Privacy statement

Privacy policy

Phantasialand Schmidt-Löffelhardt GmbH & Co. KG
Phantasialand Verwaltungsgesellschaft mbH
Phantasialand Gastronomie GmbH

This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online service and its related websites, functions and content, as well as external online presence, such as our social media profile (hereinafter collectively referred to as “online service”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Scope of application

The following information refers to and applies to the domains and mobile applications listed below.

Our websites (online presences) include the domains:

www.phantasialand.de and associated subdomains, for example  www.magazin.phantasialand.de, www.shop.phantasialand.de and www.phantasialandblog.de

Our mobile applications include:

https://itunes.apple.com/de/app/phantasialand/id1320768629?mt=8 (iTunes)
https://play.google.com/store/apps/details?id=de.phantasialand (PlayStore)

Types of data processed:

- Inventory data (e.g., names, addresses).
- Contact details (e.g., e-mail, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., visited websites, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).

Categories of persons concerned

Visitors and users of the online service (hereinafter referred to as "users").

Purpose of processing

- Provision of the online service, its functions and contents.
- Answer contact requests and communicate with users.
- Security measures.
- Coverage/marketing

Terms used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

"Processing" means any operation or series of operations in connection with personal data carried out with or without the aid of automated procedures. The term has a very broad meaning and covers practically every type of data handling.

"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that personal data is not attributed to an identified or identifiable natural person.

"Profiling" means any automated processing of personal data where the purpose is the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.

“Controller " means the natural or legal person, authority, institution or other body that alone or together with others decides on the purposes and means of processing personal data.

"Processor" means a natural or legal person, authority, institution or other body processing personal data on behalf of the controller.

Applicable legal bases

The following gives information on the legal basis of our data processing activities in accordance with Art. 13 GDPR. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and performance of contractual measures as well as for answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f DSGVO. Art. 6 para 1 lit. d GDPR serves as the legal basis in the event that the vital interests of the data subject or another natural person require the processing of personal data.

Security measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 GDPR.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. We have also established procedures to ensure the exercise of data subject rights, deletion of data and reaction to endangerment of data. We already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presetting (Art. 25 GDPR).

Collaboration with contract processors and third parties

If we disclose data to other persons and companies (contract processors or third parties) within the context of our processing, transmit it to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 lit. b GDPR is necessary for contract  fulfilment), to which you have given your consent, if there is a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). 

If we commission third parties with the processing of data on the basis of what is referred to as an "order processing contract", this is performed on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR apply. This means, for example, that processing is performed on the basis of special guarantees, such as the officially recognised level of a data protection corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (referred to as  "standard contractual clauses").

Rights of data subjects

In accordance with Art. 15 GDPR you have the right to request confirmation whether the data concerned is being processed and to request information about this data as well as further information and a copy of the data.

In accordance with Art. 16 of the GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.

In accordance with Art. 20 GDPR you have the right to request to be provided with the data concerning you that you have provided to us and to request its transmission to other responsible persons. 

In accordance with Art. 77 GDPR you also have the right to file a complaint with the competent supervisory authority.

Right of revocation

You have the right to revoke consents granted in accordance with Art. 7 para. 3 GDPR with effect for the future.

Right of objection

You can object to the future processing of the data concerning you at any time in accordance with Art. 21 GDPR. The objection may be lodged in particular against processing for direct marketing purposes.

Cookies and right of objection in direct advertising

"Cookies" are small files that are stored on the user's computer. Various information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes their browser. For example, the content of a shopping basket in an online shop or a login status can be stored in such a cookie. Cookies are referred to as "permanent" or "persistent" if they remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. Likewise, the users interests may be stored in such a cookie and used for coverage or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the controller for operating the online service (otherwise, if they are only cookies offered by the controller for operating the online service, they are referred to as "first-party cookies").

We may use temporary and permanent cookies and clarify this as part of our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions with this online service.

A general objection to the use of cookies used for online marketing purposes can be found in a large number of services, particularly in the case of tracking, via the US site http://www.aboutads.info/choices/or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be blocked by deactivating them in the browser settings. Please note that in this case not all of the functions of this online service can be used.

Deletion of data

The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If data are not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

According to German legal requirements, the retention period is 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters).

Business-related processing

We also process

- Contract data (for example, object of the contract, term, customer category).
- Payment data (e.g., bank details, payment history)


from our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

Order processing in the online shop and customer account

We process our customer’s data as part of the order processes in our online shop to enable them to select and order the selected products and services, as well as to execute their payment and delivery.

The processed data includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing takes place for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer services. We use session cookies for storing the contents of the shopping cart and permanent cookies for storing the login status.

Processing is carried out on the basis of Art. 6 Para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The information marked as necessary is required to establish and fulfil the contract. We disclose the data to third parties only within the context of delivery, payment or within the context of legal permits and obligations to legal advisors and authorities. The data will only be processed in third countries if this is necessary for the fulfilment of the contract (e.g. at the customer's request upon delivery or payment).

