It is generally possible to use our web pages without having to submit any personal data. However, if a user wishes to use special services provided by our company via our website, the processing of personal data may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally seek your consent.
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered to be identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the data controller.
Processing means any process or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data are not attributed to an identified or identifiable natural person.
f) Data controller
The data controller is the natural or legal person, public authority, agency or other body that, alone or together with others, decides on the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for the data controller's nomination may be provided for by Union or Member State law.
g) Data processor
A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
A recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, regardless of whether or not it is a third party. However, public authorities that have a specific investigatory right pursuant to Union or Member State law and receive personal data in this context are not considered to be recipients.
i) Third parties
A third party is a natural or legal person, public authority, agency or body other than the data subject, the data controller, the data processor and persons who, under the direct responsibility of the data controller or the data processor, are authorized to process the personal data.
Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the data controller
The data controller in terms of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with a data protection character is:
ZDF Enterprises GmbH
represented by President and CEO Fred Burcksen and Executive Vice President and CFO Karoline Meichsner-Sertl
Tel.: +49 (0)6131-991-0
Fax: +49 (0)6131-991-99
3. Name and address of the Data Protection Officer
The Data Protection Officer with responsibility for the processing is:
Mr Klaus Pawlitschko, LL.M.
c/o ZDF Enterprises GmbH
Any data subject can contact our Data Protection Officer directly at any time with questions or suggestions regarding data protection.
By using cookies, ZDF Enterprises GmbH can provide users of our website with more user-friendly services that would not be possible without cookies. In case you access a respective website again cookies allow the recognition of your end-user device. Thus you do not have to re-enter your login details each time you visit the website, as this is done by the website and the cookie stored on the end-user device.
Legal basis for the processing of personal data by using cookies is Article 6 (1) lit. f of the GDPR.
You can prevent the placement of cookies by our website at any time by means of a corresponding setting in the internet browser, and thus permanently block the placement of cookies. Furthermore, cookies that have already been placed can be deleted at any time via your internet browser or other software programs. If you deactivate the placement of cookies in the internet browser, some of the functions of our website may not be fully usable.
5. Collection of general data and information
Access data is automatically saved every time a file is called up from our website. Each data set consists of:
- Page from which the file was requested
- The name of the file
- Date and time of the request
- Volume of data transferred
- Access status (file transferred, file found etc.)
- Description of the type of web browser used
- Operating system used
This data is not relatable to certain persons for ZDF Enterprises GmbH.
These data is transmitted and evaluated to an adequate application for statistical purposes and for technical administration of the web pages. Further these data is required to present you our webpage and to ensure you the stability and security of our website. A combination of these data with other data source will not be conducted; the data furthermore will be deleted after the statistic evaluation.
Otherwise, personal information will only be saved if provided by you on a voluntary basis, e. g. within the context of an inquiry, within our contact form on the website or during the registration process; it will not be passed on to third parties either in whole or in part.
Legal basis for the temporary storage of these data is Article 6 (1) lit. f of the GDPR. Our legitimate interest is justified by the above mentioned reasons of the data processing.
(1) We will send newsletters, emails and further electronic messages (in the following: newsletter) only with your consent. With our newsletter you receive information on press releases, genre news, licensing news and general ZDF Enterprises news. Legal basis for the processing of your date in this case is Art. 6 (1) lit. f of the GDPR (§ 7 (2) No. 3 and (3) UWG).
(2) Required fields for the transmission of the newsletter are e-mail address, first name, last name, address, company and function, as we send our newsletter only to business partners. The processing of further data will only occur on voluntary basis. For the registration on our newsletter we use the so called double-opt-in-process, which means that we will send you an e-mail to the stated e-mail-address after you registration, in which your consent for the newsletter transmission is required. In case you not confirm your registration within 24 hours we will block your personal data and erase them automatically within one month.
(3) After your confirmation we will save your transmitted data as well as the date and time of the confirmation e-mail. Your date will not be passed to third parties.
