Privacy Policy
Last updated: May 2026
1. Controller
SAMI Personalvermittlung, Abdessamad El-Ouazzani, Nastplatz 6, 70376 Stuttgart
Phone: +49 176 613 609 47 · Email: kontakt@sami-personalvermittlung.de
2. Principles of data processing
We process personal data only in accordance with the GDPR and the BDSG (data minimisation).
Legal bases: Art. 6(1)(a), (b), (c), (f) GDPR.
3. Data collection
Applicant data: name, contact details, CV, qualifications – solely for direct placement.
Client data (B2B): Within our business relationships with companies, we process the following data of contact persons: name, function/position, business email address, phone number, company name and address, and invoicing data. This data is used exclusively for order processing, communication, invoicing and the fulfilment of contractual obligations. Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(c) GDPR (legal obligations, e.g. retention periods). Tax-relevant documents are retained for 10 years as required by law. Other client data is deleted after the end of the business relationship, unless statutory retention obligations apply.
Communication data: email/phone contact is stored for processing.
3a. Contact form
When using the contact form on our website, the following data is collected: name, email address, phone number and message content. This data is used exclusively to process your enquiry. For processing and responding, it is transmitted to our application server and stored in our database (see the sections on hosting and server log files and on data processing on our behalf); we also send the corresponding notification or reply email via our email service provider Brevo (Sendinblue SAS). The data is deleted once your enquiry has been conclusively handled and no further business relationship arises, unless statutory retention obligations apply. The data is not passed on to uninvolved third parties. Legal basis: Art. 6(1)(b) GDPR (steps prior to a contract) or Art. 6(1)(f) GDPR (legitimate interest).
3b. Appointment booking (Microsoft Bookings)
For appointment booking we use Microsoft Bookings, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. When booking an appointment, your name, email address and, where applicable, phone number are transmitted to Microsoft. Microsoft processes this data in accordance with its own privacy policy. The data transfer to the USA takes place on the basis of the Standard Contractual Clauses pursuant to Art. 46 GDPR. Further information: https://privacy.microsoft.com/en-us/privacystatement
3c. Cookies
Our website uses cookies; these are small text files stored on your device. We currently use exclusively technically necessary cookies that are required for the secure operation of the website (e.g. for session control and to ensure security). These cookies are generally session cookies and are deleted at the latest when your browser session ends. No consent is required for this; the legal basis is Section 25(2) TDDDG in conjunction with Art. 6(1)(f) GDPR. We do not currently use cookies that require consent (e.g. for analytics or marketing). Should consent-requiring cookies be added in the future, these will only be set after your active consent via a cookie banner.
3d. Hosting and server log files
We host our website with the provider Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel processes access and connection data on our behalf. A data processing agreement pursuant to Art. 28 GDPR is in place with Vercel. The transfer to the USA takes place on the basis of the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. The legal basis for using the hosting provider is Art. 6(1)(f) GDPR (legitimate interest in a secure and reliable provision of our website).
Our backend (application server) and the associated database are operated with the provider Railway Corporation, 548 Market Street PMB 68956, San Francisco, CA 94104, USA. The data collected via our website – in particular enquiries from the contact form – is processed there and stored in a PostgreSQL database. A data processing agreement pursuant to Art. 28 GDPR is in place with Railway. The transfer to the USA takes place on the basis of the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. The legal basis is Art. 6(1)(b) GDPR (steps prior to / performance of a contract) and Art. 6(1)(f) GDPR (secure operation of our services).
When our website is accessed, information is automatically recorded in so-called server log files that your browser transmits automatically: browser type and version, operating system used, referrer URL, hostname of the accessing computer, date and time of the server request, and the IP address. This data is not merged with other data sources and is processed exclusively to ensure trouble-free operation and the security of the website. The IP address is not used to identify individual persons. The server log files are deleted or anonymised after 7 days at the latest. Legal basis: Art. 6(1)(f) GDPR.
3e. Web analytics and tracking
We currently do not use any analytics, tracking or statistics tools on our website (such as Google Analytics, Vercel Web Analytics or Meta Pixel). No usage profiles are created and no data is transmitted to third parties for marketing or analytics purposes. The verification ID stored for the Google Search Console serves solely as proof of website ownership and does not collect any personal data. Should an analytics tool be used in the future, this privacy policy will be amended accordingly and – where required – your consent will be obtained beforehand via a cookie banner.
3f. Social media links
On our website we link to our profiles on social networks (e.g. Instagram, TikTok, LinkedIn). These are simple links only, not embedded social media plug-ins. Personal data is only transmitted to the operators of these networks once you actively click on the respective link and visit the provider's page. The respective provider is responsible for the data processing that takes place there.
3g. SSL/TLS encryption
For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the browser address bar changing from http:// to https://, and by the lock symbol in the browser bar. When encryption is active, the data you transmit to us cannot be read by third parties.
3h. Data processing on our behalf
We have concluded data processing agreements pursuant to Art. 28 GDPR with service providers that process personal data on our behalf. This applies in particular to: the hosting provider of our frontend (Vercel Inc., USA); the hosting provider of our backend and database (Railway Corporation, USA); our email service provider Brevo (Sendinblue SAS, 17 rue de Salneuve, 75017 Paris, France) for sending emails; and Microsoft (for appointment booking via Microsoft Bookings and email services via Microsoft 365). Insofar as data is transferred to third countries (e.g. the USA), this takes place on the basis of the EU Standard Contractual Clauses pursuant to Art. 46 GDPR.
4. Disclosure to third parties
Candidate data is shared with employers only with the candidate's explicit consent. Transfers to third countries only with safeguards under Art. 46 GDPR.
5. Storage period
Applicant data: deleted after completion of the process or upon withdrawal, at the latest after 24 months. Tax-relevant documents: 10 years.
6. Your rights
Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21 GDPR).
Contact: kontakt@sami-personalvermittlung.de
7. Right to lodge a complaint
LfDI Baden-Württemberg, Lautenschlagerstr. 20, 70173 Stuttgart, poststelle@lfdi.bwl.de
8. Data security
We take technical and organisational protective measures, which are continuously improved.
9. Withdrawal and changes
Consents can be withdrawn at any time by email to kontakt@sami-personalvermittlung.de.
As of: June 2026
For data protection enquiries, please contact: kontakt@sami-personalvermittlung.de