The controller according to the General Data Protection Regulation (GDPR) and other German data protection laws and regulations is:

Weismüllerstraße 3
60314 Frankfurt am Main, Germany

Phone: +49 69 4009-0
Fax: +49 69 4009-1507
E-mail: samson(at)

The data protection officer of SAMSON AG is:

Mr Ingo Wolff
tacticx GmbH
Walbecker Straße 53
47608 Geldern, Germany
E-mail: datenschutz(at)

1. General information on data processing

1.1 Processing of personal data and its purpose

SAMSON AG ("SAMSON AG" or "we" in the following) processes personal user data only as far as it is necessary for providing a functioning website, our contents and services. The following data are processed when visiting our website:

  • User's IP address
  • Information on the web browser used (type, version, language)
  • Operating system used
  • User's Internet service provider
  • Date and time the user accessed our website
  • Files retrieved from our website
  • Web page from where the user got to our website
  • Web page(s) that the user retrieves on our website
  • Object (image, page) to be opened
  • Protocol (http/https)
  • Return codes (access successful/not successful)
  • Referrer (which link was opened)

The IP address needs to be processed and temporarily saved to supply the web page to the user's computer. This means that the user's IP address must be saved for the session. The log files created contain IP addresses or other data that make it possible to identify the user. The log files are saved to ensure the proper functioning of the web pages. Additionally, we use the data to optimize our site and ensure the security of our IT systems.

Personal data are exclusively processed for the mentioned purposes and to the extent necessary for fulfilling these purposes. The data are not used for marketing, customer assistance or market research purposes.

1.2 Legal grounds for the processing of personal data

As a rule, personal user data are processed after users haven given their consent. An exception applies in such cases where prior consent cannot be requested for factual reasons and where laws and regulations permit the processing of personal data. The storage of personal data and log files is governed by Article 6(1) lit. f) of GDPR.

1.3 Data erasure and period for which the data are saved

We delete or block the personal data of the data subjects as soon as the purpose for storage has become void. When data are processed to provide web pages, the data are erased at the end of the session. Personal data saved in log files are deleted after seven days at the latest. Any further storage is possible if the user's IP address has been deleted or depersonalized beforehand so that the accessing client cannot be identified any longer.

2. Cookies

We use cookies on several of our web pages. Cookies can be saved on the user's operating system when he or she opens one of our web pages. Cookies contain a specific sequence of characters that allows web browsers of returning users to be clearly identified. The following data are saved in the cookie:

  • Language settings
  • Logon information

The purpose of cookies is to make our web page design user friendly. The processing of personal data using cookies is governed by Article 6(1) lit. f) of GDPR. Cookies are saved on the user's computer and transmitted to our web pages from there. Users can change the cookie handling settings in their web browsers to deactivate or restrict the use of cookies. Cookies that have already been saved can be deleted at any time. When cookies have been deactivated for our website, users may no longer be able to use all functions provided on our pages.

3. Web analytics

We use Matomo (, an open-source software, for statistical analysis of user access to our web pages. No personal user profiles are created, only anonymous statistics are generated. We aim to improve the quality of our website and its contents by using web analytics. Matomo is based on cookies (see above), which enables us to analyze the usage of our web pages. Users can block web analytics by deactivating JavaScript and cookies in their web browser. Further information on how to proceed can be found in the product documentation made available by the different web browser providers. The processing of data in this context is governed by Article 6(1) lit. a) of GDPR.

4. Form for applicants

Job applicants can enter their personal data on our website to apply for the posted vacancies. The data are entered in a form and transmitted to SAMSON AG, where they are saved. We only record the personal data required for the application process. Applicants must provide information on their job history so that we can fully assess their application. The following data are collected:

  • Form of address
  • First name, last name
  • Street address including ZIP code and city
  • Nationality (voluntary information)
  • Phone number and times of availability
  • E-mail address
  • Date of birth (voluntary information)
  • Information on the current job situation including period of notice, salary before tax, number of employers in the previous five years (voluntary information)
  • Desired annual salary
  • Information on job qualifications including type of degree or vocational training diploma, grade in degree/diploma, grade average, field, name of university or vocational training institute (voluntary information)
  • Job experience (voluntary information)
  • Job experience (voluntary information)
  • Application documents (cover letter, CV, certificates)

The personal data provided by the applicants are only used by SAMSON AG for the purpose of selecting suitable job candidates. When handling applications, we restrict ourselves to the data directly entered by the applicants. This may include data they entered on online business networks or employment websites. If we ask applicants for their sex by requesting them to enter the form of address, we only do so because we want to address them properly.

