Hanse in Europa mit Nessie

Privacy Policy

Data Privacy Statement of HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG

We strive to offer you the service you have come to expect from us online too. You do not have to give us any personal information to make use of most of our websites. However, if you do not provide certain information, you may not be able to enjoy all our services.

HANSA-PARK is very serious about protecting your personal information.

We do our utmost to respect your privacy. We are aware of the sensitive nature of the personal data you provide to us when you use our website. We are committed to protecting your privacy, and we only collect, store or process the data obtained as part of our business activities in compliance with the applicable data protection regulations.

This Data Privacy Statement sets out what type of personal data we process, how and why we process them in relation to our online offer and our websites, apps, functions, contents and external online presences associated with it. Below we will provide you the information in accordance with Articles 13, 14, 21 General Data Protection Regulation (GDPR). Please take a moment to review our Data Privacy Statement and learn how we process your personal data and what rights you have under the data protection laws.

I. Data Controller

The data controller as defined in the European General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:

HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG
Am Fahrenkrog 1
23730 Sierksdorf - Deutschland

Telephone: +49 (0) 4563/474-0
Fax: +49 (0) 4563/474-100
Email: info@hansapark.de
Website: https://www.hansapark.de

II. Data Protection Officer

If you have any questions, please contact our data protection officer:

HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG
Wolfgang Wiemann
Am Fahrenkrog 1
23730 Sierksdorf
Email: datenschutz@hansapark.de

III. General Information about how and why we process Data

1. What does “personal data” mean?

Personal data comprise any information that refers to an identified or identifiable natural person. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification code, location data, an online identifier or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. How and why we collect personal data

We collect and process personal data only insofar as it is necessary to provide

  • a functional website, app and other online services and
  • our contents and services.

We regularly collect and process your personal data only after you have given us your consent, unless it is impossible for us to obtain your prior consent for factual reasons and processing your data is legally permitted.

We are permitted to create usage profiles for advertising and market research purposes as well as to design our internet offer as needed if we pseudonymise the data. You have the right to object to such use of your data at any time. We are not permitted to merge the usage profiles with data about the person behind the pseudonym.

3. For how long do you store my personal information and when do you erase it?

Data can be stored if European or national legislators provide for it in Union legislation, laws or other regulations. Your personal data will be erased or blocked

  • as soon as it is no longer necessary to store the information and
  • when the retention period stipulated in one of the aforementioned legal regulations expires, unless the information is needed to enter into or perform a contract and must be retained longer.

4. On what legal basis do you process my personal information?

We process your personal information solely as provided for by law, the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act [BDSG].

  • Article 6(1) letter (a) European General Data Protection Regulation (GDPR) concerning the processing of personal data that we collected with your consent;
  • Article 6(1) letter (b) GDPR concerning the processing of personal data needed to fulfil a contract that we entered into with you or to take steps at your request prior to entering into a contract;
  • Article 6(1) letter (c) GDPR concerning the processing of personal data, including their disclosure to third parties - for instance revenue authorities, courts, etc. - to meet a statutory obligation;
  • Article 6(1) letter (f) GDPR concerning the processing of personal data needed to pursue our or a third party’s legitimate interests which override your interests, fundamental rights and freedoms. Our legitimate interest usually is to conduct our business activities;
  • Article 6(1) letter (d) GDPR concerning the processing of personal data to protect your vital interests or those of another natural person;
  • Article 28 GDPR concerning the transfer of personal data to service providers whom we have engaged to process the data on our behalf (processors);
  • Section 26 BDSG insofar as it is necessary to implement the provisions of employment contracts;
  • Section 4(1) 1st and 2nd sentence BDSG concerning video surveillance in the Park;
  • Section 4(3) 1st and 2nd sentence BDSG concerning video recording in the Park.

5. Who gets my data and do you transfer my data to third countries?

Within HANSA-PARK the only parties that have access to your data are parties that need them for the purposes mentioned above. This also applies to service providers and vicarious agents engaged by us. We may disclose your data to processors who process data on our behalf as defined in Art. 28 GDPR for the purposes outlined in this Data Privacy Statement. Such processors primarily provide services in the fields of IT, logistics, printing, telecommunications, claims management, advice and consulting as well as, if applicable, marketing, sales and distribution. We will only disclose personal information to third parties if this is necessary for the purposes mentioned above or if you have given your consent to it. We do not transfer any data to third countries (states that are not a member of the European Economic Area – EEA) and we do not intend to do so in the future. We will not disclose your personal information to address brokers or other companies for advertising purposes.

6. Area of validity – responsibility for linked content

The information below refers and applies to the domains and mobile applications mentioned below.

The following domains form part of our websites:

Our mobile applications comprise:

Our website contains links to other websites that are operated by independent third parties although they might use HANSA-PARK logos and/or trademarks and thus look similar to the websites operated by HANSA-PARK. However, such third-party websites, their terms of use or data protection guidelines should mention this.

To that extent this Data Privacy Statement does not apply. Insofar as such third-party website operators collect, process or use personal data when you visit their websites, please refer to the privacy policy of the relevant operator. We cannot be held liable for how they process and protect data.

On top, HANSA-PARK is not responsible for fulfilling orders placed on or rendering services ordered via the third-party website.

7. Your rights at a glance

If the prerequisites have been met, you have the right at any time to

  • request from us access to your personal data;
  • rectification, restriction of processing and erasure of your personal data;
  • object to the processing of your personal data;
  • withdraw consent to the processing of your personal data;
  • information and data portability;
  • lodge a complaint with a supervisory authority.

8. Automated decision-making

We have no automated decision-making processes pursuant to Art. 22 GDPR in place to establish, foster and maintain customer relations. This includes profiling.

9. Data security

We have taken technical and organisational steps to ensure that your personal data are protected against accidental or wilful loss, destruction or manipulations as well as against unauthorised access by third parties. We regularly review the measures in place and adapt them to technical progress.

10. Changes to this Data Privacy Statement

From time to time, we may revise our Privacy Statement. We will inform you about any changes to it by email or on this website, so you should check here regularly.

11. Data protection guideline, terms of use and GTC

This data protection guideline applies together with our terms of use and our general business terms and conditions (GTC).

IV. hansapark.de Website and Server Log Files

1. What kind of data, to what extent and why do you process my data?

Every time you visit our website we automatically store the following user access data in a protocol file (log file) on our server to enable you to use the website and us to bill the use:

  • The browser type and browser version used;
  • The operating system used by the system accessing our website;
  • The internet page from which a system is referred to our website (known as referrers);
  • The subsites accessed by a system on our web pages;
  • The date and time our website is accessed;
  • The internet protocol address (IP address);
  • Other similar data and information processed to protect our information technology systems in the event of an attack;
  • The documents called up; and
  • The data volume transmitted.

The above data do not identify persons. We do not merge these data with other data sources.

