MackOne Account Logo

Privacy Policy

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection regulations of the Member States and other regulations relating to data protection is:

Europa-Park GmbH & Co. Mack KG
Europa-Park-Str. 2
77977 Rust
Germany

Tel.: +49 (0)7822-770
Email: info@europapark.de
Website: https://www.europapark.de/en

Name and address of the Data Protection Officer

The controller's Data Protection Officer is:

Sina Krenz
Tel.: +49 (0)7822-770
Email: datenschutz@europapark.de

General information on data processing

Definitions

‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The definition is far-reaching and encompasses almost all data handling.

‘Pseudonymisation’ refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

‘Profiling’ is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Scope of the processing of personal data

As a general rule, we only process the personal data of our users to the extent necessary to provide a fully functioning website and to deliver our content and services.

Legal basis for the processing of personal data

The respective legal basis for the respective processing is presented and explained in the following. The legal basis is typically founded

  • on a (purchase) contract or within the framework of contract initiation (e.g. when purchasing goods, the Europa-Park Clubcard or vouchers)
  • on our company’s legitimate interest, for instance, when collecting traffic data when you use our online shop
  • on your consent/permission (e.g. for newsletter distribution)

Data erasure and retention period

In general, your personal data which we have stored shall be deleted as soon as it is no longer required for the intended purpose and the erasure does not conflict with any statutory retention requirements. Insofar as the data is not erased because it is required for other and legally admissible purposes, its processing shall be restricted. This means that the data will be blocked and not used for any other purposes. This applies, for instance, to data which must be kept for commercial or tax reasons.

According to legal requirements in Germany, books, records, management reports, accounting receipts, trading books, documents relevant for taxation, etc. shall be retained for a period of 10 years in accordance with Sections 147 (1) Tax Code (AO), 257 (1) (1) and (4), Para. 4 German Commercial Code (HGB) and in the case of commercial letters for a period of six years in accordance with Section 257 (1) (2) and (3), Para. 4 HGB. This includes, for example, documents and data required for processing your purchase of goods or the Europa-Park Clubcard in the online shop.

Security

Our websites are encrypted with SSL or TLS protocols for reasons of security as well as to protect the transmission of personal data and other confidential content (e.g. orders or enquiries sent to us). An encrypted connection can be recognised by the string ‘https: //’ and the padlock symbol in your browser line.

Data transfer to third parties

It is sometimes necessary to pass on your personal data to third parties as service providers in order to fulfil our legal obligations to you. This generally takes place as part contractually regulated commissioned processing. However, it may also be the case that the third party itself acts as the controller.

As an example, data may need to be transferred if we send you ordered goods, lost property or competition prizes by post. Here, your name, address and—in the case of tracking—your e-mail address will be sent to the shipping service provider. We would be happy to provide you with information about the specific service provider on a case-by-case basis.

Providing the website and creating log files

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer. This data is also referred to as ‘traffic data’.

The following data is collected:

  • Information about browser type and version used
  • The user’s operating system
  • The user’s Internet provider
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites accessed by the user’s system from our website

It is necessary for the system to store the IP address temporarily so that the website can be displayed on the user’s computer. To this end, the user’s IP address is stored for the duration of the session. Traffic data is collected in order to make technical improvements to our offer.

This data is also stored in our system’s log files.

Legal basis for data processing

Art. 6 (1) f) GDPR provides the legal basis for the temporary storage of data. Our legitimate interest is to deliver our web content to you.

Retention period

We automatically delete your traffic data once your visit to our website is terminated.

Objection and deletion options

The collection of data to enable provision of the website and the storage of data in log files is essential for the website to function properly. You have the option to object to this in accordance with Art. 21 GDPR, insofar that you assert the special circumstances that prevent the processing of your personal data. The use of personal data is restricted to the necessary minimum, just as the period of retention is limited to your website visit.

Google Cloud CDN

We use the content delivery network Google Cloud CDN. The provider is Google Ireland Limited (see above).

Google offers a globally distributed content delivery network. The technical transfer of information from our website to your browser is done via the Google Network. This enables us to increase the global accessibility and performance of our website.

The use of Google Cloud CDN is based on our legitimate interest in providing our website offer in an error-free and secure manner as possible (Art. 6 (1) (f) GDPR).

Further information on Google Cloud CDN: http://cloud.google.com/cdn/docs/overview?hl=de

You can view Google's Privacy Policy at https://policies.google.com/privacy?hl=en

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://cloud.google.com/terms/eu-model-contract-clause.

Newsletter

Description and scope of data processing

You have the option of subscribing to a free Europa-Park newsletter on our website. When registering for the newsletter, the details stated on the input screen are transmitted to us. This data usually includes your email address as well as your first name and surname. Your language, interests, etc. may also be gathered.

The following data is also collected upon registration:

  • IP address of the requesting computer
  • Date and time of registration
  • Language setting

During the registration process, we obtain your consent for processing of the data and we advise you of our Privacy Policy. Further information is available under the option personalisation.

