The controller according to the General Data Protection Regulation (GDPR) and other German data protection laws and regulations is:
60314 Frankfurt am Main, Germany
Phone: +49 69 4009-0
Fax: +49 69 4009-1507
Internet: www.samson.de de
The data protection officer of SAMSON AG is:
Mr Ingo Wolff
Walbecker Straße 53
47608 Geldern, Germany
E-mail: datenschutz(at)samson. de
SAMSON AG ("SAMSON AG" or "we" in the following) processes personal user data only as far as it is necessary for providing a functioning website, our contents and services. The following data are processed when visiting our website:
The IP address needs to be processed and temporarily saved to supply the web page to the user's computer. This means that the user's IP address must be saved for the session. The log files created contain IP addresses or other data that make it possible to identify the user. The log files are saved to ensure the proper functioning of the web pages. Additionally, we use the data to optimize our site and ensure the security of our IT systems.
Personal data are exclusively processed for the mentioned purposes and to the extent necessary for fulfilling these purposes. The data are not used for marketing, customer assistance or market research purposes.
As a rule, personal user data are processed after users haven given their consent. An exception applies in such cases where prior consent cannot be requested for factual reasons and where laws and regulations permit the processing of personal data. The storage of personal data and log files is governed by Article 6(1) lit. f) of GDPR.
We delete or block the personal data of the data subjects as soon as the purpose for storage has become void. When data are processed to provide web pages, the data are erased at the end of the session. Personal data saved in log files are deleted after seven days at the latest. Any further storage is possible if the user's IP address has been deleted or depersonalized beforehand so that the accessing client cannot be identified any longer.
Job applicants can enter their personal data on our website to apply for the posted vacancies. The data are entered in a form and transmitted to SAMSON AG, where they are saved. We only record the personal data required for the application process. Applicants must provide information on their job history so that we can fully assess their application. The following data are collected:
The personal data provided by the applicants are only used by SAMSON AG for the purpose of selecting suitable job candidates. When handling applications, we restrict ourselves to the data directly entered by the applicants. This may include data they entered on online business networks or employment websites. If we ask applicants for their sex by requesting them to enter the form of address, we only do so because we want to address them properly.
If users who have applied for a posted SAMSON AG vacancy but were not considered suitable candidates for this opening are interested, we offer to check their suitability for other SAMSON AG vacancies. However, we will contact the applicants before forwarding the submitted personal data to other areas within SAMSON AG so that the applicants can decide whether they want to participate in this procedure.
The processing of personal data collected through the application form is governed by Article 6(1) lit. a) of GDPR or Article 88(1) of GDPR in connection with §26 of BDSG (German Federal Data Protection Act).
We delete the collected personal data six months after an applicant has been rejected, unless he or she has given consent to his or her personal data being added to our pool of applicants.
We offer a free newsletter on our website. We process the following personal data when users subscribe to it:
Our website includes a contact form so that users can get in touch with us by electronic mail. If users choose to use this form of communication, the data entered in the form are transmitted to SAMSON AG, where they are saved. This applies to the following data:
Additionally, the following data are saved when sending the message:
Users are requested to agree to the processing of the personal data entered before the form is sent. Alternatively, users can make first contact with us at the e-mail address provided on the website. In this case, we save the user's personal data included in the e-mail. The processing of personal data after user consent is governed by Article 6(1) lit. a) of GDPR. If the personal data are transmitted by e-mail, processing is governed by Article 6(1) lit. f) of GDPR. If the e-mail contact is targeted at performing a contract, processing is governed by Article 6(1) lit. b) of GDPR. The data are only used to handle the first communication and the resulting communication. No data are forwarded to third parties in this context. The personal data entered in the contact form and sent by e-mail are deleted when the communication with the user has been terminated, which means when the circumstances suggest that the issue in question has been settled. The additional data collected during the sending process are deleted after seven days at the latest.
Users can withdraw their consent to the processing of personal data at any time. Users can contact us by e-mail at any time to withdraw their consent. In such cases, the request for contact cannot be handled or communication ceases to be continued. In this case, we delete all personal data saved as part of the first communication.
SAMSON AG has implemented technical and organizational security measures to protect the users' personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological development.
If SAMSON AG processes your personal data, you are a data subject as defined in Article 4(1) of GDPR and have the following rights towards SAMSON AG:
Pursuant to Article 15 of GDPR, you have the right to obtain from us a confirmation as to whether or not we process personal data concerning you. Where that is the case, you are entitled to obtain access to the personal data and the following information:
You have the right to obtain access as to whether we have been, are or will be disclosing your personal data to recipients in third countries or international organizations. Where personal data are transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of GDPR relating to the transfer.
Pursuant to Article 16 of GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning yourself and/or to have incomplete personal data completed.
Pursuant to Article 17 of GDPR, you have the right to obtain from us the erasure of personal data concerning yourself without undue delay. We have the obligation to erase your personal data without undue delay where one of the following grounds applies:
Where we have made your personal data public and are obliged pursuant to Article 17(1) of GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers who are processing your personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, your personal data.
The right to erasure does not apply to the extent that processing is necessary:
Pursuant to Article 18 of GDPR, you have the right to obtain from us restriction of processing of your personal data where:
Where processing of your personal data has been restricted, such personal data, with the exception of storage, are only processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. If you have obtained restriction of processing pursuant to the above sections, we will inform you before the restriction of processing is lifted.
If you have requested from us the rectification or erasure of personal data or restriction of processing, we are obliged according to Article 19 GDPR to inform each recipient to whom we have disclosed your personal data of this request, unless this proves impossible or involves disproportionate effort. You are entitled to request information about those recipients from us.
Pursuant to Article 20 of GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where:
In exercising your right to data portability, you also have the right to have your personal data transmitted directly from us to another controller, where technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Pursuant to Article 21 of GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Article 6(1) lit. e) or f) of GDPR, including profiling based on those provisions. We no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the right to withdraw your declaration of consent on privacy and data protection at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
Pursuant to Article 22 of GDPR, you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to yourself infringes the GDPR.
Our website contains links to websites and web pages by external providers. We checked the contents of these external sites or pages for compliance with the applicable civil and criminal laws when the links were included. Nevertheless, we cannot exclude that the providers change these contents afterwards. If you consider linked external sites or pages to be in violation of the applicable laws or if you consider them to be otherwise inappropriate, we kindly ask you to tell us that. We will verify your notification and remove the external link, if necessary. SAMSON AG is not responsible for the contents and accessibility of linked external websites or pages.
Last update: April 2018