Privacy policy

Privacy policy

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection regulations of the Member States and other regulations relating to data protection is:

Europa-Park GmbH & Co. Mack KG
Europa-Park-Str. 2
77977 Rust
Germany

Tel.: +49 (0)7822-770
Email: info@europapark.de
Website: https://www.europapark.de/en

Name and address of the Data Protection Officer

The controller’s Data Protection Officer is:
Sina Krenz
Tel.: +49 (0)7822-770
Email: datenschutz@europapark.de

General information on data processing

Definitions

‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The definition is far-reaching and encompasses almost all data handling.

‘Pseudonymisation’ refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

‘Profiling’ is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Scope of the processing of personal data

As a general rule, we only process the personal data of our users to the extent necessary to provide a fully functioning website and to deliver our content and services.

Legal basis for the processing of personal data

The respective legal basis for the respective processing is presented and explained in the following. The legal basis is typically founded

  • on a (purchase) contract or within the framework of contract initiation (e.g. when purchasing goods, the Europa-Park Clubcard or vouchers)
  • on our company’s legitimate interest, for instance, when collecting traffic data when you use our online shop
  • on your consent/permission (e.g. for newsletter distribution)

Data erasure and retention period

In general, your personal data which we have stored shall be deleted as soon as it is no longer required for the intended purpose and the erasure does not conflict with any statutory retention requirements. Insofar as the data is not erased because it is required for other and legally admissible purposes, its processing shall be restricted. This means that the data will be blocked and not used for any other purposes. This applies, for instance, to data which must be kept for commercial or tax reasons.

According to legal requirements in Germany, books, records, management reports, accounting receipts, trading books, documents relevant for taxation, etc. shall be retained for a period of 10 years in accordance with Sections 147 (1) Tax Code (AO), 257 (1) (1) and (4), Para. 4 German Commercial Code (HGB) and in the case of commercial letters for a period of six years in accordance with Section 257 (1) (2) and (3), Para. 4 HGB. This includes, for example, documents and data required for processing your purchase of goods or the Europa-Park Clubcard in the online shop.

Security

Our websites are encrypted with SSL or TLS protocols for reasons of security as well as to protect the transmission of personal data and other confidential content (e.g. orders or enquiries sent to us). An encrypted connection can be recognised by the string ‘https: //’ and the padlock symbol in your browser line.

Data transfer to third parties

It is sometimes necessary to pass on your personal data to third parties as service providers in order to fulfil our legal obligations to you. This generally takes place as part contractually regulated commissioned processing. However, it may also be the case that the third party itself acts as the controller.

As an example, data may need to be transferred if we send you ordered goods, lost property or competition prizes by post. Here, your name, address and—in the case of tracking—your e-mail address will be sent to the shipping service provider. We would be happy to provide you with information about the specific service provider on a case-by-case basis.

Application

Overview

Application management and the job portal is managed centrally by Europa-Park GmbH & Co Mack KG for all companies in the Mack Group. Depending on the position you’re applying for, your data may be shared with the Mack company, which would be your employer.

Online application

You can apply online by e-mail or via the job portal. Data that you can specifically find on each form is collected in this process.

The legal basis for the processing of your data when you apply online is Article 6 (1) (b) GDPR; the necessity to make a decision regarding hiring and the establishment of an employment contract.

The processing of your data is required in order to make a decision about whether or not to hire you. An objection to the processing will therefore result in the recruitment process being ended and your application being rejected.

Job portal

You need an applicant profile to apply via an account on the job portal. Your first and last name, place of residence and e-mail address as well as a user name and password are required to create an applicant profile. However, uploading documents or information concerning your academic and/or professional background, qualifications and skills, language skills and willingness to travel/mobility is voluntary and is not mandatory for registration purposes. To make it as easy as possible for you to apply for a number of positions, your applicant profile is valid for all online applications via the job portal.

In addition to general profile information, further job-specific information will be requested if you apply for a specific job. General profile information is also used for other online applications. Job-specific information is collected and processed for each online application. Mandatory information is marked with an asterisk (*) and all other information is voluntary.

In the application process, additional data such as communication content (e.g. e-mail contact), assessments (e.g. results of job interviews) may be requested if this is required by law or on a (pre-)contractual basis or if you have consented to this. This data is not usually processed via the job portal. There is an obligation to provide the data insofar as this is necessary for us to make a hiring decision regarding an application.

