The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection regulations of the Member States and other regulations relating to data protection is:
Europa-Park GmbH & Co. Mack KG
‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The definition is far-reaching and encompasses almost all data handling.
‘Pseudonymisation’ refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
‘Profiling’ is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
As a general rule, we only process the personal data of our users to the extent necessary to provide a fully functioning website and to deliver our content and services.
The respective legal basis for the respective processing is presented and explained in the following. The legal basis is typically founded
In general, your personal data which we have stored shall be deleted as soon as it is no longer required for the intended purpose and the erasure does not conflict with any statutory retention requirements. Insofar as the data is not erased because it is required for other and legally admissible purposes, its processing shall be restricted. This means that the data will be blocked and not used for any other purposes. This applies, for instance, to data which must be kept for commercial or tax reasons.
According to legal requirements in Germany, books, records, management reports, accounting receipts, trading books, documents relevant for taxation, etc. shall be retained for a period of 10 years in accordance with Sections 147 (1) Tax Code (AO), 257 (1) (1) and (4), Para. 4 German Commercial Code (HGB) and in the case of commercial letters for a period of six years in accordance with Section 257 (1) (2) and (3), Para. 4 HGB. This includes, for example, documents and data required for processing your purchase of goods or the Europa-Park Clubcard in the online shop.
Our websites are encrypted with SSL or TLS protocols for reasons of security as well as to protect the transmission of personal data and other confidential content (e.g. orders or enquiries sent to us). An encrypted connection can be recognised by the string ‘https: //’ and the padlock symbol in your browser line.
Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer. This data is also referred to as ‘traffic data’.
The following data is collected:
It is necessary for the system to store the IP address temporarily so that the website can be displayed on the user’s computer. To this end, the user’s IP address is stored for the duration of the session. Traffic data is collected in order to make technical improvements to our offer.
This data is also stored in our system’s log files. The user’s IP addresses or other data that enables said data to be linked to a specific user is not included here. This data is not stored together with other personal data of the user.
Art. 6 (1) f) GDPR provides the legal basis for the temporary storage of data. Our legitimate interest is to deliver our web content to you.
We automatically delete your traffic data once your visit to our website is terminated.
The collection of data to enable provision of the website and the storage of data in log files is essential for the website to function properly. You have the option to object to this in accordance with Art. 21 GDPR, insofar that you assert the special circumstances that prevent the processing of your personal data. The use of personal data is restricted to the necessary minimum, just as the period of retention is limited to your website visit.
Cookies can be used for various tasks:
Temporary cookies: Temporary cookies (also referred to as ‘session cookies’ or ‘transient cookies’) are deleted when the user leaves the website and closes their browser. A cookie of this type might be used, for instance, to store the content of a shopping cart in an online shop or the user’s login status, their language settings, etc.
Permanent cookies: ‘Permanent’ or ‘persistent’ cookies remain stored on the device even after the user has closed their browser. To give an example, this makes it possible for the user’s login status to be stored even if there are a number of days between the user’s visits to this site. Such cookies can also be used to store data on user interests for the purposes of reach analysis and marketing activities.
‘Third-party cookies’ are cookies from providers other than the controller who operates the website.
Technical methods are used to pseudonymise the user data collected. As a result, the data can no longer be linked to the user accessing the website. The data is not stored together with other personal data of the users.
Upon accessing our website, a cookie consent (info banner featuring a consent function) informs users about the use of the cookies employed by us. The cookie consent allows you to confirm the use of the legally permitted cookies (transient and permanent cookies that are necessary for ensuring website functionality) and/or to apply individual settings or consent to the use of advertising or third-party cookies (e.g. permanent marketing cookies and third-party providers such as Google). Part of our website, especially subpages of europapark.de, are connected with an overarching cookie consent. This is the case when no new banner is shown after you opened a new page.
We have commissioned OneTrust, a service of OneTrust Technology Limited, 82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK), and the Google Tag Manager, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland, to manage cookies.
Art. 6 (1) f) GDPR provides the legal basis for processing personal data using temporary or partially permanent cookies that are strictly necessary. Our legitimate interest lies in being able to provide you with a fully functioning website and an appropriate level of operating convenience.
Art. 6 (1) a) GDPR provides the legal basis for processing personal data using cookies that are not strictly necessary.
You will be asked to give your consent the first time you access the website. You may manage your consent status in the ‘Cookie settings’ section located in the website’s footer.
You may change your settings for cookies used on our website in the ‘Cookies settings’ section.
We use the data that has been gathered in the scope of you using Europa-Park’s offers (among others website, apps, newsletter) to send you a personalised newsletter (if you have subscribed to it) as well as other personalised advertising campaigns and for consultancy services, maintenance of further customer relations, market research and analysis. Europa-Park offers include Europa-Park, Rulantica water world, Europa-Park Hotels, Camp Resort, Europa-Park Camping, Europa-Park Events, YULLBE and the online shop, ticket shop, hotel booking engine, etc.
