Privacy Policy


Privacy Policy

This privacy policy explains the type, scope and purpose of personal data (hereinafter referred to as ‘data’) processing within our website and within websites, functions, content and external websites connected with it, e.g. our social media profile (hereinafter collectively referred to as ‘website’). We refer to the definitions in Article 4 of the EU General Data Protection Regulation (GDPR) with respect to the terms used, such as ‘processing’ or ‘controller’.


SAMCO Autotechnik GmbH
Höhenhöfe 30
47918 Tönisvorst
Managing Directors: Cevdet Colakoglu, Monika Colakoglu, Egon Hafner
Link to the imprint:

The controller’s data protection officer can be contacted at:

Type of data processed:

– Inventory data (e.g. names, addresses).
– Contact data (e.g. email, phone numbers).
– Content data (e.g. text input, photos, videos).
– Use data (e.g. websites visited, interest in content, access times).
– Meta data/communications data (e.g. device information, IP addresses).

Categories of data subjects

Visitors and users of the website (we hereinafter also refer to data subjects collectively as ‘users’).

Purpose of processing

– To make the website, its functions and content available.
– To respond to contact requests and communication with users.
– Security measures.
– Reach measurement/marketing.
Terms used

‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ is any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. The term is used broadly and includes practically any kind of data handling.

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Article 13 of the GDPR, we are informing you of the legal bases of the data we process. If a legal basis is not specified in the privacy policy, the following shall apply: The legal basis for obtaining consent is Article 6 (1) (a) and Article 7 of the GDPR; the legal basis for processing to fulfil our services, execute contractual measures, and to respond to requests is Article 6 (1) (b) of the GDPR; the legal basis for processing to meet our legal obligations is Article 6 (1) (c) of the GDPR; and the legal basis for processing to safeguard our legitimate interests is Article 6 (1) (f) of the GDPR. If interests essential for the life of the data subject or another natural person mean that personal data must be processed, Article 6 (1) (d) of the GDPR forms the legal basis for this.

Security measures

In accordance with Article 32 of the GDPR, taking into account the state of technological knowledge, implementation costs and the type, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures particularly include securing the confidentiality, integrity and availability of data through controls for physical access to data, as well as access, input, sharing, securing availability and separation that relate to it. We have also established a procedure that ensures that data subject rights are observed, data is deleted and threats to data are responded to. Furthermore, we already observe the protection of personal data in the development and/or selection of hardware, software and processes, in accordance with the principle of data protection using technology design and data protection by default (Article 25 of the GDPR).

Working with contract processors and third parties

If, within the context of processing, we disclose data to other persons or companies (contract processors or third parties), send such data to these parties or otherwise grant them access to data, this is exclusively based on a statutory permission (e.g. if the data must be shared with third parties in order to fulfil a contract, for example a payment service provider pursuant to Article 6 (1) (b) of the GDPR), your consent, a legal obligation, or our legitimate interests (e.g. when using contractors, web hosts, etc.).

If we engage third parties to process data based on a ‘data processing agreement’, this is based on Article 28 of the GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA]), or if this takes place as part of us engaging third-party services or as part of the disclosure or transfer of data to third parties, this only takes place in order to fulfil our (pre-)contractual duties based on your consent, a legal obligation or our legitimate interests. Subject to statutory or contractual permissions, we only process data in a third country, or allow data to be processed in a third country, if the particular conditions of Article 44 et seq. of the GDPR have been met. This means, for example, that processing takes place based on certain guarantees, such as the officially recognised level of data protection in accordance with the EU (e.g. through the ‘Privacy Shield’ for the USA) or in compliance with officially recognised special contractual obligations (‘standard contractual clauses’).

Data subject rights

You have the right to request confirmation of whether your data is processed and to request information about this data, other information and copies of data in accordance with Article 15 of the GDPR.

In accordance with Article 16 of the GDPR, you also have the right to request that your data is completed or that incorrect data is rectified.

Pursuant to Article 17 of the GDPR, you have the right to request that your data is immediately erased, or alternatively, that data processing is restricted in accordance with Article 18 of the GDPR.

You have the right to request that your data, which you have provided to us, is sent to you in accordance with Article 20 of the GDPR, and/or that it is transferred to another controller.

Pursuant to Article 77 of the GDPR, you also have the right to submit a complaint to the relevant supervisory authorities.

Right of withdrawal

You have the right to withdraw consent with future effect, pursuant to Article 7 (3) of the GDPR.

