Our Privacy Policy

It is possible to use our web pages without having to submit any personal data. If you decide to send email to us, the processing of personal data may be required.

The processing of personal data, such as the name, address, email address and telephone number of a data subject, is done in accordance with the requirements of the General Data Protection Regulation (GDPR) and in accordance with the Federal Data Protection Act (BDSG). With this Privacy Policy, we inform you about the nature, scope and purpose of the personal data that we process. Furthermore, you are also informed of your rights in this Privacy Policy.

1. Definitions

Our Privacy Policy should be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, the terms used are explained in advance.

We use the following terms, among others, in this Privacy Policy and on our website:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered to be identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the data controller.

c) Processing

Processing means any process or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Data controller

The data controller is the natural or legal person, public authority, agency or other body that, alone or together with others, decides on the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for the data controller's nomination may be provided for by Union or Member State law.

f) Data processor

A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.

g) Recipient

A recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, regardless of whether or not it is a third party. However, public authorities that have a specific investigatory right pursuant to Union or Member State law and receive personal data in this context are not considered to be recipients.

h) Third parties

A third party is a natural or legal person, public authority, agency or body other than the data subject, the data controller, the data processor and persons who, under the direct responsibility of the data controller or the data processor, are authorized to process the personal data.

i) Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the data controller

The data controller in terms of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with a data protection character is:

ZDF Sparks GmbH

represented by CEO Dr. Pirita Pyykkönen-Klauck

Hausvogteiplatz 3-4

10117 Berlin

Website: www.zdf-sparks.com

Email: datenschutz@zdf-studios.de

3. Name and address of the Data Protection Officer

The Data Protection Officer with responsibility for the processing is:

Herr Klaus Pawlitschko, LL.M.

c/o ZDF Studios GmbH

Hausvogteiplatz 3-4

10117 Berlin

Contact via Email: datenschutz@zdf-studios.de

Any data subject can contact us at any time with questions or suggestions regarding data protection.

4. Cookies and email

Cookies are text files that are saved and stored on a computer system via an Internet browser. The ZDF Sparks GmbH webpages do not use any cookies.

If you decide to enclose personal data to us via email communication, the following data protection chapters are relevant to you.

5. Maximum stage period of personal data

The period of storage of personal data is based upon the respective legal retention periods, e.g. from taxation or commercial laws. In case this retention period expires the personal data will be deleted, unless these personal data is still required for the fulfillment or the negotiation of a contract or we further have a legitimate interest in the storage of this data.

6. Rights of the data subject

If a data subject wishes to make use of the rights below, he/she can contact our Data Protection Officer at any time.

a) Right to information

You have the right, as granted by the GDPR, to obtain information from the data controller free of charge and at any time about the personal data stored about you, and to receive a copy of that information. This includes:

  • The purpose of the processing
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or at international organizations
  • If possible, the planned period for which the personal data are to be stored, or, if this is not possible, the criteria for defining this period
  • The existence of a right to correction or erasure of the relevant personal data or to restriction of the processing by the data controller, or a right to object to this processing
  • The existence of a right of appeal to a supervisory authority
  • If the personal data are not collected directly from the data subject: All available information about the source of the data

In addition, you have a right to information regarding whether personal data have been sent to a third country or to an international organization. If that is the case, you also have the right to obtain information about the appropriate guarantees implemented in connection with the transfer.

b) Right to rectification

You have the right to demand the immediate rectification of inaccurate personal data concerning yourself. Furthermore, you have the right, taking into account the purpose of the processing, to request the completion of incomplete personal data, including by means of providing a supplementary statement.

c) Right to erasure (right to be forgotten)

You have the right to ask the data controller to immediately erase your personal data, provided that one of the following reasons applies and the processing is not required:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw the consent on which the processing was based in accordance with Article 6 (1) lit. a of the GDPR or Article 9 (2) lit. a of the GDPR, and there is no other legal basis for the processing.
  • You object to the processing in accordance with Article 21 (1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) of the GDPR.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary to fulfil a legal obligation under Union or Member State law with which the data controller has to comply.
  • The personal data were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.