(4) At any time you have the right to withdraw your consent in the newsletter and in therefor terminate the newsletter. At the end of each newsletter via the link “Manage my subscriptions” you have the possibility to unsubscribe from the newsletter.
(5) Your personal data will be stored as long as you unsubscribe from the newsletter.
You have the opportunity to register on our website by providing personal data. The personal data to be sent to the data controller are derived from the input mask used for the registration. The personal data entered by you are collected and stored solely for internal use by the data controller. The data controller may arrange for the transfer of the data to one or more data processors, which will also use the personal data only for internal use attributable to the data controller.
By registering on our website, the IP address assigned to your end-user device and the date and time of registration are also stored. These data are stored as this is the only way to prevent the misuse of our services. The data are not generally transferred to third parties, unless there is a legal obligation to pass them on or their disclosure serves to assist with criminal or legal prosecutions.
The registration of the data subject, whereby personal data are voluntarily provided, also allows us to offer you content or services that, due to their inherent nature, can only be offered to registered users.
Legal basis for the processing of personal data is in case of the user’s consent Article 6 (1) lit. a of the GDPR. In case the registration serves the fulfillment of a contract, whose contracting party is the user or the execution of precontractual actions, additional legal basis for the processing of personal data is Article 6 (1) lit. b of the GDPR.
8. Maximum stage period of personal data
The period of storage of personal data is based upon the respective legal retention periods, e.g. from taxation or commercial laws. In case this retention period expires the personal data will be deleted, unless these personal data is still required for the fulfillment or the negotiation of a contract or we further have a legitimate interest in the storage of this data.
9. Rights of the data subject
If a data subject wishes to make use of the rights below, he/she can contact our Data Protection Officer at any time.
a) Right to information
You have the right, as granted by the GDPR, to obtain information from the data controller free of charge and at any time about the personal data stored about you, and to receive a copy of that information. This includes:
- the purpose of the processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or at international organizations
- if possible, the planned period for which the personal data are to be stored, or, if this is not possible, the criteria for defining this period
- the existence of a right to correction or erasure of the relevant personal data or to restriction of the processing by the data controller, or a right to object to this processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected directly from the data subject: All available information about the source of the data
In addition, you have a right to information regarding whether personal data have been sent to a third country or to an international organization. If that is the case, you also have the right to obtain information about the appropriate guarantees implemented in connection with the transfer.
b) Right to rectification
You have the right to demand the immediate rectification of inaccurate personal data concerning yourself. Furthermore, you have the right, taking into account the purpose of the processing, to request the completion of incomplete personal data, including by means of providing a supplementary statement.
c) Right to erasure (right to be forgotten)
You have the right to ask the data controller to immediately erase your personal data, provided that one of the following reasons applies and the processing is not required:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw the consent on which the processing was based in accordance with Article 6 (1) lit. a of the GDPR or Article 9 (2) lit. a of the GDPR, and there is no other legal basis for the processing.
- You object to the processing in accordance with Article 21 (1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) of the GDPR.
- The personal data have been processed unlawfully.
- The erasure of the personal data is necessary to fulfil a legal obligation under Union or Member State law with which the data controller has to comply.
- The personal data were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.
Where personal data have been made public by us and our company is obliged, as the data controller, to erase personal data pursuant to Art. 17 (1) of the GDPR, we will take appropriate steps, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers that are processing the disclosed personal data that the data subject has requested the erasure by such data controllers of all links to or copies or replication of such personal data, if the processing is not required.
d) Right to restriction of processing
You have the right to request that the data controller restrict the processing, if any of the following conditions apply:
- The accuracy of the personal data is contested by yourself, with the restriction being observed for a period enabling the data controller to verify the accuracy of the personal data.
- The processing is unlawful, but you reject erasure of the personal data and instead request restriction of the use of the personal data.
- The data controller do not need the personal data anymore for reasons of processing, but the date subject needs the data for enforcement, exertion or plea of legal claims.