Right to object

Pursuant to Article 21 of the GDPR, you can object to the future processing of your data at any time. You can object to processing specifically for the purposes of direct marketing.


Cookies and right to object for direct marketing

‘Cookies’ are small files that are saved on users’ machines. Various different information can be saved in the cookies. A cookie is mainly used to store information about the user (or the device on which the cookie is stored) during or after a website visit. Temporary cookies, also known as ‘session cookies’ or ‘transient cookies’, are cookies that are deleted after the user leaves the website and closes the browser. For example, such a cookie can save the content of the shopping cart in an online shop, or a login status. ‘Permanent’ or ‘persistent’ cookies are cookies that are stored even after the browser has been closed. As such, the login status can be saved, for example, if the user visits again after a number of days. The user’s interests can also be saved in such a cookie, which can be used for reach measurement or marketing. ‘Third-party cookies’ are cookies that are supplied by providers other than the controller that operates a website (if only the operator’s cookies are used, these are called ‘first-party cookies’).

We may use temporary and permanent cookies and we explain these in our privacy policy.

If users don’t want cookies to be stored on their machine, they have the option of deactivating cookies in their browser’s settings. Stored cookies can be deleted in the browser’s settings. Deactivating cookies can restrict the functions on this website.

A general objection can be made to the use of cookies for the purposes of online marketing for a number of services – mainly tracking – via the US site or via the EU site Cookies can also be disabled in your browser’s settings. Please note that this may mean that you won’t be able to use all of the functions on this website.

Erasure of data

Data processed by us is erased, or processing is restricted, in accordance with Articles 17 and 18 of the GDPR. Unless otherwise explicitly specified as part of this privacy policy, data stored by us is erased if it is no longer required for its specific purpose, and erasure is not subject to any statutory retention periods. If data is not erased because it is required for other legally permissible purposes, the processing of such data is restricted. This means that data is locked and not processed for other purposes. As an example, this could mean that data must be stored for reasons pertaining to commercial law or tax law.

In accordance with legal provisions in Germany, data is stored in particular for 10 years pursuant to Section 147 (1) of the German Tax Code (Abgabenordnung, AO), Section 257 (1) No. 1 and No. 4, and Section 257 (4) of the German Commercial Code (Handelsgesetzbuch, HGB) (accounts, records, management reports, accounting records, trading accounts, documents relevant for tax purposes, etc.) and 6 years pursuant to Section 257 (1) No. 2 and No. 3, Section 257 (4) of the HGB (commercial letters).

In accordance with legal provisions in Austria, data is stored in particular for 7 years pursuant to Section 132 (1) of the Austrian Federal Fiscal Code (Bundesabgabenordnung, BAO) (accounting documents, records/invoices, accounts, records, business papers, statement of revenue and expenditure, etc.), for 22 years if related to property and for 10 years for documents relating to electronically provided services, telecommunications services, broadcasting services and television services that are provided to non-business persons in EU member states and for which the Mini One Stop Shop (MOSS) is used.

Business-related processing

We also process
– Contract data (e.g. object of the contract, term, customer category).
– Payment details (e.g. bank details, payment history)
of our customers, interested parties and business partners to fulfil contractual performance, provide services and for customer care, marketing, advertising and market research.

Administration, accounting, office organisation, contact management.

We process data within the scope of administrative tasks, the organisation of our business, accounting and compliance with legal duties, such as archiving. In doing so, we process the same data that we process within the scope of providing our contractual services. The legal bases for processing are Article 6 (1) (c) of the GDPR and Article 6 (1) (f) of the GDPR. Customers, interested parties, business partners and website visitors are affected by processing. The purpose of and our interests in processing include administration, accounting, office organisation and data archiving, i.e. tasks that allow us to maintain our business, carry out our duties and provide our services. The erasure of data relating to contractual services and contractual communication corresponds with the information set out in these contractual activities.

We disclose or send data to tax authorities, advisers, such as tax advisers or auditors, other fee-requesting bodies and payment service providers.

We also store information about suppliers, organisers and other business partners on the basis of our business interests, e.g. for later contact. The majority of this information is business-related data, which we store on a permanent basis.
Privacy notice for the application process

We only process applicant data for the purpose of, and as part of, the application process and in compliance with legal provisions. Applicant data is processed to fulfil our (pre-)contractual obligations as part of the application process within the meaning of Article 6 (1) (b) of the GDPR and Article 6 (1) (f) of the GDPR, provided that we are required to process data, e.g. within the scope of legal procedures (in Germany, Section 26 of the Federal Data Protection Act [Bundesdatenschutzgesetz, BDSG] also applies).

