Privacy Policy

By using our website with the URL (hereinafter referred to as “website”), we process personal data. These are treated confidentially by us and processed in accordance with the applicable laws – the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). With these data protection provisions, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you rights, that entitle you to protect and enforce your data protection.

Our privacy policy contains technical terms out of the GDPR and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:

2.1 Personal data
“Personal data” is any information relating to an identified or identifiable person (Art. 4 No. 1 GDPR). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but can be determined by combining one’s own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, your date of birth or user name, your IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.

2.2 Processing
“processing” is understood by Art. 4 No. 2 GDPR to mean any operation in connection with personal data. This relates in particular to the collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or other form of making available, alignment or combination, restriction, erasure or destruction of personal data.

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit our website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.


Responsible for data processing is:
Company: LOOKS Film & TV Produktionen GmbH (“we”)
Legal representative: Dr. Regina Bouchehri, Gunnar Dedio (Managing Directors)
Address: Brandenburger Straße 28, D-04347 Leipzig
Phone: +49 341 2617711
Fax: +49 341 2617729

We have appointed an external data protection officer for our company. You can reach him under:
Company: HABEWI GmbH & Co KG
Legal representative: General partner HABEWI Beteiligungs GmbH, represented by Arne Platzbecker (Managing Director)
Address: Palmaille 96, 22767 Hamburg
Telephone: 040/ 46008966
Fax: 040/ 46008977


Within the framework of the website, we process the personal data of you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when using our offer.

Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers for the processing of your personal data, this is done within the framework of a so-called order processing, in which we as the client are authorized to issue instructions to our contractors. We use external service providers for the hosting of our website. We host our website with the external provider GECKO mbH, Deutsche-Med-Platz 2, 18057 Rostock, in the data centre location of Vautron Rechenzentrum AG, Obermünsterstraße 9, 93047 Regensburg . If further external service providers are used for individual processing operations listed in Section IV, they will be named there.

As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information about exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place based on the so-called EU standard contractual clauses.


6.1 Description of processing
Every time you visit the website, we automatically collect information that your browser transmits to our server. This is the following data:

  • IP address
  • Operating system
  • the website from which visitors came to the website (so-called referrer)
  • the date and time the website was accessed

These are also stored in the so-called log files of our system. The temporary storage of your IP address by the system is necessary in order to be able to deliver our website to the end device of a user. For this purpose, the user’s IP address must be stored for the duration of the session. Your IP address is also recorded in the log files for security reasons to defend against attacks on our website (especially so-called DDos attacks) and for fraud prevention.

6.2 Purpose
The processing is carried out to enable the website to be called up and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.

6.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 (1) lit. f GDPR). Our legitimate interest is the purpose stated in section 6.2.

6.4 Storage period
The data is deleted as soon as it is no longer required for the purpose it was collected. This is the case when the respective session has ended. The log files are deleted after seven days

7.1 Description of processing
Our website uses cookies. Cookies are small text files that are stored on the user’s device when visiting a website. Cookies contain information that enables the recognition of a device and possibly certain functions of a website. We distinguish between our own cookies and external, so-called third-party cookies. So-called “session cookies” and “persistent cookies” are used on our site. “Session cookies” are automatically deleted when you end your Internet session and close the browser. Persistent cookies are stored on your device for a longer period. If cookies are technically necessary for the operation of our site, this does not require your consent.

7.2 Purpose
We use cookies to make our website more user-friendly and to provide the functions described in section 7.1.

7.3 Legal basis
The processing is necessary with regard to technically required cookies to protect the overriding legitimate interests of the controller (Art. 6 (1) lit. f GDPR). Our legitimate interest is the purpose set out in section 7.2.

7.4 Storage period and revocation of consent
Cookie are automatically deleted at the end of a session or at the end of the specified storage period. Since cookies are stored on your device, you as a user have full control over the use of cookies. By changing the set-tings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted. This can also be done automatically. If cookies for our website are deactivated, deleted or restricted, it may be that individual functions of our website cannot be used or can only be used to a limited extent.

7.5 Recipients
When third-party cookies are used, data may be transmitted to the corresponding providers of these third-party services. Under certain circumstances, data may also be transferred to third countries outside the European Union or the European Economic Area. We inform you about the recipients of data, as well as a third country transmission in the corresponding passage to the third party service in this privacy policy.

