The controller according to the EU General Data Protection Regulation (GDPR) and other German data protection laws and regulations is:
60314 Frankfurt am Main, Germany
Phone: +49 69 4009-0
Fax: +49 69 4009-1507
You can contact the data protection officer of SAMSON AG:
Data protection officer
60314 Frankfurt am Main Germany
1. General information on data processing
1.1 Processing of personal data and its purpose
SAMSON AG ("SAMSON AG" or "we" in the following) processes personal user data only as far as it is necessary for providing a functioning website, our contents and services. The following data are processed when visiting our website:
- User's IP address
- Information on the web browser used (type, version, language)
- Operating system used
- User's Internet service provider
- Date and time the user accessed our website
- Files retrieved from our website
- Web page from where the user got to our website
- Web page(s) that the user retrieves on our website
- Object (image, page) to be opened
- Protocol (http/https)
- Return codes (access successful/not successful)
- Referrer (which link was opened)
The IP address needs to be processed and temporarily saved to supply the web page to the user's computer. This means that the user's IP address must be saved for the session. The log files created contain IP addresses or other data that make it possible to identify the user. The log files are saved to ensure the proper functioning of the web pages. Additionally, we use the data to optimize our site and ensure the security of our IT systems.
Personal data are exclusively processed for the mentioned purposes and to the extent necessary for fulfilling these purposes.
1.2 Legal grounds for the processing of personal data
As a rule, personal user data are processed after users haven given their consent. An exception applies in such cases where prior consent cannot be requested for factual reasons and where laws and regulations permit the processing of personal data. The storage of personal data and log files is governed by Article 6(1) lit. f) of GDPR.
1.3 Data erasure and period for which the data are saved
We delete or block the personal data of the data subjects as soon as the purpose for storage has become void. When data are processed to provide web pages, the data are erased at the end of the session. Personal data saved in log files are deleted after seven days at the latest. Any further storage is possible if the user's IP address has been deleted or depersonalized beforehand so that the accessing client cannot be identified any longer.
- Language settings
- Logon information
3. Web analytics
4. Google Maps
5. Leaflet Open Street Maps
We use Leaflet Open Street Maps (https://leafletjs.com) to illustrate map information on our website. Using Leaflet involves the processing of usage data by website users who utilize the map functions. The processing of personal data is governed by Article 6(1) lit. f) of GDPR. We have a legitimate interest in presenting attractive web pages and in making the locations specified on our pages easy to find. For further information refer to the Leaflet website available at https://leafletjs.com.
6. Form for applicants
Job applicants can enter their personal data on our website to apply for the posted vacancies. The data are entered in a form and transmitted to SAMSON AG, where they are saved. We only record the personal data required for the application process. Applicants must provide information on their job history so that we can fully assess their application. The following data are collected:
- Form of address
- First name, last name
- Street address including ZIP code and city
- Nationality (voluntary information)
- Phone number and times of availability
- E-mail address
- Date of birth (voluntary information)
- Information on the current job situation including period of notice, salary before tax, number of employers in the previous five years (voluntary information)
- Desired annual salary
- Information on job qualifications including type of degree or vocational training diploma, grade in degree/diploma, grade average, field, name of university or vocational training institute (voluntary information)
- Job experience (voluntary information)
- Language skills (voluntary information)
- Application documents (cover letter, CV, certificates)
The personal data provided by the applicants are only used by SAMSON AG for the purpose of selecting suitable job candidates. When handling applications, we restrict ourselves to the data directly entered by the applicants. This may include data they entered on online business networks or employment websites. If we ask applicants for their sex by requesting them to enter the form of address, we only do so because we want to address them properly.
If users who have applied for a posted SAMSON AG vacancy but were not considered suitable candidates for this opening are interested, we offer to check their suitability for other SAMSON AG vacancies. However, we will contact the applicants before forwarding the submitted personal data to other areas within SAMSON AG so that the applicants can decide whether they want to participate in this procedure.