Pool of interested parties

Aside from an individual online application, you also have the option of giving your consent to be part of a pool of interested parties on registration. This consent allows all authorised recruiters to access your applicant profile to check it for suitable job advertisements. This only concerns your general profile information and explicitly does not concern job-specific requirements if you are currently in one or more application processes. The check is also carried out manually and not through automated individual decision-making or profiling. If there is a suitable job advertisement, you may be contacted by the responsible Mack company. Contact does not equate to an online application, so you are free to decide whether or not to apply.

The legal basis for you being part of the pool of interested parties is consent in accordance with Article 6 (1) (a) GDPR. Consent is voluntary. Refusing or withdrawing consent will not have a negative impact on ongoing application processes.

Your participation in the pool of interested parties grants recruiters access until you withdraw your consent and/or your applicant profile is deleted. Statutory retention periods regarding ongoing application processes remain unaffected.

You can withdraw your consent to be part of the pool of interested parties at any time with effect for the future by contacting us at jobs@europapark.de.

Sharing data

When you apply online, only the people who are making the specific hiring decision or are significantly involved in it will have access to your data. These people usually include HR department staff (‘recruiters’) and superiors and, in certain cases, specialists. In addition, to comply with legal obligations under employment law and social security or social protection law, it may be necessary in a specific application process for staff representatives (works council and representation for persons with severe disabilities) to have access to your applicant profile. Data will be shared with other recipients if this is required by law or if you have consented to this.

HR consultants

The Mack Group may appoint HR consultants to acquire applicants. Your applicant data will be sent to us by the recruitment consultant either on the basis of your consent or on the basis of a contract between you and the recruitment consultant. Data is usually sent electronically, i.e. by e-mail or on creation of your applicant profile. The HR consultant is responsible for processing your applicant data up to and including the point of transmission. After data has been sent to the company, your applicant data will be processed as described to make hiring decisions and to establish an employment contract. The purpose of hiring an HR consultant is to find suitable applicants.

Storage period

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case if we have hired you, for example. If you receive an offer to establish an employment relationship at the end of the selection process and you accept this offer, we reserve the right to share the information you provided during the application process with the respective company’s HR master data system. Data is shared here in order to provide administrative support for your employment relationship.

If you are rejected, your data from the application will be deleted within six months, unless you have consented to it being stored in the pool of interested parties.

If you object to the data processing, the data will be deleted following a brief processing time, unless it has also been stored for another purpose.

Providing the website and creating log files

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer. This data is also referred to as ‘traffic data’.

The following data is collected:

  • Information about browser type and version used
  • The user’s operating system
  • The user’s Internet provider
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites accessed by the user’s system from our website

It is necessary for the system to store the IP address temporarily so that the website can be displayed on the user’s computer. To this end, the user’s IP address is stored for the duration of the session. Traffic data is collected in order to make technical improvements to our offer.

This data is also stored in our system’s log files. The user’s IP addresses or other data that enables said data to be linked to a specific user is not included here. This data is not stored together with other personal data of the user.

Legal basis for data processing

Art. 6 (1) f) GDPR provides the legal basis for the temporary storage of data. Our legitimate interest is to deliver our web content to you.

Retention period

We automatically delete your traffic data once your visit to our website is terminated.

Objection and deletion options

The collection of data to enable provision of the website and the storage of data in log files is essential for the website to function properly. You have the option to object to this in accordance with Art. 21 GDPR, insofar that you assert the special circumstances that prevent the processing of your personal data. The use of personal data is restricted to the necessary minimum, just as the period of retention is limited to your website visit.

Use of cookies

Description, purpose and scope of data processing

Our website uses cookies. Cookies are text files that are stored on the Internet browser used on the user’s computer system.

The primary purpose of a cookie is to store data on a user (or the device on which the cookie is stored) during or after their visit to a website. We use cookies to make our website more user-friendly. The purpose of using technically essential cookies is to make it easier for users to navigate websites. Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies show us how the website is used, enabling us to continue to optimise our offers.

Cookies can be used for various tasks:

Temporary cookies: Temporary cookies (also referred to as ‘session cookies’ or ‘transient cookies’) are deleted when the user leaves the website and closes their browser. A cookie of this type might be used, for instance, to store the content of a shopping cart in an online shop or the user’s login status, their language settings, etc.

