Home
Resort
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data-protection laws of the EU member states as well as other data-protection provisions is:
Europa-Park GmbH & Co. Mack KG
Europa-Park-Str. 2
77977 Rust
Germany
Tel.: +49 (0) 7822-770
E-mail: info@europapark.de
Website: https://www.europapark.de
The controller’s data protection officer is:
Sina Krenz
Tel.: +49 (0) 7822-770
E-mail: datenschutz@europapark.de
Address postal correspondence to the “Data Protection Officer” at the above address.
1. Scope of personal data processing
We only ever process our users’ personal data to the extent required to provide a fully operational app and to provide our content and services. Our users’ personal data are regularly processed with the consent of the users only. Such cases in which it is impossible for factual reasons to obtain prior consent and where processing of the data is permitted under statutory regulations are considered exceptions.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for personal data processing operations, the legal basis for this is Art 6, Para 1 (a) of the EU General Data Protection Regulation (GDPR).
The legal basis for the processing of personal data required for the performance of a contract to which the data subject is party is Art. 6, Para. 1 (b) GDPR. This also applies to processing operations required in order to take steps prior to entering into a contract.
Insofar as personal data must be processed in order to comply with a legal obligation to which our company is subject, the legal basis is Art. 6, Para 1 (c).
In the event that the processing of personal data is necessary due to vital interests of the data subject or those of another natural person, the legal basis is Art. 6, Para. 1 (d) GDPR.
If processing is necessary for the purposes of a legitimate interest pursued by our company or a third party which are not overridden by the interests or rights and freedoms of the data subject, the legal basis for the processing is Art. 6, Para. 1 (f) GDPR.
3. Erasure of data and period for which the data will be stored
The data subject’s personal data will be erased or blocked as soon as the purpose for which they were stored ceases to apply.
Beyond the above, personal data can be stored where this is provided for under EU regulations, laws or other rules under European or national legislation to which the controller is subject. The data will be blocked or deleted even if the period of storage prescribed by the aforementioned standards lapses, unless circumstances require the continued storage of the data in order to enter into or perform a contract.
1. Description and scope of data processing
When the app is used on the grounds of Europa-Park, the app detects other devices also using the app which are located in the vicinity of your device, operating on a pseudonymous basis. This is necessary for the game, as the goal is to avoid close proximity to other users.
Since this function of the app only operates on the Europa-Park grounds, your location is verified by GPS.
We use the Bluetooth function of your device to determine whether you were in close proximity to other users of the app. An ID (device ID) is allocated to each device using the app. Contact in this sense occurs when the device has been in the vicinity of another device using the app for a certain period of time.
If you approach another device too closely or are located too close to another device for a certain period of time, you will be sent a push message to notify you of this. In addition, a rough assessment of the distance you keep will be conducted in order to determine how well you are taking part in the game.
Device groups can also be created in the app, alowing you to remain close to each other within the group. A group ID is created for this purpose.
These data will not be stored together with the user’s other personal data.
The device ID and the group ID will be transmitted to our servers.
2. Legal basis for data processing
Your consent in accordance with Art. 6, Para 1 (a) GDPR is the legal basis for the processing of the data.
3. Purpose of data processing
The purpose of data processing is to help you to follow the game's rules with the aid of push messages.
4. Duration of data storage
The data on our server are deleted four weeks after your visit to Europa-Park in each case. The data stored locally are deleted one day after your visit at the latest.
5. Withdrawal of consent
You may withdraw your consent to data processing in the device settings for push messages and withdraw your consent to the use of your location data. If you close the app or delete it from your device, no new processing of data will result.
1. Description and scope of data processing
As an incentive to take part in the game, some users will also have the voluntary option of entering a prize draw. To this end, the app will determine whether you have largely the game's rules over the course of your visit.
2. Legal basis for data processing
Your consent in accordance with Art. 6, Para 1 (a) GDPR is the legal basis for the processing of the personal data.
3. Purpose of data processing
The aim of the prize draw is to provide a further incentive to keep to follow the game's rules.
4. Duration of data storage
The data on our server are deleted four weeks after your visit to Europa-Park in each case. The data stored locally are deleted one day after your visit at the latest.
5. Withdrawal of consent
You can withdraw your consent to data processing in the device settings. If you close the app or delete it from your device, no new processing of data will result.
1. Description and scope of data processing
We can be contacted via the email address. In this case, the user’s personal data transmitted with the email, i.e. their email address and the content of the email, will be stored.
Data is not transmitted to third parties in this context. The data will solely be used in order to process the exchange.
2. Legal basis for data processing
Where the user’s consent is given, Art. 6, Para 1 (a) GDPR is the legal basis for data processing.
The legal basis for the processing of data transmitted when sending an e-mail is Art. 6, Para 1 (f) GDPR. If the purpose of e-mail contact is to enter into a contract, Art. 6, Para. 1 (b) provides an additional legal basis for data processing.