If users who have applied for a posted SAMSON AG vacancy but were not considered suitable candidates for this opening are interested, we offer to check their suitability for other SAMSON AG vacancies. However, we will contact the applicants before forwarding the submitted personal data to other areas within SAMSON AG so that the applicants can decide whether they want to participate in this procedure.

The processing of personal data collected through the application form is governed by Article 6(1) lit. a) of GDPR or Article 88(1) of GDPR in connection with §26 of BDSG (German Federal Data Protection Act).

We delete the collected personal data six months after an applicant has been rejected, unless he or she has given consent to his or her personal data being added to our pool of applicants.

5. Newsletter

We offer a free newsletter on our website. We process the following personal data when users subscribe to it:

  • First name, last name
  • E-mail address
  • IP address of accessing client computer
  • Date and time of subscription

During the subscription process, users are asked to give their consent to the processing of data and reference is made to this privacy policy. The data processed for sending out the newsletter are not forwarded to third parties. The data are exclusively used for sending out the newsletter. The processing of personal data after subscribing to the newsletter is governed by Article 6(1) lit. a) of GDPR. We only save the user's e-mail address while the newsletter subscription is active. Users can unsubscribe from the newsletter at any time by clicking on the link contained in every newsletter. The personal data are deleted immediately in this case.

6. Contact form and e-mail contact

Our website includes a contact form so that users can get in touch with us by electronic mail. If users choose to use this form of communication, the data entered in the form are transmitted to SAMSON AG, where they are saved. This applies to the following data:

  • Form of address
  • First name, last name
  • Department
  • Company
  • Address
  • E-mail address
  • Phone number

Additionally, the following data are saved when sending the message:

  • User's IP address
  • Date and time the form was sent

Users are requested to agree to the processing of the personal data entered before the form is sent. Alternatively, users can make first contact with us at the e-mail address provided on the website. In this case, we save the user's personal data included in the e-mail. The processing of personal data after user consent is governed by Article 6(1) lit. a) of GDPR. If the personal data are transmitted by e-mail, processing is governed by Article 6(1) lit. f) of GDPR. If the e-mail contact is targeted at performing a contract, processing is governed by Article 6(1) lit. b) of GDPR. The data are only used to handle the first communication and the resulting communication. No data are forwarded to third parties in this context. The personal data entered in the contact form and sent by e-mail are deleted when the communication with the user has been terminated, which means when the circumstances suggest that the issue in question has been settled. The additional data collected during the sending process are deleted after seven days at the latest.

Users can withdraw their consent to the processing of personal data at any time. Users can contact us by e-mail at any time to withdraw their consent. In such cases, the request for contact cannot be handled or communication ceases to be continued. In this case, we delete all personal data saved as part of the first communication.

7. Data security

SAMSON AG has implemented technical and organizational security measures to protect the users' personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological development.

8. Rights of the data subjects

If SAMSON AG processes your personal data, you are a data subject as defined in Article 4(1) of GDPR and have the following rights towards SAMSON AG:

8.1 Right of access

Pursuant to Article 15 of GDPR, you have the right to obtain from us a confirmation as to whether or not we process personal data concerning you. Where that is the case, you are entitled to obtain access to the personal data and the following information:

  • The purposes of the processing;
  • The categories of personal data we process;
  • The recipients or categories of recipients to whom your personal data have been or will be disclosed by us;
  • Where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
  • The existence of the right to request from us rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;
  • The right to lodge a complaint with a supervisory authority;
  • Where the personal data are not collected from the data subject him- or herself, any available information as to their source;
  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You have the right to obtain access as to whether we have been, are or will be disclosing your personal data to recipients in third countries or international organizations. Where personal data are transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of GDPR relating to the transfer.

