Hanse in Europa mit Nessie

Privacy Policy

Data Privacy Statement of HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG

We strive to offer you the service you have come to expect from us online too. You do not have to give us any personal information to make use of most of our websites. However, if you do not provide certain information, you may not be able to enjoy all our services.

HANSA-PARK is very serious about protecting your personal information.

We do our utmost to respect your privacy. We are aware of the sensitive nature of the personal data you provide to us when you use our website. We are committed to protecting your privacy, and we only collect, store or process the data obtained as part of our business activities in compliance with the applicable data protection regulations.

This Data Privacy Statement sets out what type of personal data we process, how and why we process them in relation to our online offer and our websites, apps, functions, contents and external online presences associated with it. Below we will provide you the information in accordance with Articles 13, 14, 21 General Data Protection Regulation (GDPR). Please take a moment to review our Data Privacy Statement and learn how we process your personal data and what rights you have under the data protection laws.

I. Data Controller

The data controller as defined in the European General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG
Am Fahrenkrog 1
23730 Sierksdorf - Deutschland

Telephone: +49 (0) 4563/474-0
Fax: +49 (0) 4563/474-100
Email: info@hansapark.de
Website: https://www.hansapark.de

II. Data Protection Officer

If you have any questions, please contact our data protection officer:

compolicy GmbH
Schwedenkai 1
24103 Kiel
Email: info@compolicy.de or datenschutz@hansapark.de

III. General Information about how and why we process Data

1. What does “personal data” mean?

Personal data comprise any information that refers to an identified or identifiable natural person. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification code, location data, an online identifier or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. How and why we collect personal data

We collect and process personal data only insofar as it is necessary to provide

  • a functional website, app and other online services and
  • our contents and services.

We regularly collect and process your personal data only after you have given us your consent, unless it is impossible for us to obtain your prior consent for factual reasons and processing your data is legally permitted.

We are permitted to create usage profiles for advertising and market research purposes as well as to design our internet offer as needed if we pseudonymise the data. You have the right to object to such use of your data at any time. We are not permitted to merge the usage profiles with data about the person behind the pseudonym.

3. For how long do you store my personal information and when do you erase it?

Data can be stored if European or national legislators provide for it in Union legislation, laws or other regulations. Your personal data will be erased or blocked

  • as soon as it is no longer necessary to store the information and
  • when the retention period stipulated in one of the aforementioned legal regulations expires, unless the information is needed to enter into or perform a contract and must be retained longer.

4. On what legal basis do you process my personal information?

We process your personal information solely as provided for by law, the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act [BDSG] as well as in accordance with the provisions of the German Telecommunications and Telemedia Data Protection Act [TTDSG].

  • Article 6(1) letter (a) European General Data Protection Regulation (GDPR) concerning the processing of personal data that we collected with your consent;
  • Article 6(1) letter (b) GDPR concerning the processing of personal data needed to fulfil a contract that we entered into with you or to take steps at your request prior to entering into a contract;
  • Article 6(1) letter (c) GDPR concerning the processing of personal data, including their disclosure to third parties - for instance revenue authorities, courts, etc. - to meet a statutory obligation;
  • Article 6(1) letter (f) GDPR concerning the processing of personal data needed to pursue our or a third party’s legitimate interests which override your interests, fundamental rights and freedoms. Our legitimate interest usually is to conduct our business activities;
  • Article 6(1) letter (d) GDPR concerning the processing of personal data to protect your vital interests or those of another natural person;
  • Article 28 GDPR concerning the transfer of personal data to service providers whom we have engaged to process the data on our behalf (processors);
  • Section 26 BDSG insofar as it is necessary to implement the provisions of employment contracts;
  • Section 4(1) 1st and 2nd sentence BDSG concerning video surveillance in the Park;
  • Section 4(3) 1st and 2nd sentence BDSG concerning video recording in the Park.
  • Section 2(2) number 1 TTDSG as a provider of telemedia services such as the HANSA-PARK website and the HANSA-PARK app

5. Who gets my data and do you transfer my data to third countries?

Within HANSA-PARK the only parties that have access to your data are parties that need them for the purposes mentioned above. This also applies to service providers and vicarious agents engaged by us. We may disclose your data to processors who process data on our behalf as defined in Art. 28 GDPR for the purposes outlined in this Data Privacy Statement. Such processors primarily provide services in the fields of IT, logistics, printing, telecommunications, claims management, advice and consulting as well as, if applicable, marketing, sales and distribution. We will only disclose personal information to third parties if this is necessary for the purposes mentioned above or if you have given your consent to it. We do not transfer any data to third countries (states that are not a member of the European Economic Area – EEA) and we do not intend to do so in the future. We will not disclose your personal information to address brokers or other companies for advertising purposes.

6. Area of validity – responsibility for linked content

The information below refers and applies to the domains and mobile applications mentioned below.

The following domains form part of our websites:

Our mobile applications comprise:

Our website contains links to other websites that are operated by independent third parties although they might use HANSA-PARK logos and/or trademarks and thus look similar to the websites operated by HANSA-PARK. However, such third-party websites, their terms of use or data protection guidelines should mention this.

To that extent this Data Privacy Statement does not apply. Insofar as such third-party website operators collect, process or use personal data when you visit their websites, please refer to the privacy policy of the relevant operator. We cannot be held liable for how they process and protect data.

On top, HANSA-PARK is not responsible for fulfilling orders placed on or rendering services ordered via the third-party website.

7. Your rights at a glance

If the prerequisites have been met, you have the right at any time to

  • request from us access to your personal data;
  • rectification, restriction of processing and erasure of your personal data;
  • object to the processing of your personal data;
  • withdraw consent to the processing of your personal data;
  • information and data portability;
  • lodge a complaint with a supervisory authority.

8. Automated decision-making

We have no automated decision-making processes pursuant to Art. 22 GDPR in place to establish, foster and maintain customer relations. This includes profiling.

9. Data security

We have taken technical and organisational steps to ensure that your personal data are protected against accidental or wilful loss, destruction or manipulations as well as against unauthorised access by third parties. We regularly review the measures in place and adapt them to technical progress.

10. Changes to this Data Privacy Statement

From time to time, we may revise our Privacy Statement. We will inform you about any changes to it by email or on this website, so you should check here regularly.

11. Data protection guideline, terms of use and GTC

This data protection guideline applies together with our terms of use and our general business terms and conditions (GTC).

IV. hansapark.de Website and Server Log Files

1. What kind of data, to what extent and why do you process my data?

Every time you visit our website we automatically store the following user access data in a protocol file (log file) on our server to enable you to use the website and us to bill the use:

  • The browser type and browser version used;
  • The operating system used by the system accessing our website;
  • The internet page from which a system is referred to our website (known as referrers);
  • The subsites accessed by a system on our web pages;
  • The date and time our website is accessed;
  • The internet protocol address (IP address);
  • Other similar data and information processed to protect our information technology systems in the event of an attack;
  • The documents called up; and
  • The data volume transmitted.

