Privacy Policy

for BESTSECRET Corporate Website

‍

Best Secret Group SE, located at Margarethe-Ley-Ring 27, 85609 Aschheim, Germany (hereinafter referred to as "BESTSECRET"), operates the website https://www.bestsecret.corporate.com (the "Website"). BESTSECRET is responsible for the data processing that occurs on the Website.

‍

BESTSECRET takes the protection of your personal data very seriously and collects and uses your personal data exclusively within the framework of the applicable legal provisions.

‍

To ensure you feel secure when visiting our Website, we provide an overview below of how BESTSECRET ensures this protection and what type of data is collected for what purpose. The current privacy policy is always available on the Website.

‍

Handling of this Privacy Notice:

‍To ensure the best possible readability and easy findability of relevant information for you, we have structured this privacy policy as follows: At the beginning of each chapter, you will find the essential contents summarized. This part is titled "At a Glance." Further down in the same chapter, you will find the section "In Detail," where you can find more details about the respective chapter content if it is of particular interest to you.

‍

A. General Information

‍

1. Who Processes Your Data?

‍

At a Glance:

‍

Your contact for data processing within the Best Secret Group is Best Secret SE. This entity is responsible for all data processing that occurs on the Website.

‍

Responsible Contact for Data Processing:

‍Best Secret Group SE
Represented by Dr. Moritz Hahn, Jochen Cassel, Dr. Andreas Reichhart, and Dominik Rief
Margaretha-Ley-Ring 27, 85609 Aschheim, Germany
Phone: +49 (0) 89 / 24600 000
Email: datenschutz@bestsecret.com

‍

Data Protection Officer of the Responsible Entity:

‍Best Secret Group SE
Data Protection Officer
Margaretha-Ley-Ring 27, 85609 Aschheim, Germany
Email: datenschutz@bestsecret.com

‍

In the course of BESTSECRET Group's business activities, it is necessary for other companies within the BESTSECRET Group to receive and process your data. A joint control contract pursuant to Art. 26 in conjunction with Art. 4 No. 7 GDPR has been concluded between the group companies involved in customer business operations to ensure the security of processing and the effective assertion of your rights.

‍

The following companies within the BESTSECRET Group may have access to your data as part of cross-group cooperation:

‍

‍

Processing Group Company:

‍Best Secret GmbH,
Margaretha-Ley-Ring 27,
85609 Aschheim,
Germany

‍

Purpose of Processing:

‍Evaluation of data collected via tracking tools (see below Section B.2.)

‍

Legal Basis for Processing:

‍Art. 6 para. 1 sentence 1 lit. b GDPR

‍

‍

2. To Whom Do We Disclose Your Data?

‍

At a Glance: We disclose your data in certain cases if there is a substantial interest on our part.
‍

In Detail:
‍

‍

2.1 Disclosure to Processors

‍

‍We use service providers. If necessary, they also process personal data. These include:

• IT service providers
• Maintenance service providers
• The service providers are carefully selected, monitored, and regularly reviewed by us, ensuring that technical and organizational measures are implemented to protect your data. They process the data exclusively on our instructions.

‍

‍

2.2 Disclosure to other Third Parties

‍

‍Your personal data will only be disclosed to other third parties if this is legally permissible (e.g., for contract processing or billing purposes or if you have previously consented). We expressly do not sell personal data of website visitors. The disclosure of data occurs exclusively within the framework of the purposes outlined in this privacy notice.

‍

Your personal data will not be disclosed to third parties for purposes other than those listed. We only disclose your personal data to third parties if:

• You have given your explicit consent,
• The disclosure is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding interest in the non-disclosure of your data,
• There is a legal obligation for the disclosure,
• It is legally permissible and necessary for the processing of contractual relationships with you,
• We are required to do so by an authority or court decision, or
• It is necessary for legal or criminal prosecution.

‍

Possible recipients may include:

• Auditors, tax advisors, lawyers
• Courts and authorities

‍

‍

3. How Is the Protection of Your Data Ensured When Processed in Third Countries?

‍

‍

At a Glance:

‍

If we use service providers outside the EU or the European Economic Area (EEA), we take appropriate and suitable guarantees to ensure an adequate level of data protection when transferring personal data.

