Data Privacy

Goals, touchdowns, and a whole lot of power play

Privacy Notice (Version: June 03, 2020)

The following privacy notice is valid for the online offer at www.ProSiebenSat1.com.

For the ProSiebenSat.1 Group (ProSiebenSat.1 Media SE and all companies affiliated with it pursuant to § 15 AktG - hereinafter referred to as "P7S1"), your trust in the correct handling of your data is an important prerequisite for the success of the offer of press releases and picture material. The collection, processing (including storage, modification, transmission, blocking and deletion) and use of your data will be carried out exclusively in compliance with the applicable data protection regulations.

Controller

Controller is ProSiebenSat.1 Media SE, Corporate Communication, Medienallee 7, DE-85774 Unterföhring, in the following referred to as "we" or "us"

represented by the Executive Board:

Bert Habets (Chairman of the Executive Board, Group CEO)
Wolfgang Link
Martin Mildner
Christine Scheffler

Tel.: +49 [0] 89 950710
info@ProSiebenSat1.com

1 Collection and Processing of Personal Data

1.1 General
All information which is related to an identified or identifiable natural person (e.g., name, address, phone number, date of birth or email address) is personal data.

In general, you are able to use our online offer without providing personal data. The usage of certain services may, however, require you to provide personal data, e.g., registration or the participation in a raffle. Mandatory fields are generally denoted with an *.

1.2 Registration
In case you wish to use services which first require the formation of a contract, we will ask you to register. Within the scope of registering, we collect personal data necessary for the formation and performance of the contract (e.g., first name, last name, date of birth, email address) as well as, if applicable, further data on a voluntary basis. Mandatory fields are denoted with an *.

1.3 Purposes of Processing and Legal Basis for the Processing
We process your personal data for the following purposes, based on the Legal Bases listed:

· Providing this online offer and performance of contract following our [Terms of Use / Terms and Conditions].[WM1] (Legal basis: Performance of a contract).

· House and third party advertising as well as market research and reach measurement to the legally allowed extent or based on consent.

· Dispatch of an email newsletter. (Legal basis: legitimate interests; there is a legitimate interest in direct marketing as long as marketing occurs while complying with data protection and fair trade laws)

· Dispatch of a newsletter with the recipient's consent via email or SMS/MMS. (Legal basis: Performance of a contract).

1.4 Data Transfer to Third Parties, Service Providers
1.4.1 Data Transfer to Third Parties
Your personal data is generally only being transferred to third parties as far as this is necessary for performance of the contract, if we or the third party have legitimate interests in transferring or if you have consented to this. If data is transferred to third parties based on legitimate interests, this will be explained in this privacy notice.

Beyond or in addition to this, data may be transferred to third parties as far as we are obligated to do so under statutory provisions or an enforceable decision made by an authority or a court.

1.4.2 Service Providers

We reserve the right to use service providers in collecting or processing data. Service providers are only given personal data that is necessary for their concrete task. This means that your email address may be forwarded to a service provider so you can receive a newsletter that you ordered. Service providers may also be assigned to provide server capacity. Service providers are generally involved as so-called processors which may only process users' personal data based on our instructions.

Insofar as service providers are not already named in this privacy notice, these are the following categories of service providers:

• IT service provider (technical support), Germany, Ireland

• IT service provider (hosting), Germany, USA

• Customer support (e-mail, telephone), Germany

1.5 Data Transfer to Non-EEA Countries

We also forward personal data to third parties or processors who are located outside EEA countries. In such cases we ensure prior to the transfer that the transfer is subject to appropriate safeguards (e.g., by self-certification of the recipient for the EU US Privacy Shield or by having agreed upon so-called standard dta protection clauses of the European Union with the recipient) or sufficient user consent is given.