The above data do not identify persons. We do not merge these data with other data sources.

We need to temporarily store the IP address and the other data mentioned above in the system to enable us to deliver the website to your computer/device. This is also why we need to store your IP address for the duration of your session. Pursuant to Article 6(1) letter (f) GDPR the processing of your data for the purposes above is necessary to pursue our legitimate interests.

2. On what legal basis do you process my personal information?

Section 25(1) 1st sentence TTDSG in connection with Art. 6(1) letter (f) GDPR

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. Insofar as we collect data to provide our website, such data will be erased when you close your browser.

4. Can I object and will my data be erased?

We need to collect your data to operate our internet pages, provide the website and store your data in log files. You cannot object to that kind of data collection.

V. Cookies

1. What kind of data, to what extent and why do you process my data?

When you call up our website, cookies will be placed on your computer/device.

Cookies are small text files that are stored on your computer/device in a specific file directory. These text files allow us to identify your computer/device during a session. Cookies are not harmful to your computer/device. You can manually delete them – most easily in your browser – at any time.

Cookies primarily serve to store your information (or the information about the device a cookie is placed on) during or after your visit to an online service.

Temporary, session or transient cookies are cookies that are deleted once you exit an online offer and close your browser. These cookies store, for example, a log-in status or the items you put into the shopping basket of an online shop.

Permanent or persistent cookies are cookies that remain stored on your device even after you have closed your browser. For example, they store your log-in status so that the website remembers you and/or your preferences on your next visit. We may use the preference data stored in the cookies to measure media reach or for marketing purposes.

We may use temporary and permanent cookies on our websites. Please refer to our Data Privacy Statement for more information.

You can alter the settings in your browser to prevent it from automatically accepting and storing cookies on your device or to notify you each time before a new cookie is placed. Please note that if you choose not to permit cookies, some services and features on our website may not be available or function as intended.

We use cookies, in this case session cookies, to continuously improve our online services and make your visit to our website more enjoyable.

We use technically required cookies to make it easier for you to use our websites. Some functions of our internet pages would not be available without the use of cookies. The system must be able to recognise your browser each time you call up a new page. Cookies allow us to recognise you within our website. We do not use the personal data collected by technically required cookies to create user profiles.

We use analysis cookies to improve the quality and contents of our website. They allow us to measure how our website is used so that we can continuously optimise our services.
Pursuant to Article 6(1) letter (f) GDPR the processing of your data for the purposes above is necessary to pursue our legitimate interests.

The data processing takes place on the basis of your consent in accordance with Article 6 (1) letter (a) European General Data Protection Regulation (GDPR).

The following cookies will be set on the websites of HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG:

On the website https://www.hansapark.de:

Name of the cookieType of cookieLifetimeSet byPurpose of the cookie
PHPSESSIDRequiredSessionHANSA-PARKRequired for website functionality, e.g. language settings.
csrf_https-contao_csrf_tokenRequiredSessionHANSA-PARK
cookieManagerSelectedCategories20240311Required30 daysHANSA-PARKStores the user’s cookie settings
cookieManagerExecuted20240311Required30 daysHANSA-PARKStores the user’s cookie settings
_pk_idAnalysis13 monthsHANSA-PARKWe receive information on how the website is used and can thus constantly optimise our offer. You can find more information about the cookies of Matomo in our data protection declaration under the item "Web analysis by Matomo" or on the Matomo website itself at https://matomo.org/faq/general/faq_146/
_pk_refAnalysis6 monthsHANSA-PARK
_pk_sesAnalysis30 minutesHANSA-PARK
_pk_cvarAnalysis30 minutesHANSA-PARK
_pk_hsrAnalysis30 minutesHANSA-PARK
_pk_testcookieAnalysis0 minutesHANSA-PARK
mtm_consent_removedAnalysis30 yearsHANSA-PARKDeactivates matomo tracking
yt-remote-device-idExterne Inhaltepersistentwww.youtube-nocookie.comSpeichert die Benutzereinstellungen beim Abruf eines auf anderen Webseiten integrierten Youtube-Videos.
ytidb::LAST_RESULT_ENTRY_KEYExterne Inhaltepersistentwww.youtube-nocookie.comWird verwendet, um die Interaktion der Nutzer mit eingebetteten Inhalten zu verfolgen.

yt.innertube::requests

yt.innertube::nextId

Externe Inhaltepersistentwww.youtube-nocookie.comRegistriert eine eindeutige ID, um Statistiken der Videos von YouTube, die der Benutzer gesehen hat, zu behalten
yt-remote-connected-devicesExterne Inhaltepersistentwww.youtube-nocookie.comSpeichert die Benutzereinstellungen beim Abruf eines auf anderen Webseiten integrierten Youtube-Videos

yt-remote-session-app

yt-remote-cast-installed

yt-remote-session-name

yt-remote-cast-available

yt-remote-fast-check-period

Externe InhalteSessionwww.youtube-nocookie.comSpeichert die Benutzereinstellungen beim Abruf eines auf anderen Webseiten integrierten Youtube-Videos

Auf der Website https://shop.hansapark.de (online shop):

Name of the cookieType of cookieLifetimeSet byPurpose of the cookie
PHPSESSIDRequiredSessionHANSA-PARKRequired for functionality of the website, e.g. in the shopping cart or for the customer account.

cookies_mandatory

Required30 daysHANSA-PARKStores the user’s cookie settings
cookies_statisticRequired30 daysHANSA-PARKStores the user’s cookie settings
cookies_mediaRequired30 daysHANSA-PARKStores the user’s cookie settings
cookies_trackingRequired30 daysHANSA-PARKStores the user’s cookie settings
REMEMBERMEFunctional7 TageHANSA-PARKStores users’ login data.
_pk_idAnalysis13 monthsHANSA-PARKWe receive information on how the website is used and can thus constantly optimise our offer. You can find more information about the cookies of Matomo in our data protection declaration under the item "Web analysis by Matomo" or on the Matomo website itself at https://matomo.org/faq/general/faq_146/
_pk_refAnalysis6 monthsHANSA-PARK
_pk_sesAnalysis30 minutesHANSA-PARK
_pk_cvarAnalysis30 minutesHANSA-PARK
_pk_hsrAnalysis30 minutesHANSA-PARK
_pk_testcookieAnalysis0 minutesHANSA-PARK

mtm_cookie_consent

Analysis30 daysHANSA-PARK

mtm_consent_removed

Analysis30 yearsHANSA-PARK

On the website https://www.hansapark-feedback.de (HANSA-PARK Speaking Trumpet):

Name of the cookieType of cookieLifetimeSet byPurpose of the cookie
phpsessionRequired48 hoursHANSA-PARKKey to get access to given feedbacks
cb-enabledRequired1 yearHANSA-PARKStatus whether the cookie bar was displayed or confirmed

At the HANSA-PARK app

Name of the cookieType of cookieLifetimeSet byPurpose of the cookie
phpsessionRequiredSessionHANSA-PARKRequired for functionality of the app, e.g. communication with the HANSA-PARK API to the online shop

2. On what legal basis do you process my personal information?

Section 25(1) 1st sentence TTDSG in connection with Art. 6(1) letter (f) GDPR

3. For how long do you keep my data? Can I object and will my data be erased?

Cookies are stored on your computer/device from where they are transmitted to our site. This means that you can decide if and when you want to accept the use of cookies. By altering the settings in your internet browser, you can de-activate or restrict the transmission of cookies. Cookies already stored can be erased at any time. You can also set your browser to do that automatically. However, please note that if you de-activate the cookies on our website, some areas of our website may not function properly or be accessible.

