1. Contact details of the data controller and data protection officer

1.1 Data controller:
SWR Media Services GmbH
Neckarstraße 230
70190 Stuttgart
Phone: 0711 929 13437
E-mail: info@swrmediaservices.de

1.2 Data protection officer: Safia Rapp | Data Protection Officer, Lawyer
The data protection officer can be contacted at the above address, or at datenschutz@swrmediaservices.de.

2. Purposes of data processing
We, SWR Media Services GmbH, are the commercial subsidiary of Südwestrundfunk (SWR) based in Stuttgart and Baden-Baden. As a public service broadcaster, SWR is financed by the national broadcasting fee. We market the advertising time and sponsoring in the SWR radio programmes and on SWR television; by means of licensing and merchandising articles, SWR broadcasts are subject to commercial exploitation. In addition thereto, we offer services related to broadcasting and media technology infrastructure, as well as customer retention; further income is also generated through investment holdings and real estate. We are also the operating company of the Stuttgart TV Tower.

2.1 Consent (Art. 6 [1a] EU General Data Protection Regulation (GDPR))
Processing of personal data for certain purposes (e.g. sending our newsletter or other promotional information by e-mail after clicking on the confirmation link which is sent to you, forwarding to other third parties, evaluation of data for marketing purposes) takes place if you have provided us your consent.

2.2 Contractual or pre-contractual obligations (Art. 6 [1b] GDPR)
We process personal data, the provision of which is necessary for the performance of a contract to which you are a party, or for the implementation of pre-contractual measures that take place in response to your request, e.g. via our website contact form. The purposes of data processing depend on the specific contract (e.g. event ticket purchase) and may include – among other things – evaluations, advice and the implementation of additional campaigns.

2.3 Legal requirements (Art. 6 [1c] GDPR)
Due to legal obligations, data processing is carried out, for example, for the purposes of fraud and money laundering prevention, the fulfilment of control and reporting obligations under tax law, and the provision of information vis-a-vis authorities.

2.4 Balancing of interests (Art. 6 [1f] GDPR)
In order to protect the legitimate interests of us or third parties, data processing is also carried out for certain purposes following the prior weighing-up of interests, e.g. to safeguard house rights, including in the context of video surveillance, to protect legal claims, to investigate criminal offences, to determine default risks, to optimise product development, to optimise customer contact for advertising purposes – such as contacting other companies by telephone, to send advertising information by post (e.g. invitation to events, presentation of new products and services, production of image and sound recordings for advertising publication in print and online media, display and publication of subscriber lists, optimised demand planning or to ensure data security. Within the framework of the balancing of interests, data is also passed on within the group (you can find a current overview of the group here).

3. Further data processing within the framework of website use
3.1 Statistical analysis of visits to this website
We collect, process and store the following data when you access this website or individual files on the website: IP address, website from which the file was retrieved, name of the file, date and time of the retrieval, amount of data transferred and report on the success of the retrieval (so-called web log). We use this access data exclusively in a non-personalised form for the continuous improvement of our website, and for statistical purposes.

3.2 Contact form
We will only use the e-mail address recorded via our contact form for processing enquiries received through the contact form. Further information can be provided voluntarily; the processing of this data is then carried out with your consent. After processing the request, the collected data will be deleted.

3.3 Online ticket purchase
Via our website, as well as via third-party platforms that allow ticket purchases (e.g. Tripadvisor, Getyourguide), you can purchase a ticket for access to the Stuttgart TV Tower via Bookingkit. This requires you to provide information about yourself – such as your name and contact details, so that we can process your request. In addition, we need your information to pay for the tickets (bank details, credit card number or similar). We use your data exclusively for the purpose of processing the ticket purchase. Further information can be provided voluntarily; the processing of this data is then carried out with your consent. After the ticket purchase has been processed, your data will be deleted unless there is an accounting-relevant obligation to retain the data, or you have given your consent for its further use.