When provided in addition to your email address, the following data is usually processed in this regard:
Salutation, gender, first and surname, date of birth, postcode, country of residence, language. Clubcard membership status, Clubcard number, email history, interests regarding newsletter topics and purchases, hotel reservations and stays, including room category and number, as well as the category of overnight guests, ticket purchases and stays, other orders, additional purchases and reservations, voucher redemption, event participation, usage behaviour during a stay, consent status for cookies, user ID, language, device information. Opening and interaction rate for emails.
If the controller of Europa-Park GmbH & Co. Mack KG did not directly collect these data, other companies with a direct relation to Europa-Park shall transmit the data:
Snowflake Inc., Munich, Mies-van-der-Rohe-Straße 8, 80807 Munich, Germany, Emarsys eMarketing System AG, Hansischer-Straße 10, 80339 Munich, Germany and the service provider Cidaas, of Widas ID GmbH Maybachstraße 2 71299 Wimsheim, Germany, shall act as the processor for analysing the data.
The legal basis for data processing is our legitimate interest (Art. 6 (1) f) GDPR) in getting to know our customers better and being able to address them in a personalised manner. This is necessary for promoting sales and supporting customers.
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. This shall occur, among other things, if we have not been able to detect you acting on any Europa-Park offer for a long time, and there is no further purpose for storing your information.
If you object to the processing of data, the data shall be erased after a short processing time, unless the data must be saved for another purpose.
You the option of objecting to the processing of data. To do this, please contact firstname.lastname@example.org.
You can configure cookies in the cookie settings to prevent marketing campaigns from being personalised.
We offer users the option to register and create an account on our website by providing their personal data. This account can then also sometimes be used for our various online offers (MackOne account). The data is entered on the input screen, transmitted to us and stored by us. The data is not passed on to third parties. The following data is regularly collected during the registration process:
At the time of registration, the following data is also saved:
If your email address has not yet been registered in our system, we shall send you a validation email upon registration.
Widas ID GmbH Maybachstraße 2, 71299 Wimsheim, Germany, with their service Cidaas shall act as the processor for analysing the data.
Art. 6 (1) b) GDPR provides the legal basis for processing data where registration is required in order to fulfil a contract to which the user is party, or to implement measures prior to entering into a contract.
The user is required to register in order to fulfil a contract with the user or to implement measures prior to entering into a contract. For example, for
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected.
For data collected during the registration process, this is the case where registration on our website is cancelled or altered.
For data collected during the registration process for the purpose of fulfilling a contract or for implementing measures prior to entering into a contract, this is the case where the data is no longer required to execute the contract. It may be necessary to store the personal data of the contract partner even after the contract has been concluded in order to meet contractual or statutory obligations.
As a user, you have the right to cancel registration at any time. You can change the data stored under your name at any time.
The data can be deleted at any time by logging in to the user profile or by sending an email to email@example.com.
If the data is necessary for the purpose of fulfilling a contract or for implementing measures prior to entering into a contract, premature deletion of the data is only possible where there are no contractual or statutory obligations to retain such data.
Contact forms, which can be used to contact us electronically, are readily available on our website. If the user makes use of this option, the data entered on the input screen will be transmitted to us and stored by us. This data includes:
At the time the message is sent, the following data is also temporarily stored:
Alternatively, you may contact us using the email address provided. In such cases, the user’s personal data transmitted in the email is stored.
The data is not passed on to third parties in this connection. The data is used solely for processing the conversation.
Art. 6 (1) a) GDPR provides the legal basis for processing data, where consent has been given by the user to do so.
Art. 6 (1) f) GDPR provides the legal basis for processing the personal data that is transmitted in an email or using the contact form. Art. 6 (1) b) GDPR provides the legal basis for processing data where the purpose of the email contact is to conclude a contract.
We process the personal data entered on the input screen solely for the purpose of processing the request. If contact is made by email, this also constitutes the legitimate interest required for processing of the data.
The purpose of the other personal data processed during the transmission of the contact form is to prevent misuse of the contact form and to ensure the safety of our information technology systems.
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data entered on the input screen of the contact form and the personal data sent by email, this is the case when the conversation with the user has ended. The conversation is deemed to have ended when the circumstances suggest that the issue has been conclusively resolved.
Additional personal data collected during the transmission of the contact form is usually deleted after a period of seven days.
The user has the right at any time to withdraw their consent to processing of the personal data. If the user contacts us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.
The data can be deleted at any time by logging in to the user profile or by sending an email to firstname.lastname@example.org.
In this case, all personal data stored when contacting us is deleted.