The application process presupposes that applicants share applicant details with us. If we provide an online form, the required applicant data is indicated, and can otherwise be found in the job description, and mainly includes information relating to personal, postal and contact addresses and documents associated with the application, such as cover letters, CVs and certificates. Applicants may also provide us with additional information on a voluntarily basis.

By sending the application to us, the applicant agrees to the processing of data for the purpose of the application process, in accordance with the nature outlined in this privacy policy.

If, as part of the application process, specific categories of personal data within the meaning of Article 9 (1) of the GDPR are shared voluntarily, this data is also processed pursuant to Article 9 (2) (b) of the GDPR (e.g. health-related data such as pregnancy, or ethnic origin). If, as part of the application process, specific categories of personal data within the meaning of Article 9 (1) of the GDPR are requested from applicants, this data is also processed pursuant to Article 9 (2) (b) of the GDPR (e.g. health-related data, if this is required for the job).

If available as an option, applicants can send their applications via an online form on our website. Data is sent encrypted in accordance with the level of current technology.
Applicants can also send their applications by email. However, if doing so, please note that emails are not sent encrypted and the applicant must ensure that they are encrypted. We can therefore assume no responsibility for the transmission of the application between the sender and recipient on our server, and recommend sending the application via an online form or the post. The applicant still has the option of sending the application by post instead of applying via the online form or by email.

If an applicant is successful, data provided by the applicant may be further processed by us with respect to the employment relationship. Otherwise, if the applicant is unsuccessful in applying for a vacancy, his/her data will be erased. The applicant’s data is also erased if the application is withdrawn, and the applicant is entitled to do this at any time.

Subject to the applicant’s legitimate withdrawal, the data is erased after a period of six months so that we are able to respond to any follow-up questions about the application and can meet our duties to provide evidence pursuant to the Equal Treatment Act (Gleichbehandlungsgesetz). Invoices or receipts for the reimbursement of any travel costs are archived in accordance with tax provisions.
Contacting us

If you contact us (e.g. via the contact form, by email, telephone or via social media), user information is processed in order to process the contact request and to resolve it, pursuant to Article 6 (1) (b) of the GDPR. User information may be stored in our customer relationship management system (‘CRM system’) or a comparable request management system.

We delete requests if they are no longer required. We review whether they are required every two years; statutory retention periods also apply.

Collecting access data and log files

Based on our legitimate interests within the meaning of Article 6 (1) (f) of the GDPR, we, or our hosting provider, collect(s) data that relates to each time the server, on which this service is located, is accessed (‘server log files’). Access data includes the name of the website accessed, the file, date and time of access, the volume of data transferred, notification of successful access, browser type including version, user operating system, referrer URL (the site previously visited), IP address and requesting provider.

For security reasons (e.g. to clarify any misuse or fraud proceedings), log file information is stored for a maximum of 7 days and is then deleted. Data that must be stored for the purpose of providing evidence must be excluded from erasure until each incident has been resolved.

Embedding third-party services and content

We use content and service offerings from third-party providers on our website based on our legitimate interests (i.e. interests in analysing, optimising and economically operating our website within the meaning of Article 6 (1) (f) of the GDPR) to integrate their content and services, such as videos or fonts (hereinafter referred to collectively as ‘content’).

This presupposes that the third-party providers of this content use the user’s IP address, as it would not be possible to send content to the user’s browser without an IP address. The IP address is therefore required in order to display this content. We endeavour to only use such content where the respective provider merely uses the IP address to supply content. Third-party providers may also use ‘pixel tags’ (hidden images, also known as ‘web beacons’) for statistical or marketing purposes. Information such as the visitor traffic for this website’s pages can be evaluated using ‘Pixel tags’. Pseudonym information can also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring web pages, the time of the visit and other information about the use of the website, etc., and be linked to such information from other sources.


We embed videos from the ‘YouTube’ platform from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, opt-out:

Google Fonts

We embed fonts (‘Google Fonts’) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, opt-out:

Google reCaptcha

We embed a function to recognise bots, e.g. when inputting into online forms (‘reCaptcha’), from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, opt-out:

Samco Autotechnik GmbH liefert der Nutzfahrzeug-, Automobil- und Industrietechnik Filter, Bälge, Druckluft- und Elektroteile, Beleuchtung und Ausrüstung.

Beim weiteren öffnen dieser Website, sind Sie mit der Nutzung von cookies einverstanden. mehr Informationen

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.