Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Somana Health GmbH, Invalidenstr. 117, 10115 Berlin (hereinafter referred to as “somana”) provides information about the following data protection principles. Somana values the protection of your personal data and any other collected information. We assure you that we handle your data in a trustworthy and responsible manner at all times. In particular, your personal data will be used strictly in accordance with legal requirements.

You can find our full contact details in the Imprint section of this website.

We have appointed the following Data Protection Officer for our company:

Attorney Michael Panienka
Email: mp@panienka.de

Collection and Processing of Personal Data

When you visit our website, our web servers automatically store your IP address, the website from which you accessed ours (e.g., via a link), the pages you visit on our site, information about your internet browser, its display settings and language preferences, your operating system, as well as the date and duration of your visit.

Personal data is collected and processed only if you voluntarily provide it to us, for example by completing an online questionnaire, using a contact form, or making an inquiry.

The personal data collected in this way is deleted immediately as soon as it is no longer required for the purpose for which it was collected.

Use and Disclosure of Personal Data and Purpose Limitation

Somana uses your personal data for technical administration of the website and for statistical analysis of its usage. We use this technical access information to continuously improve the attractiveness, usability, and content of our website and to detect potential technical issues. Additionally, the data helps us provide our services to you.

Somana will not share your personal data with third parties without your explicit consent. Details are outlined in this Privacy Policy.

The legal basis for the processing of personal data for these purposes is Art. 6 para. 1 lit. b) GDPR.

Links to Other Websites

The Somana website contains links to other websites. Please note that somana is not responsible for the privacy practices or content of these external sites.

We recommend that all users review the privacy statements of any external websites they visit after leaving the somana site.

Cookies and Analytics

Somana uses so-called “cookies” on this website. A cookie is a text file stored by your browser on your computer, associated with the website you are visiting (web server). Cookies are either sent from the server or created by a script (JavaScript) in the browser. When you revisit a page, the cookie can be read directly by the server or transmitted to it via a script.

Cookies can be used to identify users (e.g., session ID), save logins (e.g., for Wikipedia, Facebook), or preserve a shopping cart.

There are both first-party cookies (created by our website) and third-party cookies (created by partner websites like Google Analytics). Each cookie stores different data and has a different expiration time—from a few minutes to several years. Cookies are not software programs and do not contain viruses or other malicious code. They cannot access your PC’s information.

You can delete cookies at any time. Instructions for this can be found in your browser’s help function. Please note that disabling cookies may limit the functionality of our website.

This website uses the following types of cookies:

  1. Strictly Necessary Cookies (Type I)

  2. Functional and Performance Cookies (Type II)

  3. Consent-Based Cookies (Statistics and Marketing - Type III)

1. Strictly Necessary Cookies (Type I)

These cookies are essential for the proper functioning of our website. They are first-party cookies and ensure, for example, that logged-in users remain logged in when navigating between subpages.

Legal basis: Art. 6 para. 1 lit. b) GDPR.

Typeform

This site integrates services from Typeform, TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona, Spain. This allows us to provide an easy contact form. We share the following data with Typeform, if provided:

  • Email address

  • First name

  • Last name

  • Phone number

Mandatory fields are marked with an asterisk (*).

Typeform acts as a data processor on our behalf. Providing this data is neither legally nor contractually required. If you do not consent, you can instead reach us by email at: acloosters-brodrick@stadtdo.de.

The collected data is used solely to process your inquiry. It will be deleted after the request is handled, or after our contract with Typeform ends—unless legal requirements necessitate further storage.

Typeform also collects technical data such as IP address, device and browser info, and usage data (e.g., time and date of form use). This ensures functionality and layout of the form.

Legal basis: Art. 6 para. 1 lit. f) (legitimate interest) and lit. b) GDPR (contract fulfillment).

See more information here.

Notion

We use the service Notion, provided by Notion Labs, Inc., 2300 Harrison Street, San Francisco, CA 94110, USA (hereinafter “Notion”), for the internal management and processing of inquiries submitted through our contact form. In this context, we store in Notion the personal data you provide via the contact form, in particular:

  • First name

  • Last name

  • Email address

  • Phone number

  • Any other information entered in the form

This data is stored solely for internal documentation purposes and to handle tasks resulting from your inquiry, such as organizing events, sending newsletters, or coordinating job interviews.