Where personal data have been made public by us and our company is obliged, as the data controller, to erase personal data pursuant to Art. 17 (1) of the GDPR, we will take appropriate steps, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers that are processing the disclosed personal data that the data subject has requested the erasure by such data controllers of all links to or copies or replication of such personal data, if the processing is not required.

d) Right to restriction of processing

You have the right to request that the data controller restrict the processing, if any of the following conditions apply:

  • The accuracy of the personal data is contested by yourself, with the restriction being observed for a period enabling the data controller to verify the accuracy of the personal data.
  • The processing is unlawful, but you reject erasure of the personal data and instead request restriction of the use of the personal data.
  • The data controller do not need the personal data anymore for reasons of processing, but the date subject needs the data for enforcement, exertion or plea of legal claims.
  • You object to the processing, in accordance with Art. 21 (1) of the GDPR and it is not yet clear whether the legitimate reasons of the data controller override those of the data subject.

e) Right to data portability

You have the right to receive, in a structured, common and machine-readable format, personal data relating to yourself that have been provided to the data controller by you. You further have the right to transfer these data to another data controller without hindrance by the data controller to which the personal data were supplied, provided that the processing is based on the consent given pursuant to Article 6 (1) lit. a of the GDPR or Article 9 (2) lit. a of the GDPR or is based on a contract pursuant to Article 6 (1) lit. b of the GDPR, and processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his/her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject has the right to request that the personal data are transferred directly from one data controller to another, if this is technically feasible and if this does not affect the rights and freedoms of other parties.

f) Right to object

You have the right, at any time and for reasons arising from your particular situation, to object to the processing of personal data relating to yourself, pursuant to Article 6 (1) lit. e or f of the GDPR.

In the event of an objection being submitted, we will no longer process personal data unless we can establish compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or unless the processing is required for the purpose of asserting, exercising or defending legal claims.

g) Right to revoke consent related to data protection

You have the right to revoke consent granted for the processing of personal data at any time.

h) Right to lodge a complaint with a supervisory authority

As the data subject, you have a right to lodge a complaint with the competent supervisory authority subject to the prerequisites laid down in Article 57 I lit. f, GDPR. The competent supervisory authority with regard to data protection issues and their contact details via the website: https://www.bfdi.bund.de.

7. Our presence on linked social platforms

ZDF Sparks has a presence on various social platforms to communicate with users of those social platforms and to present our company there. Currently, ZDF Sparks is active in LinkedIn. The link is available in the ZDF Sparks website.

Data from users of the social platforms is generally processed for marketing and advertising purposes. Social platform providers create user profiles based on users’ usage behaviour to show them adverts that correspond with their presumed interests. Usage behaviour is facilitated by saving cookies on users’ end devices. Data relating to the user who is signed in to that platform is also stored. Here, there is the possibility that user data will be processed outside the European Union. This may be risky for the user as it may complicate the enforcement of data subject rights the user has. If the corresponding provider is subject to the Privacy Shield, it is obliged to guarantee European data protection standards.

The processing of personal data is based on a legitimate interest in targeted user information pursuant to point (f) of Article 6(1) of the GDPR. If users are asked by the respective social platform provider to consent to data processing, the legal bases for processing are point (a) of Article 6(1) and Article 7 of the GDPR.

Below, you can find a detailed description of how personal data is processed on the respective social platform, how you can exercise your data subject rights and what options there are to object. As only the respective social platform providers have access to individual users’ data, only they can provide the information directly or take corresponding action directly. You can also contact us at any time.

- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - privacy policy
www.linkedin.com/privacy-policy , opt-out:
www.linkedin.com/retargeting-opt-out .

ZDF Sparks GmbH
Office: Hausvogteiplatz 3-4, 10117 Berlin