1. General Information
The Controller and Data Protection Officer:
The Controller as defined by Article 4 (7) of the GDPR, which determines the purposes and means of the processing of personal data, is Bavaria Fiction GmbH.
The Data Protection Officer as specified in Article 37 (2) of the GDPR for the Bavaria Film Group, which includes Bavaria Fiction, is Dr. Robert Selk. You can reach him with the addition "for the attention of the data protection officer" as follows:
Our Data Protection Regulations relate to your personal data (e.g. name, postal or email or IP address, telephone number). As described in the EU General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG), "personal data" refers to all information relating to an identified or identifiable natural person.
A natural person is regarded as identifiable if that person can be identified, directly or indirectly, in particular by correlating a name, reference number, location data or online identification.
A natural person is also identifiable if that person can be identified by correlating one or more particular characteristics of that person, such as expressions of psychological, physiological, genetic, psychic, commercial, cultural or social identity.
We store and process your personal data exclusively within the conditions of the EU General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG neu). We take very seriously the protection of your personal data within our company; our staff are obliged to regard such matters as strictly confidential and to adhere to all relevant data protection regulations. Only staff who is responsible for the maintenance of the website gets access to any website data.
Naturally we also impose this obligation on any third party organizations we commission for any purpose.
2. Your Rights
You have the following rights with respect to the personal data we store which relates to you:
- the right to request access
- the right to request rectification or erasure
- the rights to restrict data processing
- the right to object specific data processing
- the right to data portability.
If you give us your consent to utilize your data you also have the right to withdraw that consent at any time. In such cases, all data processing which we have undertaken up to the moment this consent is withdrawn remains legal. You are informed about the possibility of withdrawing your consent and the concrete steps which need to be taken to exercise that right at the place where we obtain your consent.
You also have the right to make any complaints to a data protection supervisory authority about the way we process your personal data, GDPR article 77. The supervisory authority responsible for us is:
The Broadcasting Data Protection Officer of WDR, BR, SR, DRadio and ZDF
Dr. Reinhart Binder
Tel.: 0331 70989 85500
3. Collecting Personal Data from Visitors to our Website
We only obtain personal data from users of our website who do not register with us and do not transfer information to us which is supplied by your browser to our server. In such cases we collect the following data, which is necessary for IT-security and performance purposes. The legal basis is the legitimate interests we pursue (in accordance with GDPR, Article 6, Section 1 (f), our interests are to provide a safe and well-running website to our visitors).
- IP address
- date and time of enquiry
- time difference to Greenwich Mean Time
- content of request (concrete page)
- access status/HTTP status code
- data quantity transferred
- website where the request originated
- operating system and its interface
- language version of browser software
We only collect any other personal data if you inform us of this data (e.g. in the course of a newsletter registration or filling in a contact form) and even in this case only insofar as it is permitted to us according to the authorization you have provided or the relevant legal stipulations (further information on this can be found under the section Legal Basis of Data Processing). At the appropriate place within our website we will request explicit consent from you for this purpose.
You are not legally or contractually obliged to transfer your personal data. However, it is possible that certain functions of our website depend upon the transfer of personal data. In such cases, if you do not provide this personal data, it may lead to the functions not working or only working to a limited extent.
We employ appropriate technical and organizational security measures to protect the personal data you provide us with from manipulation, loss, destruction, misuse and access by unauthorized individuals. We constantly improve our security measures in line with the relevant technological development.
5. Legal Basis of Data Processing
If you have given us your consent to process your personal data for specific purposes, this consent is the legal basis for such processing, Article 6, Section 1 (a) GDRP.
The legal basis for the processing of personal data for the purpose of entering into or performing a contract with you is stipulated in GDPR, Article 6, Section 1 (b).
Should the processing of your personal data be required for the compliance with a legal obligation on our part (e.g. for storing data), the processing is covered by GDPR, Article 6, Section 1 (c).
In addition, we process your personal data for the purpose of maintaining our legitimate interests and the legitimate interests of third parties in accordance with GDPR, Article 6, Section 1 (f). Such legitimate interests include for example the maintenance of the functionability of our IT systems and also the marketing of our own and third party products and services and the authorized provision of documentation from commercial contacts.
6. Deletion of Your Personal Data
After seven days we delete your IP address and the name of your Internet service provider, which we only store for that period for security reasons. Otherwise we delete your personal data as soon as the purpose for which we have collected this data and processed it no longer applies. After this point in time data will only be stored if it is required in accordance with the laws, regulations or other rules of the European Union, or of a member state of the European Union, which we are obliged to comply with.
When you use our website, cookies are stored on your computer. Cookies are small text files which are stored on the hard disk of the browser you use and which allow the transmission of certain information to the organization which places the cookies (in this case, us). Cookies cannot execute any programs or transfer viruses to your computer. They serve to make the Internet service we provide more user-friendly and efficient.
This website uses the following types of cookies, which are explained in terms of their characteristics and function in our Cookie-Guidelines (please open if necessary):
You can configure your browser settings in accordance with your personal wishes and, for example, refuse to accept third-party cookies or all cookies. This may mean that you are unable to use all functions of this website.
The legal basis for the deployment and processing of cookies which are technically necessary and relate to personal data is GDPR, Article 6, Section 1 (f) (the processing is necessary for the purposes of our legitimate interests, i.e. to be able to provide you efficiently with the website and content you have requested). For all other cookies the legal basis for deployment is your consent (and thereby GDPR, Article 6, Section 1 (a)).
You can inspect and change at any time the cookie settings you have chosen, and in particular which approval for cookies you have provided:
For the abovementioned purposes in this privacy notice, we may share your data with the technical service providers who support us (e.g. hosting, web servers, etc.). We have chosen these providers carefully and hired them according to the statutory requirements. For the rest, your data will not be shared with third parties unless we are legally obligated to do so.