We need to temporarily store the IP address and the other data mentioned above in the system to enable us to deliver the website to your computer/device. This is also why we need to store your IP address for the duration of your session. Pursuant to Article 6(1) letter (f) GDPR the processing of your data for the purposes above is necessary to pursue our legitimate interests.

2. On what legal basis do you process my personal information?

Article 6(1) letter (f) GDPR

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. Insofar as we collect data to provide our website, such data will be erased when you close your browser.

4. Can I object and will my data be erased?

We need to collect your data to operate our internet pages, provide the website and store your data in log files. You cannot object to that kind of data collection.

V. Cookies

1. What kind of data, to what extent and why do you process my data?

When you call up our website, cookies will be placed on your computer/device.

Cookies are small text files that are stored on your computer/device in a specific file directory. These text files allow us to identify your computer/device during a session. Cookies are not harmful to your computer/device. You can manually delete them – most easily in your browser – at any time.

Cookies primarily serve to store your information (or the information about the device a cookie is placed on) during or after your visit to an online service.

Temporary, session or transient cookies are cookies that are deleted once you exit an online offer and close your browser. These cookies store, for example, a log-in status or the items you put into the shopping basket of an online shop.

Permanent or persistent cookies are cookies that remain stored on your device even after you have closed your browser. For example, they store your log-in status so that the website remembers you and/or your preferences on your next visit. We may use the preference data stored in the cookies to measure media reach or for marketing purposes.

We may use temporary and permanent cookies on our websites. Please refer to our Data Privacy Statement for more information.

You can alter the settings in your browser to prevent it from automatically accepting and storing cookies on your device or to notify you each time before a new cookie is placed. Please note that if you choose not to permit cookies, some services and features on our website may not be available or function as intended.

We use cookies, in this case session cookies, to continuously improve our online services and make your visit to our website more enjoyable.

We use technically required cookies to make it easier for you to use our websites. Some functions of our internet pages would not be available without the use of cookies. The system must be able to recognise your browser each time you call up a new page. Cookies allow us to recognise you within our website. We do not use the personal data collected by technically required cookies to create user profiles. We need cookies for the following applications:

  • Shopping basket
  • Language settings
  • Search options

We use analysis cookies to improve the quality and contents of our website. They allow us to measure how our website is used so that we can continuously optimise our services.
Pursuant to Article 6(1) letter (f) GDPR the processing of your data for the purposes above is necessary to pursue our legitimate interests.

2. On what legal basis do you process my personal information?

Article 6(1) letter (f) GDPR

3. For how long do you keep my data? Can I object and will my data be erased?

Cookies are stored on your computer/device from where they are transmitted to our site. This means that you can decide if and when you want to accept the use of cookies. By altering the settings in your internet browser, you can de-activate or restrict the transmission of cookies. Cookies already stored can be erased at any time. You can also set your browser to do that automatically. However, please note that if you de-activate the cookies on our website, some areas of our website may not function properly or be accessible.

VI. Newsletter

1. What kind of data, to what extent and why do you process my data?

Our website allows you to subscribe to our complimentary newsletter. Newsletters are sent in compliance with our Data Privacy Statement to advertise and promote our own products and services. When you subscribe to the newsletter, the data you enter will be transmitted to us:

  • Email address
  • First name and surname (not mandatory)

When you register for the newsletter service, we collect the following information:

  • The IP address of the requesting computer/device
  • The time of the registration and confirmation
  • The time you open the newsletter
  • The time you click on links embedded in the newsletter

We use the double-opt-in procedure for subscriptions to our newsletter. In other words, we will send you an email after you have registered for the newsletter service to the email address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm the registration within 24 hours, we will block the information and automatically erase it after 24 hours.

To receive the newsletter, you only have to provide an email address. You can provide more, non-mandatory information that we will use to address you by name. After you have confirmed your registration, we will store the email address provided only for the purpose of sending you the newsletter.

If you want to subscribe to our newsletter, we need an email address as well as your confirmation that you are the holder of the email address given and consent to receiving the newsletter. These data are collected for the sole purpose of sending you the newsletter and documenting our authorisation to do so. We will not disclose your data to any third parties.

You are not obligated to give your name. However, if you do so, we will only use it to address you by name when we send you the newsletter.

In addition, we will store your IP address as well as the time of your registration and confirmation respectively. We do so to be able to prove that you have registered and, if not, clarify any potential abuse of your personal data.

2. On what legal basis do you process my personal information?

We base on the provisions of Article 6(1) letter (a) GDPR to process your data after you have registered and given your consent as well as the provisions of section 7(3) German Unfair Competition Act [UWG] to ship goods after selling them or to render services.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. Your email address will thus be stored for as long as you keep your newsletter subscription active.

4. Can I withdraw my consent and will my data be erased?

You can withdraw at any time your consent to receiving [the newsletter] and having your data stored (go to https://my.hansapark.de/newsletter/unsubscribe, use the “unsubscribe” link in the newsletter, write an email to datenschutz@hansapark.de or contact us (contact data are available in the Legal Notice [Impressum])).

5. Do you disclose my data to third parties? Who sends the newsletters?

HANSA-PARK uses the services of Episerver Campaign to send its newsletters. Episerver GmbH, Wallstraße 16, 10179 Berlin, Germany is the provider of the service. For more information please refer to Episerver GmbH’s Privacy Statement at https://www.episerver.de/legal/privacy-statement.

We use the newsletter service provider to pursue our legitimate interests pursuant to Article 6(1) letter (f) GDPR based on a contract with the processor pursuant to Article 28(3) 1st sentence GDPR.

The newsletter service provider may use recipients’ pseudonymised personal data – i.e. they do not identify users - to optimise or improve its own services, e.g. to technically optimise the sending or design of the newsletter or for statistical purposes. The newsletter service provider will not use the personal data of our newsletter subscribers to contact them or disclose them to third parties.

VII. Season Ticket News and Information Service

1. What kind of data, to what extent and why do you process my data?

Our season tickets holders can subscribe to our season ticket news and information service at https://my.hansapark.de/mail. We will mail the news and information as provided for in our Data Privacy Statement. The service provides details about the sale of and more information about our HANSA-PARK season tickets. Those interested in the service can choose whether they prefer to receive the information by email or by post or by email and by post.

When you subscribe to our season ticket news and information service and opt to have it sent by post, we will be transmitted the

  • season ticket number and
  • date of birth

→ to ensure that we can match your data to the correct contract data and post the news and information to the address you provided to us.

When you register for the newsletter service, we collect the following information:

  • The IP address of the requesting computer/ device
  • The time of the registration

You only have to enter the season ticket number and the date of birth of the season ticket holder to be sent the season ticket news and information. This allows us to match your data to the correct contract data and post the news and information to the address you provided to us.

When you subscribe to our season ticket news and information service and opt to have it sent by email, we will be transmitted the

  • season ticket number
  • date of birth and
  • email address.