Permanent cookies: ‘Permanent’ or ‘persistent’ cookies remain stored on the device even after the user has closed their browser. To give an example, this makes it possible for the user’s login status to be stored even if there are a number of days between the user’s visits to this site. Such cookies can also be used to store data on user interests for the purposes of reach analysis and marketing activities.

‘Third-party cookies’ are cookies from providers other than the controller who operates the website.

Technical methods are used to pseudonymise the user data collected. As a result, the data can no longer be linked to the user accessing the website. The data is not stored together with other personal data of the users.

Upon accessing our website, a cookie consent (info banner featuring a consent function) informs users about the use of the cookies employed by us. The cookie consent allows you to confirm the use of the legally permitted cookies (transient and permanent cookies that are necessary for ensuring website functionality) and/or to apply individual settings or consent to the use of advertising or third-party cookies (e.g. permanent marketing cookies and third-party providers such as Google). Part of our website, especially subpages of europapark.de, are connected with an overarching cookie consent. This is the case when no new banner is shown after you opened a new page.

Upon switching to other websites, you may have to decide once again in a cookie consent if cookies can be used. The settings are also saved as cookies. Cookies will only be used once you have made your decision in the cookie consent. The cookie consent can be accessed at all times in the ‘Cookie settings’ section in the footer in order to change your settings and revoke your consent to the use of functional cookies, analysis cookies and cookies for marketing purposes. Further explanations about cookies can be found in the cookie settings under the cookie list and in our privacy policy.

We have commissioned OneTrust, a service of OneTrust Technology Limited, 82 St John St, Farringdon, London EC1M 4JN, United Kingdom (UK), and the Google Tag Manager, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland, to manage cookies.

Legal basis for data processing

Art. 6 (1) f) GDPR provides the legal basis for processing personal data using temporary or partially permanent cookies that are strictly necessary. Our legitimate interest lies in being able to provide you with a fully functioning website and an appropriate level of operating convenience.

Art. 6 (1) a) GDPR provides the legal basis for processing personal data using cookies that are not strictly necessary.

You will be asked to give your consent the first time you access the website. You may manage your consent status in the ‘Cookie settings’ section located in the website’s footer.

Retention period, right of revocation and right to object

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transmission of cookies by adjusting the settings in your Internet browser accordingly. Cookies that have already been stored can be deleted at any time. This can be done automatically. If cookies are disabled for our website, not all functions of the website may be available to you to their full extent.

You may change your settings for cookies used on our website in the ‘Cookies settings’ section.

Contact form and email contact

Description and scope of data processing

Contact forms, which can be used to contact us electronically, are readily available on our website. If the user makes use of this option, the data entered on the input screen will be transmitted to us and stored by us. This data includes:

  • First name and surname
  • Address details
  • Email address
  • Content of the message
  • Where provided, telephone number

At the time the message is sent, the following data is also temporarily stored:

  • The user’s IP address
  • Date and time of registration

Before the contact form is transmitted, we obtain your consent for the processing of the data and refer you to this Privacy Policy.

Alternatively, you may contact us using the email address provided. In such cases, the user’s personal data transmitted in the email is stored.

The data is not passed on to third parties in this connection. The data is used solely for processing the conversation.

Legal basis for data processing

Art. 6 (1) a) GDPR provides the legal basis for processing data, where consent has been given by the user to do so.

Art. 6 (1) f) GDPR provides the legal basis for processing the personal data that is transmitted in an email or using the contact form. Art. 6 (1) b) GDPR provides the legal basis for processing data where the purpose of the email contact is to conclude a contract.

Purpose of data processing

We process the personal data entered on the input screen solely for the purpose of processing the request. If contact is made by email, this also constitutes the legitimate interest required for processing of the data.

The purpose of the other personal data processed during the transmission of the contact form is to prevent misuse of the contact form and to ensure the safety of our information technology systems.

Retention period

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data entered on the input screen of the contact form and the personal data sent by email, this is the case when the conversation with the user has ended. The conversation is deemed to have ended when the circumstances suggest that the issue has been conclusively resolved.

Additional personal data collected during the transmission of the contact form is usually deleted after a period of seven days.

Objection and deletion options

The user has the right at any time to withdraw their consent to processing of the personal data. If the user contacts us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.

The data can be deleted at any time by logging in to the user profile or by sending an email to datenschutz@europapark.de.

In this case, all personal data stored when contacting us is deleted.