‍

‍

In Detail:

‍

‍To ensure an adequate level of data protection when transferring personal data, we take appropriate and suitable guarantees pursuant to Art. 44 et seq. GDPR (e.g., conclusion of EU standard contracts, additional technical and organizational measures such as encryption or anonymization). Please note that a service provider, despite careful selection and obligation, may process data outside the EU or the EEA or may be subject to a different legal system due to its corporate headquarters, and thus may not offer a level of data protection equivalent to the GDPR standard.

‍

Although an EU-US data protection agreement is currently in force, BESTSECRET has decided to continue concluding the EU Commission's standard contractual clauses with processors in the USA.

‍

‍

4. What Rights Do You Have Regarding Processing by BESTSECRET?

‍

‍

At a Glance:

‍

Every person affected by data processing has the following rights:

• Right to information under Art. 15 GDPR
• Right to rectification under Art. 16 GDPR
• Right to deletion under Art. 17 GDPR
• Right to restriction of processing under Art. 18 GDPR
• Right to object under Art. 21 GDPR
• Right to data portability under Art. 20 GDPR

‍

You also have the right to complain to the competent Bavarian Data Protection Supervisiory Authority about the processing of your personal data by us.

‍

In Detail:

‍

‍The right to information and the right to deletion are subject to the restrictions under §§ 34 and 35 of the Federal Data Protection Act (BDSG) or the respective national regulations.

‍

You also have the right to complain to the competent Bavarian Data Protection Supervisiory Authority about the processing of your personal data by us.

‍

You can revoke a given consent to the processing of your personal data at any time. This also applies to the revocation of consent declarations given to us before the GDPR came into force, i.e., before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

‍

According to Art. 21 para. 2 GDPR, you have the right to object to the processing of your personal data for direct marketing purposes at any time. In the event of your objection, we will no longer process your personal data for these purposes. Please note that the objection only takes effect for the future.

‍

Processing that took place before the objection is not affected. If we base the processing of your personal data on a balance of interests, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as described by us. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or explain our compelling legitimate reasons to you.

‍

5. Changes to This Privacy Policy

‍

‍We reserve the right to change this privacy policy at any time in compliance with the applicable data protection regulations or to adapt it to our actual circumstances.

‍

‍

B. Data Processing When Accessing the Website

‍

‍

At a Glance:

‍

When accessing the Website, we only collect data that is technically necessary to display the Website to you.

‍

In Detail:

‍

1. Data Collection When Accessing Our Website

‍

‍When visiting the Website, we only collect the personal data that your browser transmits to our server. This data is technically necessary for us to display our Website to you and to ensure stability and security (legal basis is the provision of our service according to Art. 6 para. 1 sentence 1 lit. f GDPR).

‍

The data collected when accessing our Website can also be used to ensure a technically stable and secure Website, for product development, and for the continuous optimization of our services and business processes, provided that the data protection requirements for such use are met.

‍

1.1 Logfiles

‍For technical reasons, personal data generated when accessing our Website is stored as so-called log files (protocol files) by default.

‍

Data: Technical data such as: Operating system used, browser type and version, device (smartphones, tablets, or other end devices), date and time of access
Purpose of Processing: Optimized display of the Website; ensuring the proper operation of the Website
Legal Basis: Art. 6 para. 1 sentence 1 lit. f GDPR
Storage Duration: Deletion after a maximum of 60 days

‍

Data: IP address
Purpose of Processing: Ensuring the proper operation of the Website
Legal Basis: Art. 6 para. 1 sentence 1 lit. f GDPR
Storage Duration: Deletion after a maximum of 60 days

‍

Collection of the data described above for the provision of the website and the storage of the data described above in log files is essential for the operation of the website.

‍

2. Tracking Technologies

‍

At a Glance:

‍

‍To improve our offerings and make your experience as optimal as possible, we use tracking technologies such as cookies. Cookies are small text files that are stored on your computer's operating system when you visit our website. Cookies contain, among other things, a characteristic string that allows the browser to be uniquely identified when the website is revisited, saving you from re-entering your data each time you visit the website.