When you subscribe to the service, we collect the following information:

  • The IP address of the requesting computer/device
  • The time of the registration and confirmation

We use the double-opt-in procedure for subscriptions to our season ticket news and information service by email. In other words, we will send you an email after you have registered for the season ticket news and information service to the email address you have provided, in which we ask you to confirm that you wish to receive the season ticket news and information. If you do not confirm the registration within 24 hours, we will block the information and automatically erase it after 24 hours.

To receive the season ticket news and information, you only have to provide an email address. After you have confirmed your registration, we will store the email address provided only for the purpose of sending you the season ticket news and information.

If you want to subscribe to our season ticket news and information service, we need an email address as well as your confirmation that you are the holder of the email address given and consent to receiving the season ticket news and information. These data are collected for the sole purpose of sending you the season ticket news and information and documenting our authorisation to do so. We will not disclose your data to any third parties.

In addition, we store your IP address as well as the time of your registration and confirmation respectively. We do so to be able to prove that you have registered and, if not, clarify any potential abuse of your personal data.

2. On what legal basis do you process my personal information?

We base on the provisions of Article 6(1) letter (a) GDPR to process your data after you have registered for the service and given your consent.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. Your email address will thus be stored for as long as you keep your season ticket news and information service subscription active.

4. Can I withdraw my consent and will my data be erased?

You can withdraw at any time your consent to receiving [the season ticket news and information] and having your data stored (go to https://my.hansapark.de/mail use the “I’d rather not” link, write an email to datenschutz@hansapark.de or contact us (contact data are available in the Legal Notice [Impressum])).

5. Do you disclose my data to third parties? Who provides the service?

HANSA-PARK uses the services of Episerver Campaign to send the season ticket news and information. Episerver GmbH, Wallstraße 16, 10179 Berlin, Germany is the provider of the service. For more information please refer to Episerver GmbH’s privacy statement at https://www.episerver.de/legal/privacy-statement.

We use the newsletter service provider to pursue our legitimate interests pursuant to Article 6(1) letter (f) GDPR based on a contract with the processor pursuant to Article 28(3) 1st sentence GDPR.

The newsletter service provider may use recipients’ pseudonymised personal data – i.e. they do not identify users - to optimise or improve its own services, e.g. to technically optimise the sending or design of the news and information service or for statistical purposes. However, the service provider will not use the personal data of subscribers to our season ticket news and information service to contact them or disclose them to third parties.

VIII. Prize Games

1. What kind of data, to what extent and why do you process my data?

When you provide us information as a participant in prize games, we will only use it to determine and contact the winner/s (Article 6(1) letter (b) and (f) respectively GDPR).

Winners will be notified in writing.

We will not use your information for advertising and promotion purposes.

If you have won, we will only publish an abbreviated version of your name if you have given us your consent as provided for in Article 6(1) 1st sentence letter (a) GDPR.

2. On what legal basis do you process my personal information?

We base on the provisions of Article 6(1) letter (b) GDPR and Article 6(1) letter (f) GDPR with regard to your participation.

We base on the provisions of Article 6(1) 1st sentence letter (a) GDPR with regard to the winners.

3. For how long do you keep my data? / Can I object and will my data be erased?

We erase your personal data immediately after the prize game is over and the prize has been awarded or when you object to the use of your data.

IX. Creation of a Customer Account

1. What kind of data, to what extent and why do you process my data?

You can create a HANSA-PARK customer account at https://my.hansapark.de. To create the account, you need to enter your personal data that will be transmitted to and stored by us. We will not disclose your personal data to third parties.

When you create an account, we collect the following information:

  • Email address
  • Address data (only after you have completed a purchase or if you provide them voluntarily)
  • Telephone number (only after you have completed a purchase or if you provide it voluntarily)
  • Customer history (e.g. the time certain activities such as “reset password” take place)

At the time you create an account, we also collect the following information:

  • Your IP address
  • The time of your registration and confirmation

For the account creation process we use the double-opt-in procedure to obtain your consent to us processing the above data.

If in the account creation process season ticket data are linked to the customer account, we also collect the following information:

  • First name und surname of the season ticket holder
  • Address data of the season ticket holder
  • Date of birth of the season ticket holder
  • Telephone number of the season ticket holder (not mandatory)
  • Contractual data (season ticket number of the season ticket holder)

You must have an account with us to be able to use certain content and services on our website, e.g.:

  • to call up information
  • to send an enquiry

You must have an account with us to enable us to carry out our obligations arising from any contracts entered into between you and us or to take steps at your request prior to entering into a contract, e.g.

  • to order goods and services
  • to make reservations of any kind.

2. On what legal basis do you process my personal information?

We base on the provisions of Article 6(1) letter (a) GDPR. To process your data, we additionally base on the provisions of Article 6(1) letter (b) GDPR insofar as the account is created to perform a contract which you are a party to or to take steps at your request prior to entering into a contract.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for.

The above applies to data collected during the account creation process if the account is deleted or modified on our website.

The above applies to [data collected] during the account creation process to perform a contract or to take steps at your request prior to entering into a contract if the data are no longer needed to perform the contract. We may need to store the personal data of a contractual partner even after the contract has been entered into to meet contractual or legal obligations.

The above-mentioned obligations arise from

  • continuing obligations
  • warranty periods
  • tax records retention periods.

4. Can I withdraw my consent and will my data be erased?

You have the right to delete your customer account or have your personal data rectified at any time.

You can delete your data at any time by logging in to your user profile or send an email to datenschutz@hansapark.de to have them erased.

If we need the data to perform a contract or take steps at your request prior to entering into a contract, the data can be deleted only if the deletion is not in conflict with any contractual or legal obligations.

X. Data collected in Connection with our Contact Form

1. What kind of data, to what extent and why do you process my data?

If you use our contact form to send us an enquiry, we will only use the information you provided in the contact form or in the email sent to the email address provided to contact us, including the contact data you provided, to process your enquiry and store it to answer follow-up questions.

At the time you send off the message, we store the following information:

  • Your IP address
  • The date and time the message was sent off

You will be asked to give your consent to the processing of your data and to refer to this Data Privacy Statement before you send off the message.

Alternatively, you can contact us via the email address provided. In this case we will store your personal data transmitted along with the email.

The personal information thus provided will not be disclosed to third parties. We will solely process the data provided to process your enquiry.

We process the personal data you entered in the forms solely to process your contact enquiry. If you contact us by email, we pursue our legitimate interest when we process your data.

We process the other personal data provided as part of the sending process to prevent abuse of the contact form and ensure that our IT systems are secure.

2. On what legal basis do you process my personal information?

The legal basis for processing your personal data is your consent given to us as provided for in Article 6(1) letter (a) GDPR. The legal basis for processing your personal data transmitted to us when you send us an email message is Article 6(1) letter (f) GDPR. If the aim of the email contact is to enter into a contract with us, we will additionally base on the provisions of Article 6(1) letter (b) GDPR to process your data.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. With regard to the personal data provided and transmitted to us via the contact form and in the email message your data will be erased when the respective communication with you ends.