8.1 Description of processing
You can also contact us via the email addresses provided on the website. To contact us, you can write to us using the email address provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

8.2 Purpose
The data transmitted with and in your e-mail will be used exclusively for the purpose of processing and responding to your request.

8.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 (1) lit. f GDPR). Our legitimate interest is the purpose named in section 8.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the fulfilment of the contract (Art. 6 (1) lit. b GDPR).

8.4 Storage period
The data is deleted by us as soon as it is no longer required to achieve for the purpose it was collected. This is usually the case when the respective communication with you has ended. The communication is terminated when the circumstances indicate that your request has been clarified. If legal retention periods prevent deletion, the data will be deleted immediately after expiry of the legal retention period.

9.1 Description of processing
Our website does not use so-called social media plugins. The Facebook, Instagram, Twitter, LinkedIn and YouTube
logos displayed on our website are linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network.

However, our profiles within the social networks represent data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, “share”, “like” or “retweet” a post, this information will also be stored in your user account. Your interactions with our profile are usually also visible to us.

On the social networks Facebook and Instagram, we have the possibility to obtain statistical data about the use of our Facebook page or our Instagram profile via the so-called “Insights” function. These statistics are provided by Facebook and Instagram respectively. The “Insights” feature is not opt-out. We cannot decide to turn this feature on or off. It is available to all Facebook Fan Page operators and all Instagram business account operators, whether or not you use the Insights feature.

We are provided with the following data via Facebook Insights for a selected period of time in anonymized form with regard to fans, subscribers, people reached and people interacting: Total number of page views, “likes” including origin, page activity, post interactions, reach, post reach (broken down into organic, viral, and paid interactions), comments, shared content, replies, and demographic analysis, i.e. country of origin, gender, and age. Insights statistics do not allow us to identify subscribers and fans of our site and view their profiles.

Furthermore, we receive anonymous data about the development and reach of our Instagram profile, as well as the posts, stories and videos we post there. We also receive statistical information about the place of origin, gender and age of the subscribers of our Instagram profile in the Instagram insights.

The social networks store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other third-party websites that match your presumed interests. For this purpose, cookies are usually used, which the social network stores on your device. You have the right to object to the creation of these user profiles. For this objection, you must contact the social networks directly.

9.2 Purpose
We run profiles on the previously mentioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use “Insights” of Facebook and Instagram to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.

9.3 Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 (1) lit. f GDPR). Our legitimate interest is the purpose set out in section 9.2. If you are asked for consent by the respective operator of a social network, the legal basis is Article 6 (1) lit. a GDPR. The data processing with regard to our presence on Facebook and Instagram is based on joint responsibility in accordance with Art. 26 GDPR.

9.4 Recipients and transfer to third countries
The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.

The social networks also process your personal data in the USA.

10.1 Description of the processing
Our website uses “Google Web Fonts”, a font substitution service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). With Google Webfonts, the standard fonts of your device are replaced by fonts from Google’s catalogue when displaying our website. If your browser disables the integration of Google Web Fonts, the text of our website will be displayed in the standard fonts of your end device. The Google fonts are loaded directly from a Google server. For this to happen, your browser sends a request to a Google server. This may also transmit your IP address in connection with the address of our website to Google. However, Google Webfonts does not store any cookies on your device. According to Google, data processed as part of the Google Webfonts service is transferred to resource-specific domains such as or They are not associated with data that may be related to the use of other Google services such as the search engine of the same name or Gmail. For more information about Google Web Fonts privacy, please visit For general information about Google privacy, please visit

10.2 Purpose
The processing is carried out in order to display the text of our website in a more readable and aesthetically pleasing way.

10.3 Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller Art. 6 (1) lit. f GDPR). Our legitimate interest is the purpose stated in section 10.2.

10.4 Recipients and transmission to third countries
Through the use of Google Web Fonts, personal data may be transmitted to Google. Google also processes your personal data in the USA.

