Looking for experts?

Find now

Privacy Policy

Privacy policy for applicants and other candidatesPrivacy policy for employees, temporary workers, and freelancersPrivacy policy for customers and other affected persons
Thank you for your interest in our company. Protecting your personal data is very important to us. Below, we provide you with an overview of how we process your personal data and outline your rights under German data protection law. With the following information, we would like to give you, as a visitor to our website, an overview of how we process your personal data and your rights under German data protection law. Which data is processed in detail depends largely on your specific usage behavior on our website and other circumstances specific to your individual case. Therefore, not all parts of this information may apply to you.

1. Responsible party and contact details of the data protection officer

The responsible party responsible for data processing through this website is

SOMI Experts GmbH
Kennedyallee 93
60596 Frankfurt

You can contact our data protection officer at

SOMI Experts GmbH
Kennedyallee 93
60596 Frankfurt

as well as by email at datenschutz@somi.de and by telephone at +49 69 / 47 89 18 90-0.

2. Processing of data in connection with the use of our website

2.1. Data categories, purpose of processing and legal basis

When you use our websites, applications, or online tools (hereinafter collectively referred to as “online offering”), we process the following personal data:

  • Personal data that you voluntarily provide in connection with an online offering (e.g., when registering or making contact requests), such as your first and last name, email address, telephone number, and
  • Information that is automatically sent to us by your web browser or end device, such as your IP address, device type, browser type, previously visited websites, subpages visited, or the date and time of the respective visitor request.
  • Technical administration of the website (prevention and detection of fraudulent or similar actions, including attacks on our IT infrastructure, enabling user authentication) The legal basis for the processing of personal data for these purposes is Art. 6 para. 1 lit. f DS-GVO (GDPR Art. 6 (1) (f)), regardless of whether a contractual relationship exists with you.
  • Online and other services (enabling the use of the services and functions of our online offerings, processing of inquiries, sending marketing information upon request, use of MySOMI)

The legal basis for the processing of personal data for the above-mentioned purpose is Art. 6 (1) lit. b and lit. f GDPR. Visiting our online offering establishes a contractual relationship within the meaning of Art. 6 (1) lit. b GDPR. Without the processing of personal data, we cannot offer our online offering as intended. In particular, the transmission of personal data such as the IP address is necessary for establishing a connection.

In some cases, we expressly ask for your consent to the processing of your personal data. In this case, the legal basis for the processing is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR.

3. Newsletter

If you wish to subscribe to our newsletter, we require your email address and sufficient information to confirm that you are the owner of the provided address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-in process). To personalize the newsletter, we store personal data such as your first name, last name, and company name. We use this data exclusively for sending the requested information and for documenting your consent. You can revoke your consent to the storage of data, your email address, and its use for sending the newsletter at any time with future effect, for example via the “Unsubscribe” link in the newsletter.

We use an external service provider to manage and send our newsletter. This service provider has been carefully selected and is obliged to comply with all data protection regulations in accordance with Art. 28 GDPR.

4. Contact

Our website contains contact forms that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and some of the data will be stored.

In this context, the data will not be passed on to third parties outside the company. The data will be used exclusively for processing the correspondence.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at concluding a contract, Art. 6 para. 1 lit. b GDPR is the further legal basis for the processing.

The processing of personal data from the input mask serves to process the contact and to prevent misuse of the contact form.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and data sent by email, this is the case when the respective correspondence has ended.

The user has the option to object to the processing of their personal data at any time. In such a case, the correspondence cannot be continued. Please send us your deletion request via email to datenschutz@somi.de . All personal data stored in the course of establishing contact will be deleted in this case.

5. Social media

We use references (“links”) to some social networks on our website to draw attention to our services and products and to get in touch with you as a visitor and user of these social media sites and our online offering.

The legal basis for this data processing is Art. 6 (1) (f) GDPR. Insofar as the use of social media results in a transfer to a so-called third country, the legal basis is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR (see section 6). You give your consent to this in our cookie banner.

You can recognize the specific links by the logo of the respective social network. By clicking on the logo, a direct connection between your browser and the server of the respective service is established and you will be redirected to the website of the service provider.

These are not so-called social plug-ins, which establish a connection and data transmission to the respective social network as soon as you visit our website. We would like to point out that you use the following services and their functions at your own risk. Please also note that when you visit the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Specifically, these are the following third-party providers:

5.1. YouTube

This website uses the YouTube video platform, which is operated by YouTube, LLC (hereinafter referred to as “YouTube”). YouTube is a platform that enables the uploading and playback of video files.

When you access a corresponding page of our website, the embedded YouTube player establishes a connection to YouTube's servers so that video and audio files can be transmitted and played back. In doing so, data is also transferred to YouTube as the responsible party. We are not responsible for the processing of this data by YouTube.

Further information on the scope and purpose of the data collected, the further processing and use of the data by YouTube, your rights, and the data protection options available to you can be found in YouTube's privacy policy.

5.2 Facebook

This online offer also links to the services of the company “Facebook Ireland Ltd.” (hereinafter referred to as “Facebook”).