3. Purpose of data processing
In the event that we are contacted by email, the cause is soley to process the request, and we also have the required legitimate interest in processing the data.
4. Duration of data storage
The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. With respect to the personal data transmitted by email, this is the case upon the conclusion of the respective exchange with the user. The exchange is deemed to have been concluded when circumstances indicate that the subject concerned has been definitively resolved.
The additional personal data collected in the message submission process are deleted after a period of seven days at the latest.
5. Withdrawal of consent and erasure
The user has the possibility of withdrawing his/her consent to the processing of personal data at any time. Please contact us by e-mail. You can withdraw your consent to the storage of your personal data in this way at any time. Please be aware that, should you choose to do this, our exchange with you can no longer be continued.
You can withdraw your consent at any time by sending an e-mail to datenschutz@europapark.de.
All personal data stored in the context of making contact will be deleted in this case.
If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to information
You have the right to obtain from the controller confirmation as to whether or not personal data relating to you is being processed by us.
If such data is processed, you may request information about the following details from the controller:
You have the right to request information on whether the personal data relating to you is transmitted to a third country or to an international organisation. In this context, you may request information on the appropriate safeguards pursuant to Art. 46 GDPR in connection with such transmission.
In this respect, this right to information may be restricted where it is likely to render impossible or seriously compromise the achievement of the objectives of research and statistics and where such restriction is necessary to be able to achieve said objectives.
2. Right to rectification
You have the right to have the controller rectify and/or complete the data, provided that the processed personal data relating to you is incorrect or incomplete. The controller shall rectify the data without delay.
In this respect, your right to rectification may be restricted where it is likely to render impossible or seriously compromise the achievement of the objectives of research and statistics and where such restriction is necessary to be able to achieve said objectives.
3. Right to restriction of processing
Under the following conditions, you may request that the processing of the personal data relating to you be restricted:
Where processing of the personal data relating to you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing has been restricted under any of the aforementioned conditions, you shall be informed by the controller before the restriction on processing is lifted.
In this respect, your right to restriction of processing may be restricted where it is likely to render impossible or seriously compromise the achievement of the objectives of research and statistics and where such restriction is necessary to be able to achieve said objectives.
4. Right to erasure
a) Erasure obligation
You may request that the controller erase the personal data relating to you without undue delay and the controller shall be obligated to erase said personal data without undue delay where one of the following reasons applies:
b) Information for third parties
Where the controller has made the personal data relating to you public and is obliged pursuant to Art. 17 (1) GDPR to delete said data, the controller, taking account of available technology and the cost of implementation, shall adopt appropriate measures, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested that said controllers delete any and all links to, or copies or replications of, this personal data.
c) Exceptions
There shall be no right to erasure where processing is necessary
5. Right to notification
Where you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter shall be obligated to notify each recipient to whom the personal data relating to you has been disclosed of any such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate amount of effort.
You have the right to request that the controller inform you of these recipients.
6. Right to data portability
You have the right to receive the personal data relating to you and provided to the controller by you in a structured, commonly used and machine-readable format. You also have the right to transmit said data to another controller without being hindered from doing so by the controller to whom the personal data was provided, where
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons must not be comprised hereby.
The right to data portability shall not apply for the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is performed on the basis of Art. 6 (1) e) or f) GDPR; this shall also apply for any profiling based on these provisions.
The controller shall no longer process the personal data relating to you, unless it can demonstrate compelling legitimate reasons for the processing which overrides your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise or defence of legal claims.
Where the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data relating to you for said marketing purposes; this shall also apply for profiling to the extent that this is related to said direct marketing.
Where you object to the processing of data for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.
In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Where personal data relating to you is processed for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, you also have the right, on grounds relating to your particular situation, to object to such processing.
In this respect, your right to objection may be restricted where it is likely to render impossible or seriously compromise the achievement of the objectives of research and statistics and where such restriction is necessary to be able to achieve said objectives.
8. Right to withdrawal of the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of any processing for which consent was given and which was carried out prior to the withdrawal thereof.
9. Automated individual decision-making process (including profiling)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or significantly affects you in a similar manner. This shall not apply where the decision
(1) is necessary for the purpose of concluding or performing a contract between you and the controller,
(2) is permissible under the Union or Member State law to which the controller is subject, and these statutory regulations stipulate suitable measures for safeguarding your rights and freedoms and your legitimate interests, or
(3) is made with your explicit consent.
However, these decisions may not be based on specific categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) a) or g) applies and suitable measures for safeguarding your rights and freedoms and your legitimate interests are in place.
With regard to the cases mentioned in (1) and (3) above, the controller shall adopt appropriate measures to safeguard your rights and freedoms and your legitimate interests; such measures should at least include the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual place of residence, place of work or place of the alleged infringement, where it your opinion that the processing of the personal data relating to you is in breach of GDPR regulations.
The supervisory authority with which the complaint was lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of judicial remedy pursuant to Article 78 GDPR.