The communication with you ends when the circumstances clearly indicate that the matter in question has been fully settled.

4. Can I withdraw my consent and will my data be erased?

You can at any time withdraw your consent to the processing of your personal data. If you contact us by sending us an email to info@hansapark.de or datenschutz@hansapark.de, you can object to the storage of your data at any time. If you do so, we cannot process your enquiry.

Any personal data collected and stored in relation to the contact process will then be erased.

XI. Job Applications

1. What kind of data, to what extent and why do you process my data?

We process the personal data you provide to us in a job application to process your job application, i.e. to determine whether you are a suitable candidate and if we want to invite you for a job interview.

We process the personal data you provide to us based on the provisions of Article 6(1) letter (b) GDPR as we need to go through your data to decide if HANSA-PARK wants to employ you. Please do not provide any sensitive data in your job application, e.g. information about your health or religion, unless they are absolutely necessary for your job application. We are permitted to process sensitive data only after we have obtained your consent.

2. On what legal basis do you process my personal information?

Article 6(1) letter (b) GDPR

3. For how long do you keep my data?

If we employ you, we will store your job application data in your personnel file to the extent required. If we do not have a suitable job for you, we will erase your personal data six (6) months after we have informed you about our decision. Otherwise, we will, in each case, store your job application data only to meet the legal obligations to retain them.

If your job application was not successful, we will store your job application data for more than six months only if you have given us your express consent to do so. This is to enable us to contact you at a later point in time should we have a suitable vacancy. You can withdraw your consent at any time.

4. Can I withdraw my consent and will my data be erased?

Applicants have the right at any time to withdraw their consent to the processing of their personal data. If applicants contact us by sending us an email to info@hansapark.de or datenschutz@hansapark.de, they can object to the storage of their data at any time. In that case we cannot consider the job application.

Any personal data collected and stored in relation to the contact process will then be erased.

XII. Data collected as Part of an Order or Reservation or Purchase Process

1. What kind of data, to what extent and why do you process my data?

When you place an order, make a reservation or a purchase, you must provide the personal data we need to establish the business relationship and perform the contractual obligations associated with it. In addition, you have to provide the data we must collect to meet our legal obligations. If you do not provide such data, we cannot answer your enquiries and enter into any contract resulting from the enquiries. We also use such data to offer you and promote new services respectively.

We collect and process the categories of personal data listed below:

  • Master data (e.g. surname, first name, address)
  • Date of birth
  • Communication data
  • Contract data (e.g. customer number)
  • Customer history
  • Schedule/booking data
  • Planning data
  • Billing data

2. On what legal basis do you process my personal information?

a) We process personal data to pursue our legitimate interest (Article 6(1) letter (f) GDPR)

We lawfully process your data to pursue our legitimate interests.

That also includes the use of your personal information to

  • promote our offerings and services unless you have objected to the use of your data [for such purposes];
  • improve and develop new services and/or products to enable us to cater to your specific interests or make bespoke offers;
  • conduct market surveys and/or commission market research institutes to conduct market surveys and studies to enable us to gain an idea of the transparency and quality of our products, services and communication to best meet the requirements and wishes of our customers;
  • assert and defend against legal claims;
  • use your anonymised data for analytical purposes;
  • guarantee IT security and maintain IT operations;
  • take the appropriate actions to ensure that buildings and the Park are safe and secure (e.g. access controls);

If we intend to use your personal information for a purpose other than the ones mentioned above, we will inform you as required by law.

b) We process personal data to meet our legal obligations (Article 6(1) c GDPR)

HANSA-PARK must comply with various legal regulations (e.g. tax laws, German Commercial Code [HGB]) that provide for the processing of personal data. This includes in particular the processing of personal data for the purpose of preventing fraud and money laundering, complying with control and notification obligations under tax laws as well as assessing and managing corporate risks.

3. For how long do you keep my data?

We retain your personal information for the purposes mentioned above. Your data will be processed for the first time upon collection, i.e. when you or a third party provide them to us. We will erase your personal information after the contractual relationship with you has ended, each party has fulfilled their obligations under the contract and there are no other legal obligations or reasons to store the personal data such as, for example, the statutory obligation to retain data as provided for in the German Commercial Code [HGB] and the German Fiscal Code [AO]. In other words, we will erase your personal information after the legal retention period has expired at the latest, which usually is 10 years after the contract has ended. And finally, the storage period also depends on the statutory period of limitation applicable taking into account our reasonable legitimate interests. Pursuant to section 195 et seq. German Civil Code [BGB], for example, the standard limitation period is three years. In specific cases, however, the statutory period of limitation may be up to 30 years.

4. Can I object and will my data be erased?

If you have questions or complaints regarding our Data Privacy Statement, please contact us (HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG, Am Fahrenkrog 1, 23730 Sierksdorf, email: datenschutz@hansapark.de).

You have the right to request from us, the controller, access to your personal data (Article 15 GDPR) as well as rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing of your personal data (Article 18 GDPR). Pursuant to Article 20 GDPR you have the right to data portability. To assert your right to demand access to and erasure of your personal data, the restrictions provided for in sections 34 and 35 BDSG apply. On top, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in connection with section 19 BDSG).


Individual right to object

Insofar as we process data to pursue our legitimate interests (see III.2. above), you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, including the right to object to the processing of your personal data for marketing purposes. If you object, we will stop processing your personal information unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing of the data is necessary to assert, exercise or defend against legal claims.


Right to object to direct marketing

Where we process your personal information for direct marketing purposes, you have the right to object at any time to the processing of your data for such marketing, including profiling in relation to such direct marketing. If you object to the processing of your data for direct marketing purposes, we will stop processing your personal information for such purposes.


Right to withdraw consent

You can withdraw your consent at any time (see item III.2 above, data processing based on your consent). We will then stop processing your personal information. The withdrawal of consent does not affect the lawfulness of the processing of your data based on consent before its withdrawal.

To raise an objection or to withdraw consent, simply send us a letter (b)y post or an email.

5. Do you disclose my data to third parties? Who provides the e-mail service?

HANSA-PARK uses the services of Episerver Campaign to send emails to recipients from its online shop, https://my.hansapark.de. Episerver GmbH, Wallstraße 16, 10179 Berlin, Germany is the provider of the service. For more information please refer to Episerver GmbH’s privacy statement at https://www.episerver.de/legal/privacy-statement.

We use the service provider to pursue our legitimate interests as defined in Article 6(1) letter (f) GDPR based on a contract with the processor pursuant to Article 28(3) 1st sentence GDPR.

The service provider may use recipients’ pseudonymised personal data – i.e. they do not identify users - to optimise or improve its own services, e.g. to technically optimise the sending or design of the newsletter or for statistical purposes. The service provider will not use the personal data to contact newsletter subscribers or disclose them to third parties.

