposes, you shall have the right, in accordance with Article 21(2) GDPR, to object to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing, at any time.
If you object to processing for the purpose of direct marketing, we shall no longer process your personal data for these purposes.