1. General Information
The responsible and Data Protection Officer:
The Controller as defined by Article 4 (7) of the GDPR, which determines the purposes and means of the processing of personal data, is Bavaria Fiction GmbH. The Data Protection Officer as specified in Article 37 (2) of the GDPR for the Bavaria Film Group, which includes Bavaria Fiction, is Dr. Robert Selk. You can reach him with the addition "for the attention of the data protection officer" as follows:
Our Data Protection Regulations relate to your personal data (e.g. name, postal or email or IP address, telephone number). As described in the EU General Data Protection Regulation (GDPR) and the new German Data Protection Law (BDSG neu), "personal data" refers to all information relating to an identified or identifiable natural person.
A natural person is regarded as identifiable if that person can be identified, directly or indirectly, in particular by correlating a name, reference number, location data or online identification.
A natural person is also identifiable if that person can be identified by correlating one or more particular characteristics of that person, such as expressions of psychological, physiological, genetic, psychic, commercial, cultural or social identity.
We store and employ your personal data exclusively within the conditions of the EU General Data Protection Regulation (GDPR) and the new German Data Protection Law (BDSG neu). We take very seriously the protection of your personal data within our company; our staff are obliged to regard such matters as strictly confidential and to adhere to all relevant data protection regulations. Naturally we also impose this obligation on any third party organizations we commission for any purpose.
2. Your Rights
You have the following rights with respect to the personal data we store which relates to you:
- the right to information
- the right to correction or deletion
- the rights to limiting data processing
- the right to refuse permission for data processing
- the right to data transferability.
If you give us your permission to utilize your data you also have the right to withdraw that permission at any time. In such cases, all data processing which we have undertaken up to the moment this permission is withdrawn remains legal. You are informed about the possibility of withdrawing your permission and the concrete steps which need to be taken to exercise that right at the place where we obtain your permission.
You also have the right to make any complaints to a data protection supervisory authority about the way we process your personal data, GDPR article 77. The supervisory authority responsible for us is:
The Broadcasting Data Protection Officer of WDR, BR, SR, DRadio and ZDF
Dr. Reinhart Binder
Tel.: 0331 70989 85500
3. Collecting Personal Data from Visitors to our Website
We only obtain personal data from users of our website who do not register with us and do not transfer information to us which is supplied by your browser to our server. In such cases we collect the following data, which is necessary for the purposes of the legitimate interests we pursue (in accordance with GDPR, Article 6, Section 1 (f)).
- IP address
- date and time of enquiry
- time difference to Greenwich Mean Time
- content of request (concrete page)
- access status/HTTP status code
- data quantity transferred
- website where the request originated
- operating system and its interface
- language version of browser software
We only collect any other personal data if you inform us of this data (e.g. in the course of a newsletter registration or filling in a contact form) and even in this case only insofar as it is permitted to us according to the authorization you have provided or the relevant legal stipulations (further information on this can be found under the section Legal Basis of Data Processing). At the appropriate place within our website we will request explicit permission from you for this purpose.
You are not legally or contractually obliged to transfer your personal data. However, it is possible that certain functions of our website depend upon the transfer of personal data. In such cases, if you do not transfer this personal data, it may lead to the functions not working or only working to a limited extent.
We employ appropriate technical and organizational security measures to protect the personal data you provide us with from manipulation, loss, destruction, misuse and access by unauthorized individuals. We constantly improve our security measures in line with the relevant technological development.
5. Legal Basis of Data Processing
If you have authorized us to process your personal data for specific purposes, the legal basis for such processing is outlined in GDPR, Article 6, Section 1 (a).
The legal basis for the processing of personal data for the purpose of initiating or concluding a contract with you is stipulated in GDPR, Article 6, Section 1 (b).
Should the processing of your personal data be required for the compliance with a legal obligation on our part (e.g. for storing data), the situation is covered by GDPR, Article 6, Section 1 (c).
In addition, we employ your personal data for the purpose of maintaining our legitimate interests and the legitimate interests of third parties in accordance with GDPR, Article 6, Section 1 (f). Such legitimate interests include for example the maintenance of the functionability of our IT systems and also the marketing of our own and third party products and services and the authorized provision of documentation from commercial contacts.