XIII. Payment Processes

1. Online shop payment methods

When you make payments in our online shop, we ask you to provide certain personal data to process payments. We offer a range of payment methods to make your shopping experience in our online shop as enjoyable as possible. We offer the following payment services:

a) PayPal

We have integrated PayPal elements into our online shop. PayPal is an online payment service provider that has no relations with HANSA-PARK. Payments are made from PayPal accounts - virtual private or business accounts. PayPal also offers the option to make virtual payments by credit card if you do not hold a PayPal account. A PayPal account is managed via an email address, which is why there are no account numbers in the traditional sense. PayPal allows its users to make online payments to third parties or receive payments. PayPal also acts in a fiduciary capacity and offers purchase protection services.

PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg is the European operating company of PayPal.

If you select the PayPal payment option in our online shop to pay for your purchases, your personal data will automatically be transmitted to PayPal. By selecting this payment option, you consent to your personal data required to process the payment being transmitted to PayPal.

The personal data transmitted to PayPal usually comprise your first name, surname, address, email address, IP address, telephone number, mobile phone number or such other data as are needed to process the payment. In addition, other personal data related to the respective order are needed to process the purchase contract.

The purpose of the transfer of the data is to process payments and prevent fraud. We transfer personal data to PayPal in particular if we have a legitimate interest in the transfer. PayPal may, in certain circumstances, transfer the personal data exchanged between PayPal and us to credit reference agencies to check identities and creditworthiness.

PayPal may disclose your personal data to affiliates and third-party service providers or subcontractors where this is necessary to meet contractual obligations or process orders.

You can at any time withdraw your consent to the processing of your personal data by notifying PayPal. The withdrawal does not affect personal data the processing, use or transfer of which is essential to process payments (under the contract).

You can download PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

b) Payment by credit card

You can also make payments by credit card (VISA and Mastercard). In that case, we will transfer your data to our payment service provider, BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “BS Payone GmbH”). BS Payone will match your payment data to the respective credit institute (VISA and/or Mastercard). Your credit card will be debited based on a payment form that you need to fill in on the payment platform of BS Payone GmbH. BS PAYONE GmbH is a company of the Sparkassen financial group that complies with the highest security standards and can draw on more than 20 years of experience in the processing of cashless payments. The service provider has been fully certified to PCI-DSS (Payment Card Industry Data Security Standard) for several years now. PCI-DSS is a standard that prescribes a range of binding regulations for the protection of sensitive card holder information. Companies must guarantee compliance with PCI-DSS to be authorised to store, transmit or process credit card transactions.

When you select a payment method (e.g. credit card payment) on the HANSA-PARK website, the system will generate and store an “alias” for the payment method (a randomly generated, clear alphanumerical series) you selected. This alias will be transmitted to BS Payone GmbH, where it will be stored together with the payment data. The alias will subsequently be used as a "substitute" for the actual payment data (e.g. credit card number) in the communication with BS Payone GmbH to avoid having to transmit the card data in each transaction.

When you choose to pay by credit card, we will process the following data:

  • Master data
  • Communication data
  • Type of card (VISA or MasterCard)
  • Name of the card holder
  • Card number
  • Credit card verification code
  • Expiry date

If you want to know more about how your personal data are used, please contact BS Payone by email (privacy@bspayone.com) or write a letter to BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main.

c) Payment by Giropay

You can also pay by Giropay. In that case, we will transmit your data to our payment service provider, BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “BS Payone GmbH”). BS Payone will match your payment data to the respective bank.

When you enter the master and communication data as well as the routing number in the payment form provided on the payment platform of BS Payone GmbH, you will be redirected to the homepage of your bank via a secure online connection. After you have entered your login name and PIN, the system will display a pre-completed online payment form that cannot be changed. You complete the payment process by entering a valid TAN.

If you want to know more about how your personal data are used, please contact BS Payone by email (privacy@bspayone.com) or write a letter to BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main.

d) Payment by immediate bank transfer

You can also make payments by immediate bank transfer. In that case, we will transmit your data to our payment service provider, BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “BS Payone GmbH”). BS Payone will match your payment data to the payment service provider that offers the immediate bank transfer service.

When you enter the master and communication data as well as the IBAN and BIC in the payment form provided on the payment platform of BS Payone GmbH, you will be redirected to the familiar immediate bank transfer payment page via a secure online connection.

Immediate bank transfer is a service provided by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. The “immediate bank transfer” acts as an online payment service provider that enables you to make cashless payments for products and services offered on the internet.

The personal data transmitted to the immediate bank transfer service usually comprise your first name, surname, address, telephone number, IP address, email address or such other data as are needed to process your order as well as data in relation to your order such as the number of items ordered, item numbers, invoice amounts and taxes in per cent, invoice information, etc.

The above data must be transferred to allow the system to process your order and accept the payment method you selected, in particular to confirm your identity and manage your payment and the customer relationship.

Please note: Immediate bank transfer may involve the transfer of your personal data to third-party service providers, subcontractors or other affiliates where this is necessary to meet the contractual obligations in relation to your order or who need them to process the purchase contract.

The immediate bank transfer service may, in certain circumstances, involve the transfer of the personal data provided to credit reference agencies to check identities and creditworthiness.

Please refer to the privacy policy applicable to the immediate bank transfer service to learn more about the data protection regulations the processing of your data is based on. The privacy policy will be displayed to you during the immediate bank transfer payment process.

If you want to know more about how your personal data are used, please contact the immediate bank transfer service by email (datenschutz@sofort.com) or write a letter to SOFORT GmbH, Datenschutz, Theresienhöhe 12, 80339 München).

e) Payment by paydirekt

Another payment option is “paydirekt” In that case, we will transmit your data to our payment service provider, BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “BS Payone GmbH”). BS Payone will match your payment data to the paydirekt service provider.

When you enter the master and communication data and tick a check box in the payment form that you need to fill in on the payment platform of BS Payone GmbH, you will be redirected to the familiar paydirekt page via a secure online connection.

If you pay by paydirekt, your payment data will be transmitted to paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, that will process your payment.

The payment data (e.g. payment amount, payment recipient data) and your confirmation that the payment data are correct, will be collected, processed and transmitted to the bank by paydirekt GmbH to have your paydirekt payment processed. paydirekt GmbH will authenticate the payment via the authentication procedure stored in the system under your identity. The bank will authorise payments to the dealer by involving paydirekt GmbH. paydirekt GmbH collects and stores the transaction data of paydirekt payments. The transaction data comprise the transaction reference and transaction ID as well as information about the shopping basket, which paydirekt GmbH receives from the dealer if the dealer supports the procedure. paydirekt GmbH and the bank base on the transaction data to identify and reference the transaction later (e.g. for refunds) and to match the transaction to the respective customer. To process refunds, paydirekt GmbH transmits the transaction data to the bank.

For more information please refer to paydirekt’s privacy policy available at https://www.paydirekt.de/agb/index.html.