VI. Newsletter

1. What kind of data, to what extent and why do you process my data?

Our website allows you to subscribe to our complimentary newsletter. Newsletters are sent in compliance with our Data Privacy Statement to advertise and promote our own products and services. When you subscribe to the newsletter, the data you enter will be transmitted to us:

  • Email address
  • First name and surname (not mandatory)

When you register for the newsletter service, we collect the following information:

  • The time of the registration and confirmation
  • The time you open the newsletter
  • The time you click on links embedded in the newsletter

We use the double-opt-in procedure for subscriptions to our newsletter. In other words, we will send you an email after you have registered for the newsletter service to the email address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 7 days, the information will automatically be blocked and erased after 7 days.

To receive the newsletter, you only have to provide an email address. You can provide more, non-mandatory information that we will use to address you by name. After you have confirmed your registration, we will store the email address provided only for the purpose of sending you the newsletter.

If you want to subscribe to our newsletter, we need an email address as well as your confirmation that you are the holder of the email address given and consent to receiving the newsletter. These data are collected for the sole purpose of sending you the newsletter and documenting our authorisation to do so. We will not disclose your data to any third parties.

You are not obligated to give your name. However, if you do so, we will only use it to address you by name when we send you the newsletter.

In addition, we will store your IP address as well as the time of your registration and confirmation respectively. We do so to be able to prove that you have registered and, if not, clarify any potential abuse of your personal data.

2. On what legal basis do you process my personal information?

We base on the provisions of Article 6(1) letter (a) GDPR to process your data after you have registered and given your consent as well as the provisions of section 7(3) German Unfair Competition Act [UWG] to ship goods after selling them or to render services.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. Your email address will thus be stored for as long as you keep your newsletter subscription active.

4. Can I withdraw my consent and will my data be erased?

You can withdraw at any time your consent to receiving [the newsletter] and having your data stored (go to https://my.hansapark.de/newsletter/unsubscribe, use the “unsubscribe” link in the newsletter, write an email to datenschutz@hansapark.de or contact us (contact data are available in the Legal Notice [Impressum])).

5. Do you disclose my data to third parties? Who sends the newsletters?

HANSA-PARK uses the services of Maileon to send its newsletters. XQueue GmbH, Christian-Pless-Straße 11 - 13, 63069 Offenbach/Main, Germany is the provider of the service. For more information please refer to XQueue GmbH’s Privacy Statement at https://maileon.com/de/datenschutz/#.

We use the newsletter service provider to pursue our legitimate interests pursuant to Article 6(1) letter (f) GDPR based on a contract with the processor pursuant to Article 28(3) 1st sentence GDPR.

The newsletter service provider may use recipients’ pseudonymised personal data – i.e. they do not identify users - to optimise or improve its own services, e.g. to technically optimise the sending or design of the newsletter or for statistical purposes. The newsletter service provider will not use the personal data of our newsletter subscribers to contact them or disclose them to third parties.

VII. Prize Games

1. What kind of data, to what extent and why do you process my data?

When you provide us information as a participant in prize games, we will only use it to determine and contact the winner/s (Article 6(1) letter (b) GDPR).

Winners will be notified in writing.

We will not use your information for advertising and promotion purposes.

If you have won, we will only publish an abbreviated version of your name if you have given us your consent as provided for in Article 6(1) 1st sentence letter (a) GDPR.

2. On what legal basis do you process my personal information?

We base on the provisions of Article 6(1) letter (b) GDPR with regard to your participation.

We base on the provisions of Article 6(1) 1st sentence letter (a) GDPR on publication with regard to the winners.

3. For how long do you keep my data? / Can I object and will my data be erased?

We erase your personal data immediately after the prize game is over and the prize has been awarded or when you object to the use of your data.

VIII. Creation of a Customer Account

1. What kind of data, to what extent and why do you process my data?

You can create a HANSA-PARK customer account at https://shop.hansapark.de. To create the account, you need to enter your personal data that will be transmitted to and stored by us. We will not disclose your personal data to third parties.

When you create an account, we collect the following information:

  • Email address
  • Address data (only after you have completed a purchase or if you provide them voluntarily)
  • Telephone number (only after you have completed a purchase or if you provide it voluntarily)
  • Customer history (e.g. the time certain activities such as “reset password” take place)

At the time you create an account, we also collect the following information:

  • Time of the registration confirmation

For the account creation process we use the double-opt-in procedure to obtain your consent to us processing the above data.

If in the account creation process season ticket data are linked to the customer account, we also collect the following information:

  • Title (not mandatory)
  • First name und surname of the season ticket holder
  • Email address of the season ticket holder
  • Date of birth of the season ticket holder
  • Telephone number of the season ticket holder (not mandatory)
  • Contractual data (season ticket number of the season ticket holder)

You must have an account with us to be able to use certain content and services on our website, e.g.:

  • to call up information
  • to send an enquiry

You must have an account with us to enable us to carry out our obligations arising from any contracts entered into between you and us or to take steps at your request prior to entering into a contract, e.g.

  • to order goods and services
  • to make reservations of any kind.

2. On what legal basis do you process my personal information?

We base on the provisions of Article 6(1) letter (a) GDPR. To process your data, we additionally base on the provisions of Article 6(1) letter (b) GDPR insofar as the account is created to perform a contract which you are a party to or to take steps at your request prior to entering into a contract.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for.

The above applies to data collected during the account creation process if the account is deleted or modified on our website.

The above applies to [data collected] during the account creation process to perform a contract or to take steps at your request prior to entering into a contract if the data are no longer needed to perform the contract. We may need to store the personal data of a contractual partner even after the contract has been entered into to meet contractual or legal obligations.

The above-mentioned obligations arise from

  • continuing obligations
  • warranty periods
  • tax records retention periods.

4. Can I withdraw my consent and will my data be erased?

You have the right to delete your customer account or have your personal data rectified at any time.

You can have your data deleted at any time by sending an email to datenschutz@hansapark.de.

If we need the data to perform a contract or take steps at your request prior to entering into a contract, the data can be deleted only if the deletion is not in conflict with any contractual or legal obligations.

IX. Data collected in Connection with our Contact Form

1. What kind of data, to what extent and why do you process my data?

If you use our contact form to send us an enquiry, we will only use the information you provided in the contact form or in the email sent to the email address provided to contact us, including the contact data you provided, to process your enquiry and store it to answer follow-up questions.