6. Deletion of Your Personal Data
After seven days we delete your IP address and the name of your Internet service provider, which we only store for that period for security reasons. Otherwise we delete your personal data as soon as the purpose for which we have collected this data and processed it no longer applies. After this point in time data will only be stored if it is required in accordance with the laws, regulations or other rules of the European Union, or of a member state of the European Union, which we are obliged to comply with.
When you use our website, cookies are stored on your computer. Cookies are small text files which are stored on the hard disk of the browser you use and which allow the transmission of certain information to the organization which places the cookies (in this case, us). Cookies cannot execute any programs or transfer viruses to your computer. They serve purely to make the Internet service we provide more user-friendly and efficient.
This website uses the following types of cookies, which are explained in terms of their characteristics and function in our Cookie-Guidelines (please open if necessary):
You can configure your browser settings in accordance with your personal wishes and, for example, refuse to accept third-party cookies or all cookies. This may mean that you are unable to use all functions of this website.
The legal basis for the deployment and processing of cookies which are technically necessary and relate to personal data is GDPR, Article 6, Section 1 (f) (the processing is necessary for the purposes of our legitimate interests, i.e. to be able to provide you efficiently with the website and content you have requested). For all other cookies the legal basis for deployment is your agreement (and thereby GDPR, Article 6, Section 1 (f)).
You can inspect and change at any time the cookie settings you have chosen, and in particular which approval for cookies you have provided:
8. Web Analysis and Website Optimization
This website employs the component Google Analytics (https://policies.google.com) to gather and store data for purposes of marketing and optimization. This data can be used to compile a user profile on the basis of a pseudonym. For this purpose cookies are utilised which facilitate statistical analysis of the way the website is used by its visitors.
Data processing in this context is pursued on the basis of the legal stipulations in Article 6 1 (f) (legitimate interest) of the GDPR. Our legitimate interest in the sense of the GDPR is the optimization of our online services and our web activities. Since the private sphere of our visitors is important to us, any data which may permit a connection to be made to the individual person – such as IP address, registration or device recognition – will be anonymized or pseudonymized at the earliest possible opportunity. Other usage or connection with other data from Google Analytics, or transfer of said data to third parties, will not take place.
You may at any time withhold consent for the data processing as described above insofar as it is related to your person.
On our website we have embedded function buttons from YOUTUBE (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA) and VIMEO (Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA). These “embeddings“ provide you with the opportunity to access the videos stored in those places directly. Within the scope of these embeddings, functions are made available which are determined in terms of status and extent by the operators,YOUTUBE and VIMEO. To increase the protection afforded to your personal data, we employ a double-click process here: by pressing the play button in the center of the relevant access screen of the video, the embedded content is activated. This can be recognized by the fact that a new window opens and the white play button changes to red (YOUTUBE) or black (VIMEO). You may then access the video in question by clicking the play button. The legal basis for the utilization of embedded content insofar as personal data is processed here is GDPR, Article 6, Section 1 (f), and our justified interest in the provision of moving image content relates to the promotion of our productions and services (Recital 47 of the GDPR).
When you activate these function buttons, a direct connection is established between your browser and the YOUTUBE or VIMEOserver. Therefore YOUTUBE or VIMEO are informed that you have visited our website with your IP address, and these commercial entities store and process data to an extent which we are not aware of. Please note that we have no influence on the data-processing procedures pursued by YOUTUBE and VIMEO. We also wish to state explicitly that we are not liable in any way for the data-processing procedures pursued by YOUTUBE and VIMEO. You can find further information on this at https://privacy.google.com/your-data.html for YOUTUBE and https://vimeo.com/privacy for VIMEO.
10. Twitter Embedded Timelines
11. Facebook Fan Page
As the Operator of the Bavaria Fiction Facebook Page and the Facebook Fan Pages of our series "Soko Stuttgart", "Sturm der Liebe", "Dr. Klein" und "Die Rosenheim-Cops" we process statistical data such as the number of page views, information on Likes, post interaction, coverage and demographic data relating to Facebook Insights on the legal basis of Article 6, Section 1 (f) of the GDPR. We utilize this data to keep the services of our Facebook pages attractive and relevant for the community. Article 26 of the GDPR stipulates that Facebook and Bavaria Fiction, as operator of the Fan Page, share a joint responsibility in this respect. You can find further information about this in the Facebook Data Guidelines and Page Controller Addendum.
12. Use of Facebook Remarketing