Privacy Notice (Version: 24.05.2018)
The following privacy notice is valid for the online offer at www.ProSiebenSat1.com. If you want to read the whole document in context or want to print it, please click here.
Controller is ProSiebenSat.1 Media SE, Corporate Communication, Medienallee 7, DE-85774 Unterföhring, in the following referred to as "we" or "us"
represented by the Executive Board:
Max Conze (CEO)
Conrad Albert (Dep. CEO)
Jan David Frouman
Dr. Jan Kemper
Tel.: +49 (89) 95 07 10
1 Collection and Processing of Personal Data
All information which is related to an identified or identifiable natural person (e.g., name, address, phone number, date of birth or email address) is personal data.
In general, you are able to use our online offer without providing personal data. The usage of certain services may, however, require you to provide personal data, e.g., registration or the participation in a raffle. Mandatory fields are generally denoted with an *.
In case you wish to use services which first require the formation of a contract, we will ask you to register. Within the scope of registering, we collect personal data necessary for the formation and performance of the contract (e.g., first name, last name, date of birth, email address) as well as, if applicable, further data on a voluntary basis. Mandatory fields are denoted with an *.
1.3 Purposes of Processing and Legal Basis for the Processing
We process your personal data for the following purposes, based on the Legal Bases listed:
· House and third party advertising as well as market research and reach measurement to the legally allowed extent or based on consent.
· Dispatch of an email newsletter. (Legal basis: legitimate interests; there is a legitimate interest in direct marketing as long as marketing occurs while complying with data protection and fair trade laws)
· Dispatch of a newsletter with the recipient's consent via email or SMS/MMS. (Legal basis: Performance of a contract).
1.4 Data Transfer to Third Parties, Service Providers
1.4.1 Data Transfer to Third Parties
Your personal data is generally only being transferred to third parties as far as this is necessary for performance of the contract, if we or the third party have legitimate interests in transferring or if you have consented to this. If data is transferred to third parties based on legitimate interests, this will be explained in this privacy notice.
Beyond or in addition to this, data may be transferred to third parties as far as we are obligated to do so under statutory provisions or an enforceable decision made by an authority or a court.
1.4.2 Service Providers
We reserve the right to use service providers in collecting or processing data. Service providers are only given personal data that is necessary for their concrete task. This means that your email address may be forwarded to a service provider so you can receive a newsletter that you ordered. Service providers may also be assigned to provide server capacity. Service providers are generally involved as so-called processors which may only process users' personal data based on our instructions.
1.5 Data Transfer to Non-EEA Countries
We also forward personal data to third parties or processors who are located outside EEA countries. In such cases we ensure prior to the transfer that the transfer is subject to appropriate safeguards (e.g., by self-certification of the recipient for the EU US Privacy Shield or by having agreed upon so-called standard dta protection clauses of the European Union with the recipient) or sufficient user consent is given.
You may receive an overview of third country recipients and a copy of the appropriate or suitable safeguards in place. Please use the details provided in the Contact section.
1.5.1 Duration of Storage; Retention Periods
We store your data as long as it is necessary to provide our online offer and the services connected with it or as long as we have a legitimate interest in continued storage. In all other cases, we delete your personal data with the exception of such data that we are required to retain for the purpose of contractual or statutory (e.g., taxation or commercial law) retention periods (e.g., invoices). At this point, contractual retention periods may also result from contracts with third parties (e.g., those holding copyrights or IP rights).
Data that is only retained because it is subject to a retention period is restricted from processing until the period expires and will then be deleted.
Every time you use the internet, your internet browser automatically transmits certain information which is then saved by us in log files.
We save log files for the purposes of determining disruptions and for security reasons (e.g., to elucidate attack attempts) for a period of 7 to 10 days and delete them thereafter. Log files which need to remain stored for evidence purposes are excluded from deletion until the respective incident has been finally resolved and may be forwarded to investigating authorities on a case-by-case basis.
Log files contain especially following information:
• IP address (internet protocol address) of the terminal device which is used to access the online offer;
• Internet address of the website from which the online offer is accessed (so-called URL of origin or referrer URL);
• Name of the service provider through which access to the online offer occurs;
• Name of accessed file or information;
• Date and time and duration of access;
• Amount of data transmitted;
• Operating system and informations on the internet browser used, including add-ons installed (e.g., for the Flash Player);
• http status code (e.g. “request successful” or “file not found”).