We use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to distinguish whether an entry has been made by a natural person or improperly, by means of machines and automated processing. To this end, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis takes place automatically and as soon as the visitor has arrived on the website. reCAPTCHA evaluates various pieces of information (e.g. IP address, how long the visitor spends on the website, or mouse movements made by the user). The (personal) data collected during this analysis is forwarded to Google. Transmission to Google LLC servers in the USA cannot be ruled out.
Processing takes place in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in preventing abuse, spam, and the overloading of our contact form.
You can find more information about Google reCAPTCHA at https://www.google.com/recaptcha/about/.
You may change your settings for cookies used on our website in the ‘Cookie settings’ section located in the website’s footer. You can manage your consent status for individual cookies and entire categories there. Unless otherwise stated, the legal basis for processing is your consent in accordance with Article 6 (1) a) GDPR. Further details on the services integrated on our website are provided in the following.
We use the open-source software tool Matomo (formerly PIWIK) on our website to analyse the surfing habits of our users. The software places a cookie on the user’s computer (see above for a description of cookies). If individual pages of our website are accessed, we store the following data:
The software runs exclusively on our website’s servers. The users’ personal data is stored there only. The data is not passed on to third parties.
The software is configured in such a way that it prevents the full IP addresses from being stored; 2 bytes of the IP address are blanked out (e.g. 192.168.xxx.xxx). This means that the truncated IP address can no longer be linked to the requesting computer.
You can find more information on the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/.
This website uses the web analysis services Amazon Conversion Pixel and Amazon Remarketing Pixel developed by Amazon.com, Inc., 410 Terry Ave. North Seattle, WA, USA.
When you visit this website, Amazon receives the information that you have accessed our website. For this purpose, Amazon downloads a so-called web beacon (invisible graphics), thereby setting a cookie on your computer. The data specified under the ‘Data processing on this website’ section of this Policy is then transmitted to Amazon. The IP address communicated by your browser in this respect is not combined with other Amazon data.
Amazon uses the cookie placed on your computer to recognise you on other websites, in apps and within Amazon services, and to provide you with personalised advertising, where appropriate.
You can prevent cookies from being stored on your computer by adjusting your browser settings accordingly. We must point out, however, that in this case not all functions of this website, such as the shopping cart, may be available to you to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website for Amazon, as well as the processing of this data by Amazon, by clicking on this link and selecting the setting ‘Do not personalise ads from Amazon for this Internet browser’: https://www.amazon.de/adprefs. Alternatively, you can select the appropriate settings at: http://www.youronlinechoices.com.
An opt-out cookie is then activated in your browser, which prevents your data from being collected by Amazon Pixel when you visit our website in future. This applies until such time as you delete the opt-out cookie.
You can find further information from Amazon on the collection of data at: http://www.amazon.com/gp/BIT/InternetBasedAds
We have no influence over the data collected, nor are we aware of the full scope of data collection. This data is transferred to the USA and evaluated there.
We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as ‘Google’, on our website. Google Analytics uses so-called cookies; these are text files that are stored on your computer and enable an analysis of how you use the website.
The information collected by the cookies, for example, the time, place and frequency of your website visits, including your IP address, is transmitted to a Google server in the USA and stored there.
On our website, we use Google Analytics with the suffix ‘_gat._anonymizeIp’. In this case, your IP address will be truncated by Google within the Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area and thereby anonymised.
Google will use this information to evaluate how you use our website, to compile reports on website activities for us, and to provide further services connected with the use of the website and the Internet. Google will also pass this information on to third parties if necessary, insofar as this is legally stipulated or insofar as third parties process this data on behalf of Google.
Google claims that it will not link your IP address with other Google data under any circumstances. You can prevent the installation of cookies by adjusting your browser settings accordingly; in this case, however, we must point out that not all functions of this website may be available to you to their full extent.
We also use Google Analytics to analyse data from Double-Click cookies and AdWords for statistical purposes. If you do not wish this to take place, you can disable it through the Ads Preferences Manager (https://www.google.com/settings/ads/onweb/?hl=en).
Vimeo claims to guarantee an appropriate level of data protection.
This website uses the ‘Custom Audiences’ remarketing function of Facebook Inc. (‘Facebook’). The purpose of this function is to display interest-related ads (‘Facebook ads’) to visitors to this website when logged on to the social network Facebook. To this end, the Facebook remarketing tag has been implemented on this website. This tag makes it possible to establish a direct connection to the Facebook servers when the website is accessed. The information that you have visited this website is sent to the Facebook server, and Facebook links this information to your personal Facebook user account. You can find more information on the collection and use of data by Facebook, your rights with regard to the above and settings to protect your privacy can be found in Facebook’s Data Policy: https://www.facebook.com/about/privacy/. Alternatively, you may disable the ‘Custom Audiences’ remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. You need to be logged into Facebook to do so.