There are various tracking technologies. Some are technically necessary for the smooth operation of the website, while others are beneficial for optimizing our website. Apart from the technically necessary tracking technologies, you can refuse the use of tracking technologies. When you first visit the website, a corresponding cookie banner will appear, through which consent can be given or refused. Consent once given can be revoked at any time with effect for the future. You can do this at any time in the footer of the website.

‍

In Detail:

‍

2.1 Technically Necessary Tracking Technologies

‍As part of the technically necessary tracking technologies, we use cookies. These cookies are required for the operation of a website and its functions. These may include cookies that store certain user settings (e.g., shopping cart, language settings, gender preferences, or login data), opt-out cookies, or the Google Tag Manager to manage your tracking settings. The legal basis for the use of technically necessary tracking technologies is § 25 para. 2 no. 2 TDDDG and our legitimate interest in offering you the respective function or service (Art. 6 para. 1 lit. f GDPR).

Disabling these cookies can still be done through the settings of the respective browser. However, the (error-free) use of the website or the use of certain functions and services can then no longer be guaranteed.

‍

2.2 Tracking for Optimization & Performance of the Website

‍Tracking for optimization & performance serves to evaluate the user behavior on the BESTSECRET website for performance analysis or statistical purposes. Based on these evaluations, BESTSECRET can optimize the user-friendliness of the website and fix any errors that may occur.

‍

Tracking for optimization & performance is only used if you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR. Your consent also applies to § 25 para. 1 TDDDG. You can revoke your consent at any time by deselecting the tracking setting "Optimization & Performance" in the cookie settings in the footer. The opt-out will generally take effect for technical reasons after 48-72 hours. If you make changes to the consent for the app, you can speed this up by restarting the app.

‍

To manage your tracking settings, we use the consent management tool "Usercentrics Consent Management Platform" from Usercentrics GmbH. The recipient of your data within the meaning of Art. 13 para. 1 e) GDPR is therefore Usercentrics GmbH. As part of order processing, we transmit your consent data to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as a processor. Consent data includes the date and time of the visit or consent/denial, and device information. The data processing is carried out for the purpose of complying with legal obligations (proof obligation according to Art. 7 para. 1 GDPR) and the associated documentation of consents and thus based on Art. 6 para. 1 lit. c) GDPR. Local storage is used for data storage. Consent data is stored for 1 year. The data is stored in the European Union. For more information on the collected data and contact options, please visit https://usercentrics.com/de/datenschutzerklaerung/.

‍

This website uses various services from Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These enable us to improve the user-friendliness of the website and target our advertising activities to users.

‍

By integrating Google services, Google may collect and process information (including personal data). It cannot be ruled out that Google may also transfer the information to a server in a third country.

‍

If you are logged into your Google account, Google may add the processed information to your Google account depending on your Google account settings and treat it as personal data. For more information, please visit https://www.google.de/policies/privacy/partners/.

‍

You can prevent this direct addition of data by logging out of your Google account or by making the appropriate account settings in your Google account. Furthermore, you can prevent the use of cookies by making the appropriate settings in your browser; however, please note that in this case, you may not be able to use all the functions of this website to their full extent. For more information, please refer to Google's privacy policy, which you can access at the following link: https://www.google.com/policies/privacy/.

‍

Tag Manager

‍

‍For transparency reasons, we point out that we use the Google Tag Manager. The Google Tag Manager does not collect any personal data itself. The Tag Manager facilitates the integration and management of our tags. Tags are small code elements that serve, among other things, to measure traffic and visitor behavior, capture the impact of online advertising and social channels, set up remarketing or retargeting, and target groups, and test and optimize websites. For more information on the Google Tag Manager, see the Google Tag Manager Use Policy https://www.google.com/intl/de/tagmanager/use-policy.html.

‍

This Website uses Google Analytics (see below). The use of Google Analytics is not possible without the Google Tag Manager.