3.4 E-mail Marketing / Newsletter
When registering to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be informed by e-mail of circumstances relevant to the service or registration (for example, changes to the newsletter service or technical circumstances).
For an effective registration, we require a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, we use the “double-opt-in” procedure. For this purpose, we log the order for the newsletter, the dispatch of a confirmation e-mail and receipt of the response requested herewith. No other data is collected. The data will only be used for sending the newsletter. The e-mail is sent via the mail service provider CleverReach GmbH & Co. KG. In order to optimise the newsletter, we analyse how often it is opened, which links are clicked on and how often. These statistics are not linked to your data.
You can revoke your consent to the storage of your personal data and its use for newsletter dispatch at any time. There is a link to this in every newsletter. In addition, you can inform us of your corresponding request via the contact option provided at the end of this privacy policy.

3.5 Cookies
On the TV Tower Stuttgart website, we use cookies to make visiting our website an appealing experience, and to enable the use of certain functions. The so-called “cookies” are small text files that your browser can store on your computer. Some cookies are necessary for the operation of the website (category: necessary cookies), we only set other cookies if you have given us your prior consent (categories: cookies for statistics, cookies for external content). The process of placing a cookie file is also called “setting a cookie”. You can set your browser yourself according to your wishes so that you are informed about the setting of cookies, decide on a case-by-case basis whether to accept cookies that are not necessary, or generally accept (or generally exclude) the acceptance of cookies that are not necessary.
You can adjust hereindividual settings for the cookies on this website.

3.6.1 Necessary cookies
We use necessary cookies to perform (or facilitate) the transmission of a message via an electronic communications network. In addition, we use necessary cookies to provide an information society service that you have specifically requested. Necessary cookies in detail: Cookie name: fstcookies, Runtime: 1 year
3.6.2 Cookies for statistics: Matomo
We use Matomo (formerly Piwik) for web analytics with your consent, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”) with the use of cookie technology. The protection of your data is important to us, which is why we have also configured Matomo so that your IP address is only recorded in abbreviated form. We, therefore, process your personal usage data anonymously. It is not possible for us to draw any conclusions about your person. Further information on Matomo’s terms of use and data protection regulations can be found at: https://matomo.org/privacy/
Cookies for statistics – Matomo in detail: Cookie name: _pk_id.5.b140, runtime: 1 year; cookie name: _pk_ses.4.46c9; Duration: for the duration of the session

3.6.3 Cookies for external content
3.6.3.1 Adobe Typekit Web Fonts
We use Adobe Web Fonts – formerly Adobe Typekit – i.e. fonts provided by Adobe Inc. (USA) to ensure a uniform typeface on our websites. In order to prevent data transfer to the USA to Adobe Inc., we have stored Adobe Typekit Web Fonts locally on our own local server. This way, Adobe does not have to establish a connection to its servers, in order to load the fonts.

3.6.3.2 Social media: Instagram
The jointly responsible data controller within the meaning of Art. 26 GDPR for the Instagram profile www.instagram.com/swr.fernsehturm.stuttgart
is us, SWR Media Services GmbH, Neckarstraße 230, 70190 Stuttgart and Facebook Ireland Limited, (hereinafter: Facebook) 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have entered into a joint responsibility agreement with Facebook, which you can find here: www.facebook.com/legal/terms/page_controller_addendum
We process your data for the purpose of providing you with promotional information about our offers and communicating with you. We have a legitimate interest in processing for these purposes. In addition, we only process your data if you voluntarily contact us via the Instagram profile. We do not share the data we receive from you through your Instagram profile with third parties. However, data that you post publicly on our Instagram profile is visible to everyone. We reserve the right to delete information on our Instagram profile that any violates legal provisions or our guidelines. Otherwise, you can delete the data you have entered yourself at any time. We delete your messages to us as soon as the request has been dealt with. As to whic personal data is also processed by Facebook in the USA when using an Instagram profile (and in what form) can be viewed at Facebook here: www.facebook.com/about/privacy/
You can object to the processing of individual data for specific advertising purposes on facebook here: www.facebook.com/settings?tab=ads
We have not integrated an active Instagram button on our websites. Instead, we have placed a hyperlink under an icon to Facebook’s external social media presence on Instagram.