11.1 Description of the processing
We process the data you provide in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. Overall, this involves general data about you (such as your name, address and contact details), information about your professional qualifications and school education, information about professional training, knowledge and skills, as well as other information that you disclose to us in connection with your application. As a rule, this is done by means of your letter of application, curriculum vitae, references, correspondence, telephone or verbal statements.
We would like to evaluate all applicants only according to their qualifications and therefore ask you to refrain as far as possible from providing “special categories of personal data” in accordance with Art. 9 GDPR in your application (e.g. a photo that reveals ethnic origin, information about severely disabled status, etc.). If your application contains such information, please send us a corresponding declaration of consent, otherwise your application cannot be considered. If your application is successful, we will include your data in your personnel file and use it to implement and terminate your employment.
If we are unable to offer you an employment at this time, we will continue to process your data after the rejection has been sent in order to defend ourselves against any legal claims, in particular on the grounds of alleged discrimination in the application process.
If you are not selected for the vacant position, we will transfer your data – provided we have your consent to do so – to our applicant pool.

11.2 Purpose
The processing takes place to carry out the application procedure, to decide on the establishment of an employment relationship and to document compliance with legal requirements in the application procedure.

11.3 Legal basis
The data processing in connection with the application procedure has its legal basis in § 26 (1) BDSG and Art. 6 (1) lit. b GDPR. If your application is successful, further data processing will be carried out in accordance with Art. 6 (1) lit. b GDPR in conjunction with Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG for the purpose of establishing, implementing and terminating the employment relationship. If you have given your consent, e.g. for the inclusion of your data in our applicant pool, the data processing is based on Art. 6 (1) lit. a GDPR. Incidentally, the legal basis for data processing after a rejection is Art. 6 (1) lit. f GDPR. Our legitimate interest is the defense against legal claims.

11.4 Storage period
If your application is successful, your data will be transferred to your personnel file and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection letter. If we transfer your data to our applicant pool after completion of the application process, we will delete it from the applicant pool in the event that an employment relationship is subsequently established or otherwise two years after inclusion.

11.5 Recipients of your data, transfer of data to third parties and transfer to third countries
Your applications are forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. Only those persons in the company have access to your data who require it for the proper conduct of our application procedure. Data will not be passed on to third parties. Likewise, no data is transferred to third countries – this is also not planned in the future.


12. Security measures
To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the end device of the user. You can recognize the active SSL or TLS encryption by a small lock logo that is displayed on the far left in the address bar of the browser.


13. Data subject rights
With regard to the data processing by our company described above, you are entitled to the following data subject rights:

13.1 Information (Art. 15 GDPR)
You have the right to request confirmation from us, if we are processing personal data relating to you. If this is the case, you have a right under the conditions specified in Art. 15 GDPR to obtain about this personal data and to the information listed in detail in Art. 15 GDPR.

13.2 Correction (Art. 16 GDPR)
You have the right to demand that we immediately correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data.

13.3 Deletion (Art. 17 GDPR)
You have the right to demand that we delete personal data relating to you without delay if one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if your data is no longer required for the purposes pursued by us.

13.4 Restriction of data processing (Art. 18 GDPR)
You have the right to demand that we restrict processing of your personal data if one of the conditions listed in Art. 18 GDPR applies, e.g. if you dispute the correctness of your personal data, data processing will be restricted for the period of time that allows us to verify the correctness of your data.

13.5 Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 GDPR, to request that the data concerning you be handed over in a structured, common and machine-readable format.

13.6 Withdrawal of consent (Art. 7 (3) GDPR)
You have the right to withdraw your consent at any time in the case of processing based on consent. The withdrawal applies from the moment it is given to us. In other words, it effects for the future. The withdrawal does not make past processing illegal.

13.7 Complaint (Art. 77 GDPR)
If you consider that the processing of your personal data infringes the GDPR, you have the right to file a complaint to a supervisory authority. You can assert this right to a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged infringement.

13.8 Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions that have legal effects or are likely to have an impact on you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making including profiling regarding your personal data.

13.9 Right of objection (Art. 21 GDPR)
If we process your personal data based on Art. 6 (1) lit. f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. This only applies insofar as there are reasons arising from your situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the purpose, exercise or defence of legal claims. In any case – also regardless of a specific situation – you have the right to object at any time to the processing of your personal data for direct marketing.

Status: July 2021