‍

Google Analytics

‍

‍BESTSECRET uses Google Analytics, a web analytics service provided by Google Inc.

‍

If you have given your consent, Google Analytics will be used on this Website. The contact for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

‍

Google Analytics uses cookies that enable an analysis of your use of our Website. The information generated by the cookies about your use of this Website is usually transmitted to a Google server in the USA and stored there.

‍

We use the User ID function. With the help of the User ID, we can assign one or more sessions (and the activities within these sessions) a unique, permanent ID and analyze user behavior across devices.

‍

We use Google Signals. This allows additional information about users who have enabled personalized ads (interests and demographic data) to be collected in Google Analytics, and ads can be delivered to these users in cross-device remarketing campaigns.

‍

In Google Analytics 4, IP address anonymization is enabled by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

‍

During your Website visit, your user behavior is recorded in the form of "events." Events can include:

• Page views
• First visit to the Website
• Start of the session
• Your "click path," interaction with the Website
• Scrolls
• Clicks on external links
• Internal searches
• Interaction with videos
• Viewed/clicked ads

‍

Additionally, the following is recorded:

• Your approximate location (region)
• Your IP address (in shortened form)
• Technical information about your browser and the devices you use (e.g., language setting, screen resolution)
• Your internet provider
• The referrer URL (the website/advertising medium through which you came to this Website)

‍

On behalf of BESTSECRET, Google will use this information to evaluate your use of the Website and compile reports on Website activities. The reports provided by Google Analytics are used to analyze the performance of our Website, our app, and the success and control of our marketing campaigns, social media channels, online magazines, and newsletters.

‍

Recipients of the data are/can be:

• Google Ireland Limited, Gordon House, Barrow Street 4, Dublin, Ireland (as a processor under Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

‍

It cannot be ruled out that US authorities may access the data stored by Google.

‍

If data is processed outside the EU/EEA and there is no level of data protection equivalent to the European standard, we have concluded EU standard contractual clauses with the service provider to ensure an adequate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. Data transfer to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities. A copy of the EU standard contractual clauses concluded with the provider can be requested from the data protection officer of the BESTSECRET Group.

‍

The data sent by us and linked to cookies will be automatically deleted after 50 months. The deletion of data whose retention period has been reached occurs automatically once a month.

‍

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TDDDG. You can revoke your consent to the setting of cookies at any time with effect for the future by changing your selection in the tracking settings. Alternatively, you can delete your cookies (all or only from this Website). The banner with the selection options will then be displayed again.

‍

Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. If you configure your browser to reject all cookies, this may result in limited functionality on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the Website (including your IP address) by Google and the processing of this data by Google by:

• Not giving your consent to the setting of the cookie, or
• Downloading and installing the browser add-on to disable Google Analytics HERE.

‍

For more information on Google Analytics terms of use and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

‍

Affected Data Category: Technical data such as: Operating system used, browser type and version, screen resolution, device model (smartphones, tablets, or other end devices), device manufacturer, date and time of access, user agent
Purpose of Processing: Evaluation of customer behavior
Legal Basis for Processing: Art. 6 para. 1 sentence 1 lit. a GDPR
Storage Duration: Deletion after a maximum of 50 months

‍

Affected Data Category: Behavioral data such as: Name of the accessed page
Purpose of Processing: Evaluation of customer behavior
Legal Basis for Processing: Art. 6 para. 1 sentence 1 lit. a GDPR
Storage Duration: Deletion after a maximum of 50 months

‍

Affected Data Category: User key, device key
Purpose of Processing: Evaluation of user behavior across different devices/browsers
Legal Basis for Processing: Art. 6 para. 1 sentence 1 lit. a GDPR
Storage Duration: Deletion after a maximum of 50 months

‍

Affected Data Category: Personal data such as email address, Google Click-ID, Google Client-ID, IP address, mobile advertising ID, user ID
Purpose of Processing: Placement of advertisements to customer segments
Legal Basis for Processing: Art. 6 para. 1 sentence 1 lit. a GDPR
Storage Duration: Deletion after a maximum of 50 months

‍