Where you state your email address when purchasing goods or services on our website, this address may be used by us for sending newsletters if separate reference to this is made. In such cases, we shall only use the newsletter to advertise our own goods and services that are similar to those purchased.

No data processed for the purpose of sending newsletters shall be passed on to third parties. The data is used solely for tailoring the newsletter to you and sending it to you.

Emarsys eMarketing System AG, Hansischer-Straße 10, 80339 München and Widas ID GmbH Maybachstraße 2 71299 Wimsheim, Germany, have been commissioned as the processor in charge of distributing, personalising and analysing Europa-Park newsletters.

Further information on newsletter personalisation is provided in the following.

Legal basis for data processing

Art. 6 (1) a) GDPR provides the legal basis for processing the data following the user's registration for the newsletter, where consent has been given by the user to do so.

Section 7 (3) UWG [German Law Against Unfair Competition] provides the legal basis for sending the newsletter as a result of purchasing goods or services.

Purpose of data processing

The user's email address is stored for the purpose of sending the newsletter.

The purpose of collecting other personal data during the registration process is to prevent misuse of the services or the email address used and to tailor offers to you.

Retention period

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In connection with distributing the newsletter, the user's email address is therefore retained until the newsletter subscription is terminated; in the case of revocation, the data shall be erased after a short processing period, insofar that there is no further purpose for it to be retained.

Other personal data collected during the registration process is usually deleted after a period of seven days.

Cancellation option

The user may cancel their subscription to the newsletter at any time. Each newsletter contains a corresponding link for this purpose.

You may cancel your newsletter subscription by posting your cancellation notification to Europa-Park GmbH & Co Mack KG, Europa-Park-Str. 2, 77977 Rust, Germany or emailing newsletter-service@europapark.de.

This link also provides an option for you to withdraw your consent to the storage of the personal data collected during the registration process after a short processing period.

Personalisation

Description and scope of data processing

We use the data that has been gathered in the scope of you using Europa-Park's offers (among others website, apps, newsletter) to send you a personalised newsletter (if you have subscribed to it) as well as other personalised advertising campaigns and for consultancy services, maintenance of further customer relations, market research and analysis. Europa-Park offers include Europa-Park, Rulantica water world, Europa-Park Hotels, Camp Resort, Europa-Park Camping, Europa-Park Events, YULLBE and the online shop, ticket shop, hotel booking engine, etc.

When provided in addition to your email address, the following data is usually processed in this regard:

  • Salutation
  • Gender
  • First and surname
  • Date of birth
  • Postcode, country of residence, language
  • Clubcard membership status, Clubcard number
  • Email history
  • Interests regarding newsletter topics and purchases
  • Hotel reservations and stays, including room category and number, as well as the category of overnight guests
  • Ticket purchases and stays
  • Other orders, additional purchases and reservations
  • Voucher redemption
  • Event participation
  • Usage behaviour during a stay
  • Consent status for cookies
  • User ID, language, device information
  • Opening and interaction rate for emails

If the controller of Europa-Park GmbH & Co. Mack KG did not directly collect these data, other companies with a direct relation to Europa-Park shall transmit the data:

  • Europa-Park GmbH & Co - Shopping KG regarding registration and purchases in the online shop
  • Rulantica - GmbH & Co Mack KG regarding a visit to Rulantica
  • Europa-Park GmbH & Co - Hotelbetriebe KG regarding hotel stays
  • Mack One Deutschland GmbH & Co KG in regards to special offers such as YULLBE.

Snowflake Inc., Munich, Mies-van-der-Rohe-Straße 8, 80807 Munich, Germany, Emarsys eMarketing System AG, Hansischer-Straße 10, 80339 Munich, Germany and the service provider Cidaas, of Widas ID GmbH Maybachstraße 2 71299 Wimsheim, Germany, shall act as the processor for analysing the data.

Legal basis and purpose of data processing

The legal basis for data processing is our legitimate interest (Art. 6 (1) f) GDPR) in getting to know our customers better and being able to address them in a personalised manner. This is necessary for promoting sales and supporting customers.

Retention period

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. This shall occur, among other things, if we have not been able to detect you acting on any Europa-Park offer for a long time, and there is no further purpose for storing your information.

If you object to the processing of data, the data shall be erased after a short processing time, unless the data must be saved for another purpose.

Objection and deletion options

You the option of objecting to the processing of data. To do this, please contact newsletter-service@europapark.de.

You can configure cookies in the cookie settings to prevent marketing campaigns from being personalised.

Registration of an account

Description and scope of data processing

We offer users the option to register and create an account on our website by providing their personal data. This account can then also sometimes be used for our various online offers (MackOne account). The data is entered on the input screen, transmitted to us and stored by us. The data is not passed on to third parties. The following data is regularly collected during the registration process:

  • Address details
  • Email address
  • Date of birth
  • Your personal password

At the time of registration, the following data is also saved:

  • The user's IP address
  • Date and time of registration

If your email address has not yet been registered in our system, we shall send you a validation email upon registration.

