Data Protection Notice
We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. Your data is processed in accordance with applicable personal data protection legislation, in particular the EU General Data Protection Regulation (EU-GDPR) and the country-specific implementation acts applicable to us. With the help of this Data Protection Declaration we provide you with comprehensive information about the processing of your personal data by geobra Brandstätter & Co. KG and the rights to which you are entitled to.
Personal data are the information that make it possible to identify a natural person. In particular this includes your name, date of birth, address, telephone number, email address and also your IP address.
Anonymous data exists if no personal reference to the user can be made.
Responsible body and data protection officer
Address PLAYMOBIL®-FunPark, Brandstätterstraße 5, D - 90513 Zirndorf
Contact of the data protection officer email@example.com
Your rights as a data subject
Initially, we wish to inform you of your rights as a data subject. These rights are standardised in Articles 15 - 22 EU-GDPR. They include:
- The right to information (Article 15 EU-GDPR),
- The right to erasure (Article 17 EU-GDPR),
- The right to rectification (Article 16 EU-GDPR),
- The right to data portability (Article 20 EU-GDPR),
- The right to restrict data processing (Article 18 EU-GDPR),
- The right to object to data processing (Article 21 EU-GDPR),
In order to assert these rights, please contact firstname.lastname@example.org. The same applies if you have questions regarding data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.
Right of objection
Please note the following with regard to the right of objection:
If we process your data for the purposes of direct marketing, you have the right to object to this data processing at any time without stating your reasons. This also applies to profiling insofar as it is associated with direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. The objection can be made free of charge and in free form at: email@example.com.
In the event that we process your data to protect legitimate interests, you may still object to this at any time due to reasons arising from your particular situation. This also applies to profiling based on these provisions.
We will no longer process your personal data unless we can demonstrate compelling and legitimate grounds for doing so which outweigh your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the EU-GDPR and all other applicable data protection regulations. The legal bases for data processing are derived in particular from Art. 6 EU-GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to conduct our contractual relationship, to offer products and services and to strengthen customer relationships, which may also include analyses for marketing purposes and direct marketing.
Your consent also represents a permission regulation under data protection law. In doing so, we will inform you about the purposes of data processing and about your right of revocation. If consent also relates to the processing of special categories of personal data, we will expressly inform you of this as part of the consent procedure, Art. 88 (1) EU-GDPR.
Processing of special categories of personal data within the meaning of Art. 9 (1) EU-GDPR applies only where the law so requires and there is no reason to believe that your legitimate interest in the exclusion of processing is overriding, Art. 88 (1) EU-GDPR.
Transfer to third parties
We shall transfer your data to third parties only within the scope of statutory provisions or with your corresponding consent. Otherwise, personal data shall not be transferred to third parties unless we are obliged to do so due to compelling legal regulations (disclosure to external bodies such as supervisory authorities or law enforcement authorities).
Recipient of the data / Categories of recipients
Within our organisation we ensure that only those individuals receive your data who require it to fulfil contractual and legal obligations. This is secured through the deposit of restricted recipient email addresses in the system to which only certain groups of persons have access, such as for example the hotel reception.
In many cases service providers support our specialist departments in fulfilling their tasks. The necessary data protection agreements were concluded with all service providers.
Third country transfer / Third country transfer intent
Data transfers to third countries (outside the European Union or the European Economic Area) do not take place.
Data storage period
We store your data for as long as they are needed for their respective processing purposes. Please note that numerous retention periods require that data (has to) continue to be stored. This relates in particular to commercial or fiscal retention obligations (e.g. Commercial Code, Tax Code, etc.). Unless there are further retention obligations, data will be routinely erased after their purpose is served.
Additionally,we may retain the data if you have given us your consent to do so, or in the event of legal disputes requiring us to use the data as evidence within the statutory limitation period, which may be up to thirty years; the standard limitation period is three years.
Secure transfer of your data
In order to best protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we employ appropriate technical and organisational security measures. Security levels are continuously reviewed in cooperation with security experts and are adapted to the latest security standards.