To improve the user experience on our website, we use the Hotjar software (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar makes it possible to record and evaluate user behaviour (mouse movements, clicks, scrolling, etc.). To this end, Hotjar sets cookies on the user’s end device, enabling it to store user data (e.g. browser information, operating system, time spent on the website, etc.) in anonymised form. You can prevent your data from being processed by Hotjar by disabling cookies in your web browser settings and deleting cookies that are already enabled. You can find out more about data processing by Hotjar here: https://www.hotjar.com/privacy.
If you do not wish website analysis to be carried out by Hotjar, you can opt out from this on all websites that use Hotjar by setting a DoNotTrack header in your browser. You can find information about this on the following website: https://www.hotjar.com/opt-out.
We also use the social media aggregation tool https://www.localmeasure.com on our website. This tool enables us to filter, curate and compile galleries of content that is publicly available on Facebook, Twitter and Instagram and to reproduce such content on our websites. If you do not want your posts to be used in this manner, please send an email objecting to such use to email@example.com.
Art. 6 (1) f) GDPR provides the legal basis for processing the personal data of users.
Processing the users’ personal data enables us to analyse the surfing habits of our users. Evaluating the data obtained in this way enables us to compile information on how the individual elements of our website are used. This helps us to optimise our website and to continually make it more user-friendly. These purposes also constitute our legitimate interests in data processing pursuant to Art. 6 (1) f) GDPR. Anonymising the IP address ensures that the users’ interest in the protection of their personal data is adequately taken into account.
The data is deleted as soon as it is no longer required for record-keeping purposes. If possible, this is restricted to 38 months in the tools used.
For customers accessing our services from Switzerland, this website uses the web analytics service provided by Adform A/S, Wildersgade 10B, 1st floor, DK-1408 Copenhagen, Denmark, site.adform.com.
When you visit this website, AdForm receives the information that you have accessed our website.
AdForm only uses the anonymised data generated by the activated cookie to show you personalised advertising about our offers on other websites or in apps where applicable.
Further information about data privacy is available at: https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy/. Should you have any questions concerning data protection, you can contact us at the following address: firstname.lastname@example.org.
For customers accessing our services from Switzerland, this website uses the web analytics service provided by Converto AG, Firststrasse 3a, 8835 Feusisberg, Switzerland, converto.com.
When you visit this website, Converto receives the information that you have accessed our website.
Converto only uses the anonymised data generated by the activated cookie to show you personalised advertising on other websites or in apps where applicable.
Further information about data privacy is available at: https://www.converto.com/datenschutz-privacy-policy. Should you have any questions concerning data protection, you can contact us at the following address: email@example.com.
You have the option of preventing the storage of cookies on your device by making the appropriate settings in your browser. There is no guarantee that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.
Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link leads you to the corresponding plug-in: https://tools.google.com/dlpage/gaoptout?hl=en
Further information about Google’s use of data can be found at:
This website uses technology developed by Outbrain Inc. (‘Outbrain’, 39 W 13th Street New York, NY 10011 USA). This makes it possible to target those Internet users with advertising on our partners’ websites who might be interested in our content or who have already shown an interest in our content. The technology is based on a cookie-dependent analysis of previous user behaviour. This advertisement only appears on Outbrain advertising spaces, either on Outbrain Engage advertising space or on the Outbrain Extended Network. If you do not want interest-based advertising to be displayed to you, you can deactivate this function here: https://my.outbrain.com/recommendations-settings/home.
Further information can be found at: https://lp.outbrain.com/gdpr-ready
If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:
You have the right to obtain information about your personal data that we process. In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence proving that you are the person you claim to be. (Art. 15 GDPR)
Furthermore, you have a right to rectification or erasure of data or restriction of processing insofar as you are so entitled by law. (Art. 16, 17 and 18 GDPR). In such cases, we are obliged to notify any recipients of the rectification, erasure or restriction of processing of data (Art. 19 GDPR).
You also have a right to data portability within the framework of the data protection regulations (Art. 20 GDPR). This applies to data that you have provided to us.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is performed based on Art. 6 (1) e) or f) GDPR; this shall also apply for any profiling based on these provisions.
In particular, you have the right to object in accordance with Art. 21 (1) and (2) GDPR to the processing of your data, in particular in connection with direct advertising (newsletter), if this is based on a legitimate interest or a weighing of interests.
You have the right to withdraw your declaration of consent under data protection law at any time and with effect for the future. The withdrawal of consent shall not affect the lawfulness of any processing for which consent was given and which was carried out prior to the withdrawal thereof.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or significantly affects you in a similar manner.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual place of residence, place of work or place of the alleged infringement, where it is your opinion that the processing of your personal data is in breach of GDPR regulations (Art. 77 GDPR).
The supervisory authority with which the complaint was lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of judicial remedy pursuant to Article 78 GDPR.