At the time you send off the message, we store the following information:

  • Your IP address
  • The date and time the message was sent off

You will be asked to give your consent to the processing of your data and to refer to this Data Privacy Statement before you send off the message.

Alternatively, you can contact us via the email address provided. In this case we will store your personal data transmitted along with the email.

The personal information thus provided will not be disclosed to third parties. We will solely process the data provided to process your enquiry.

We process the personal data you entered in the forms solely to process your contact enquiry. If you contact us by email, we pursue our legitimate interest when we process your data.

We process the other personal data provided as part of the sending process to prevent abuse of the contact form and ensure that our IT systems are secure.

2. On what legal basis do you process my personal information?

The legal basis for processing your personal data is your consent given to us as provided for in Article 6(1) letter (a) GDPR. The legal basis for processing your personal data transmitted to us when you send us an email message is Article 6(1) letter (f) GDPR. If the aim of the email contact is to enter into a contract with us, we will additionally base on the provisions of Article 6(1) letter (b) GDPR to process your data.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. With regard to the personal data provided and transmitted to us via the contact form and in the email message your data will be erased when the respective communication with you ends.

The communication with you ends when the circumstances clearly indicate that the matter in question has been fully settled.

4. Can I withdraw my consent and will my data be erased?

You can at any time withdraw your consent to the processing of your personal data. If you contact us by sending us an email to info@hansapark.de or datenschutz@hansapark.de, you can object to the storage of your data at any time. If you do so, we cannot process your enquiry.

Any personal data collected and stored in relation to the contact process will then be erased.

X. Job Applications

1. What kind of data, to what extent and why do you process my data?

We process the personal data you provide to us in a job application to process your job application, i.e. to determine whether you are a suitable candidate and if we want to invite you for a job interview.

We process the personal data you provide to us based on the provisions of § 26 BDSG in connection with Article 6(1) letter (b) GDPR as we need to go through your data to decide if HANSA-PARK wants to employ you. Please do not provide any sensitive data in your job application, e.g. information about your health or religion, unless they are absolutely necessary for your job application. We are permitted to process sensitive data only after we have obtained your consent.

2. On what legal basis do you process my personal information?

§ 26 BDSG, Article 6(1) letter (b) GDPR

3. For how long do you keep my data?

If we employ you, we will store your job application data in your personnel file to the extent required. If we do not have a suitable job for you, we will erase your personal data six (6) months after we have informed you about our decision. Otherwise, we will, in each case, store your job application data only to meet the legal obligations to retain them.

If your job application was not successful, we will store your job application data for more than six months only if you have given us your express consent to do so. This is to enable us to contact you at a later point in time should we have a suitable vacancy. You can withdraw your consent at any time.

4. Can I withdraw my consent and will my data be erased?

Applicants have the right at any time to withdraw their consent to the processing of their personal data. If applicants contact us by sending us an email to info@hansapark.de or datenschutz@hansapark.de, they can object to the storage of their data at any time. In that case we cannot consider the job application.

Any personal data collected and stored in relation to the contact process will then be erased.

XI. Data collected as Part of an Order or Reservation or Purchase Process

1. What kind of data, to what extent and why do you process my data?

When you place an order, make a reservation or a purchase, you must provide the personal data we need to establish the business relationship and perform the contractual obligations associated with it. In addition, you have to provide the data we must collect to meet our legal obligations. If you do not provide such data, we cannot answer your enquiries and enter into any contract resulting from the enquiries. We also use such data to offer you and promote new services respectively.

We collect and process the categories of personal data listed below:

  • Master data (e.g. surname, first name, address)
  • Date of birth
  • Communication data
  • Contract data (e.g. customer number)
  • Customer history
  • Schedule/booking data
  • Planning data
  • Billing data

2. On what legal basis do you process my personal information?

a) We process personal data to pursue our legitimate interest (Article 6(1) letter (f) GDPR)

We lawfully process your data to pursue our legitimate interests.

That also includes the use of your personal information to

  • promote our offerings and services unless you have objected to the use of your data [for such purposes];
  • improve and develop new services and/or products to enable us to cater to your specific interests or make bespoke offers;
  • conduct market surveys and/or commission market research institutes to conduct market surveys and studies to enable us to gain an idea of the transparency and quality of our products, services and communication to best meet the requirements and wishes of our customers;
  • assert and defend against legal claims;
  • use your anonymised data for analytical purposes;
  • guarantee IT security and maintain IT operations;
  • take the appropriate actions to ensure that buildings and the Park are safe and secure (e.g. access controls);

If we intend to use your personal information for a purpose other than the ones mentioned above, we will inform you as required by law.

b) We process personal data to meet our legal obligations (Article 6(1) c GDPR)

HANSA-PARK must comply with various legal regulations (e.g. tax laws, German Commercial Code [HGB]) that provide for the processing of personal data. This includes in particular the processing of personal data for the purpose of preventing fraud and money laundering, complying with control and notification obligations under tax laws as well as assessing and managing corporate risks.

3. For how long do you keep my data?

We retain your personal information for the purposes mentioned above. Your data will be processed for the first time upon collection, i.e. when you or a third party provide them to us. We will erase your personal information after the contractual relationship with you has ended, each party has fulfilled their obligations under the contract and there are no other legal obligations or reasons to store the personal data such as, for example, the statutory obligation to retain data as provided for in the German Commercial Code [HGB] and the German Fiscal Code [AO]. In other words, we will erase your personal information after the legal retention period has expired at the latest, which usually is 10 years after the contract has ended. And finally, the storage period also depends on the statutory period of limitation applicable taking into account our reasonable legitimate interests. Pursuant to section 195 et seq. German Civil Code [BGB], for example, the standard limitation period is three years. In specific cases, however, the statutory period of limitation may be up to 30 years.

4. Can I object and will my data be erased?

If you have questions or complaints regarding our Data Privacy Statement, please contact us (HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG, Am Fahrenkrog 1, 23730 Sierksdorf, email: datenschutz@hansapark.de).

You have the right to request from us, the controller, access to your personal data (Article 15 GDPR) as well as rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing of your personal data (Article 18 GDPR). Pursuant to Article 20 GDPR you have the right to data portability. To assert your right to demand access to and erasure of your personal data, the restrictions provided for in sections 34 and 35 BDSG apply. On top, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in connection with section 19 BDSG).


Individual right to object

Insofar as we process data to pursue our legitimate interests (see III.2. above), you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, including the right to object to the processing of your personal data for marketing purposes. If you object, we will stop processing your personal information unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing of the data is necessary to assert, exercise or defend against legal claims.


Right to object to direct marketing

Where we process your personal information for direct marketing purposes, you have the right to object at any time to the processing of your data for such marketing, including profiling in relation to such direct marketing. If you object to the processing of your data for direct marketing purposes, we will stop processing your personal information for such purposes.


Right to withdraw consent

You can withdraw your consent at any time (see item III.2 above, data processing based on your consent). We will then stop processing your personal information. The withdrawal of consent does not affect the lawfulness of the processing of your data based on consent before its withdrawal.

