Privacy statement

Information on data collection according to Art. 12-14 DS-GVO

Information on data collection according to Art. 12-14 DS-GVO

With this notice we inform you about the processing of personal data when using our website “”.

Personal data is such information that relates to an identified or in any case identifiable natural person (so-called data subject). This can be – only for example – your name, your IP address, the software you use (operating system, browser) or the date and time of access.

In the following, you will therefore find out, among other things, which contact person (the so-called data controller) you can turn to, which data is processed in detail for which purpose and which rights you have against the data controller with regard to the processing of personal data.

  1. Name and contact details of the data controller and the company data protection officer

Responsible in the sense of the EU General Data Protection Regulation (DS-GVO) is the

Somack GmbH
Gottesrain 11
35325 Mücke

Phone: +49 6401 22968-0
Fax: +49 6401 22968-100

The responsible body is legally represented by Nadine Koc and Dipl. Ing. Sinan Koc.

Data Protection Officer:

We have not appointed a data protection officer and are not obliged to do so under the statutory provisions.However, you can direct enquiries on the subject of data protection to the aforementioned contact details at any time.

  1. Collection of personal data when visiting our website

In the case of purely informational use of the website ( we only collect the personal data that your browser transmits to the server of our service provider (host). If you wish to view our website, we therefore collect the following data:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access Status/HTTP Status Code
  • Data volume transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

This data is technically necessary for us to display our website to you and to ensure the stability and security of the website. The legal basis for this is Art. 6 para. 1 S. 1 lit. f) DSGVO. We have a legitimate interest in the technically error-free presentation and optimisation of our website, as well as the protection of our information technology systems. We would like to point out that the internet presence cannot be used or can only be used to a limited extent if you do not transmit the aforementioned data.

The data processed in this context is automatically deleted after 30 days if storage is no longer necessary for the protection of information technology systems or for other security reasons (e.g. to clarify acts of abuse or fraud) or for evidentiary purposes. In the aforementioned cases, we delete the data only after the final clarification of the respective incident.

This data is not merged with other data sources.

  1. Cookies

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which certain information flows to the body that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer as a whole more user-friendly and effective.

Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

The legal basis for the use of the aforementioned technically necessary cookies is Art. 6 para. 1 S. 1 lit. f) DSGVO. We have a legitimate interest in the visually appealing design of our website and its improved functionality through technically necessary cookies. Moreover, Art. 7 DS-GVO constitutes the legal basis for the use of cookies.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may then not be able to use all the functions of this website.

  1. Web analytics services

For the purpose of statistical analysis, we use Google Analytics on our website, a web analytics service provided by Google LLC, 1600 Amphitheatre, Parkway Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield agreement and in this respect commits to compliance with the European data protection standard (

Google uses cookies. The information generated by the cookies about your use of our website is usually transferred to a Google server in the USA and processed there.

Google will use the information collected on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us.

Usage profiles can be created from the processed data. However, Google is obliged not to merge the data transmitted by your browser within the scope of Google Analytics (incl. your IP address) with other data.

However, in order to prevent the personalisation of this data, your IP address is usually anonymised beforehand by shortening it within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and only anonymised there.

The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. f), 7 DSGVO, § 15 Abs. 3 TMG.

The data collected through the use of Google Analytics will be automatically deleted by us after 14 months. Deletion takes place once a month.

You can prevent cookies from being stored by setting your browser software accordingly.

In addition, you can generally prevent the collection of the data generated by the cookies and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:

As an alternative to the browser add-on or within browsers on mobile devices here:


>> Deactivate Google Analytics<<

, to prevent the collection of data by Google Analytics within this website in the future. This places an opt-out cookie on your device. If you delete your cookies, you must click this link again.

However, we would like to point out that in the above-mentioned cases (i.e. the objection to data processing by Google) you may not be able to use all the functions of our website to their full extent.

You can find more information about Google’s use of data, setting and objection options under the following links:

(View and manage your Google Account data, activities, security options and privacy settings).

(Google privacy policy and terms of use as well as information about the technologies used by Google, e.g. cookies, advertising, location information).

  1. Collection of personal data when contacting us

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and, if applicable, your telephone number, the date and time of contact) are processed by us in order to respond to your request.