8.2 Right to rectification

Pursuant to Article 16 of GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning yourself and/or to have incomplete personal data completed.

8.3 Right to erasure

Pursuant to Article 17 of GDPR, you have the right to obtain from us the erasure of personal data concerning yourself without undue delay. We have the obligation to erase your personal data without undue delay where one of the following grounds applies:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw consent on which the processing is based according to Article 6(1), lit. a) of GDPR or Article 9(2), lit. a) of GDPR, and where there is no other legal ground for the processing;
  • You object to the processing pursuant to Article 21(1) of GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of GDPR;
  • Your personal data have been unlawfully processed;
  • Your personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which we are subject;
  • Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of GDPR.

Where we have made your personal data public and are obliged pursuant to Article 17(1) of GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers who are processing your personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, your personal data.

The right to erasure does not apply to the extent that processing is necessary:

  • For exercising the right of freedom of expression and information;
  • For compliance with a legal obligation which requires processing by European Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • For reasons of public interest in the area of public health in accordance with Article 9(2) lit. h) and i) of GDPR as well as Article 9(3) of GDPR;
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of GDPR in so far as the right referred to in item a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • For the establishment, exercise or defence of legal claims.

8.4 Right to restriction of processing

Pursuant to Article 18 of GDPR, you have the right to obtain from us restriction of processing of your personal data where:

  • You contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • We no longer need your personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
  • You have objected to processing pursuant to Article 21(1) of GDPR pending the verification whether our legitimate grounds override yours.

Where processing of your personal data has been restricted, such personal data, with the exception of storage, are only processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. If you have obtained restriction of processing pursuant to the above sections, we will inform you before the restriction of processing is lifted.

8.5 Right of information

If you have requested from us the rectification or erasure of personal data or restriction of processing, we are obliged according to Article 19 GDPR to inform each recipient to whom we have disclosed your personal data of this request, unless this proves impossible or involves disproportionate effort. You are entitled to request information about those recipients from us.

8.6 Right to data portability

Pursuant to Article 20 of GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where:

  • The processing is based on consent pursuant to Article 6(1) lit. a) of GDPR or Article 9(2) lit. a) of GDPR or on a contract pursuant to Article 6(1) lit. b) of GDPR; and
  • The processing is carried out by automated means.

In exercising your right to data portability, you also have the right to have your personal data transmitted directly from us to another controller, where technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

8.7 Right to object

Pursuant to Article 21 of GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Article 6(1) lit. e) or f) of GDPR, including profiling based on those provisions. We no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

8.8 Right to withdraw the declaration of consent on privacy and data protection

You have the right to withdraw your declaration of consent on privacy and data protection at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.

8.9 Automated individual decision-making, including profiling

Pursuant to Article 22 of GDPR, you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  • Is necessary for entering into, or the performance of, a contract between you and us;
  • Is authorized by European Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • Is based on your explicit consent.

8.10 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to yourself infringes the GDPR.

9. Responsibility for contents and information

Our website contains links to websites and web pages by external providers. We checked the contents of these external sites or pages for compliance with the applicable civil and criminal laws when the links were included. Nevertheless, we cannot exclude that the providers change these contents afterwards. If you consider linked external sites or pages to be in violation of the applicable laws or if you consider them to be otherwise inappropriate, we kindly ask you to tell us that. We will verify your notification and remove the external link, if necessary. SAMSON AG is not responsible for the contents and accessibility of linked external websites or pages.

10. Inclusion and validity of the privacy policy

By using our website, you consent to data processing as described above. This privacy policy applies to the websites of SAMSON AG only. Other privacy, data protection and data security policies apply to the contents accessible by external link. Check the disclaimer or general terms that apply to the external links to see who is responsible for these contents. It may be necessary to revise this privacy policy to further develop our website or implement new features. As a result, we reserve the right to change this privacy policy at any time with effect for the future. The version as amended and accessible at the time you visited our website is valid.



Last update: April 2018