Themepark & Resort Slagharen, hereinafter referred to as ‘Slagharen’, greatly values the protection of your personal data. In this privacy statement, we provide information about how we handle personal data. We believe it is important that we are reliable and transparent. We therefore handle your personal data discreetly and carefully and we ensure that any processing of your data complies with applicable legislation and regulations. We may change our privacy statement if new developments so demand.
Slagharen complies with the applicable privacy legislation in all cases, including the General Data Protection Regulation (GDPR). This means that in any case we:
- process your personal data in accordance with the purpose for which it was provided. These purposes and the type of personal data are described in this Privacy Statement;
- process only those data of your personal data that are minimally required for the purposes for which they are processed;
- ask for your express permission if we need it to process personal data;
- have taken appropriate technical and organisational measures so that your personal data are protected;
- do not pass on personal data to other parties, unless this is necessary for carrying out the purposes for which they were provided;
- refer you to the rights you have with regard to the processing of personal data.
What personal data do we process?
We process the personal data you have given us in the context of your visit to our themepark and/or resort for example, or obtained by us because you have used our website, filled in a contact form, reported a complaint or when you are signed up to our newsletter.
Your personal data that we process can fall under the following categories:
This includes, for example, your name, the address where you live and other contact details such as your telephone number and e-mail address, but also your date of birth.
Information about subscriptions, bookings and purchases
When purchasing a subscription, making a booking, or buying a ticket, we also process your bank account number, the type of subscription, the duration of the stay at our park and the composition of the family or travel companions.
There is camera surveillance at our park. Cameras are also installed at various attractions that take pictures of visitors. The photographs can be purchased later by the people who are in the photographs.
Information coming from social media
We may receive information through the social media you use, such as Facebook, Instagram, Snapchat, Twitter, etc. If you log in to our network with one of these services for example, we can receive your profile with these services. If you ask a question via social media then we save the data we receive with the data we already have for you. This is so that we can respond as well as possible to your question or comment and we are able to provide a more personal service in future.
Sometimes we may link your social media activities to ours. For example, if you publicly share your own photo of an item that you have bought from Slagharen with the hashtag #ontdekSlagharen through your social media accounts, then we can post that photo on our accounts. We do not do this automatically because we first make a selection of photos. When posting, we always mention your account name: the photo is not ours. If you want us to delete your photo then please send us a private message via our accounts. We will respond to this as soon as possible.
The use of social media such as Facebook, Instagram, Twitter or YouTube is not subject to our terms and conditions and privacy statement, but the terms and conditions, privacy and cookie statement and other statements of the social media in question. We advise you to read them carefully if you have questions about this.
Information that you give to us
You can share information with us, for example by participating in a promotional campaign such as a competition. We also send surveys about your experience with Slagharen. When the survey is filled in, we process this information and add it to the personal data already known. In addition, this data is shared with our management team. We also process your personal data if you communicate with us directly via e-mail.
Information that we obtain through our website, apps and other digital media
You can leave a review on Zoover and similar portals for example. We ask you to do this after you have made a reservation or placed an order. The review you post is visible to others. You choose which name/nickname is shown. We can contact you based on your reviews.
Purposes of use
We use your personal data for a number of different purposes, which are:
Fulfilling an agreement
If you conclude an agreement with us, we need your contact details. This data can also be used for reservations. When you make a reservation or place an order, we process your data in order to complete the reservation properly. This could be communication about your arrival, your visit or a confirmation from our webshop. We use the personal data that you enter when booking/ordering. These personal data are used by us in this case only for this purpose and are only accessible to those within Slagharen who are working on the services you have ordered.
In addition, we may collect personal data during your visit to our theme park and/or resort, such as the photos that are taken at certain attractions and can be purchased by you.
Your contact details are kept in our customer system and can be used for sending newsletters, updates, invitations to events and sending information that you have requested.
Improving our product and service information and implementing targeted marketing campaigns
We are happy to provide you with relevant information. For this purpose, we analyse the following data:
Personal data obtained from contact between Slagharen and you, for example via our website.
Personal data that Slagharen processes about your behaviour, such as your preferences, opinions, wishes and needs. We can derive this data from your surfing behaviour on our website, reading of our newsletters or because you have requested information.
Analysing the use of our website:
The user statistics of the website allow us to get a picture of the number of visitors, the duration of the visit and which pages of the website are being viewed. This is collection of generic data, without information about people. We use the information obtained to improve our website.
Security of people and property:
The camera surveillance is for safety and security reasons. The images are only stored for a limited time and then deleted. In the event of an incident, images can be kept for longer, for example until the incident has been dealt with.