These are third parties or processors in the following countries: USA

1.5.1 Duration of Storage; Retention Periods
We store your data as long as it is necessary to provide our online offer and the services connected with it or as long as we have a legitimate interest in continued storage. In all other cases, we delete your personal data with the exception of such data that we are required to retain for the purpose of contractual or statutory (e.g., taxation or commercial law) retention periods (e.g., invoices). At this point, contractual retention periods may also result from contracts with third parties (e.g., those holding copyrights or IP rights).

Data that is only retained because it is subject to a retention period is restricted from processing until the period expires and will then be deleted.

2 Log-Dateien

Every time you use the internet, your internet browser automatically transmits certain information which is then saved by us in log files.

We save log files for the purposes of determining disruptions and for security reasons (e.g., to elucidate attack attempts) for a period of 7 to 10 days and delete them thereafter. Log files which need to remain stored for evidence purposes are excluded from deletion until the respective incident has been finally resolved and may be forwarded to investigating authorities on a case-by-case basis.

Log files contain especially following information:

• IP address (internet protocol address) of the terminal device which is used to access the online offer;

• Internet address of the website from which the online offer is accessed (so-called URL of origin or referrer URL);

• Name of the service provider through which access to the online offer occurs;

• Name of accessed file or information;

• Date and time and duration of access;

• Amount of data transmitted;

• Operating system and informations on the internet browser used, including add-ons installed (e.g., for the Flash Player);

• http status code (e.g. “request successful” or “file not found”).

3 Cookies

This online offer uses no cookies.

3.1 What are Cookies?
Cookies are little text files that are sent when visiting an internet page and are stored in a user’s browser. In case the respective internet page is accessed once again, the user’s browser sends back the content of the cookies and, thus, allows for the recognition of the user. Certain cookies are automatically deleted upon ending the browser session (so-called session cookies), others are saved for a set time or permanently in the user’s browser and delete themselves thereafter (so-called temporary or persistent cookies).

3.2 Which Files are Saved in the Cookies?
Cookies generally do not contain personal data, but instead only an online ID.

3.3 How can you Avoid the Usage of Cookies or Delete Cookies?

You can withdraw your consent to the cookie settings at any time with effect for the future. You can declare the revocation in the privacy settings by changing your selection.

You can delete already stored cookies in your browser at any time (see Technical Information - Module 17). Please note, however, that without cookies this online service may not function at all or only to a limited extent.

If you delete all cookies, an objection may therefore no longer be considered and you will have to raise it again.

3.4 What Cookies do we use?
3.4.1 Cookies Strictly Necessary for a Service
Some cookies are strictly necessary so we can host our online offer safely. This category includes, e.g.,

· Cookies which serve the purpose of identifying or authenticating our users;

· Cookies that temporarily store certain user entries (e.g., shopping basket content or content of an online form);

· Cookies that remember certain user preferences (e.g., search query and language settings);

· Cookies that store data to ensure the uninterrupted playback of video and audio content;

3.4.2 Analytics-Cookies
We use analytics cookies to record and statistically evaluate our users’ usage behavior (e.g., clicked ad banners, visited subpages, search queries asked).

4 Web Analysis

We need statistical information about the usage of our Online Offers to design them to be user-friendlier and to perform reach measurements and market research.

For this purpose, we use the web analysis tools described in this section.

The usage profiles created by these tools using analysis cookies or by evaluating log files are not combined with personal data.

The providers of the tools (vendors) process data only as processors subject to our directives and not for their own purposes.

The tools either do not use user IP addresses at all or shorten them immediately after obtaining them.

You will find information on each tool's vendor and how you are able to object to the collection and processing of data that is done with the tool.

Be advised that with regard to tools that use opt out cookies, the opt out function is related to a device or browser and is thus valid for the terminal device or browser used at this time. In case you use several terminal devices or browsers you must opt out on every device and in every browser used.

Additionally, you can generally avoid the creation of usage profiles by generally deactivating cookie usage.

4.1 Google Analytics
Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the additional function offered by Google to anonymize IP addresses. While doing so, Google already shortens IPs within the EU in most cases and only does so in the United States in exceptional cases, while always saving shortened IPs only.