Widas ID GmbH Maybachstraße 2, 71299 Wimsheim, Germany, with their service Cidaas shall act as the processor for analysing the data.

Legal basis for data processing

Art. 6 (1) b) GDPR provides the legal basis for processing data where registration is required in order to fulfil a contract to which the user is party, or to implement measures prior to entering into a contract.

Purpose of data processing

The user is required to register in order to fulfil a contract with the user or to implement measures prior to entering into a contract. For example, for

  • ordering goods and services
  • Reservations of all types
  • Request for information
  • Credit balance retrieval
  • Contact request

Retention period

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected.

For data collected during the registration process, this is the case where registration on our website is cancelled or altered.

For data collected during the registration process for the purpose of fulfilling a contract or for implementing measures prior to entering into a contract, this is the case where the data is no longer required to execute the contract. It may be necessary to store the personal data of the contract partner even after the contract has been concluded in order to meet contractual or statutory obligations.

  • Continuing obligations
  • Warranty periods
  • Retention periods for tax purposes

Objection and deletion options

As a user, you have the right to cancel registration at any time. You can change the data stored under your name at any time.

The data can be deleted at any time by logging in to the user profile or by sending an email to datenschutz@europapark.de.

If the data is necessary for the purpose of fulfilling a contract or for implementing measures prior to entering into a contract, premature deletion of the data is only possible where there are no contractual or statutory obligations to retain such data.

Contact form and email contact

Description and scope of data processing

Contact forms, which can be used to contact us electronically, are readily available on our website. If the user makes use of this option, the data entered on the input screen will be transmitted to us and stored by us. This data includes:

  • First name and surname
  • Address details
  • Email address
  • Content of the message
  • Where provided, telephone number

At the time the message is sent, the following data is also temporarily stored:

  • The user's IP address
  • Date and time of registration

Before the contact form is transmitted, we obtain your consent for the processing of the data and refer you to this Privacy Policy.

Alternatively, you may contact us using the email address provided. In such cases, the user's personal data transmitted in the email is stored.

The data is not passed on to third parties in this connection. The data is used solely for processing the conversation.

Legal basis for data processing

Art. 6 (1) a) GDPR provides the legal basis for processing data, where consent has been given by the user to do so.

Art. 6 (1) f) GDPR provides the legal basis for processing the personal data that is transmitted in an email or using the contact form. Art. 6 (1) b) GDPR provides the legal basis for processing data where the purpose of the email contact is to conclude a contract.

Purpose of data processing

We process the personal data entered on the input screen solely for the purpose of processing the request. If contact is made by email, this also constitutes the legitimate interest required for processing of the data.

The purpose of the other personal data processed during the transmission of the contact form is to prevent misuse of the contact form and to ensure the safety of our information technology systems.

Retention period

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data entered on the input screen of the contact form and the personal data sent by email, this is the case when the conversation with the user has ended. The conversation is deemed to have ended when the circumstances suggest that the issue has been conclusively resolved.

Additional personal data collected during the transmission of the contact form is usually deleted after a period of seven days.

Objection and deletion options

The user has the right at any time to withdraw their consent to processing of the personal data. If the user contacts us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.

The data can be deleted at any time by logging in to the user profile or by sending an email to datenschutz@europapark.de.

In this case, all personal data stored when contacting us is deleted.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

Right to information

You have the right to obtain information about your personal data that we process. In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence proving that you are the person you claim to be. (Art. 15 GDPR)

Right to rectification, erasure and restriction

Furthermore, you have a right to rectification or erasure of data or restriction of processing insofar as you are so entitled by law. (Art. 16, 17 and 18 GDPR). In such cases, we are obliged to notify any recipients of the rectification, erasure or restriction of processing of data (Art. 19 GDPR).

Right to data portability

You also have a right to data portability within the framework of the data protection regulations (Art. 20 GDPR). This applies to data that you have provided to us.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is performed based on Art. 6 (1) e) or f) GDPR; this shall also apply for any profiling based on these provisions.

In particular, you have the right to object in accordance with Art. 21 (1) and (2) GDPR to the processing of your data, in particular in connection with direct advertising (newsletter), if this is based on a legitimate interest or a weighing of interests.

Right to withdrawal of the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time and with effect for the future. The withdrawal of consent shall not affect the lawfulness of any processing for which consent was given and which was carried out prior to the withdrawal thereof.

Automated individual decision-making process (including profiling)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or significantly affects you in a similar manner.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual place of residence, place of work or place of the alleged infringement, where it is your opinion that the processing of your personal data is in breach of GDPR regulations (Art. 77 GDPR).

The supervisory authority with which the complaint was lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of judicial remedy pursuant to Article 78 GDPR.