New technologies and processes in connection with digitalization are generating a steadily growing flow of data. Data from the digital sphere provide information about the media usage and consumer behavior of audiences and customers. Media providers can also obtain these data in ever increasing volumes by digitizing their offerings. In this environment, ProSiebenSat.1 has created a very rare combination: We have access to data from TV usage as well as data from our commerce platforms. On the basis of the acquired digital data, we are now building a bridge between TV and the Internet – the optimum combination of mass appeal while rapidly raising brand awareness with a target-group-specific approach. On this basis, we can use addressable TV and HbbTV to develop new advertising products that the TV business will benefit from in turn. The aim is a brand presence which enables a direct online purchase from the targeted commercial – without necessarily having to switch to a tablet or smartphone.
The protected data pool shared by ProSiebenSat.1 and NuCom Group therefore contributes directly to the Company’s business success and the core business of free TV financed by advertising. The processing of personal data from various different stakeholder groups is therefore an essential component of ProSiebenSat.1 Group’s business activity. These stakeholders particularly include customers, online users, viewers, applicants, employees, and business partners. For this reason, we see data protection as an important competitive factor with a lasting impact on trust in ProSiebenSat.1 Group’s products and brands and thus also on the economic success of the Group. [GRI 103-1]
The overarching goal of the Group’s data protection is a uniform, adequate level of data protection within ProSiebenSat.1 Group in line with national and international provisions. This is to be ensured on the basis of a risk-oriented data protection management system (DPMS) and standardized processes, guidelines, and specifications, some of which apply throughout the Group. Targeted advertising online, on mobile apps, and in HbbTV is based on tracking technology and a legal situation that may be prejudiced by the General Data Protection Regulation (GDPR) which has come into force on May 25, 2018. In particular, this concerns the question of wether targeted online advertising via cookies is now only permitted with users’ prior consent. At present, however, there is a debate over the extent to which users’ explicit consent must be obtained for the profiling performed by tracking technologies - instead of the previously well-recognized legitimate interest of advertising financed media - and how this consent for target group specific advertising must be arranged.
In March 2018, ProSiebenSat.1 already founded its log-in alliance netID to create the infrastructure for potentially expanded permissions management for targeted advertising. This initiative bears witness to the digital industry’s efforts to create secure, transparent, and user-friendly data platforms in order to both meet the requirements of GDPR and respond to the growing awareness among users and providers. [GRI 103-1, GRI 103-2]
In addition to legal provisions, the Company’s internal guidelines on handling personal data and its automated collection, processing, and use also apply. [GRI 103-2, GRI 102-16]
Internal guidelines on data protection GRI 102-16]
- Global Data Protection Standard (GDPS)
- Data Protection Policy
- Code of Conduct
- Web data protection regulations (Web DP GL)
- E-mail-marketing guideline
- Guideline on data subjects’ rights according to General Data Protection Regulation (GL GDPR data subjects’ rights)
- Guideline on documentation duties according to General Data Protection Regulation (GL GDPR documentation duties)
- Storage, blocking, and erasure guideline
ProSiebenSat.1 Group has implemented processes and measures to protect personal data from misuse. No processing of personal data takes place unless compliance with the applicable laws has been ensured. We grant each individual the right to object the use of their personal data and to demand that their personal data be deleted or blocked. In addition, ProSiebenSat.1 passes on personal data to third parties, including within the Group, only if this complies with the legal provisions. We also take appropriate precautions to protect personal data from loss, destruction, unauthorized access, or unauthorized use, processing, or disclosure. In 2017, we detected five cases of justified complaints regarding the violation of customers’ privacy and the loss of customer data as well as two cases of data leaks and data theft or loss. [GRI 103-1, GRI 103-2, GRI 102-16, GRI 418-1]
DATA PROTECTION PROCESSES [GRI 102-16]
Performance of a risk analysis including a compliance check in the context of introducing/changing automated procedures for processing personal data in accordance with section 4f of the German Federal Data Protection Act (BDSG) in order to address data protection law requirements at an early stage.
Order data processing
Process for legally compliant preparation of agreements for order data processing and the performance of the legally stipulated preliminary check in accordance with section 11 BDSG.
Information to public authorities
Process for legally compliant disclosure of personal data to public authorities.
Rights of persons affected
Legally compliant processing of requests from persons affected:
- Complaints management
- Information rights (section 34 BDSG)
- Right to correction (section 35 BDSG)
- Right to deletion (section 35 BDSG)
- Objection rights (section 35 BDSG)
Data breach notification
Process for legally compliant reporting of data breaches (= third parties unlawfully obtaining personal data) in accordance with section 42a BDSG and section 15a of the German Telemedia Act (TMG).