Our Privacy Policy

It is generally possible to use our web pages without having to submit any personal data. However, if a user wishes to use special services provided by our company via our website, the processing of personal data may be required. If the processing of personal data is required and there is no legal basis for such processing, we generally seek your consent.

The processing of personal data, such as the name, address, email address and telephone number of a data subject, is done in accordance with the requirements of the General Data Protection Regulation (GDPR) and in accordance with the Federal Data Protection Act (BDSG). With this Privacy Policy, we inform you about the nature, scope and purpose of the personal data that we process. Furthermore, you are also informed of your rights in this Privacy Policy.

1. Definitions

Our Privacy Policy should be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, the terms used are explained in advance.

We use the following terms, among others, in this Privacy Policy and on our website:


a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter the “data subject”). A natural person is considered to be identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the data controller.
c) Processing
Processing means any process or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
e) Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data are not attributed to an identified or identifiable natural person.
f) Data controller
The data controller is the natural or legal person, public authority, agency or other body that, alone or together with others, decides on the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for the data controller’s nomination may be provided for by Union or Member State law.
g) Data processor
A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
h) Recipient
A recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, regardless of whether or not it is a third party. However, public authorities that have a specific investigatory right pursuant to Union or Member State law and receive personal data in this context are not considered to be recipients.
i) Third parties
A third party is a natural or legal person, public authority, agency or body other than the data subject, the data controller, the data processor and persons who, under the direct responsibility of the data controller or the data processor, are authorized to process the personal data.
j) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


2. Name and address of the data controller

The data controller in terms of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with a data protection character is:

Gruppe 5 Filmproduktion GmbH
represented by President and CEO Alexander Hesse and Executive Vice President and CFO Stefan Schneider
Kartäuserwall 20
50678 Köln
Phone: +49 (0)221 1680 160
Telefax: +49 (0)221 1680 1620


3. Name and address of the Data Protection Officer

The Data Protection Officer with responsibility for the processing is:

Mr Klaus Pawlitschko, LL.M.
c/o ZDF Enterprises GmbH
Erich-Dombrowski-Straße 1
55127 Mainz

Any data subject can contact our Data Protection Officer directly at any time with questions or suggestions regarding data protection.


4. Cookies

The Gruppe 5 GmbH webpages use cookies. Cookies are text files that are saved and stored on a computer system via an Internet browser.

By using cookies, Gruppe 5 GmbH can provide users of our website with more user-friendly services that would not be possible without cookies. In case you access a  respective website again cookies allow the recognition of your end-user device. Thus you do not have to re-enter your login details each time you visit the website, as this is done by the website and the cookie stored on the end-user device.

Legal basis for the processing of personal data by using cookies is Article 6 (1) lit. f of the GDPR.

You can prevent the placement of cookies by our website at any time by means of a corresponding setting in the internet browser, and thus permanently block the placement of cookies. Furthermore, cookies that have already been placed can be deleted at any time via your internet browser or other software programs. If you deactivate the placement of cookies in the internet browser, some of the functions of our website may not be fully usable.


5. Collection of general data and information

Access data is automatically saved every time a file is called up from our website. Each data set consists of:

  • Page from which the file was requested
  • The name of the file
  • Date and time of the request
  • Volume of data transferred
  • Access status (file transferred, file found etc.)
  • Description of the type of web browser used
  • Operating system used

This data is not relatable to certain persons for Gruppe 5 GmbH.

These data is transmitted and evaluated to an adequate application for statistic purposes and for technical administration of the web pages. Further these data is required to present you our webpage and to ensure you the the stability and security of our website. A combination of these data with other data source will not be conducted; the data furthermore will be deleted after the statistic evaluation.

Otherwise, personal information will only be saved if provided by you on a voluntary basis, e. g. within the context of an inquiry, within our contact form on the website or during the registration process; it will not be passed on to third parties either in whole or in part.

Legal basis for the temporary storage of these data is Article 6 (1) lit. f of the GDPR. Our legitimate interest is justified by the above mentioned reasons of the data processing.


6. Contact by E-Mail and further contact

You may contact us by the e-mail-address which is provided on our website or by mail. In this case the personal data, which the user provides by e-mail or mail will be stored by us.