2. Payment methods available at/in the Park

Apart from paying cash in € or the common foreign currencies, you can also pay by EC card or credit card (VISA or Mastercard) at/in the Park.

In that case, we will transmit the following data to our payment service provider, BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (subsequently referred to as “BS Payone GmbH”). BS Payone will process them.

  • Name
  • Credit card data (number, expiry date, verification code)
  • Amount payable

BS PAYONE GmbH is a company of the Sparkassen financial group that complies with the highest security standards and can draw on more than 20 years of experience in processing cashless payments. The service provider has been fully certified to PCI-DSS (Payment Card Industry Data Security Standard) for several years now. PCI-DSS is a standard that prescribes a range of binding regulations for the protection of sensitive card holder information. Companies must guarantee compliance with PCI-DSS to be authorised to store, transmit or process credit card transactions.

If you want to know more about how your personal data are used, please contact BS Payone by email (privacy@bspayone.com) or write a letter to BS Payone GmbH, Lyoner Straße 9, 60528 Frankfurt am Main.

XIV. Google Analytics

On our websites - https://www.hansapark.de, https://eventplaner.hansapark.de and https://my.hansapark.de - we use Google Analytics, a web analytics service offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies, which are text files placed on your computer, to help us analyse how you use the website. The information about your use of the website generated by the cookie will usually be transmitted to and stored by Google on servers in the USA. However if Analytics anonymises IP addresses on this website, Google will shorten your IP address within the Member States of the European Union or other states that are a party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser via Google Analytics will not be associated with other data held by Google.

You can adjust your browser settings to prevent it from storing cookies, however please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the data of how you use our website, which the cookie generated (including your IP address), from being collected and transmitted to and processed by Google by clicking on the link below to download and install the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=de. An opt-out cookie will then be installed that
prevents your data from being collected when you visit this website in future.

Please note that on this website Google Analytics provides the anonymizelp feature to ensure that IP addresses are anonymised within it (IP masking). We only use Google Analytics to evaluate data generated by double-click cookies and AdWords for statistical purposes. If you do not want that, you can deactivate the Ads Preferences Manager at http://www.google.com/ settings/ads/onweb/?hl=de.

As the website provider we do not know the content of the data transferred and we are also not aware of how Google uses them.

You will find more information in Google’s privacy policy and terms of use at http://www.google.com/analytics/terms/de.html or
https://www.google.de/intl/de/policies/.

XV. Web Analytics provided by etracker

On our websites - https://www.hansapark.de, https://eventplaner.hansapark.de and https://my.hansapark.de - we use the services of etracker to analyse website usage data. etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany is the service provider. We use cookies to statistically analyse how visitors use the websites and to deliver more personalised content or advertisements. Cookies are small text files which your internet browser places on your device. etracker cookies do not contain any information that would make it possible to identify you as a user.

As the data generated by etracker are processed and stored by etracker in Germany only, their processing is subject to the strict German and European data protection laws and standards. etracker has been inspected by an independent body, certified and awarded the ePrivacyseal, a data protection seal of approval (https://www.eprivacy.eu/kunden/vergebene-siegel/firma/etracker-gmbh/).

The data are processed in compliance with Article 6(1) letter (f) (legitimate interest) General Data Protection Regulation [GDPR]. It is our legitimate interest to improve our online services and internet presence. As we do our utmost to respect users’ privacy, etracker anonymises the IP address as early as possible and converts registration or device identifiers into a clear key that cannot be used to identify persons. etracker will not use or merge the data with other data and it will not disclose your data to third parties.

You can object to the processing of the data described above at any time insofar as the data are personal data. Your objection has no adverse effect on you.

For more information please refer to etracker’s privacy policy and terms of use available at https://www.etracker.com/ data protection/.

XVI. App Analysis by Matomo

Our HANSA-PARK app uses Matomo (formerly Piwik), a web analytics service. Matomo is a product of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo places two cookies on your mobile device (more about cookies, see above).

The user information generated by the cookies (including your IP address, which is first shortened by two bytes) is transmitted to our server where it is stored for analysis purposes. The analysis of the information helps us to optimise the HANSA-PARK app. Before your IP address is transmitted to us, it is anonymised so that you as a user remain anonymous to us. The Matomo software solely runs on the German servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

If you carry out activities within the app, we will store the following data:

  • Two bytes of the IP address of your accessing system
  • Provider’s name
  • Type of your end device
  • The activities you carry out within the app
  • Among others, that includes:
    • Files that you click on and download
    • Clicks on links that lead to other websites
  • The time you access the app and the duration you remain within the app
  • How often you call up the app, incl. the app’s activities
  • Location of your end device

Your data are processed based on the provisions of Article 6(1) letter f) (legitimate interest) European General Data Protection Regulation (GDPR). Our legitimate interest is to optimise our HANSA-PARK app service. As we highly value our visitors’ privacy, Matomo anonymises the IP address as early as possible and converts sign-in or device identifiers to a unique code that does not identify persons. Matomo does not use the data for other purposes and/or merges them with other data and/or discloses them to third parties.

You can prevent the use of the Matomo software by adjusting your settings within the HANSA-PARK app. (((BITTE LINK_FUNKTIONALITÄT HIER EINFÜGEN))). However please note that if you do that you may not be able to have the full functionality of the HANSA-PARK app at your disposal.

More information about the Matomo software privacy settings is available at: https://matomo.org/docs/privacy/.

XVI. Sentry Web Analysis

Our website https://my.hansapark.de uses Sentry, a software to track errors that may occur while you are using our website https://my.hansapark.de, for example during a purchasing process or while you are using the area reserved for season ticket holders. The software is provided by Functional Software, Inc., 132 Hawthorne St, San Francisco, CA 94107. It was installed on a server in Germany specifically designated for the task. Your personal data will only be stored on that server. They will not be communicated to the Sentry software provider or to other third parties.We embed videos from the YouTube platform in our website, i.e. videos are called up directly on YouTube.com but shown on our site. YouTube uses cookies. Each time you click on a video, a connection to the YouTube servers is established. The YouTube server is notified of your visit to our website. As far as we know your personal data are not stored. However, if you are logged in to your YouTube account while watching the video, YouTube will be able to match your browser history directly to your personal profile. You can prevent this by logging out of your account first.

Should an error occur while you are visiting our website, the relevant log files will be analysed (more information on log files is available above) to make the errors visible. This will allow us to remove errors from our website and optimise processes.

The data are processed in compliance with Article 6(1) letter (f) (legitimate interest) European General Data Protection Regulation [EU-GDPR]. It is our legitimate interest to improve our online services and internet presence.

The data collected within the Sentry software programme will be automatically deleted after 30 days at the latest.

You can object to the processing of the data described above at any time insofar as the data are personal data. Your objection has no adverse effect on you.

For more information please refer to Sentry’s privacy policy and terms of use available at https://sentry.io/privacy/ and https://sentry.io/security/.