The processing of personal data collected through the application form is governed by Article 88(1) of GDPR in connection with §26 of BDSG (German Federal Data Protection Act). We delete the collected personal data six months after an applicant has been rejected, unless he or she has given consent to his or her personal data being added to our pool of applicants.
Underage applicants who have not reached the age of 16 must send us, by ground mail, a declaration of consent signed by their parents having custody or their custodian. In this declaration, the parents or custodian must state that they consent to the underage applicant being added to our pool of applicants.
We offer a free newsletter on our website. We process the following personal data when users subscribe to it:
- First name, last name
- E-mail address
- IP address of accessing client computer
- Date and time of subscription
8. Contact forms and e-mail contact
Our website includes several contact forms so that users can get in touch with us by electronic mail. If users choose to use this form of communication, the data entered in the form are transmitted to SAMSON AG, where they are saved. This applies to the following data:
- Form of address
- First name, last name
- E-mail address
- Phone number
- User's IP address
- Date and time of sending
Depending on the contact form, it may be possible to enter additional data. Also depending on the contract form, data may be transferred to our subsidiaries located in third countries. In such cases, we ensure that appropriate safeguards pursuant to Art. 46 GDPR are observed. Alternatively, users can make first contact with us at the e-mail address provided on the website. In this case, we save the user's personal data included in the e-mail. The processing of personal data is governed by Article 6(1) lit. f) of GDPR. The data are only used to handle the first communication and the resulting communication. If we use the personal data for other purposes, we will request the user's consent beforehand. The personal data entered in the contact form and sent by e-mail are deleted when the communication with the user has been terminated, which means when the circumstances suggest that the issue in question has been settled. The additional data collected during the sending process are deleted after seven days at the latest.
9. Data security
SAMSON AG has implemented technical and organizational security measures to protect the users' personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological development.
10. Rights of the data subjects
If SAMSON AG processes your personal data, you are a data subject as defined in Article 4(1) of GDPR and have the rights mentioned in the following towards us: If you want to exercise a right, please contact our data protection officer at datenschutz(at)samsongroup.. com
Note that we may request additional information from you under certain conditions to verify your identity. For example, we may ensure that information is not revealed to unauthorized persons when exercising the right of access.
10.1 Right of access
Pursuant to Article 15 of GDPR, you are entitled to obtain access to the personal data we process concerning you. If possible, please make your access request as precise as possible as this will make it easier for us to compile the required data.
10.2 Right to rectification
Pursuant to Article 16 of GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning yourself and/or to have incomplete personal data completed.
10.3 Right to erasure
Pursuant to Article 17 of GDPR, you have the right to obtain from us the erasure of personal data concerning yourself without undue delay. Your right to erasure depends on certain factors, including whether we still need your processed personal data to fulfill our tasks.
10.4 Right to restriction of processing
Pursuant to Article 18 of GDPR, you have the right to obtain from us restriction of processing of your personal data.
10.5 Right of information
If you have requested from us the rectification or erasure of personal data or restriction of processing, we are obliged according to Article 19 GDPR to inform each recipient to whom we have disclosed your personal data of this request, unless this proves impossible or involves disproportionate effort. You are entitled to request information about those recipients from us.
10.6 Right to data portability
Pursuant to Article 20 of GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format to have them forwarded to a different officer, if applicable.
10.7 Right to object
Pursuant to Article 21 of GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning yourself at any time. We no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
10.8 Right to withdraw the declaration of consent on privacy and data protection
If you have made your personal data available to us based on your consent, you could withdraw from your consent at any time with effect for the future, for example by e-mailing us to datenschutz(at)samsongroup.. com
The withdrawal of consent does not affect the lawfulness of processing based on consent granted before the withdrawal.
10.9 Automated individual decision-making, including profiling
Pursuant to Article 22 of GDPR, you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
10.10 Right to lodge a complaint with a supervisory authority
If you have a concern about the lawfulness of our processing of your personal data, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority in charge of SAMSON AG is:
Hessischer Beauftragter für Datenschutz und Informationsfreiheit
65021 Wiesbaden, Germany
Phone: +49 611 1408-0
Fax: +49 611 1408-900
Last update: February 2019