Data transfer to and from our website is always encrypted. For our online presence we offer HTTPS as the transmission protocol, at all times using current encryption protocols such as SSL. Additionally we offer our users content encryption as part of contacts forms and bookings. This data can be decrypted only by us. In addition, use of alternative communication channels is possible (e.g. the postal service).
Obligation to provide data
Various personal data are required for the establishment, implementation and termination of obligations as well as for the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
We have summarised the details in the above referenced point. In certain cases statutory regulations require that data be collected or made available. Please note that it is not possible to process your request or to carry out the underlying contractual obligation without the provision of this data.
Categories, sources and origin of data
In each case the context determines which data we process: This depends on, for example, whether you book online or write an enquiry in our contact form or if you send us a cancellation.
Please note that we provide information for specific processing situations separately where appropriate at a suitable location, e.g. when uploading the booking process or in the event of a contact enquiry.
When visiting our website we collect and process the following data:
- Name of the internet service provider
- Details of the website which linked you to ours
- Web browser and operating system used
- The IP address provided by your internet service provider
- Requested data, data transfer volumes, downloads/file export
- Details of the websites you accessed from ours, including date and time
For reasons of technical security (in particular to ward off attempts to attack our web server) this data is saved in accordance with Art. 6 (1) lit. F EU-GDPR. Anonymisation takes place at the latest after 7 days by shortening the IP address, so that no reference is made to the user.
As part of a contact request, we collect and process the following data:
- Surname, first name
- Contact details
- Email address
- Details of wishes and interests
As part of the booking process, we process the following data
- Surname, first name
- Email address
- Telephone number
- Name and, if applicable, age of the guests
- Arrival and departure dates
- Data from other sources which may be processed legitimately
We collect and process the following data for prize drawings:
- Surname, first name
- Email address
- Contact details
Contact form / Contact initiation via email
(Article 6 (1) (a), (b) EU-GDPR)
Our website provides a contact form allowing us to be contacted electronically. If you write to us via the contact form, we use the data provided therein to contact you and to answer your questions and requests.
In doing so we observe the principles of data economy and data avoidance by requiring you to provide only the data which we require to contact you. These are your email address as well as the message field itself. Due to technical necessity and for reasons of legal security, your IP address will also be processed. All remaining data are voluntary fields and may be optionally provided (e.g. for a more individual response to your questions).
Should you contact us by email, we will process the information contained in the email solely for the purpose of processing your enquiry.
Online booking tool
(Article 6 (1) (b) EU-GDPR)
We process the data provided by you through the booking form only for execution and settlement of the contractual relationship if you do not consent to further usage.
We observe the principle of data economy and data avoidance in that you are required to provide us only with the information we need to fulfil the contract or to fulfil our contractual obligations (i.e. your name, address, email address, and any data required by the payment method) or for the collection of data for which we are legally obliged.
Due to technical necessity and for reasons of legal security, your IP address will also be processed. Unfortunately, without this data we will have to decline the conclusion of a contract because we cannot implement it, or possibly we will have to terminate an existing contract. Of course, you can provide voluntarily more data if you wish so.
Registration / Customer account
(Article 6 (1) (a), (b) EU-GDPR)
Our website offers users the opportunity to register by providing personal data. The advantage is that you store your provided data for the booking form. In the event of a new booking, this data does not have to be re-entered.
Registration is necessary for either fulfilment of an agreement (via our booking tool) with you or to carry out pre-contractual measures, or possible if guest access is provided.
The principle of data economy and data avoidance is observed because only the fields necessary for the registration are indicated as mandatory by an asterisk (*). These include, for example, your name, address, the email address as well as the password including password repeat.
For the booking in our online booking tool, we require in addition personal information (first name, surname, street, house number, postal code, city, email address, telephone number) and the names of the individual guests.
Upon registering to our website, the user’s IP address, the date as well as the time of the registration are stored (technical background data). By activation of the button "Register now" you consent to the processing of your data.
Please note that: We store the password you entered in encrypted form. Employees of our company cannot read this password. Accordingly, they are not able to provide you with any information should you forget your password.
In this event use the “Forgot password?” function in order to have an automatically generated new password sent via email. No employee is permitted to ask you for your password either on the telephone or in writing. Never reveal your password in the event you should be asked.