To raise an objection or to withdraw consent, simply send us a letter (b)y post or an email.

5. Do you disclose my data to third parties? Who provides the e-mail service?

HANSA-PARK uses the services of HKS Systeme GmbH to send emails to recipients from its online shop, https://shop.hansapark.de. HKS Systeme GmbH, Friedrich-List-Straße 89, 33100 Paderborn, Germany is the provider of the service. For more information please refer to HKS Systeme GmbH’s privacy statement at https://www.hks-systeme.de/datenschutz/.

We use the service provider to pursue our legitimate interests as defined in Article 6(1) letter (f) GDPR based on a contract with the processor pursuant to Article 28(3) 1st sentence GDPR.

The service provider may use recipients’ pseudonymised personal data – i.e. they do not identify users - to optimise or improve its own services, e.g. to technically optimise the sending or design of the newsletter or for statistical purposes. The service provider will not use the personal data to contact newsletter subscribers or disclose them to third parties.

XII. Payment Processes

1. Online shop payment methods

When you make payments in our online shop, we ask you to provide certain personal data to process payments. We offer a range of payment methods to make your shopping experience in our online shop as enjoyable as possible. We offer the following payment services:

a) Payment by credit card

You can also make payments by credit card (VISA and Mastercard). In that case, we will transfer your data to our payment service provider, Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “Payone GmbH”). Payone will match your payment data to the respective credit institute (VISA and/or Mastercard). Your credit card will be debited based on a payment form that you need to fill in on the payment platform of Payone GmbH. Payone GmbH is a company of the Sparkassen financial group that complies with the highest security standards and can draw on more than 20 years of experience in the processing of cashless payments. The service provider has been fully certified to PCI-DSS (Payment Card Industry Data Security Standard) for several years now. PCI-DSS is a standard that prescribes a range of binding regulations for the protection of sensitive card holder information. Companies must guarantee compliance with PCI-DSS to be authorised to store, transmit or process credit card transactions.

When you select a payment method (e.g. credit card payment) on the HANSA-PARK website, the system will generate and store an “alias” for the payment method (a randomly generated, clear alphanumerical series) you selected. This alias will be transmitted to Payone GmbH, where it will be stored together with the payment data. The alias will subsequently be used as a "substitute" for the actual payment data (e.g. credit card number) in the communication with Payone GmbH to avoid having to transmit the card data in each transaction.

When you choose to pay by credit card, we will process the following data:

  • Master data
  • Communication data
  • Type of card (VISA or MasterCard)
  • Name of the card holder
  • Card number
  • Credit card verification code
  • Expiry date

If you want to know more about how your personal data are used, please contact Payone by email (privacy@payone.com) or write a letter to Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main.

b) Payment by giropay

You can also pay by giropay. In that case, we will transmit your data to our payment service provider, Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “Payone GmbH”). Payone GmbH will match your payment data to the respective bank.

When you enter the master and communication data in the payment form provided on the payment platform of Payone GmbH, you will be redirected to the usual giropay payment page via a secure connection.

giropay lets you choose:

You can either pay online and have the amount directly debited to your current account. You do not need to register via your online banking (equivalent to the old giropay payment method). After you have entered your login name and PIN, the system will display a pre-completed online payment form that cannot be changed. You complete the payment process by entering a valid TAN.

Or you register in advance and pay using a user name and a password (equivalent to the old paydirekt payment method). You pay for your purchases via giropay, the online payment provider, by using the paydirekt symbol. paydirekt GmbH will authenticate your payment via the customer authentication process. Your bank will authorise payment to be made to your seller through paydirekt GmbH. paydirekt GmbH collects and stores paydirekt payment transaction data which comprise the transaction reference and the transaction ID as well as shopping basket information that paydirekt GmbH receives from the seller if the seller supports it. The data enable paydirekt GmbH and the bank to later identify and reference the transaction (e.g. in the event of refunds) so that it is possible to allocate the transaction to the respective customer. To process refunds, paydirekt GmbH will transmit transaction data to the bank.

More information is available in the participation conditions, privacy policy and pre-contractual information at: https://www.giropay.de/agb/index.html

Unfortunately, not all banks offer the giropay payment option. For more information go to www.giropay.de.

If you want to know more about how your personal data are used, please send an email to Payone (privacy@payone.com) or write a letter to Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main.

c) Payment by immediate bank transfer

You can also make payments by immediate bank transfer. In that case, we will transmit your data to our payment service provider, Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “Payone GmbH”). Payone will match your payment data to the payment service provider that offers the immediate bank transfer service.

When you enter the master and communication data as well as the IBAN and BIC in the payment form provided on the payment platform of Payone GmbH, you will be redirected to the familiar immediate bank transfer payment page via a secure online connection.

Immediate bank transfer is a service provided by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. The “immediate bank transfer” acts as an online payment service provider that enables you to make cashless payments for products and services offered on the internet.

The personal data transmitted to the immediate bank transfer service usually comprise your first name, surname, address, telephone number, IP address, email address or such other data as are needed to process your order as well as data in relation to your order such as the number of items ordered, item numbers, invoice amounts and taxes in per cent, invoice information, etc.

The above data must be transferred to allow the system to process your order and accept the payment method you selected, in particular to confirm your identity and manage your payment and the customer relationship.

Please note: Immediate bank transfer may involve the transfer of your personal data to third-party service providers, subcontractors or other affiliates where this is necessary to meet the contractual obligations in relation to your order or who need them to process the purchase contract.

The immediate bank transfer service may, in certain circumstances, involve the transfer of the personal data provided to credit reference agencies to check identities and creditworthiness.

Please refer to the privacy policy applicable to the immediate bank transfer service to learn more about the data protection regulations the processing of your data is based on. The privacy policy will be displayed to you during the immediate bank transfer payment process.

If you want to know more about how your personal data are used, please contact the immediate bank transfer service by email (datenschutz@sofort.com) or write a letter to SOFORT GmbH, Datenschutz, Theresienhöhe 12, 80339 München).

2. Payment methods available at/in the Park

Apart from paying cash in € or the common foreign currencies, you can also pay by EC card or credit card (VISA or Mastercard) at/in the Park.

In that case, we will transmit the following data to our payment service provider, Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “Payone GmbH”). Payone will process them.

  • Name
  • Credit card data (number, expiry date, verification code)
  • Amount payable

Payone GmbH is a company of the Sparkassen financial group that complies with the highest security standards and can draw on more than 20 years of experience in processing cashless payments. The service provider has been fully certified to PCI-DSS (Payment Card Industry Data Security Standard) for several years now. PCI-DSS is a standard that prescribes a range of binding regulations for the protection of sensitive card holder information. Companies must guarantee compliance with PCI-DSS to be authorised to store, transmit or process credit card transactions.

If you want to know more about how your personal data are used, please contact Payone by email (privacy@payone.com) or write a letter to Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main.

