Privacy Policy
Effective: July 30, 2024
Controller: Radiozeit GmbH
Voltastraße 1
14482 Potsdam-Babelsberg
Authorized Representative: Kristian Müller
Email: kristian.mueller@radiozeit.de
Imprint: https://www.mixd.tv/imprint.html
Overview of Processing
The following overview summarizes the types of data processed and the purposes of their processing, and references the affected individuals.
Types of Processed Data
- Inventory data
- Contact data
- Content data
- Meta, communication, and procedural data
Categories of Affected Individuals
- Communication partners
- Users
Purposes of Processing
- Communication
- Organizational and administrative procedures
- Feedback
- Provision of our online offer and user-friendliness
Legal Bases
Relevant legal bases according to the GDPR: Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR regulations, national data protection provisions in your or our country of residence may apply. If specific legal bases are relevant in individual cases, we will inform you of them in this privacy policy.
- Legitimate Interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, do not override.
National Data Protection Regulations in Germany: In addition to the GDPR, national data protection regulations in Germany apply. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer and automated decision-making in individual cases, including profiling. Additionally, state data protection laws of individual federal states may apply.
Notice on GDPR and Swiss DPA Applicability: This privacy notice serves to provide information under both the Swiss Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader spatial applicability and comprehensibility, the terms of the GDPR are used. Specifically, instead of the terms “processing” of “personal data,” “overriding interest,” and “sensitive personal data” used in the Swiss DPA, the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” used in the GDPR are used. The legal meaning of the terms, however, remains defined by the Swiss DPA within its scope.
Security Measures
We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons.
These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, ensuring availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and responses to data threats. We also consider the protection of personal data in the development or selection of hardware, software, and procedures according to the principle of data protection through technology design and data protection-friendly default settings.
Transfer of Personal Data
In the course of our processing of personal data, it may happen that the data is transferred to other locations, companies, legally independent organizational units, or individuals, or disclosed to them. The recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content integrated into a website. In such cases, we observe legal requirements and conclude appropriate contracts or agreements to protect your data with the recipients of your data.
International Data Transfers
Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or the processing takes place in the context of the use of services of third parties or the disclosure or transfer of data to other individuals, bodies, or companies, this only occurs in compliance with legal requirements. If the data protection level in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only occur if the data protection level is otherwise ensured, in particular through standard contractual clauses (Art. 46 Para. 2 lit. c GDPR), explicit consent, or if the transfer is necessary for the performance of a contract or required by law (Art. 49 Para. 1 GDPR). We will inform you of the basis for the third-country transfer for each specific provider from a third country, giving priority to adequacy decisions. Information about third-country transfers and existing adequacy decisions can be found on the EU Commission’s information page: EU Commission Data Protection.
EU-US Trans-Atlantic Data Privacy Framework: Under the “Data Privacy Framework” (DPF), the EU Commission has also recognized the data protection level for certain companies in the USA as secure within the framework of the adequacy decision of 10.07.2023. The list of certified companies and more information about the DPF can be found on the website of the US Department of Commerce: Data Privacy Framework (in English). We inform you within the scope of our privacy notices which service providers we use are certified under the Data Privacy Framework.
General Information on Data Storage and Deletion
We delete personal data that we process in accordance with legal requirements as soon as the consents on which the processing is based are revoked or other legal bases for processing cease to apply. This includes cases where the original processing purpose no longer applies, or the data is no longer needed. Exceptions exist if statutory retention obligations or particular interests require longer storage or archiving of the data.
In particular, data that must be retained for commercial or tax reasons, or whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons, must be archived accordingly.
Our privacy notices contain additional information on the retention and deletion of data specific to certain processing activities.
Where multiple retention periods or deletion deadlines are specified, the longest period always applies.
If a deadline does not explicitly start on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the triggering event occurred. For ongoing contractual relationships where data is stored, the triggering event is the effective date of termination or other termination of the legal relationship.
Data that is no longer needed for the originally intended purpose but must be retained due to legal requirements or other reasons will be processed solely for the reasons that justify their retention.
Additional Notes on Processing Activities, Procedures, and Services:
- Retention and Deletion of Data: The following general retention periods apply according to German law:
- 10 years: Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the instructions and other organizational documents necessary to understand them, booking receipts, and invoices (§ 147 Para. 3 in conjunction with Para. 1 No. 1, 4, and 4a AO, § 14b Para. 1 UStG, § 257 Para. 1 No. 1 and 4, Para. 4 HGB).
- 6 years: Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents relevant to taxation, e.g., hourly wage sheets, operating accounting sheets, calculation documents, price quotations, but also payroll documents, provided they are not already booking receipts, and cash register tapes (§ 147 Para. 3 in conjunction with Para. 1 No. 2, 3, 5 AO, § 257 Para. 1 No. 2 and 3, Para. 4 HGB).
- 3 years: Data required to consider potential warranty and compensation claims or similar contractual claims and rights and associated inquiries, based on past business experiences and usual industry practices, will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).
Rights of Data Subjects
Rights of Data Subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly as set out in Articles 15 to 21 GDPR:
- Right to Object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6 Para. 1 lit. e or f GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent related to such direct marketing.
- Right to Withdraw Consent: You have the right to withdraw consent at any time.
- Right of Access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data and further information and a copy of the data in accordance with legal requirements.
- Right to Rectification: You have the right, according to legal requirements, to request the completion or correction of data concerning you that is inaccurate.
- Right to Deletion and Restriction of Processing: You have the right to request the immediate deletion of data concerning you, or alternatively, to request a restriction of the processing of the data according to legal requirements.
- Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.
- Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Use of Cookies
Cookies are small text files or other storage marks that store information on end devices and read information from them. For example, to store the log-in status in a user account, a shopping cart content in an e-shop, the accessed content, or used functions of an online offer. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offers and creating analyses of visitor flows.
Notice of Consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users, unless it is not required by law. Permission is not necessary, particularly if the storage and reading of the information, including cookies, are absolutely necessary to provide a telemedia service (our online offer) explicitly requested by users. The revocable consent will be clearly communicated to them and contains information on the respective cookie usage.
Notice on Data Protection Legal Bases: The legal basis on which we process personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in a business operation of our online offer and improving its usability) or, if this is necessary for fulfilling our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. We inform you about the purposes for which cookies are used in the course of this privacy policy or in the context of our consent and processing procedures.
Storage Duration: The following types of cookies are distinguished in terms of storage duration:
- Temporary Cookies (also: Session or Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).
- Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be stored, and preferred content can be displayed directly when a user visits a website again. Likewise, the data collected with cookies can be used for reach measurement. If we do not provide users with explicit information about the type and duration of cookies (e.g., in the context of obtaining consent), they should assume that they are permanent and that the storage duration can be up to two years.
General Notes on Revocation and Objection (Opt-out): Users can revoke their consents at any time and also declare an objection to the processing in accordance with legal requirements, using the privacy settings of their browser, for example.
- Processed Data Types: Meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, involved persons).
- Affected Individuals: Users (e.g., website visitors, users of online services).
- Legal Bases: Legitimate interests (Art. 6 Para. 1 Sentence 1 lit. f GDPR).