You may object to the collection or processing of your data by using the following link to download and install a browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en.

5 Social Plugins

This online offer uses social plugins (“Plugins”) by the following providers:

5.1 Facebook Social Plugins
Facebook is operated under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). Find an overview of Facebook's plugins and their appearance here: http://developers.facebook.com/plugins; find information on data protection at Facebook here: http://www.facebook.com/policy.php.

5.2 Twitter Social Plugins
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). Find an overview of Twitter's plugins and their appearance here: https://twitter.com/about/resources/buttons; find information on data protection at Twitter here: https://twitter.com/privacy.

5.3 Instagram Social Plugins
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). Find an overview of Instagram's plugins and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges; find information on data protection at Instagram here: https://help.instagram.com/155833707900388/.

5.4 Social Plugins
Our website is embedding social media plugins or widgets which are provided by Walls.io. When loading these widgets, your IP-address and in rare cases cookie information is transferred to Walls.io. Walls.io is operated by "Die Socialisten" Social Software Development GmbH, based in Vienna, Austria.

The different providers of plugins are in the following summarized as “Plugin Providers”.

5.5 Plugins
Your internet browser establishes a direct connection to the respective plugin provider’s servers only when you activate the plugins. This way, the plugin provider receives information that your internet browser has accessed the respective site of our online offer, even when you do not maintain a user account with the provider or are not logged in. Log files (including the IP address) are transmitted directly from your internet browser to a server of the respective plugin provider and may be stored there. This server may be located outside the EU or EEA (e.g. in the U.S.).

The plugins are stand alone extensions of the plugin providers. We, thus, do not have influence on the scope of data gathered and stored by the plugin provider through the plugin.

If you do not wish for the plugin providers to receive, save, and use data gathered through this online offer, you should not use the respective plugins.

You can also block the plugins from being loaded with browser add ons (so-called script blockers).

Find out more about the purpose and scope of the data collection as well as about processing and use of your data by plugin providers and about your rights and possibilities to change settings to protect your data in the privacy statements of the respective providers.

6 Social Sign In (Login via Social Networks)

6.1 Registration/Login via Facebook
We give you the opportunity to register or login with us through your Facebook account. If you do this, we receive the data necessary for registration or signing on (e.g., email address, name) from Facebook.

We are unable to influence the scope of data collected by Facebook through Facebook Login. If you do not wish for Facebook to gather data in connection with your usage of our online offer in order to use it for its own purposes, you should not use Facebook Login.

Find out more about the purpose and scope of the collection as well as about the processing and use of your data by Facebook and about your rights and possibilities to change settings to protect your data in Facebook’s privacy statement: http://www.facebook.com/policy.php.

7 Users’ Rights (Rights of the Data Subject)

7.1 Users’ Rights (Rights of the Data Subject)
You have the right to receive information as well as – under certain prerequisites – the rights to correction, deletion, restriction of processing or objection to personal data processing and – from May 25, 2018, on – the right to data portability.

Right to object against direct marketing: Additionally, you may at all times object to the processing of your personal data for advertising purposes ("advertisement objection"). Please take into account that, due to logistical reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.

In case you consented to the processing of your data, you can always revoke this consent at any time. The lawfulness of processing based on consent before its withdrawal remains unaffected.

To enforce your rights, please use the details provided in the Contact section. When doing so, please ensure that it is possible to clearly and unambiguously identify you.

7.2 Right to Complain with the Regulatory Authority
You have the right to file a complaint with a data protection authority. You can appeal to the data protection authority, which is competent for your place of residence or your state or to the data protection authority which is competent for us.

8 Contact

We and our data protection officer are available for your inquiries and suggestions regarding data protection at the email address datenschutz@prosiebensat1.com.

If you want to contact us, you can reach us as follows:

ProSiebenSat.1 Media SE, Medienallee 7, 85774 Unterföhring, email: info@prosiebensat1.com.