XIII. Matomo Web Analytics Services 

Our HANSA-PARK websites use Matomo (formerly Piwik), a web analytics service offered by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

The information about how you use our website is transmitted to our server where it is stored for analysis purposes. We use the information to improve the quality and contents of our website. Before your IP address is transmitted to the Matomo server, it is anonymised; at no point in the process can you as a user be identified. The Matomo server is located at the computer centre of Profihost AG, Expo Plaza 1, 30539 Hannover, Germany.

When you browse our website, the following data will be stored to allow us to analyse how you use the site:

  • Two bytes of the IP address of the requesting system
  • The type of end device you use
  • The activities carried out on the website
  • This includes:
    • files that you click on and download
    • links to other websites that you click on
  • The time you visit the website and how long you stay on it
  • How often you visit the website, incl. sub-sites (activities)
  • The website that referred you to our website

The data are processed in compliance with Section 25(1) 1st sentence TTDSG in connection with Article 6(1) f) (legitimate interest) of the European General Data Protection Regulation [GDPR]. It is our legitimate interest to improve our online services and internet presence. As we take the protection of your privacy very seriously, Matomo anonymises the IP address as early as possible and converts login IDs or device identifiers into a unique key that cannot be used to identify persons. Matomo will not use or merge the data with other data, and it will not disclose your data to third parties.

You can alter your browser settings to “opt-out” of being tracked by Matomo (Do Not Track).

More information on how to configure privacy settings in Matomo is available at https://matomo.org/docs/privacy/.

XIV. App Analysis by Matomo

Our HANSA-PARK app uses Matomo (formerly Piwik), a web analytics service. Matomo is a product of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

The generated user information (including your IP address, which is first shortened by two bytes) is transmitted to our server where it is stored for analysis purposes. The analysis of the information helps us to optimise the HANSA-PARK app. Before your IP address is transmitted to us, it is anonymised so that you as a user remain anonymous to us. The Matomo software solely runs on the German servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

If you carry out activities within the app, we will store the following data:

  • Two bytes of the IP address of your accessing system
  • Provider’s name
  • Type of your end device
  • The activities you carry out within the app
  • Among others, that includes:
    • Files that you click on and download
    • Clicks on links that lead to other websites
  • The time you access the app and the duration you remain within the app
  • How often you call up the app, incl. the app’s activities
  • Location of your end device

Your data are processed based on the provisions of Section 25(1) 1st sentence TTDSG in connection with Article 6(1) letter f) (legitimate interest) European General Data Protection Regulation (GDPR). Our legitimate interest is to optimise our HANSA-PARK app service. As we highly value our visitors’ privacy, Matomo anonymises the IP address as early as possible and converts sign-in or device identifiers to a unique code that does not identify persons. Matomo does not use the data for other purposes and/or merges them with other data and/or discloses them to third parties.

You can prevent the use of the Matomo software by adjusting your settings within the HANSA-PARK app. (See "Permit app analysis"). However please note that if you do that you may not be able to have the full functionality of the HANSA-PARK app at your disposal.

More information about the Matomo software privacy settings is available at: https://matomo.org/docs/privacy/.

XV. Sentry Web Analysis

Our website https://my.hansapark.de uses Sentry, a software to track errors that may occur while you are using our website https://my.hansapark.de, for example during a purchasing process or while you are using the area reserved for season ticket holders. The software is provided by Functional Software, Inc., 132 Hawthorne St, San Francisco, CA 94107. It was installed on a server in Germany specifically designated for the task. Your personal data will only be stored on that server. They will not be communicated to the Sentry software provider or to other third parties.We embed videos from the YouTube platform in our website, i.e. videos are called up directly on YouTube.com but shown on our site. YouTube uses cookies. Each time you click on a video, a connection to the YouTube servers is established. The YouTube server is notified of your visit to our website. As far as we know your personal data are not stored. However, if you are logged in to your YouTube account while watching the video, YouTube will be able to match your browser history directly to your personal profile. You can prevent this by logging out of your account first.

Should an error occur while you are visiting our website, the relevant log files will be analysed (more information on log files is available above) to make the errors visible. This will allow us to remove errors from our website and optimise processes.

The data are processed in compliance with Section 25(1) 1st sentence TTDSG in connection with Article 6(1) letter (f) (legitimate interest) European General Data Protection Regulation [EU-GDPR]. It is our legitimate interest to improve our online services and internet presence.

The data collected within the Sentry software programme will be automatically deleted after 30 days at the latest.

You can object to the processing of the data described above at any time insofar as the data are personal data. Your objection has no adverse effect on you.

For more information please refer to Sentry’s privacy policy and terms of use available at https://sentry.io/privacy/ and https://sentry.io/security/.

XVI. Use of YouTube Plugins

We use the plugin function of the YouTube platform of Google LLC (“Google”), San Bruno/California, USA on our website.

We embed videos from the YouTube platform in our website, i.e. videos are called up directly on YouTube.com but shown on our site. YouTube uses cookies. Each time you click on a video, a connection to the YouTube servers is established. The YouTube server is notified of your visit to our website. As far as we know your personal data are not stored. However, if you are logged in to your YouTube account while watching the video, YouTube will be able to match your browser history directly to your personal profile. You can prevent this by logging out of your account first.

We collect and process the data generated by the cookies based on your consent (Article 6(1) letter (a) GDPR) to provide you personalised services and make your visit to our website more enjoyable.

For more information please refer to YouTube’s privacy policy at https://www.youtube.de/t/privacy.

XVII. Use of Google Web Fonts

This website uses Google Web Fonts, a service provided by Google LLC ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the sake of a consistent presentation of fonts. When you call up a website your browser will download the required Google Web Fonts into your browser cache to accurately display texts and fonts. If your browser does not support Google Web Fonts, one of your computer’s standard fonts will be used. To be able to use Google Web Fonts, your browser must be able to link to the Google servers. That means that Google will know that our website was called up via your IP address. We use Google Web Fonts to offer a consistent and pleasant presentation of our online offerings.    

You will find more information about Google Web Fonts at https://developers.google.com/fonts/faq as well as in Google’s privacy policy and terms of use at https://www.google.com/policies/privacy/.

XVIII. YouTube and Google+

HANSA-PARK holds user accounts with YouTube and Google+. Both platforms are operated by Google LLC (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

We do not process any of your personal data on these platforms.

Please refer to Google LLC's privacy policy to learn more about how Google LLC as the platforms’ operator processes personal data under your registration there or when you visit the website.

We only provide the profile and thus have no knowledge about what data are transferred and how Google uses them.

You can prevent Google plugins from loading by installing the respective add-ons on your browser.

For more information please refer to Google’s privacy policy at  https://www.google.de/intl/de/policies/privacy/.

XIX. Use of the Mobile App

We provide a mobile app for you to download on your mobile device. When you download the app, the information required in relation to the download will be transmitted to the app store, in particular your user name, email address and customer number of your account, the time of the download and, if applicable, payment information and the unique device identification code. We have no control over the collection of the data and cannot be held liable for it. We process the data provided where this is necessary to download the app on your smartphone. The data will not be stored otherwise.

