The controller according to the EU General Data Protection Regulation (GDPR) and other German data protection laws and regulations is:

Weismüllerstraße 3
60314 Frankfurt am Main, Germany

Phone: +49 69 4009-0
Fax: +49 69 4009-1507
E-mail: samson(at)

You can contact the data protection officer of SAMSON AG:

Data protection officer
Weismüllerstr. 3
60314 Frankfurt am Main Germany
E-Mail: datenschutz(at)


1. General information on data processing

1.1 Processing of personal data and its purpose

SAMSON AG ("SAMSON AG" or "we" in the following) processes personal user data only as far as it is necessary for providing a functioning website, our contents and services. The following data are processed when visiting our website:

  • User's IP address
  • Information on the web browser used (type, version, language)
  • Operating system used
  • User's Internet service provider
  • Date and time the user accessed our website
  • Files retrieved from our website
  • Web page from where the user got to our website
  • Web page(s) that the user retrieves on our website
  • Object (image, page) to be opened
  • Protocol (http/https)
  • Return codes (access successful/not successful)
  • Referrer (which link was opened)

The IP address needs to be processed and temporarily saved to supply the web page to the user's computer. This means that the user's IP address must be saved for the session. The log files created contain IP addresses or other data that make it possible to identify the user. The log files are saved to ensure the proper functioning of the web pages. Additionally, we use the data to optimize our site and ensure the security of our IT systems.

Personal data are exclusively processed for the mentioned purposes and to the extent necessary for fulfilling these purposes.

1.2 Legal grounds for the processing of personal data

As a rule, personal user data are processed after users haven given their consent. An exception applies in such cases where prior consent cannot be requested for factual reasons and where laws and regulations permit the processing of personal data. The storage of personal data and log files is governed by Article 6(1) lit. f) of GDPR.

1.3 Data erasure and period for which the data are saved

We delete or block the personal data of the data subjects as soon as the purpose for storage has become void. When data are processed to provide web pages, the data are erased at the end of the session. Personal data saved in log files are deleted after seven days at the latest. Any further storage is possible if the user's IP address has been deleted or depersonalized beforehand so that the accessing client cannot be identified any longer.

2. Cookies

We use cookies on several of our web pages. Cookies can be saved on the user's operating system when he or she opens one of our web pages. Cookies contain a specific sequence of characters that allows web browsers of returning users to be clearly identified. The following data are saved in the cookie:

  • Language settings
  • Logon information

The purpose of cookies is to make our web page design user friendly. The processing of personal data using cookies is governed by Article 6(1) lit. f) of GDPR. Cookies are saved on the user's computer and transmitted to our web pages from there. Users can change the cookie handling settings in their web browsers to deactivate or restrict the use of cookies. Cookies that have already been saved can be deleted at any time. When cookies have been deactivated for our website, users may no longer be able to use all functions provided on our pages.

3. Web analytics

We use Matomo on our website, a software for statistical analysis of user access to our web pages provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. No personal user profiles are created, only anonymous statistics are generated. We aim to improve the quality of our website and its contents by using web analytics. We use cookies to do so (see above), which enables us to analyze the usage of our web pages. Users can block web analytics by deactivating JavaScript and cookies in their web browser. Further information on how to proceed can be found in the product documentation made available by the different web browser providers. The processing of data in this context is governed by Article 6(1) lit. f) of GDPR. We have a legitimate interest in analyzing the behavior of our website users for optimization purposes. For further information on the Matomo terms of use and data protection regulations go to

4. Google Maps

We use the Google Maps API provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to illustrate map information on our website. When using Google Maps, Google also processes usage data by website users who utilize the map functions. The processing of personal data is governed by Article 6(1) lit. f) of GDPR. We have a legitimate interest in presenting attractive web pages and in making the locations specified on our pages easy to find. For further information on how Google processes personal data refer to the Google privacy policy available at

5. Leaflet Open Street Maps

We use Leaflet Open Street Maps ( to illustrate map information on our website. Using Leaflet involves the processing of usage data by website users who utilize the map functions. The processing of personal data is governed by Article 6(1) lit. f) of GDPR. We have a legitimate interest in presenting attractive web pages and in making the locations specified on our pages easy to find. For further information refer to the Leaflet website available at

6. Form for applicants

Job applicants can enter their personal data on our website to apply for the posted vacancies. The data are entered in a form and transmitted to SAMSON AG, where they are saved. We only record the personal data required for the application process. Applicants must provide information on their job history so that we can fully assess their application. The following data are collected:

  • Form of address
  • First name, last name
  • Street address including ZIP code and city
  • Nationality (voluntary information)
  • Phone number and times of availability
  • E-mail address
  • Date of birth (voluntary information)
  • Information on the current job situation including period of notice, salary before tax, number of employers in the previous five years (voluntary information)
  • Desired annual salary
  • Information on job qualifications including type of degree or vocational training diploma, grade in degree/diploma, grade average, field, name of university or vocational training institute (voluntary information)
  • Job experience (voluntary information)
  • Language skills (voluntary information)
  • Application documents (cover letter, CV, certificates)

The personal data provided by the applicants are only used by SAMSON AG for the purpose of selecting suitable job candidates. When handling applications, we restrict ourselves to the data directly entered by the applicants. This may include data they entered on online business networks or employment websites. If we ask applicants for their sex by requesting them to enter the form of address, we only do so because we want to address them properly.