When you visit our Facebook fan page, Facebook collects your IP address and, if applicable, other information stored on your computer in the form of cookies. This information is used to provide us, as the owner of the Facebook fan page, with statistical information about the use of the Facebook page.

The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union. We would like to point out that Facebook is responsible for the corresponding transfer and subsequent processing operations under data protection law. Which specific data Facebook receives and how it is used is described in general terms in Facebook's privacy policy. Further information on this can be found in Facebook's privacy policy.

5.3. X Corp. (formely Twitter)

We link to the short message service of X Corp., 865 FM 1209, Building 2, Bastrop, TX 78602, USA, on our website. The company responsible for data processing for persons living outside the United States is X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

When you use X, your personal data is collected, transferred, stored, disclosed, and used by X Corp. and, regardless of your place of residence, transferred to the United States, Ireland, and any other country in which X Corp. does business, where it is stored and used.

Firstly, X processes all information that you voluntarily enter, such as your name and user ID, email address, telephone number, and the contacts in your address book if you upload or synchronize it. Furthermore, X also evaluates the content you share to determine which topics you are interested in and may store and process confidential messages.

Further information can be found in X's privacy policy.

6. Recipients and categories of recipients

Within our company, those departments that need your data to fulfill their contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us may also receive data for these purposes, provided that they maintain confidentiality and integrity. These are companies in the categories of IT services, telecommunications, and sales and marketing.

With regard to the transfer of data to recipients outside our company, it should first be noted that we only transfer necessary personal data in compliance with the applicable data protection regulations. We may only disclose information about you if this is required by law, if you have given your consent, or if we are authorized to provide such information. Under these conditions, recipients of personal data may include:

  • public authorities and institutions (such as law enforcement authorities) if there is a legal or official obligation to do so,
  • other companies affiliated with our group, and
  • service providers that we use within the scope of order processing relationships.

7. Transfer to third countries

Data transfer to locations in countries outside the European Union (so-called third countries) is generally not planned, but cannot be ruled out. Such transfers will take place if

  • this is required by law (e.g., legal reporting obligations) or
  • you have given us your consent.

Furthermore, transfer to third countries cannot be ruled out in order to maintain and ensure the IT operations and IT security of the company.

The use of our social media and map services may also result in the transfer of data and subsequent processing of usage data by the respective services in the USA. The basis for any processing activities is your explicit declaration of consent, which you have given via the cookie banner. Your declaration of consent justifies such data processing in exceptional cases and on a case-by-case basis in accordance with Art. 49 (1) lit. a GDPR. Please note that the US does not have a comparable level of data protection to that in the EU and the EEA. In particular, it is possible that government agencies may access your personal data on the basis of legal authorizations without our or your knowledge. Comparable possibilities for self-enforcement do not exist in the USA, so that this does not appear to be promising.

You can completely reject the use of cookies and other technologies or make individual settings. You can also withdraw your consent at any time with effect for the future. Any processing carried out prior to this remains unaffected by a withdrawal.

8. Storage period

We process and store your personal data for as long as it is necessary to fulfill our contractual obligations and exercise our rights.

The revocation of previously given consent will be retained for three years due to our accountability obligation. The administrative cookie is deleted 6 months after your last visit. Server log data is anonymized before storage. Data relating to newsletters and invitations is deleted immediately after unsubscribing.

In individual cases, longer storage of data may be justified for reasons of evidence in justified individual cases. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

9. Data security

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, SSL or TLS encryption is implemented on our website. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

Our employees and the service providers we commission are also obliged to maintain confidentiality and comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organizational security measures to protect your personal data from loss, alteration, destruction, and access by unauthorized persons or unauthorized disclosure. Our security measures are continuously improved in line with technological developments.

10. Data Subject Rights

As a data subject, you have the right to access your data (Article 15 GDPR), to rectify inaccuracies (Article 16 GDPR), to request erasure (Article 17 GDPR), the right to restriction of processing under Art. 18 GDPR, and the right to data portability under Art. 20 GDPR.

The restrictions under Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right to information and the right to erasure. In addition, there is a right to lodge a complaint with a competent data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the BDSG).

You may withdraw your consent to the processing of your personal data at any time with future effect. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future.

You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, in particular on the basis of Art. 6 (1) lit. f GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. This includes, in particular, processing necessary for the assertion, exercise, or defense of legal claims.

You also have the right not to be subject to decisions based solely on automated processing as set out in Article 22 GDPR. We do not use fully automated decision-making for the establishment, execution, and termination of the business relationship. Should we use these procedures in individual cases (e.g., to improve our products and services), we will inform you separately about this and your rights in this regard, provided that this is required by law.

11. Obligation to provide data

Within the scope of our online offering, we rely on the processing of usage data that is necessary for the performance and termination of the service and for the fulfillment of the associated obligations. Without the collection of usage data, we and our service providers are unable to provide you with our online offering.

12. Profiling

We do not process your personal data in an automated manner in such a way that it has legal effects on you or significantly affects you in a similar manner.

13. Validity and changes to this privacy policy

This privacy policy is currently valid and was last updated in November 2020.