Upon completion of the registration process, your data will be deposited with us for use in the protected customer area. As soon as you have logged onto our website using your email address as a username and your password, this data will be available for actions taken by you on our website (e.g. for booking in our online booking tool). You can enter changes in address in your customer account.
Registered persons are free to independently carry out changes / corrections to the address data. Our customer service will also gladly make changes / corrections for you if you contact them. Naturally you can also cancel or delete your registration and customer account. In this event please contact via email firstname.lastname@example.org or via regular mail PLAYMOBIL®-FunPark, Brandstätterstraße 2-10, D - 90513 Zirndorf
Payment systems / Credit checks
(Article 6 (1) (a), (b), EU-GDPR), (Article 6 (1) (f) EU-GDPR)
Payment of bookings via our online booking tool is done exclusively on account. In preparing our invoice, we use the data provided by you at booking, such as names, address, contact data, arrival and departure dates.
Advertising purposes existing customers
(Article 6 (1) (f) EU-GDPR)
geobra Brandstätter Foundation & Co. KG is interested in maintaining its customer relationship with you and providing you with information and offers regarding events, promotions and offers. Therefore your data is processed in order to send you information and offers via email.
If you do not want this, you may at any time object to the use of your personal data for the purpose of direct marketing; this also applies to profiling insofar as it is connected with direct marketing. In the event an objection is lodged, we will no longer process your data for this purpose.
Naturally you can revoke your consent free of charge and in free form without stating the reasons by telephoning 0911-9666 1966, via email to email@example.com
or via regular mail to PLAYMOBIL®-FunPark, Brandstätterstraße 2-10 D – 90513 Zirndorf
Automated individual decisions
We do not use a purely automated decision making process.
(Art. 6 (1) (f) EU-GDPR / Art. 6 (1) (a) EU-GDPR upon consent)
Our websites use so-called cookies in various places. They serve to make our offer user friendlier, more effective and secure. Cookies are small text files which are stored on your computer (locally on your hard drive) and in your browser.
These cookies enable us to analyse how users use our websites. Thus we can design the website content according to the needs of our users. Cookies also allow us to measure the effectiveness of a given advertisement, and for example, to place it in accordance with the user’s thematic interests.
Most of the cookies we use are so-called "session cookies". These are automatically erased after each session. Permanent cookies are automatically erased from your computer after reaching their expiration date, usually six months, or they have been deleted by you beforehand.
Most web browsers automatically accept cookies. As a rule, you can change your browser’s settings if you prefer not to send this information. You can still use the offers on our websites without restrictions (exception: configuration tools).
Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as the user have full control over the use of the cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. In addition, cookies already set can be erased at any time via an internet browser or other software programmes. This is possible in all common internet browsers.
Please note that: Deactivating cookies may result in not being able to fully utilise certain functions of our websites.
User profiles / Web tracking procedure
In order to meet the requirements and to optimise this website, anonymised data is collected and stored using solutions and technologies from econda GmbH (http://www.econda.de), and usage profiles are generated from these data using pseudonyms. For this purpose, cookies can be used which enable the recognition of an Internet browser. However, user profiles are not combined with data of the user behind the pseudonym without the explicit consent of the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, which means that an assignment of usage profiles to IP addresses is not possible. Visitors to this website may object to the collection and storage of data at any time for future effect at any time (with regard to the right of objection we refer to this link: to revoke the data storage by Econda).
Social plug-ins from social networks
Our website does not use social plug-ins of social networks.
Online offers for children
Persons under the age of 16 may not submit any personal data to us without the consent of their legal guardian, for example a declaration of consent. We encourage parents and guardians to actively participate in the online activities and interests of their children.
Links to other providers
Our website contains clearly recognisable links to the websites of other companies. We have no influence on the content of third-party websites linked from our sites. Therefore no guarantee and liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the contents of these pages.
At the time of linking, the linked pages were examined for possible legal violations and recognizable legal violations. Unlawful contents were not recognisable at the time of linking. However, a permanent control of the content of the linked pages is not reasonable without concrete indications of an infringement. Upon notification of violations of rights, such links will be removed promptly.