This online offer uses no cookies.
3.1 What are Cookies?
Cookies are little text files that are sent when visiting an internet page and are stored in a user’s browser. In case the respective internet page is accessed once again, the user’s browser sends back the content of the cookies and, thus, allows for the recognition of the user. Certain cookies are automatically deleted upon ending the browser session (so-called session cookies), others are saved for a set time or permanently in the user’s browser and delete themselves thereafter (so-called temporary or persistent cookies).
3.2 Which Files are Saved in the Cookies?
Cookies generally do not contain personal data, but instead only an online ID.
3.3 How can you Avoid the Usage of Cookies or Delete Cookies?
You can deactivate the storage of cookies through your browser settings and you may delete cookies that have already been saved in your browser at any time (see Technical Notes – Module 17). Please take note that this online offer might not be functional without cookies or the functionality might be reduced.
Please be further advised that refusing to allow the creation of usage profiles partially works through „opt out cookies“. In case you delete all cookies, an objection might, under certain circumstances, no longer be considered or be valid and would have to be restated.
3.4 What Cookies do we use?
3.4.1 Cookies Strictly Necessary for a Service
Some cookies are strictly necessary so we can host our online offer safely. This category includes, e.g.,
· Cookies which serve the purpose of identifying or authenticating our users;
· Cookies that temporarily store certain user entries (e.g., shopping basket content or content of an online form);
· Cookies that remember certain user preferences (e.g., search query and language settings);
· Cookies that store data to ensure the uninterrupted playback of video and audio content;
We use analytics cookies to record and statistically evaluate our users’ usage behavior (e.g., clicked ad banners, visited subpages, search queries asked).
3.4.3 Advertising Cookies
We also use advertising cookies. The usage behavior profiles created by using these cookies (e.g., clicked ad banners, visited subpages, search queries asked) are used by us to show you advertisements or offers which are tailored to your interests (“interest based advertisement”).
3.4.4 Third Party Advertising Cookies
We also allow other companies to gather data from our users using advertising cookies. This allows us and third parties to show interest-based advertisements to the users of our online offer, which are based on an analysis of their usage behavior e.g., clicked ad banners, visited subpages, search queries) in general and not restricted to our online offer.
3.4.5 Third Party Social Plugin Sharing Cookies in Connection with Social Plugins
Embedding Social Plugins generally has the plugins’ providers store cookies.
4 Web Analysis
We need statistical information about the usage of our Online Offers to design them to be user-friendlier and to perform reach measurements and market research.
For this purpose, we use the web analysis tools described in this section.
The usage profiles created by these tools using analysis cookies or by evaluating log files are not combined with personal data.
The providers of the tools (vendors) process data only as processors subject to our directives and not for their own purposes.
The tools either do not use user IP addresses at all or shorten them immediately after obtaining them.
You will find information on each tool's vendor and how you are able to object to the collection and processing of data that is done with the tool.
Be advised that with regard to tools that use opt out cookies, the opt out function is related to a device or browser and is thus valid for the terminal device or browser used at this time. In case you use several terminal devices or browsers you must opt out on every device and in every browser used.
Additionally, you can generally avoid the creation of usage profiles by generally deactivating cookie usage.
4.1 Google Analytics
Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the additional function offered by Google to anonymize IP addresses. While doing so, Google already shortens IPs within the EU in most cases and only does so in the United States in exceptional cases, while always saving shortened IPs only.
You may object to the collection or processing of your data by using the following link to download and install a browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en.
4.1 Matomo / Piwik
5 Social Plugins
This online offer uses social plugins (“Plugins”) by the following providers:
5.1 Facebook Social Plugins
Facebook is operated under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). Find an overview of Facebook's plugins and their appearance here: http://developers.facebook.com/plugins; find information on data protection at Facebook here: http://www.facebook.com/policy.php.
5.2 Twitter Social Plugins
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Find an overview of Twitter's plugins and their appearance here: https://twitter.com/about/resources/buttons; find information on data protection at Twitter here: https://twitter.com/privacy.
