Privacy Policy

1. Overview of data protection

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can personally identify you. Detailed information on data protection can be found in our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the “Responsible Entity Notice” section of this privacy policy.

How do we collect your data?

Your data is collected, in part, by you providing it to us. This may include data entered on a contact form, for example.

Other data is collected by our IT systems automatically or after you have given your consent when you visit our website. This data is primarily technical in nature (e.g. internet browser, operating system or time a page was accessed). This data is collected automatically when you visit this website.

What do we use your data for?

Some of the data is collected to ensure the proper functioning of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to obtain free information about the origin, recipient and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data.  If you have given consent to data processing, you can revoke this consent at any time with effect for the future. Additionally, under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this purpose and for any further questions regarding data protection, you can contact us at any time.

Analysis tools and third-party tools

When you visit this website, your surfing behaviour may be statistically evaluated. This is mainly done using so-called analysis programs. Detailed information on these analysis programs can be found in this Privacy Policy.

2. Hosting

External hosting

This website is externally hosted. The personal data collected on this website is stored on the servers of the host or hosts. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our website by a professional provider (Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Our host or hosts will only process your data to the extent necessary to fulfill its contractual obligations and will follow our instructions regarding this data.

We use the following host:

Bauer und Guse GmbH
Ober-Ramstädter Straße 98
64367 Mühltal, Germany
Telephone: +49 6151 913053

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) for the use of the service mentioned above. This is a legally required agreement that ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.

When you use this website, a variety of personal data is collected. Personal data is data that can be used to personally identify you. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission via the internet (e.g. communication by e-mail) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Data controller

The data controller responsible for data processing on this website is:

SAM Xlation GmbH
Hilpertstraße 3
64295 Darmstadt, Germany

Represented by the Managing Director: Heike Klaum-Frenzel
Telephone: +49 6151 9121-0
Email: sam@sam-xlation.de

The data controller is the natural or legal entity that, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Retention period

Unless a specific retention period is specified within this Privacy Policy, your personal data will remain with us until the purpose for data processing ceases to exist. If you assert a legitimate deletion request or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, deletion will take place after these reasons cease to exist.

General information on the legal basis of data processing on this website

If you have given your consent to data processing, we will process your personal data based on Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR if special categories of data are processed according to Art. 9 Para. 1 GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out based on Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing is additionally based on § 25 Para. 1 TTDSG. Consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we will process your data based on Art. 6 Para. 1 lit. b GDPR. Furthermore, we will process your data if this is necessary in order to fulfil a legal obligation based on Art. 6 Para. 1 lit. c GDPR. Data processing may also be based on our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. The relevant legal bases for each specific case are provided in the following paragraphs of this Privacy Policy.

Data Protection Officer

We have appointed a Data Protection Officer. You can reach this person at the postal address above, inserting “attn. Data Protection Officer”.
Email: datenschutz@sam-xlation.de

Notice regarding data transfer to non-secure third countries and transfer to US companies not certified under the DPF

We use tools from companies based in non-secure third countries and US-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF), among others. If these tools are active, your personal data may be transferred to and processed in these countries. Please note that non-secure third countries do not guarantee a level of data protection comparable to that of the EU.

We would like to point out that, in principle, the USA is considered a safe third country with a level of data protection comparable to that of the EU. Accordingly, data transfer to the USA is permissible if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. Information on transfers to third countries, including data recipients, can be found in this Privacy Policy.

Recipients of personal data

Disclosure of personal data to third parties

In the course of our business activities, we collaborate with various external entities. At times, it is necessary to transmit personal data to these external parties. We only disclose personal data to external entities when it is necessary for the performance of a contract, when we are legally obligated to do so (e.g. disclosure of data to tax authorities), when we have a legitimate interest under Article 6(1)(f) of the GDPR in the disclosure, or when another legal basis permits data disclosure. When using data processors, we only disclose personal data of our customers based on a valid Data Processing Agreement. In the case of joint processing, a Joint Processing Agreement is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke consent that has already been given at any time. The legality of data processing carried out prior to the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, INCLUDING PROFILING BASED ON THOSE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR DATA PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) GDPR).

Right to lodge a complaint with the supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another controller, this will only be done to the extent that this is technically feasible.

Access, rectification, and erasure

Within the framework of the applicable legal provisions, you have the right to free access to your stored personal data, its origin, recipients, and the purpose of data processing, and, if applicable, a right to rectification or erasure of this data. For this purpose and for any further questions regarding personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to verify this.  For the duration of this investigation, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data is unlawful, but you oppose the deletion of the data and instead request the restriction of the data processing.
• If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have filed an objection pursuant to Article 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests outweigh the other, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser.

When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Objection to promotional emails

We hereby expressly forbid the use of contact data published in the context of website legal requirements for the purpose of the sending promotional and informational materials not expressly requested. The operators of the website expressly reserve the right to take legal action in the event of unsolicited sending of promotional information, such as spam emails.

4. Data collection on this website

Cookies

Our website uses so-called “cookies.” Cookies are small data packets that do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently on your device (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payments).

Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the playing of videos). Other cookies may be used for the analysis of user behaviour or for advertising purposes.

Cookies that are necessary for the performance of the electronic communication process, for the provision of certain functions desired by you (e.g. for shopping cart function), or for website optimization (e.g. cookies for measuring the web audience) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and similar identification technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

Contact form

When you submit enquiries to us via the contact form, the information you provide in this form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and for handling any subsequent questions. We do not disclose this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, provided your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing enquiries directed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions – especially retention periods – remain unaffected.