This data only will be used for processing of the conversation.

Legal basis for the processing of your data in this case is Art. 6 (1) lit. f of the GDPR. In case of the approach by e-mail or mail the processing of your query is our legitimate interest.

The personal data, which was send by e-mail or mail will be deleted when the conversation with the respective user is finished. This will be the case if from the circumstances arise, that the respective issue is settled.


7. Maximum storage period of personal data

The period of storage of personal data is based upon the respective legal retention periods, e.g. from taxation or commercial laws. In case this retention periods expires the personal data will be deleted, unless these personal data is still required for the fulfillment or the negotiation of a contract or we further have a legitimate interest in the storage of this data.


8. Rights of the data subject

If a data subject wishes to make use of the rights below, he/she can contact our Data Protection Officer at any time.

a) Right to information
You have the right, as granted by the GDPR, to obtain information from the data controller free of charge and at any time about the personal data stored about you, and to receive a copy of that information. This includes:

  • the purpose of the processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or at international organizations
  • if possible, the planned period for which the personal data are to be stored, or, if this is not possible, the criteria for defining this period
  • the existence of a right to correction or erasure of the relevant personal data or to restriction of the processing by the data controller, or a right to object to this processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected directly from the data subject: All available information about the source of the data


In addition, you have a right to information regarding whether personal data have been sent to a third country or to an international organization. If that is the case, you also have the right to obtain information about the appropriate guarantees implemented in connection with the transfer.
b) Right to rectification
You have the right to demand the immediate rectification of inaccurate personal data concerning yourself. Furthermore, you have the right, taking into account the purpose of the processing, to request the completion of incomplete personal data, including by means of providing a supplementary statement.


c) Right to erasure (right to be forgotten)
You have the right to ask the data controller to immediately erase your personal data, provided that one of the following reasons applies and the processing is not required:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw the consent on which the processing was based in accordance with Article 6 (1) lit. a of the GDPR or Article 9 (2) lit. a of the GDPR, and there is no other legal basis for the processing.
  • You object to the processing in accordance with Article 21 (1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Article 21 (2) of the GDPR.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary to fulfil a legal obligation under Union or Member State law with which the data controller has to comply.
  • The personal data were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.

Where personal data have been made public by us and our company is obliged, as the data controller, to erase personal data pursuant to Art. 17 (1) of the GDPR, we will take appropriate steps, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers that are processing the disclosed personal data that the data subject has requested the erasure by such data controllers of all links to or copies or replication of such personal data, if the processing is not required.
d) Right to restriction of processing
You have the right to request that the data controller restrict the processing, if any of the following conditions apply:

  • The accuracy of the personal data is contested by yourself, with the restriction being observed for a period enabling the data controller to verify the accuracy of the personal data.
  • The processing is unlawful, but you reject erasure of the personal data and instead request restriction of the use of the personal data.
  • The data controller do not need the personal data anymore for reasons of processing, but the date subject needs the data for enforcement, exertion or plea of legal claims.
  • You object to the processing, in accordance with Art. 21 (1) of the GDPR and it is not yet clear whether the legitimate reasons of the data controller override those of the data subject.

e) Right to data portability

You have the right to receive, in a structured, common and machine-readable format, personal data relating to yourself that have been provided to the data controller by you. You futher have the right to transfer these data to another data controller without hindrance by the data controller to which the personal data were supplied, provided that the processing is based on the consent given pursuant to Article 6 (1) lit. a of the GDPR or Article 9 (2) lit. a of the GDPR or is based on a contract pursuant to Article 6 (1) lit. b of the GDPR, and processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his/her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject has the right to request that the personal data are transferred directly from one data controller to another, if this is technically feasible and if this does not affect the rights and freedoms of other parties.

f) Right to object
You have the right, at any time and for reasons arising from your particular situation, to object to the processing of personal data relating to yourself, pursuant to Article 6 (1) lit. e or f of the GDPR.

In the event of an objection being submitted, we will no longer process personal data unless we can establish compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or unless the processing is required for the purpose of asserting, exercising or defending legal claims.

g) Right to revoke consent related to data protection
You have the right to revoke consent granted for the processing of personal data at any time.
h) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you as data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of  your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to yourself infringes this Regulation. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.