5.3 Google+ Social Plugins
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Find an overview of Google+'s plugins and their ap-pearance here: https://developers.google.com/+/plugins; find information on data protection at Google+ here: http://www.google.com/intl/de/+/policy/+1button.html.
5.4 Pinterest Social Plugins
Pinterest plugins; Pinterest is operated by Pinterest Inc., 808 Brennan St, San Francisco, CA 94103, USA ("Pinterest"). Find an overview of Pinterest's plugins and their appearance here: https://developers.pinterest.com/tools/widget-builder/; find information on data protection at Pinterest here: https://about.pinterest.com/de/privacy-policy.
5.5 Instagram Social Plugins
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). Find an overview of Instagram's plugins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges; find information on data protection at Instagram here: https://help.instagram.com/155833707900388/.
5.6 Social Plugins
The different providers of plugins are in the following summarized as “Plugin Providers”.
Your internet browser establishes a direct connection to the respective plugin provider’s servers only when you activate the plugins. This way, the plugin provider receives information that your internet browser has accessed the respective site of our online offer, even when you do not maintain a user account with the provider or are not logged in. Log files (including the IP address) are transmitted directly from your internet browser to a server of the respective plugin provider and may be stored there. This server may be located outside the EU or EEA (e.g. in the U.S.).
The plugins are stand alone extensions of the plugin providers. We, thus, do not have influence on the scope of data gathered and stored by the plugin provider through the plugin.
If you do not wish for the plugin providers to receive, save, and use data gathered through this online offer, you should not use the respective plugins.
You can also block the plugins from being loaded with browser add ons (so-called script blockers).
Find out more about the purpose and scope of the data collection as well as about processing and use of your data by plugin providers and about your rights and possibilities to change settings to protect your data in the privacy statements of the respective providers.
6 Social Sign In (Login via Social Networks)
6.1 Registration/Login via Facebook
We give you the opportunity to register or login with us through your Facebook account. If you do this, we receive the data necessary for registration or signing on (e.g., email address, name) from Facebook.
We are unable to influence the scope of data collected by Facebook through Facebook Login. If you do not wish for Facebook to gather data in connection with your usage of our online offer in order to use it for its own purposes, you should not use Facebook Login.
Find out more about the purpose and scope of the collection as well as about the processing and use of your data by Facebook and about your rights and possibilities to change settings to protect your data in Facebook’s privacy statement: http://www.facebook.com/policy.php.
6.2 Login via Google+
We give you the opportunity to register or login with us through your Google+ account. If you do this, we receive the data necessary for registration or signing on (e.g., email address, name) from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") (e.g., email address, name).
We are unable to influence the scope of data collected by Google through Google+ Login. If you do not wish for Google to gather data in connection with your usage of our online offer in order to use it for its own purposes, you should not use Google+ Login.
Find out more about the purpose and scope of the data collection as well as about the processing and use of your data by Google and about your rights and possibilities to change settings to protect your data in Google’s privacy statement: http://www.google.com/intl/de/+/policy/+1button.html.
7 Users’ Rights (Rights of the Data Subject)
7.1 Users’ Rights (Rights of the Data Subject)
You have the right to receive information as well as – under certain prerequisites – the rights to correction, deletion, restriction of processing or objection to personal data processing and – from May 25, 2018, on – the right to data portability.
Right to object against direct marketing: Additionally, you may at all times object to the processing of your personal data for advertising purposes ("advertisement objection"). Please take into account that, due to logistical reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.
In case you consented to the processing of your data, you can always revoke this consent at any time. The lawfulness of processing based on consent before its withdrawal remains unaffected.
To enforce your rights, please use the details provided in the Contact section. When doing so, please ensure that it is possible to clearly and unambiguously identify you.
7.2 Right to Complain with the Regulatory Authority
You have the right to file a complaint with a data protection authority. You can appeal to the data protection authority, which is competent for your place of residence or your state or to the data protection authority which is competent for us. This is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
We and our data protection officer are available for your inquiries and suggestions regarding data protection at the email address email@example.com.
If you want to contact us, you can reach us as follows:
ProSiebenSat.1 Media SE, Medienallee 7, 85774 Unterföhring, email: firstname.lastname@example.org.
9 Annex: Technical Notes
Internet Explorer: Manual
Mozilla Firefox: Manual
Google Chrome: Manual