XVII. Google reCAPTCHA

Zum Zwecke des Schutzes vor Spam und Missbrauch unserer Web-Formulare nutzt HANSA-PARK auf der Online-Shop-Website https://my.hansapark.de im Rahmen einiger Formulare den Google reCAPTCHA Service. Dieser Dienst verhindert Durch die Überprüfung einer manuellen Eingabe, dass automatisierte Software (sog. Bots) missbräuchliche Aktivitäten auf der Website ausführt. Die Datenverarbeitung erfolgt auf der Rechtsgrundlage des Art. 6 Abs .1 lit f (berechtigtes Interesse) der EU-Datenschutzgrundverordnung (EU-DSGVO). Unser berechtigtes Interesse besteht im Schutz unserer Webseite vor Missbrauch sowie an einer störungsfreien Darstellung unseres Onlineauftritts.

Google reCAPTCHA ist ein Angebot der Google LLC („Google“), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google LLC ist unter dem EU-US-Privacy Shield zertifiziert. Ein aktuelles Zertifikat können Sie hier einsehen: https://www.privacyshield.gov/list

Google reCAPTCHA verwendet Methoden, die eine Analyse der Benutzung der Website durch Sie ermöglichen, wie zum Beispiel Cookies. Dies passiert im Rahmen der Überprüfung mittels eines in der Webseite eingebundenen Codes, einem sog. JavaScript. Die automatisch erhobenen Informationen über Ihre Benutzung unserer Online-Shop- Website einschließlich Ihrer IP Adresse werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert. Außerdem werden andere, durch Google Dienste in Ihrem Browser gespeicherte Cookies durch Google reCAPTCHA ausgewertet.

Ein Auslesen oder Speichern von personenbezogenen Daten aus den Eingabefeldern des jeweiligen Formulars findet nicht statt. Weiterführende Informationen zur Datenschutzerklärung von Google finden Sie unter www.google.com/policies/privacy/.

Sie können die Erfassung der durch das JavaScript, bzw. das Cookie erzeugten und auf Ihre Nutzung der Website bezogenen Daten (inkl. Ihrer IP-Adresse) an Google sowie die Verarbeitung dieser Daten durch Google verhindern, indem sie in Ihren Browser-Einstellungen die Ausführung von JavaScripten oder das Setzen von Cookies unterbinden. Wir weisen Sie jedoch darauf hin, dass Sie in diesem Fall gegebenenfalls nicht sämtliche Funktionen dieser Website vollumfänglich werden nutzen können.

XVIII. Use of YouTube Plugins

We use the plugin function of the YouTube platform of Google LLC (“Google”), San Bruno/California, USA on our website.

We embed videos from the YouTube platform in our website, i.e. videos are called up directly on YouTube.com but shown on our site. YouTube uses cookies. Each time you click on a video, a connection to the YouTube servers is established. The YouTube server is notified of your visit to our website. As far as we know your personal data are not stored. However, if you are logged in to your YouTube account while watching the video, YouTube will be able to match your browser history directly to your personal profile. You can prevent this by logging out of your account first.

We collect and process the data generated by the cookies based on your consent (Article 6(1) letter (a) GDPR) to provide you personalised services and make your visit to our website more enjoyable.

For more information please refer to YouTube’s privacy policy at https://www.youtube.de/t/privacy.

XIX. YouTube and Google+

HANSA-PARK holds user accounts with YouTube and Google+. Both platforms are operated by Google LLC (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

We do not process any of your personal data on these platforms.

Please refer to Google LLC's privacy policy to learn more about how Google LLC as the platforms’ operator processes personal data under your registration there or when you visit the website.

We only provide the profile and thus have no knowledge about what data are transferred and how Google uses them.

You can prevent Google plugins from loading by installing the respective add-ons on your browser.

For more information please refer to Google’s privacy policy at  https://www.google.de/intl/de/policies/privacy/.

XX. Use of the Mobile App

We provide a mobile app for you to download on your mobile device. When you download the app, the information required in relation to the download will be transmitted to the app store, in particular your user name, email address and customer number of your account, the time of the download and, if applicable, payment information and the unique device identification code. We have no control over the collection of the data and cannot be held liable for it. We process the data provided where this is necessary to download the app on your smartphone. The data will not be stored otherwise.

Data processing by app stores: In order to be able to get and install the app, you may first have to enter into an agreement with a third-party provider such as, e.g., iTunes SARL or Google LLC (subsequently referred to as third-party provider) to be granted access to their portals or online shops. We are not a party to such an agreement and have no control over how your data are processed by the third-party provider. Please refer to the respective third-party provider’s privacy policy to learn more about how your data are processed when you register for the respective third-party’s portal.

Processing of personal data by the app itself: No personal data are processed.

XXI. Communication via the HANSA-PARK Speaking Trumpet

1. What kind of data, to what extent and why do you process my data?

If you use our feedback system - the HANSA-PARK speaking trumpet - to send us your enquiry in the form of feedback via the https://www.hansapark-feedback.de domain, we will only use the information you provided in the contact form or in the email sent to the email address provided to contact us, including the contact data you provided, to process your enquiry and store it to answer follow-up questions.

We will collect the following information:

  • Email address (not mandatory)
  • First name and surname (not mandatory)

At the time you send off the message, we store the following information:

  • Your IP address
  • The date and time the message was sent off.

You will be asked to give your consent to the processing of the data and to refer to this Data Privacy Statement before you send off the message.

Alternatively, you can contact us via the email address provided. In that case we will store your personal data transmitted along with the email.

We will not disclose the personal information provided to third parties. We will solely process the data provided to process your enquiry.

We process the personal data you entered in the forms solely to process your contact enquiry. If you contact us by email, we pursue our legitimate interest when we process your data.

We process the other personal data provided as part of the sending process to prevent abuse of the contact form and ensure that our IT systems are secure.

2. On what legal basis do you process my personal information?

The legal basis for processing your personal data pursuant to Article 6(1) letter (a) GDPR is your consent given to us. The legal basis for processing your personal data transmitted to us when you send us an email message is Article 6(1) letter (f) GDPR. If the aim of the email contact is to enter into a contract with us, we will additionally base on the provisions of Article 6(1) letter (b) GDPR to process your data.

3. For how long do you keep my data?

We will erase your data as soon as we no longer need them for the purpose we collected them for. With regard to the personal data provided and transmitted to us via the contact form and in the email message your data will be erased when the respective communication with you ends.

The communication with you ends when the circumstances clearly indicate that the matter in question has been fully settled.

4. Can I withdraw my consent and will my data be erased?

You can at any time withdraw your consent to the processing of your personal data. If you contact us by sending us an email to info@hansapark.de or datenschutz@hansapark.de, you can object to the storage of your data at any time. If you do so, we cannot process your enquiry.

Any personal data collected and stored in relation to the contact process will then be erased.