Legal basis of the processing
We only process personal data if there is a legal basis to do so. The legal grounds on which we process personal data are:
If we have requested your permission to process your personal data and you have given this permission, then you also have the right to withdraw this permission. If you are under the age of 16, you must first obtain permission from one of your parents or a legal representative. We therefore ask you not to provide information to us if you have not yet received permission.
Agreement or in the run-up to concluding an agreement:
If you have concluded an agreement with us, we process personal data if and insofar as this is necessary for the performance of the assignment.
We may also process personal data if we have a legitimate interest in doing so and this does not disproportionately infringe your privacy. For example, we use your contact details to invite you to take advantage of special promotions, such as savings campaigns, competitions or discounts in which you can participate.
Providing personal information to others
We may use service providers (processors) to process your personal data that process personal data exclusively on our instructions. We conclude a processing agreement with these processors. This processing agreement states, among other things, that the processors only act on our instructions and are not allowed to use the personal data for their own purposes.
We work together with other parties, such as suppliers. Although we have carefully selected these, we are not responsible for the processing of your data via these websites. Our privacy statement does not apply to this. Your personal data will not be shared with third parties for commercial purposes.
We carry out anti-fraud investigation. We want to prevent financial and/or reputational damage as a result of fraud. Your transaction details can be misused by others to commit fraud. Fraud prevention is therefore, in addition to our interest, especially in your interest.
Fraud is a collective term for, among other things, theft, embezzlement, forgery, deception and swindling. Based on our own investigation, we determine whether there is fraud. If there is indeed fraud or a suspicion of fraud, this is discussed and we examine the reservation in detail and make extra checks at check-in.
We process the following data among other things in the context of anti-fraud investigation:
- Your personal data;
- Information regarding the visit to our website such as reservation details;
- Transaction details;
- Bank account numbers;
We can provide your details in the context of criminal investigation.
To ensure that someone makes sure that your data is processed as required by law, we have a privacy committee for data protection. This team’s work includes monitoring, dealing with questions and complaints and advising on the security and processing of your data.
Anyone can exercise certain rights with respect to his or her personal data based on the law. You have the right to inspect, rectify and erase personal data. You can also object to the use of your data or ask for this use to be limited. In certain cases, you can even retrieve your data and take them to another party. For all these issues, please contact our privacy committee at firstname.lastname@example.org.
How long do we keep your data?
We keep your personal data as long as necessary for the purpose for which we have obtained the data, unless a statutory retention period applies. In general, we do not keep your data for longer than is necessary for the purpose for which we have collected your data. We then erase or anonymise this data. Anonymisation means that we ensure that the data can no longer be traced back to you.
Your privacy is important so we take the security of your data very seriously. We have taken various measures to ensure that your data is and remains safe. In the security of your data, we take the possible processing risks of your data into account: for example, when they are lost or used unlawfully. Below we list a number of our security measures for you:
- We ensure that your account is secure and that no one can log in externally or internally and can access your data. Your password is encrypted with us;
- We regularly use automatic security scans on our website;
- Communication via the website, e-mail or app is safe;
- We continuously monitor whether (clandestine) break-in attempts are being made. We repair vulnerabilities and take measures in case of a break in;
- We use the latest technologies and software;
- We have many systems that communicate with each other. We ensure that we send data in a secure and controlled manner from one system to another;
- We protect our systems against malware, viruses, cryptoware and hacking software;
- Only Slagharen employees who need access to your data in order to do their work can access your data;
- We log break-in attempts and our employees’ use of your data so that we can keep track of what is happening;
Third parties who need access to your data are required to take appropriate technical and organisational security measures and to oblige their employees to observe secrecy.
Security incident/data breach
When there is a security incident, such as theft of a laptop or our systems are hacked, we respond directly to this. We investigate whether it concerns a vulnerability (vulnerability in our security) or a data breach (loss or unlawful processing of your data). We will stop security and data leaks as quickly as possible. In the case of a data breach, we will engage the Dutch Data Protection Authority within 72 hours, unless it is unlikely that the data breach will pose a risk to your privacy. If it is a data breach with a high risk for your privacy (for example if a lot of sensitive data has been leaked) then we are obliged to report the leak to you. If you find a security incident or data breach at Slagharen, please send an e-mail directly to our privacy committee at email@example.com.
If you have complaints about how we handle your personal data, you can contact us by sending an e-mail to firstname.lastname@example.org. We always ask you to send us proof of identity to ensure that only you obtain access to your data.
We are happy to help you find a solution. If that is not possible, you can always contact the Dutch Data Protection Authority.