Data processing by app stores: In order to be able to get and install the app, you may first have to enter into an agreement with a third-party provider such as, e.g., iTunes SARL or Google LLC (subsequently referred to as third-party provider) to be granted access to their portals or online shops. We are not a party to such an agreement and have no control over how your data are processed by the third-party provider. Please refer to the respective third-party provider’s privacy policy to learn more about how your data are processed when you register for the respective third-party’s portal.

Processing of personal data by the app itself: No personal data are processed.

If you use the Display Waiting Times function of our app to call up the waiting times at individual attractions, your device must meet certain technical requirements (see the relevant notes to the function). This is solely to make using the function more convenient and prevent misuse. The system only collects the information whether you are connected to the HANSA-PARK Wi-Fi and whether you are in our Park as indicated by the GPS data transmitted by your end device. At no point in time will the data thus collected be analysed in any form.

Every time a Wi-Fi hotspot is activated, the HANSA-PARK firewall automatically stores the following user access data in a protocol file (log file):      

  • the internet pages visited by the mobile device user;
  • the date and time the Wi-Fi hotspot is accessed;
  • the internet protocol address (IP address); and
  • your mobile device’s MAC address.

The above data do not identify persons. We do not merge these data with other data sources.

We need to temporarily store the IP address and the other data mentioned above in the system to enable us to deliver the website to your device. Among others, we need to store your IP address for the duration of your session. The data determined within the HANSA-PARK firewall will automatically and irrevocably be deleted after 30 days at the latest. We process your data under Section 25(1) 1st sentence TTDSG in connection with Article 6(1) letter (b) GDPR to enable you to use our information service.

XX. Communication via the HANSA-PARK Speaking Trumpet

1. What kind of data, to what extent and why do you process my data?

If you use our feedback system - the HANSA-PARK speaking trumpet - to send us your enquiry in the form of feedback via the https://www.hansapark-feedback.de domain, we will only use the information you provided in the contact form or in the email sent to the email address provided to contact us, including the contact data you provided, to process your enquiry and store it to answer follow-up questions.

We will collect the following information:

  • Email address (not mandatory)
  • First name and surname (not mandatory)

At the time you send off the message, we store the following information:

  • Your IP address
  • The date and time the message was sent off.

You will be asked to give your consent to the processing of the data and to refer to this Data Privacy Statement before you send off the message.

Alternatively, you can contact us via the email address provided. In that case we will store your personal data transmitted along with the email.

We will not disclose the personal information provided to third parties. We will solely process the data provided to process your enquiry.

We process the personal data you entered in the forms solely to process your contact enquiry. If you contact us by email, we pursue our legitimate interest when we process your data.

We process the other personal data provided as part of the sending process to prevent abuse of the contact form and ensure that our IT systems are secure.

2. On what legal basis do you process my personal information?

The legal basis for processing your personal data pursuant to Article 6(1) letter (a) GDPR is your consent given to us. The legal basis for processing your personal data transmitted to us when you send us an email message is Section 25(1) 1st sentence TTDSG in connection with Article 6(1) letter (f) GDPR. If the aim of the email contact is to enter into a contract with us, we will additionally base on the provisions of Article 6(1) letter (b) GDPR to process your data.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. With regard to the personal data provided and transmitted to us via the contact form and in the email message your data will be erased when the respective communication with you ends.

The communication with you ends when the circumstances clearly indicate that the matter in question has been fully settled.

4. Can I withdraw my consent and will my data be erased?

You can at any time withdraw your consent to the processing of your personal data. If you contact us by sending us an email to info@hansapark.de or datenschutz@hansapark.de, you can object to the storage of your data at any time. If you do so, we cannot process your enquiry.

Any personal data collected and stored in relation to the contact process will then be erased.

XXI. Participation in Invitation-only Events

1. What kind of data, to what extent and why do you process my data?

HANSA-PARK holds a range of events with invited guests. These are, for instance, launch events or press conferences.

By registering for the event, you commit to attending the event and agree to the contact data you have provided being processed. We process your personal data for the purpose of holding the event and facilitating communication in relation to it. This includes preparing a list of participants and name tags/cards.

Videos may be recorded and photographs may be taken at the event. By participating in the event, you consent to your image or data being processed in videos, photographs or audio recordings for documentation purposes and as part of HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG’s public relations efforts.

The event organiser as well as the media representatives and guests invited to the event are permitted to record videos and take photographs during the event and reproduce and publish them for documentation and promotional purposes. HANSA-PARK may publish its videos and photos on its internet pages and in the HANSA-PARK newsletter as well as post them on HANSA-PARK’s YouTube Channel. HANSA-PARK may also use the recordings as part of its public relations work and communicate them to other media.

Giving your consent does not entitle you to claim compensation. Your consent is unlimited in terms of time and place.

Guests who do not consent to having their image published should avoid the areas where recording/photographing takes place or approach the film crews and photographers for assistance.

To plan, organise and hold events, we store the following personal data of attendees:

  • Name
  • Address
  • Telephone number
  • Fax number
  • Email address

The above regulations do not apply to events at HANSA-PARK, which customers book. In that case, no participants’ lists are stored or videos recorded/photos taken unless specifically agreed upon in separate agreements.

2. On what legal basis do you process my personal information?

The legal basis for processing your personal data pursuant to Article 6(1) letter (a) GDPR is the consent given when you registered for the event as an invited guest or collaboration partner.

3. For how long do you keep my data?

We will process your data only for as long as we need them to plan and ultimately hold the event or for the period of time we are legally required to retain them.

If you have given us your express consent to keep your contact data, we will continue to store them after the event is over to be able to send you invitations to future events. You can withdraw your consent at any time.

4. Can I withdraw my consent and will my data be erased?

Participants have the right at any time to withdraw their consent to the processing of their personal data. By sending us an email to info@hansapark.de or datenschutz@hansapark.de, participants can object to the storage of their personal data at any time. In that case you will not be able to attend the event.

Any personal data collected and stored in relation to the event will then be erased.

XXII. Video Recording

1.    What kind of data, to what extent and why do you process my data?

Video surveillance is in place throughout the inside premises of HANSA-PARK as well as the linked outdoor areas, including all entrance gates located on the property at the address of: Am Fahrenkrog 1, 23730 Sierksdorf. All entrance gates to the Park feature notice boards that notify visitors of the video surveillance.
We operate a video surveillance system solely to safeguard and protect our visitors, employees and facilities. Pursuant to section 4(1) 2nd sentence number 1 of the Federal Data Protection Act [BDSG] these purposes are deemed to be a legitimate interest.
The surveillance system records videos without sound. The data collected cannot be used to identify persons however they may include personal data in the form of images of natural persons. The videos may also feature special categories of persons such as minors or disabled persons.

