Theme Park & Resort Slagharen, hereinafter referred to as ‘Slagharen’, attaches great importance to protecting your personal data. In this privacy statement, we provide information about how we treat personal data. We believe it is important that we are reliable and transparent. We, therefore, treat your personal data discreetly and carefully and we ensure that all processing of your data complies with applicable legislation and regulations. We may adjust our privacy statement if new developments require it.
Slagharen adheres in all cases to the applicable privacy legislation, including the General Data Protection Regulation (GDPR). This means that in any case we:
- Process your personal data in accordance with the purpose for which they were provided. These purposes and type of personal data are described in this Privacy Statement;
- Processing of your personal data is limited to only those data that are minimally necessary for the purposes for which they are processed;
- Ask for your explicit permission if we need it to process personal data;
- Have taken appropriate technical and organizational measures so that your personal data are protected;
- Do not transfer personal data to other parties, unless this is necessary for the purposes for which they were provided;
- Refer you to the rights that you have with regard to the processing of personal data.
What personal data do we process?
We process the personal data that you have provided to us, for example in the context of your visit to our theme park and/or resort, or that we have obtained because you have used our website, filled out a contact form, reported a complaint or signed up for our newsletter.
Your personal data that we process can fall into the following categories:
This includes for example your name, the address where you live and other contact details such as your telephone number and e-mail address, but also your date of birth.
Information about subscriptions, bookings and purchases
When purchasing a subscription, making a booking, or purchasing a ticket, in addition to contact details, we also process the number of your bank account, the type of subscription, the duration of the stay at our park and the make-up of the family or travelling companions for example.
We have camera surveillance at our park. Cameras are also installed at various rides that take pictures of visitors. The photographs can be purchased later by the persons on the photographs.
Information from social media
We may receive information via the social media you use such as Facebook, Instagram, Snapchat, Twitter, etc. For example, if you log into our network with one of these services, we may receive your profile for the services listed. If you ask a question via social media then we keep the data we receive with the data we already have for you. We do this in order to respond as well as possible to your question or comment and to provide a more personalized service to you at a later date.
Sometimes we can link your social media activities to ours. For example, if you publicly share your own photograph of an item you purchased at Slagharen with the hashtag #ontdekSlagharen via your social media accounts, then we can post that photograph on our accounts. We do not do this automatically because we first make a selection of photographs. When posting, we always state your account name: the photograph is not ours, after all. If you want us to delete your photograph please send us a private message via our accounts. We will respond as quickly as possible.
The use of social media such as Facebook, Instagram, Twitter or YouTube is not subject to our terms and conditions and privacy statement, but to the terms and conditions, privacy and cookie statement and other statements of the relevant social media. We recommend that you read these carefully if you have any questions about this.
Information you provide to us
You can share information with us, for example by participating in a promotional action such as a competition. We also send out surveys about your experience with Slagharen. If the survey is completed, we will process this information and add it to the already known personal data. In addition, these data are shared with our management team. We also process your personal data if you communicate with us directly via e-mail.
Information we obtain through our website, apps and other digital media
You can leave a review on Zoover and other portals for example. We ask you to do this after you have made a reservation or order. The review you post is visible to others. You choose which name/nickname is displayed. We can contact you in response to given reviews.
Purposes of use
We use your personal data for a number of different purposes. These are:
Fulfilling an agreement.
If you conclude an agreement with us, we need your contact details. This information can also be used for reservations. When you make a reservation or order, we will process your data to complete the reservation properly. This includes communication regarding your arrival, your visit or confirmation from our online store. We use your personal data that you provide when reserving/ordering to do this. These personal data are only used by us for this purpose in this case and are only accessible to those at Slagharen who are involved with the services you have ordered.
In addition, we may collect personal data during your visit to our theme park and/or resort such as the photos that are taken at certain attractions and which can be purchased by you.
Your contact details are kept in our customer system and can be used for, among other things, sending newsletters, updates, invitations to events and sending information that you have requested from us.
Improving our product and service information and carrying out targeted marketing campaigns.
We are happy to provide you with relevant information. We analyze the following data for this purpose:
Personal data obtained from contact between Slagharen and you, for example via our website.
Personal data that Slagharen processes about your behavior, such as your preferences, opinions, wishes, and needs. We can derive these data from your surfing behavior on our website, reading our newsletters or because you have requested information for example.
Analyzing the use of our website:
The user statistics of the website enable us to get a picture of the number of visitors, the duration of the visit and which pages of the website are viewed. It concerns the collection of generic data, without information about persons. We use the information obtained to improve our website.
Protection of persons and property:
Camera surveillance is present for safety and security reasons. The images are only kept for a limited duration and then deleted. In the event of an incident, images can be kept for longer, for example, until the incident is settled.