Cookies for analysis and marketing purposes

You may change your settings for cookies used on our website in the ‘Cookie settings’ section located in the website’s footer. You can manage your consent status for individual cookies and entire categories there. Unless otherwise stated, the legal basis for processing is your consent in accordance with Article 6 (1) a) GDPR. Further details on the services integrated on our website are provided in the following.

Web analysis by Google Analytics with anonymisation function

We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as ‘Google’, on our website. Google Analytics uses so-called cookies; these are text files that are stored on your computer and enable an analysis of how you use the website.

The information collected by the cookies, for example, the time, place and frequency of your website visits, including your IP address, is transmitted to a Google server in the USA and stored there.

On our website, we use Google Analytics with the suffix ‘_gat._anonymizeIp’. In this case, your IP address will be truncated by Google within the Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area and thereby anonymised.

Google will use this information to evaluate how you use our website, to compile reports on website activities for us, and to provide further services connected with the use of the website and the Internet. Google will also pass this information on to third parties if necessary, insofar as this is legally stipulated or insofar as third parties process this data on behalf of Google.

Google claims that it will not link your IP address with other Google data under any circumstances. You can prevent the installation of cookies by adjusting your browser settings accordingly; in this case, however, we must point out that not all functions of this website may be available to you to their full extent.

Google also offers a deactivation add-on for the most common browsers, which gives you more control over what data is collected by Google on the websites visited by you. The add-on informs Google Analytics JavaScript (ga.js) that no information about the website visit should be sent to Google Analytics. However, the Google Analytics deactivation add-on for browsers does not prevent information from being transmitted to us or to any other web analysis services used by us. You can find further information on the installation of the browser add-on at this link: https://tools.google.com/dlpage/gaoptout?hl=en

Google Ads

We also use Google Analytics to analyse data from Double-Click cookies and AdWords for statistical purposes. If you do not wish this to take place, you can disable it through the Ads Preferences Manager (https://www.google.com/settings/ads/onweb/?hl=en).

Web analysis by Hotjar

To improve the user experience on our website, we use the Hotjar software (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar makes it possible to record and evaluate user behaviour (mouse movements, clicks, scrolling, etc.). To this end, Hotjar sets cookies on the user’s end device, enabling it to store user data (e.g. browser information, operating system, time spent on the website, etc.) in anonymised form. You can prevent your data from being processed by Hotjar by disabling cookies in your web browser settings and deleting cookies that are already enabled. You can find out more about data processing by Hotjar here: https://www.hotjar.com/privacy.

If you do not wish website analysis to be carried out by Hotjar, you can opt out from this on all websites that use Hotjar by setting a DoNotTrack header in your browser. You can find information about this on the following website: https://www.hotjar.com/opt-out.

External content

You can change your data processing setting for external content in the cookie settings, which can be found either in the footer of the website or via a privacy button. Some of our website offerings have directly integrated external content, e.g. via iFrames. If you have agreed to this, it means that the providers of this external content can set cookies directly for you and can process data. We do not have any direct influence over this data processing. For more information about this, please refer to the respective data privacy statement issued by the provider of the external content.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

Right to information

You have the right to obtain information about your personal data that we process. In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence proving that you are the person you claim to be. (Art. 15 GDPR)

Right to rectification, erasure and restriction

Furthermore, you have a right to rectification or erasure of data or restriction of processing insofar as you are so entitled by law. (Art. 16, 17 and 18 GDPR). In such cases, we are obliged to notify any recipients of the rectification, erasure or restriction of processing of data (Art. 19 GDPR).

Right to data portability

You also have a right to data portability within the framework of the data protection regulations (Art. 20 GDPR). This applies to data that you have provided to us.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is performed based on Art. 6 (1) e) or f) GDPR; this shall also apply for any profiling based on these provisions.

In particular, you have the right to object in accordance with Art. 21 (1) and (2) GDPR to the processing of your data, in particular in connection with direct advertising (newsletter), if this is based on a legitimate interest or a weighing of interests.

Right to withdrawal of the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time and with effect for the future. The withdrawal of consent shall not affect the lawfulness of any processing for which consent was given and which was carried out prior to the withdrawal thereof.

Automated individual decision-making process (including profiling)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or significantly affects you in a similar manner.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual place of residence, place of work or place of the alleged infringement, where it is your opinion that the processing of your personal data is in breach of GDPR regulations (Art. 77 GDPR).

The supervisory authority with which the complaint was lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of judicial remedy pursuant to Article 78 GDPR.