3.7 Anonymous or pseudonymous usage options
In principle, you can visit our website without providing us with any personal data. Pseudonymised usage data is not merged with the data of the bearer of the pseudonym. The creation of pseudonymous usage profiles does not take place.

4. Recipient categories
In order to fulfil the underlying purpose, cross-departmental access within our company, as well as cross-location access within our group, may take place to the data required in each case. Contractors deployed by us may also receive data for certain purposes, e.g. IT services, document destruction and marketing. Other recipients of personal data may also include, for example, public authorities, credit and financial services institutions, lawyers and tax advisers or credit agencies.

5. Transfer to a third country or to an international organisation
Data is only transferred to third countries if this is deemed necessary, for example, for the performance of a contract or if required by law, if you have given us your consent, or if this results from a collective agreement or works agreement, e.g. as part of a group data transfer. Furthermore, in the context of IT component maintenance, it cannot be ruled out that an IT service provider from a third country (e.g. USA) could gain access to personal data in rare cases. Otherwise, there is no transfer of personal data to third countries or to an international organisation.

6. Duration of data storage
We store the personal data for the duration of the contractual relationship; beyond that, statutory limitation periods are generally three years. Various retention and documentation obligations apply, e.g. from the German Commercial Code (HGB) and the German Fiscal Code (AO), which last up to ten years.

7. Right to the disclosure of information, its correction, deletion, restriction or processing and data portability
You have the right to the disclosure of information held about you under Article 15 GDPR, the right to its rectification under Article 16 GDPR, the right to its erasure under Article 17 GDPR, the right to the restriction of its processing under Article 18 GDPR, and the right to data portability under Article 20 GDPR. For this, please contact us.
 
8. Revocation of consent
You can revoke your consent at any time by contacting us using the contact details above. You can also opt out of receiving our newsletter by clicking on the unsubscribe link in the newsletter. Please note that your revocation is only effective for the future.

9. Existence of a right of appeal
In addition, you have a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is: The Broadcasting Commissioner for Data Protection and thus the supervisory authority (Art. 77 GDPR) is Mr. Stephan Schwarze, c/o MDR Kantstraße 71-73 in Leipzig. Phone: 0341 3007732 and e-mail: rundfunkdatenschutz@mdr.de

10. Obligation to provide data
You only need to provide the personal data that is required for the establishment, performance and termination of a contract, or that we are legally obligated to collect. If you do not provide us with the necessary information and documents, we may not enter into (or continue) a business relationship requested by you.

11. Automated decision-making in individual cases
As a matter of principle, we do not utilise fully automated decision-making for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

12. Profiling
We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling), e.g. evaluation for targeted customer approach, needs-based advertising – including market and opinion research – and for scoring or rating. The evaluation can include, for example, data on payment behaviour (e.g. account turnover, balances), as well as criteria – such as industry affiliation and experience from the previous business relationship.

13. Categories of personal data
For example, we process the following categories of personal data: Personal master data, contract master data, contract execution and termination data, order data, data for the fulfilment of legal obligations, creditworthiness data, scoring/rating data, advertising and sales data, data about your use of the telemedia we offer (e.g. time of accessing our websites, apps or newsletters, pages clicked on by us or entries), as well as other data comparable with the categories mentioned.

14. Data sources
We process data that we have received from you within the scope of our business relationship in the same way as data permissibly transmitted to us by other third parties. On the other hand, we collect data from publicly accessible sources (e.g. trade and debtor directories, commercial registers, press).
Information about your right to object according to Art. 21 General Data Protection Regulation (GDPR)
Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) lit. e) GDPR (data processing in the public interest) and Article 6 (1) lit. f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
Your right to object to the processing of data for direct marketing purposes
We process your personal data in order to carry out direct marketing. You have the right to object at any time to the processing of personal data concerning you in relation to such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. Your objection can be submitted without any formality, and should preferably be addressed to:

SWR Media Services GmbH
Neckarstraße 230
70190 Stuttgart
E-mail: info@swrmediaservices.de

Version as of: April 2022