Notion is the recipient of your personal data and acts as a data processor on our behalf in accordance with Art. 28 GDPR. The processing of your data in Notion is based on your consent (Art. 6 para. 1 lit. a GDPR) and, where applicable, for the performance of pre-contractual or contractual obligations (Art. 6 para. 1 lit. b GDPR).

Please note that Notion may also process data on servers located in the USA. To ensure an adequate level of data protection, we have entered into a data processing agreement with Notion, including the EU Standard Contractual Clauses.

The data will be deleted once the purpose for which it was collected no longer applies, unless statutory retention obligations require otherwise. For more information about data protection at Notion, please visit: https://www.notion.so/help/security-and-privacy

Fireflies.ai

We use the service Fireflies.ai, provided by Fireflies, Inc., 5424 Sunol Blvd, Ste 10-531, Pleasanton, CA 94566, USA (hereinafter “Fireflies”), for the automated transcription and summarization of conversations held during meetings, job interviews, or other appointments with you.

The following personal data may be processed, depending on what is mentioned or shared during the conversation:

  • Name

  • Email address

  • Phone number

  • Professional information

  • All conversation content expressed during the meeting

Recording and processing of the conversation only takes place after your prior verbal consent at the beginning of the meeting.

Transcripts and summaries are stored for internal processing and documentation purposes in tools such as Notion and Google Drive. This processing supports efficient follow-up and internal task coordination (e.g., within the context of recruitment processes, project planning, or client communication) and is based on your consent (Art. 6 para. 1 lit. a GDPR).

Fireflies is the recipient of your personal data and acts as a data processor on our behalf in accordance with Art. 28 GDPR. Data may also be processed on servers located in the USA. To ensure an adequate level of data protection, we have concluded appropriate agreements with Fireflies, including the EU Standard Contractual Clauses.

The data will be deleted once it is no longer required for the stated purposes, unless legal retention obligations require otherwise. For more information about data protection at Fireflies, please visit: https://fireflies.ai/privacy

2. Consent-Based Cookies (Statistics & Marketing - Type III)

This website uses only cookies that require user consent. Legal basis: Consent according to § 25 TTDSG.

We may use data from anonymous usage analysis to show personalized ads for our products on our website. We believe this benefits you by showing content more relevant to your interests.

Legal basis: Art. 6 para. 1 lit. a) GDPR.

Consent

By accepting cookies when entering the site, you expressly consent to the use of cookies and processing of your personal data for statistical, analytical, and marketing purposes. This includes sharing data with service providers engaged for these purposes.

You may revoke your consent and delete cookies at any time via your browser. See your browser help section for details or search online for terms like “disable cookies” or “delete cookies.”

Third-Party Data Protection Standards

The third-party providers used by somana are either based in the EU or meet the requirements of Articles 44 and 46 GDPR through standard contractual clauses when based outside the EU. Compliance is regularly reviewed.

As of July 10, 2023, the EU Commission has approved the EU-U.S. Data Privacy Framework. Personal data may be transferred to U.S. organizations participating in this framework without further safeguards.

Somana ensures that its providers are either part of this framework or have entered into GDPR-compliant contracts under Art. 46 para. 2 lit. c) GDPR.

Security

Somana employs legally required technical and organizational measures to protect your data from manipulation, loss, destruction, or unauthorized access. These measures are continuously updated in line with technological developments.

Your Rights

As a user of our website, you have the right to:

  • Request access to your stored personal data

  • Request correction, deletion, or restriction of your data

  • Request data transfer in a standard format

  • Withdraw any previously given consent (e.g., cookie usage)

Requests can be directed to somana or our Data Protection Officer.

You also have the right to lodge a complaint with the relevant supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61, 10555 Berlin

www.datenschutz-berlin.de

Scope

This privacy policy applies exclusively to the website and newsletter services provided by somana. We reserve the right to adjust this policy to current legal and technical requirements at any time.

Last updated: 06/2025

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.