Enquiries via email, phone or fax

When you contact us by email, phone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not disclose this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, provided your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing enquiries directed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if requested; consent can be revoked at any time.
The data you send to us via contact enquiries will remain with us until you request deletion, revoke your consent to storage, or the reason for data storage no longer exists (e.g. after your request has been processed). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

5. Analysis tools and advertising

Matomo

This website uses the open-source web analysis service Matomo.

With the help of Matomo, we are able to collect and analyze data on the use of our website by website visitors. This enables us, among other things, to determine when specific pages were viewed and from which region. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analytics tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimize both its web offering and its advertising. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

IP anonymization

When analysing with Matomo, we use IP anonymization. This means that your IP address is truncated before analysis, so that you cannot be uniquely identified.

Hosting

We host Matomo exclusively on our own servers, so all analytical data remains with us and is not passed on.

6. Plugins and tools

Icons and emojis

We use so-called icons or emojis on our website. These are graphic elements or files that we use but load from another server. We consider the legal basis for use to be Article 6(1)(f) GDPR, our legitimate interest in providing visitors with a pleasant user experience.

The service provider for retrieving WordPress emojis, icons and smileys is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This third-party provider stores your IP address to transmit the emoji files to your browser.

For the basis of data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein and Norway, and in the USA, in particular) or the transfer of data to these countries, WordPress uses so-called standard contractual clauses (according to Article 46(2) and (3) GDPR).

Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards, even if it is transferred to third countries (such as the USA) and stored, processed and managed there. These clauses obligate WordPress to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: [Link](https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de).

The data processing terms can be found at [Link](https://wordpress.com/support/data-processing-agreements/).
Feel free to also read Automattic’s privacy policy at [Link](https://automattic.com/privacy/).

Google Fonts

This page uses so-called Google Fonts for uniform display of fonts, provided by Google. When you visit a page, your browser loads the required fonts into its browser cache to display text and fonts correctly.

For this purpose, the browser you are using must establish a connection to Google’s servers. This enables Google to know that this website has been accessed via your IP address. The use of Google Fonts is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of the font on its website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

If your browser does not support Google Fonts, a default font from your computer will be used.

Additional information about Google Fonts

Further information about Google Fonts can be found at [link](https://developers.google.com/fonts/faq) and in Google’s Privacy Policy: [link](https://policies.google.com/privacy?hl=de).

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: [link](https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active).

OpenStreetMap

We use the mapping service provided by OpenStreetMap (OSM).

We integrate the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a data protection-safe third country. This means that the United Kingdom has a level of data protection that corresponds to the level of data protection in the European Union. When using OpenStreetMap maps, a connection is made to the servers of the OpenStreetMap Foundation. Your IP address and other information about your behaviour on this website may be transmitted to the OSMF. OpenStreetMap may also store cookies in your browser or use comparable recognition technologies.

The use of OpenStreetMap is in the interests of the attractive presentation of our online services and easy findability of the locations we include on the website. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

7. Audio and video conferences

Data processing

For communication with our customers, we use various online conferencing tools. The tools we use are listed below. When you communicate with us via video or audio conference using the internet, your personal data is collected and processed by us and the provider of the respective conference tool.

The conference tools collect all the data that you provide/use in order to use the tools (your email address and/or phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants, and other “context information” related to the communication process (metadata).

Additionally, the tool provider processes all technical data required for the handling of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded or otherwise provided within the tools, it is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely based on the company policy of the respective provider. For further information on data processing by conference tools, please refer to the privacy policies of the respective tools listed below.

Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Article 6(1)(b) GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Article 6(1)(f) GDPR). If consent has been requested, the use of the respective tools is based on this consent; the consent can be revoked at any time with effect for the future.

Storage duration

The data directly collected by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to storage, or the reason for data storage no longer exists. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We do not have any influence on the storage duration of your data stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details about data processing can be found in the privacy statements of Microsoft and Microsoft Teams: [Microsoft Privacy Statement](https://privacy.microsoft.com/de-de/privacystatement) and [Microsoft Teams Security](https://www.microsoft.com/de-de/microsoft-teams/security).

8. Handling job applicant data

Scope and purpose of data collection

You may apply to us for a job (e.g. via email, post or online application form). Below, we inform you about the scope, purpose and use of your personal data that is collected as part of the application process. We assure you that the collection, processing and use of your data will be in accordance with applicable data protection laws and all other legal provisions and that your data will be treated strictly confidentially.

When you submit a job application to us, we process the associated personal data (e.g. contact and communication details, application documents, notes from job interviews, etc.) to the extent necessary to enable us decide on whether to offer you employment. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Article 6(1)(b) GDPR (general pre-contractual inquiries), and – if you have given consent – Article 6(1)(a) GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in the processing of your application.

If the application is successful, the data you submitted will be stored in our data processing systems for the purpose of performing the employment relationship based on § 26 BDSG and Article 6(1)(b) GDPR.

Data retention period

If we are unable to offer you a job, you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided for up to 6 months after the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Article 6(1)(f) GDPR). Subsequently, the data will be deleted, and physical application documents will be destroyed. In particular, storage serves the purpose of evidence in the event of legal disputes. If it becomes evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the reason for continued storage no longer exists.

The retention period may also be longer if you have given consent (Article 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the applicant pool

If we are unable to offer you a job, there may be an opportunity to include you in our applicant pool. If you are included in the pool, all documents and information from the application will be transferred to the applicant pool so that you can be contacted in the event of a suitable vacancy.

Inclusion in the applicant pool is based solely on your explicit consent (Article 6(1)(a) GDPR).

If applicants have not yet given consent to the applicant pool as part of their application, we will contact you and explicitly request your consent. The giving of consent is voluntary and has no influence on the ongoing application process. The data subject can revoke their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted unless there are legal reasons for its retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent is given.