XXII. Participation in Invitation-only Events

1. What kind of data, to what extent and why do you process my data?

HANSA-PARK holds a range of events with invited guests. These are, for instance, launch events or press conferences.

By registering for the event, you commit to attending the event and agree to the contact data you have provided being processed. We process your personal data for the purpose of holding the event and facilitating communication in relation to it. This includes preparing a list of participants and name tags/cards.

Videos may be recorded and photographs may be taken at the event. By participating in the event, you consent to your image or data being processed in videos, photographs or audio recordings for documentation purposes and as part of HANSA-PARK Freizeit- und Familienpark GmbH & Co. KG’s public relations efforts.

The event organiser as well as the media representatives and guests invited to the event are permitted to record videos and take photographs during the event and reproduce and publish them for documentation and promotional purposes. HANSA-PARK may publish its videos and photos on its internet pages and in the HANSA-PARK newsletter as well as post them on HANSA-PARK’s YouTube Channel. HANSA-PARK may also use the recordings as part of its public relations work and communicate them to other media.

Giving your consent does not entitle you to claim compensation. Your consent is unlimited in terms of time and place.

Guests who do not consent to having their image published should avoid the areas where recording/photographing takes place or approach the film crews and photographers for assistance.

To plan, organise and hold events, we store the following personal data of attendees:

  • Name
  • Address
  • Telephone number
  • Fax number
  • Email address

The above regulations do not apply to events at HANSA-PARK, which customers book. In that case, no participants’ lists are stored or videos recorded/photos taken unless specifically agreed upon in separate agreements.

2. On what legal basis do you process my personal information?

The legal basis for processing your personal data pursuant to Article 6(1) letter (a) GDPR is the consent given when you registered for the event as an invited guest or collaboration partner.

3. For how long do you keep my data?

We will process your data only for as long as we need them to plan and ultimately hold the event or for the period of time we are legally required to retain them.

If you have given us your express consent to keep your contact data, we will continue to store them after the event is over to be able to send you invitations to future events. You can withdraw your consent at any time.

4. Can I withdraw my consent and will my data be erased?

Participants have the right at any time to withdraw their consent to the processing of their personal data. By sending us an email to info@hansapark.de or datenschutz@hansapark.de, participants can object to the storage of their personal data at any time. In that case you will not be able to attend the event.

Any personal data collected and stored in relation to the event will then be erased.

XXIII. Video Recording

As a large place of gathering and entertainment as defined in section 4(1) 2nd sentence number 1 Federal Data Protection Act [BDSG] HANSA-PARK has video surveillance in place throughout the Park. The safety and protection of our visitors, employees and facilities are of utmost importance to us. The data collected cannot be used to identify persons. The videos will automatically be erased if no incidents are reported. The controller is HANSA-PARK.

XXIV. Your Rights at a Glance

Insofar as we process your personal data on our websites, you are considered to be a data subject as defined in the GDPR. As a data subject you have the rights listed below.

1. Right of access to your personal data

You can request us to confirm whether we process any personal data of you. If we do, you can demand from us to provide you the following information:

  • the purposes of the processing of your personal data;
  • the categories of personal data we process;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the right to lodge a complaint with a supervisory authority;
  • any available information as to the source if the personal data have not been collected from you;
  • the existence of automated decision-making, including profiling, as defined in Article 22(1) and (4) GDPR and - at least in those cases - meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.

You also have the right to demand information about whether your personal data are transferred to a third country or to an international organisation. In this context you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to demand from us to rectify inaccurate personal data and/or to have incomplete personal data completed. If your personal data are inaccurate or incomplete, we will rectify the situation without undue delay.

3. Right to restriction of processing

You have the right to demand from us to restrict the processing of your personal data if

  • you dispute the accuracy of your personal data for a period that enables us to verify the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but you require the data to assert, exercise or defend against legal claims; or
  • you have objected to the processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override those of you.

If you have requested us to restrict the processing of your personal data, we are only permitted to use such data – apart from storing them – with your consent or to assert, exercise or defend against legal claims or to protect the rights of other natural or legal persons or for reasons of important public interest of the Union or of a Member State. We will inform you before the restriction is lifted.

4. Right to erasure

You have the right to demand from us to erase your personal data without delay. We are obligated to erase your data without delay on one of the following grounds:

  • We no longer need your personal data for the purposes for which we collected or processed them;
  • You withdraw your consent, if you have given it, on which the processing of your personal data pursuant to Article 6(1) letter (a) or Article 9(2) letter (a) GDPR is based and where there is no other legal ground for the processing;
  • You object to the processing of your personal data as provided for in Article 21(1) GDPR and there are no overriding legitimate grounds for the processing;
  • You object to the processing of your personal data for direct marketing purposes as provided for in Article 21(2) GDPR;
  • Your personal data have been unlawfully processed;
  • We must erase your personal data to comply with a legal obligation under Union or Member State law we are subject to;
  • Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If we have made your personal data public and if, pursuant to Article 17(1) GDPR, we are obligated to erase them, we will take reasonable steps - taking account of the available technologies and costs of implementation - to inform controllers processing the personal data that you have requested to have erased any links to or any copies or replications of those personal data.

You do not have the right to erasure if the processing is necessary

  • to exercise the right of freedom of expression and information;
  • to comply with a legal obligation which requires the processing under Union or Member State law to which we are subject or to perform a task carried out in the public interest or to exercise official authority vested in us;
  • for reasons of public interest in the area of public health in accordance with Article 9(2) letter (h) and (i) as well as Article 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR where the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • to assert, exercise or defend against legal claims.

5. Right to information

If you have demanded from us to rectify, erase or restrict the processing of your personal data, we are obligated to inform all parties (recipients) to whom your personal data have been disclosed of such rectification, erasure or restriction of the processing of your personal data, unless that proves to be impossible or would involve a disproportionate effort.

You have the right to demand from us to inform you about such recipients.

6. Right to data portabilit

You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us if

  • the processing is based on consent pursuant to Article 6(1) letter (a) GDPR or Article 9(2) letter (a) GDPR or on a contract pursuant to Article 6(1) letter (b) GDPR and
  • the processing is carried out by automated means.

You also have the right to demand from us to transmit your personal data directly from us to another controller where this is technically feasible. The transmission must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data that are necessary to perform a task carried out in the public interest or to exercise official authority vested in us.

With regard to the services offered on our website we believe that we are currently not processing any data to which the right to data portability applies.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which is based on Article 6(1) letter (e) or (f) GDPR, including profiling based on those provisions.

We will then stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or to assert, exercise or defend against legal claims.

If we process your personal data for the purpose of direct marketing, you have the right at any time to object to the processing of personal data concerning you for the purpose of such marketing, including profiling associated with it.

If you object to the processing of your personal data for the purpose of direct marketing, we will stop processing your personal data for such purpose.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent to the processing of personal data

You have the right to withdraw your consent to the processing of your personal data at any time. Such withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affect you. We do not carry out that kind of processing.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.