Legal basis of the processing
We only process personal data if there is a legal basis for this. The legal grounds on which we process personal data are:
If we have requested your permission to process your personal data and you have granted this permission, you will always have the right to withdraw this permission. If you are younger than 16, you must first get permission from one of your parents or a legal representative. We, therefore, ask you not to provide us with any data if you have not yet received permission.
Agreement or in the run-up to the conclusion of an agreement:
If you have entered into an agreement with us, we process personal data if and insofar as this is necessary for the performance of the assignment.
We may also process personal data if we have a legitimate interest and this does not disproportionately infringe your privacy. For example, we use your contact details to invite you to special promotions, such as savings promotions, contests or promotions you can participate in.
Providing personal data to others
The owner of Slagharen, Parques Reunidos, processes your personal data in the CRM system. We can also use service providers (processors) to process your personal data, which process personal data exclusively on our behalf. We conclude a processing agreement with these processors. This processing agreement states, among other things, that the processors act solely on our instructions and may not use the personal data for their own purposes.
We work together with other parties, such as suppliers. Although we have carefully selected these, we are not responsible for the processing of your data through these websites. Our privacy statement does not apply to this. Your personal data is not shared with third parties for commercial purposes.
We conduct anti-fraud investigations. This is to prevent financial and/or reputation damage as a result of fraud. Your transaction data may be misused by others to commit fraud. Fraud prevention is therefore not only in our interest but also in your interest.
Fraud is a collective name for, among other things, theft, embezzlement, forgery, deception and swindling. Based on our own investigation, we determine whether there is a fraud. If there is indeed (a suspicion of) fraud, this will be discussed and we will examine the reservation in detail and proceed to additional controls at check-in.
Among other things, we process the following data in the context of anti-fraud investigations:
- Your personal data;
- Information concerning the visit to our website, such as reservation details;
- Transaction data;
- Bank account numbers:
We can provide your data for the purpose of a criminal investigation.
To ensure that your data is processed as required by law, we have set up a privacy committee for data protection. The activities of this team include supervision, handling questions and complaints and advising on the security and processing of your data.
Anyone can exercise certain rights with regard to his or her personal data based on the law. This means you have the right to access, correction and erasure of personal data. You can also object to the use of your data or ask to limit this use. In certain cases, you can even retrieve your data and take them to another party. For all these questions, please contact our privacy committee at firstname.lastname@example.org.
How long do we keep your data?
We keep your personal data for as long as necessary for the purpose for which we obtained the data unless a legal retention period applies. In general, we do not keep your data longer than necessary for the purpose for which we collected your data. After this, we delete or anonymize these data. Anonymising means that we ensure that data cannot be traced back to you.
Your privacy is important, so we take the security of your data very seriously. We have taken various measures to ensure that your data is and remains safe. When protecting your data, we take into account the possible processing risks of your data: for example, when these are lost or used unlawfully. Below we list a number of our security measures for you:
- We ensure that your account is secure and that nobody can log in from outside or inside and access your data in this way. Among other things, your password is encrypted with us;
- We regularly carry out automatic security scans of our website;
- Communication via the website, e-mail or app is secure;
- We constantly monitor whether (secret) breaching attempts are being made. We repair vulnerabilities and take measures in the event of breaches;
- We use the latest technologies and software;
- We have many systems that communicate with each other. We ensure that we send data securely and in a controlled manner from one system to another;
- We protect our systems against malware, viruses, cryptoware and hacking software;
- Only employees of Slagharen who need access to your data to do their work can access your data;
- We log attempts to break in and the use of your data by our employees so that we can keep track of what is happening.
Third parties who need access to your data are required to take appropriate technical and organizational security measures and to oblige their employees to maintain confidentiality.
Security incident/data breach
If there is a security incident, such as theft of a laptop or a hack in our systems, we respond immediately. We investigate whether it is a security breach (weakness in our security) or a data breach (loss or unlawful processing of your data). We will close security and data breaches as quickly as possible. In the event of a data breach, we engage the Dutch Data Protection Authority within 72 hours, unless it is unlikely that the data breach will pose a risk to your privacy. If it is a data breach with a high risk to your privacy (for example if a lot of or sensitive data have been leaked) then we are also obliged to report the breach to you. If you have found a security incident or data breach at Slagharen, send an email to our privacy committee immediately at email@example.com.
If you have any complaints about how we handle your personal data, you can contact us by sending an email to firstname.lastname@example.org. To ensure that only you can access your data, we always ask you to first send us a copy of your proof of identity.
We are happy to help you find a solution. If that does not work, you can always contact the Dutch Data Protection Authority.