If users who have applied for a posted SAMSON AG vacancy but were not considered suitable candidates for this opening are interested, we offer to check their suitability for other SAMSON AG vacancies. However, we will contact the applicants before forwarding the submitted personal data to other areas within SAMSON AG so that the applicants can decide whether they want to participate in this procedure.

The processing of personal data collected through the application form is governed by Article 88(1) of GDPR in connection with §26 of BDSG (German Federal Data Protection Act). We delete the collected personal data six months after an applicant has been rejected, unless he or she has given consent to his or her personal data being added to our pool of applicants.

Underage applicants who have not reached the age of 16 must send us, by ground mail, a declaration of consent signed by their parents having custody or their custodian. In this declaration, the parents or custodian must state that they consent to the underage applicant being added to our pool of applicants.

7. Newsletter

We offer a free newsletter on our website. We process the following personal data when users subscribe to it:

  • First name, last name
  • E-mail address
  • IP address of accessing client computer
  • Date and time of subscription

During the subscription process, users are asked to give their consent to the processing of data and reference is made to this privacy policy. The data processed for sending out the newsletter are not forwarded to third parties. The data are exclusively used for sending out the newsletter. The processing of personal data after subscribing to the newsletter is governed by Article 6(1) lit. a) of GDPR. We only save the user's e-mail address while the newsletter subscription is active. Users can unsubscribe from the newsletter at any time by clicking on the link contained in every newsletter. The personal data are deleted immediately in this case.

8. Contact forms and e-mail contact

Our website includes several contact forms so that users can get in touch with us by electronic mail. If users choose to use this form of communication, the data entered in the form are transmitted to SAMSON AG, where they are saved. This applies to the following data:

  • Form of address
  • First name, last name
  • Department
  • Company
  • Address
  • E-mail address
  • Phone number
  • User's IP address
  • Date and time of sending

Depending on the contact form, it may be possible to enter additional data. Also depending on the contract form, data may be transferred to our subsidiaries located in third countries. In such cases, we ensure that appropriate safeguards pursuant to Art. 46 GDPR are observed. Alternatively, users can make first contact with us at the e-mail address provided on the website. In this case, we save the user's personal data included in the e-mail. The processing of personal data is governed by Article 6(1) lit. f) of GDPR. The data are only used to handle the first communication and the resulting communication. If we use the personal data for other purposes, we will request the user's consent beforehand. The personal data entered in the contact form and sent by e-mail are deleted when the communication with the user has been terminated, which means when the circumstances suggest that the issue in question has been settled. The additional data collected during the sending process are deleted after seven days at the latest.

9. Data security

SAMSON AG has implemented technical and organizational security measures to protect the users' personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological development.

10. Rights of the data subjects

If SAMSON AG processes your personal data, you are a data subject as defined in Article 4(1) of GDPR and have the rights mentioned in the following towards us: If you want to exercise a right, please contact our data protection officer at datenschutz(at)
Note that we may request additional information from you under certain conditions to verify your identity. For example, we may ensure that information is not revealed to unauthorized persons when exercising the right of access.

10.1 Right of access

Pursuant to Article 15 of GDPR, you are entitled to obtain access to the personal data we process concerning you. If possible, please make your access request as precise as possible as this will make it easier for us to compile the required data.

10.2 Right to rectification

Pursuant to Article 16 of GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning yourself and/or to have incomplete personal data completed.

10.3 Right to erasure

Pursuant to Article 17 of GDPR, you have the right to obtain from us the erasure of personal data concerning yourself without undue delay. Your right to erasure depends on certain factors, including whether we still need your processed personal data to fulfill our tasks.

10.4 Right to restriction of processing

Pursuant to Article 18 of GDPR, you have the right to obtain from us restriction of processing of your personal data.

10.5 Right of information

If you have requested from us the rectification or erasure of personal data or restriction of processing, we are obliged according to Article 19 GDPR to inform each recipient to whom we have disclosed your personal data of this request, unless this proves impossible or involves disproportionate effort. You are entitled to request information about those recipients from us.

10.6 Right to data portability

Pursuant to Article 20 of GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format to have them forwarded to a different officer, if applicable.

10.7 Right to object

Pursuant to Article 21 of GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning yourself at any time. We no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

10.8 Right to withdraw the declaration of consent on privacy and data protection

If you have made your personal data available to us based on your consent, you could withdraw from your consent at any time with effect for the future, for example by e-mailing us to datenschutz(at)

The withdrawal of consent does not affect the lawfulness of processing based on consent granted before the withdrawal.

10.9 Automated individual decision-making, including profiling

Pursuant to Article 22 of GDPR, you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

10.10 Right to lodge a complaint with a supervisory authority

If you have a concern about the lawfulness of our processing of your personal data, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority in charge of SAMSON AG is:

Hessischer Beauftragter für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden, Germany

Phone: +49 611 1408-0
Fax: +49 611 1408-900
E-mail: poststelle(at)

11. Inclusion and validity of the privacy policy

This privacy policy applies to the contents of our web pages. Other privacy, data protection and data security policies apply to the contents accessible by external link. Check the disclaimer or general terms that apply to the external links to see who is responsible for these contents.

It may be necessary to revise this privacy policy to further develop our website or implement new features. As a result, we reserve the right to change this privacy policy at any time with effect for the future. The version as amended and accessible at the time you visited our website is valid.



Last update: February 2019