- You object to the processing, in accordance with Art. 21 (1) of the GDPR and it is not yet clear whether the legitimate reasons of the data controller override those of the data subject.
e) Right to data portability
You have the right to receive, in a structured, common and machine-readable format, personal data relating to yourself that have been provided to the data controller by you. You further have the right to transfer these data to another data controller without hindrance by the data controller to which the personal data were supplied, provided that the processing is based on the consent given pursuant to Article 6 (1) lit. a of the GDPR or Article 9 (2) lit. a of the GDPR or is based on a contract pursuant to Article 6 (1) lit. b of the GDPR, and processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his/her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject has the right to request that the personal data are transferred directly from one data controller to another, if this is technically feasible and if this does not affect the rights and freedoms of other parties.
f) Right to object
You have the right, at any time and for reasons arising from your particular situation, to object to the processing of personal data relating to yourself, pursuant to Article 6 (1) lit. e or f of the GDPR.
In the event of an objection being submitted, we will no longer process personal data unless we can establish compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or unless the processing is required for the purpose of asserting, exercising or defending legal claims.
g) Right to revoke consent related to data protection
You have the right to revoke consent granted for the processing of personal data at any time.
h) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you as data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to yourself infringes this Regulation. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
10. Data Protection Provisions about the Use of Matomo (formerly PIWIK)
On our website we use the open-source-software-tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. The software will set a cookie on the users device (regarding cookies please read above). In case single pages of our website are visited the following date will be stored:
- two Bytes of the IP-address of the users system
- the visited webpage
- the webpage from which the user came from (referrer)
- the sub-webpages, which will be visited from the accesed website
- the retention time on the webpage
- the frequency of the access to the website
The software only operates on the servers of our website. Any storage of personal data only occurs there. There will be no transfer of the data to third persons.
The adjustment of the software do not allow to store the full IP-address, but masks two bytes of the IP-adress (for example 192.168.XXX.XXX). So there will be no mapping from the shortened IP-address to the accessing device.
Legal basis for the processing of personal data is in case of the user’s consent Article 6 (1) lit. f of the GDPR.
The processing of the personal data of our users allows us an analysis of the surfing behavior of our users. With this information we are allowed to improve our website and its usability constantly. These are the reasons for our legitimate interest of processing the data according to Article 6 (1) lit. f of the GDPR. By anonymizing of the IP-address we also secure the users interests in the protection of the personal data.
Data will be erased, as it is not needed for our purposes. This is in our case 7 days.
The data subject can prevent the placement of cookies by our website at any time by means of a corresponding setting in the internet browser, and thus permanently block the placement of cookies. Furthermore, cookies that have already been placed can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the placement of cookies in the internet browser, some of the functions of our website may not be fully usable.
By the following functionality you may object to the usage of the tracking-cookies. In this case you have to follow the respective link. Then an additional cookie will be set on your system, which signalized our system not to store the user´s data. In case the user erases the respective cookie from the own system he has to set the opt-out-cookie again.
For further information refer to Matomo´s privacy information https://matomo.org/docs/privacy/.
11. Our presence on social platforms
ZDF Enterprises has a presence on various social platforms to communicate with users of those social platforms and to present our company there.
Data from users of the social platforms is generally processed for marketing and advertising purposes.
Social platform providers create user profiles based on users’ usage behaviour to show them adverts that correspond with their presumed interests.
Usage behaviour is facilitated by saving cookies on users’ end devices. Data relating to the user who is signed in to that platform is also stored.
Here, there is the possibility that user data will be processed outside the European Union. This may be risky for the user as it may complicate the enforcement of data subject rights the user has. If the corresponding provider is subject to the Privacy Shield, it is obliged to guarantee European data protection standards.
The processing of personal data is based on a legitimate interest in targeted user information pursuant to point (f) of Article 6(1) of the GDPR. If users are asked by the respective social platform provider to consent to data processing, the legal bases for processing are point (a) of Article 6(1) and Article 7 of the GDPR.
Below, you can find a detailed description of how personal data is processed on the respective social platform, how you can exercise your data subject rights and what options there are to object. As only the respective social platform providers have access to individual users’ data, only they can provide the information directly or take corresponding action directly. You can also contact us at any time.