2.    On what legal basis do you process my personal information?

The videos recorded by our cameras are moving images that can be stored as image sections if required. It may be possible to identify concrete persons in the videos. The videos may also feature special categories of persons such as minors or disabled persons. This will in particular be the case when the images taken are enlarged during the recording itself or afterwards by way of zooming.

The videos may be merged with other personal data to the extent that is necessary for the purposes described below (for example in a report, image sections may be linked to the name of an injured person and a description of the incident to the extent necessary to process the incident):

  • Preventing and prosecuting criminal offences and administrative offences;
  • Advancing or defending against claims under civil law;
  • Enforcing domiciliary rights;
  • Ensuring safety in the Park.

We record the videos and process the video data to pursue our legitimate interest as provided for in Article 6(1) 1st sentence (f) GDPR and section 4(1) BDSG respectively. We pursue the following interests: protecting the life, health and/or freedom of the persons on the Park premises, protecting property, investigating and/or preventing criminal offences as well as administrative offences.

3.    For how long do you keep my data?

The video surveillance cameras operate daily, and in part, 24 hours, seven (7) days a week. The videos recorded by the video surveillance cameras are stored on our servers in Germany. The videos recorded by the video surveillance cameras will usually be stored for not more than 72 hours.  

They will only be retained for a longer period if the law requires us to do so or if they are needed to advance or defend against legal claims or for criminal prosecution in a concrete case or to comply with legal requirements.
Unless the video recordings must be retained for the reasons mentioned above the videos will be erased after the retention period is over and the respective storage space will be overwritten by fresh video recordings.

4.    Can I object and will my data be erased?

You have the right to demand from us, the controller, confirmation whether we process personal data of you. If that is the case, you have a right to request from us access to your personal data and obtain the information listed in Article 15 GDPR.

You have the right to demand from us, the controller, to rectify inaccurate personal data without undue delay and, if applicable, to have incomplete personal data completed (Article 16 GDPR).

You have the right to demand from us, the controller to erase your personal data without undue delay if one of the grounds set forth in Article 17 GDPR applies, e.g. if we no longer need your personal data for the purposes for which we collected or processed them (right to erasure).

You have the right to demand from us, the controller, to restrict the processing of your personal data if one of the prerequisites set forth in Article 18 GDPR has been met, e.g. you have objected to the processing, pending the verification of your objection by us.

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data. We, the controller, will then stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or to advance, exercise or defend against legal claims (Article 21 GDPR).    

Without prejudice to any other administrative or judicial remedy you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR (Article 77 GDPR).

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.    

5.    Do you disclose my data to third parties?

We will only disclose your data to other competent bodies if and when we are required to do so.
The disclosure is justified and permitted in accordance with the data protection regulations in force either based on our legitimate interest under Article 6(1) (f) GDPR (e.g. to investigate suspected or actual unlawful happenings) or on the grounds of our legal obligations under Article 6(1) (c) GDPR (e.g. disclosure to prosecuting authorities in criminal proceedings).

XXIII. Your Rights at a Glance

Insofar as we process your personal data on our websites, you are considered to be a data subject as defined in the GDPR. As a data subject you have the rights listed below.

1. Right of access to your personal data

You can request us to confirm whether we process any personal data of you. If we do, you can demand from us to provide you the following information:

  • the purposes of the processing of your personal data;
  • the categories of personal data we process;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the right to lodge a complaint with a supervisory authority;
  • any available information as to the source if the personal data have not been collected from you;
  • the existence of automated decision-making, including profiling, as defined in Article 22(1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.

You also have the right to demand information about whether your personal data are transferred to a third country or to an international organisation. In this context you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to demand from us to rectify inaccurate personal data and/or to have incomplete personal data completed. If your personal data are inaccurate or incomplete, we will rectify the situation without undue delay.

3. Right to restriction of processing

You have the right to demand from us to restrict the processing of your personal data if

  • you dispute the accuracy of your personal data for a period that enables us to verify the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but you require the data to assert, exercise or defend against legal claims; or
  • you have objected to the processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override those of you.

If you have requested us to restrict the processing of your personal data, we are only permitted to use such data – apart from storing them – with your consent or to assert, exercise or defend against legal claims or to protect the rights of other natural or legal persons or for reasons of important public interest of the Union or of a Member State. We will inform you before the restriction is lifted.

4. Right to erasure

You have the right to demand from us to erase your personal data without delay. We are obligated to erase your data without delay on one of the following grounds:

  • We no longer need your personal data for the purposes for which we collected or processed them;
  • You withdraw your consent, if you have given it, on which the processing of your personal data pursuant to Article 6(1) letter (a) or Article 9(2) letter (a) GDPR is based and where there is no other legal ground for the processing;
  • You object to the processing of your personal data as provided for in Article 21(1) GDPR and there are no overriding legitimate grounds for the processing;
  • You object to the processing of your personal data for direct marketing purposes as provided for in Article 21(2) GDPR;
  • Your personal data have been unlawfully processed;
  • We must erase your personal data to comply with a legal obligation under Union or Member State law we are subject to;
  • Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If we have made your personal data public and if, pursuant to Article 17(1) GDPR, we are obligated to erase them, we will take reasonable steps - taking account of the available technologies and costs of implementation - to inform controllers processing the personal data that you have requested to have erased any links to or any copies or replications of those personal data.

You do not have the right to erasure if the processing is necessary

  • to exercise the right of freedom of expression and information;
  • to comply with a legal obligation which requires the processing under Union or Member State law to which we are subject or to perform a task carried out in the public interest or to exercise official authority vested in us;
  • for reasons of public interest in the area of public health in accordance with Article 9(2) letter (h) and (i) as well as Article 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR where the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • to assert, exercise or defend against legal claims.

5. Right to information

If you have demanded from us to rectify, erase or restrict the processing of your personal data, we are obligated to inform all parties (recipients) to whom your personal data have been disclosed of such rectification, erasure or restriction of the processing of your personal data, unless that proves to be impossible or would involve a disproportionate effort.

You have the right to demand from us to inform you about such recipients.

6. Right to data portabilit

You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us if

  • the processing is based on consent pursuant to Article 6(1) letter (a) GDPR or Article 9(2) letter (a) GDPR or on a contract pursuant to Article 6(1) letter (b) GDPR and
  • the processing is carried out by automated means.

You also have the right to demand from us to transmit your personal data directly from us to another controller where this is technically feasible. The transmission must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data that are necessary to perform a task carried out in the public interest or to exercise official authority vested in us.

With regard to the services offered on our website we believe that we are currently not processing any data to which the right to data portability applies.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which is based on Article 6(1) letter (e) or (f) GDPR, including profiling based on those provisions.

We will then stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or to assert, exercise or defend against legal claims.

If we process your personal data for the purpose of direct marketing, you have the right at any time to object to the processing of personal data concerning you for the purpose of such marketing, including profiling associated with it.

If you object to the processing of your personal data for the purpose of direct marketing, we will stop processing your personal data for such purpose.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent to the processing of personal data

You have the right to withdraw your consent to the processing of your personal data at any time. Such withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affect you. We do not carry out that kind of processing.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.