The other personal data processed during the submission process (in particular your IP address) is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of personal data collected when contacting us is Art. 6 para. 1 S. 1 lit. a), lit. b) und lit. f) DSGVO. Data processing for communication and the security of our information technology systems constitute a legitimate interest.

We delete the data accruing in this context after the storage is no longer necessary to process your request or to protect our information technology systems, or restrict the processing if there are statutory retention obligations. If the information required for processing is missing, it may not be possible to process your request.

  1. Collection of personal data when sending application documents

If you send us your application documents electronically or by post, we will process your personal data as part of the selection procedure. In addition to your master data (e.g. name, address, contact and birth data), this also includes special categories of personal data (e.g. a photo that reveals ethnic origin, information about severely disabled status, etc.).

Please note that your data is encrypted during transmission to our website. You can find out more about this under the point: “Data security”.

This data is processed for correspondence with you and to carry out the selection procedure. The data processed by us as part of an application are protected against unauthorised access and manipulation by technical and organisational measures. In particular, only employees of the HR department and future supervisors have access to your data.

The data processing is carried out in response to the sending of the application documents and is in accordance with Art. 6 para. 1 S. 1 lit. a), b), Art. 9 Abs. 1 S. 1 lit. a), b), Art. 88 DS-GVO in conjunction with. § 26 BDSG Data Protection Regulation (DS-GVO) for the aforementioned purposes for the appropriate processing of the application procedure.

Your personal information and the application documents will be automatically deleted 6 months after notification of the rejection decision, unless you have consented to further storage in accordance with Art. 6 Para. 1 S. 1 lit. a) Art. 9 Abs. 2 lit. a) DSGVO or other legitimate interests conflict with a deletion and thus a processing according to Art. 6 para. 1 S. 1 lit. f), Art. 9 para. 1 lit. (f) GDPR is permissible. Such an interest exists in particular in the case of a duty of proof when asserting claims under the General Equal Treatment Act (AGG).

  1. Recipients of the personal data

Insofar as we have not expressly indicated in the above that your personal data will be transmitted by us to other persons or companies, the personal data will be collected directly on the server of our service provider (host) and subsequently processed only by us. Otherwise, we will only pass on your personal data if:

  • You have provided us with your personal data in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR have given express consent to this,
  • the disclosure pursuant to Art. 6 para. 1 S. 1 lit. f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • for the disclosure according to Art. 6 para. 1 S. 1 lit. (c) a legal obligation exists under the GDPR; and
  • this is legally permissible and in accordance with Art. 6 para. 1 S. 1 lit. b) GDPR is necessary for the processing of contractual relationships with you.

If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 DS-GVO.

  1. Data subjects’ rights

8.1. General rights

You have the following rights in relation to the personal data concerning you:

-Right of access pursuant to Article 15 of the GDPR,

-Right to rectification or erasure pursuant to Art. 16 DS-GVO or Art .17 DS-GVO,

-Right to restriction of processing pursuant to Article 18 of the GDPR,

-Right to object to processing pursuant to Article 21 of the GDPR,

-Right to data portability pursuant to Article 20 of the GDPR.

8.1. Right of appeal

In addition, they have the right to You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by the controller, in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of the controller (in Hesse: The Hessian State Data Protection Commissioner, Gustav-Stresemann-Ring 1, 65189 Wiesbaden).

8.2. Right of objection

Insofar as your personal data is collected on the basis of legitimate interests pursuant to Art. 6 para. 1 S. 1 lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 DS-GVO, insofar as there are grounds for doing so which arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which is implemented by the controller without specifying a particular situation. If you wish to exercise your right of revocation or objection, it is sufficient to send a letter, e-mail or fax to the above contact details.

8.3. Right of withdrawal

Insofar as you have given your consent to the processing of your personal data, you can exercise this right in accordance with the German Data Protection Act. You may withdraw your consent at any time (e.g. by letter, e-mail or fax) in accordance with Art. 7 GDPR. This has the consequence that the controller may no longer continue the data processing based on this consent for the future. However, he reserves the right to continue processing the personal data if a legal permission standard permits this. The processing of personal data in the past is not affected by the withdrawal of consent.

  1. Sources

Unless explicitly stated above, the personal data processed originates directly from you and is made available to us directly by you or the hardware and software you use.

  1. Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

  1. Up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and has the status March 2020.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be viewed at any time on the website at be retrieved and printed out by you.