Users have the option of creating a user account in which they can see their orders. During the registration process the users are informed of the required mandatory information.  The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data with regards to the user account is deleted, unless retention is necessary for commercial or tax reasons according to Art. 6 Para. 1 lit. c GDPR. Data in the customer’s account is retained up to its deletion unless archived in the case of a legal obligation. It is the user's responsibility to save their data before the end of the contract if they have given notice of termination.

When registering at each login and using our online services we store the IP address and the time of the particular user action. The data is stored on the basis of our legitimate interests as well as the user's protection against misuse and other unauthorized use. This data is not passed to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so according to Art. 6 Abs. 1 lit. c GDPR.

The data is deleted after the expiry of statutory warranty and comparable obligations, the requirement to retain the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

External payment service providers

We use external payment service providers through whose platforms the users and we can carry out payment transactions (e.g., each with a link to the privacy policy)
Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full),
Visa (https://www.visa.de/datenschutz),
Mastercard (https://www.mastercard.de/de-de/datenschutz.html),
American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

As part of the fulfilment of contracts we employ payment service providers on the basis of Art. 6 para. 1 lit. b. GDPR. We also employ external payment service providers on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. b. GDPR to provide our users with effective and secure payment options.

The data processed by the payment service providers includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, total sums and recipient information. This information is required to execute the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card related information, but only information with confirmation or negative information about the payment. The data may be transferred by the payment service providers to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. For this we refer to the terms and conditions and data protection information of the payment service providers.

Applicable for payment transactions are the terms and conditions and the data protection information of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We refer to these also for the purpose of further information and assertion of rights of revocation, information and other interested parties.

Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks as well as the organisation of our company, financial accounting and compliance with legal obligations, e.g. archiving. We process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, prospects, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data; therefore tasks which serve the maintenance of our business activities, perception of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication is the same as the information provided in these processing activities.

We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.

We also store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of making contact at a later date. We store this data, which is mainly company-related, permanently.

Business analyses and market research

In order to operate our business economically, to be able to recognize market tendencies, wishes of the contracting parties and users, we analyse the data available to us on business processes, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online service. 

The analyses are carried out for the purpose of economic evaluations, marketing and market research. We can take into account the profiles of registered users with information, e.g. on the services they have used. The analyses is used to increase the user-friendliness, the optimisation of our offer and the economic efficiency. We alone use analyses and they are not disclosed externally, unless they are anonymous analyses with summarised values. 

If these analyses or profiles are personal, they will be deleted or made anonymous upon the user’s termination, otherwise after two years from the conclusion of the contract. Overall economic analyses and general trend determinations are prepared anonymously wherever possible.

Registration function

Users can create a user account in our online shop (shop.phantasialand.de). During the registration process the users are informed of the required mandatory information which is processed on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of providing the user account. The processed data includes in particular the login information (name, password and an e-mail address). The data entered during registration is used for using the user account and its purpose. 

Users can be notified by e-mail of information relevant to their user account such as technical changes. If users cancel their user account, their data relating to the user account is deleted, subject to a legal obligation to retain data. It is the user's responsibility to save their data before the end of the contract if they have given notice of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

As part of the use of our registration and login functions and using our online services we store the IP address and the time of the particular user action. The data is stored on the basis of our legitimate interests as well as the user's protection against misuse and other unauthorized use. This data is not passed to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so according to Art. 6 Abs. 1 lit. c GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.

Making contact

When contacting us (using the contact form, e-mail, telephone or social media), the user's details are used for handling the contact enquiry and its processing in accordance with Art. 6 para. 1 lit. b) GDPR. User information can be stored in a customer relationship management system ("CRM system") or comparable enquiry organisation.

We delete the enquiries as soon as they are no longer required. We review this requirement every two years; the statutory archiving obligations also apply.

Newsletter

The following information is to notify you regarding the contents of our newsletter and the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter you agree to its receipt and the procedures described.

Contents of the newsletter: We will only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter "newsletters") with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described as part of a registration, they are deemed to have the consent of the user. Our newsletters also contain information about our services and us.

Double opt-in and logging: The registration for our newsletter uses procedure referred to as a double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register using different e-mail addresses. Subscriptions to the newsletter are logged to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The changes to your data stored with the shipping service provider are also logged.

The dispatch of the newsletter and the associated performance measurement are based on the recipient's consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 para. 1 lit. f. GDPR in conjunction with § 7 para. 3 UWG. 

The registration procedure is logged on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide proof of consent.

Cancellation / Revocation – You can cancel the receipt of our newsletter at any time, this means to revoke your consent.  Click on the following link to cancel the newsletter:

Unsubscribe to the newsletter

You will also find this link at the end of each newsletter. To protect our legitimate interests, we may store the e-mail addresses we have unsubscribed for up to three years before we delete them, in order to be able to prove a previously given consent. The processing of these data is limited to the possible defence against any claims. An application for cancellation can be made at any time, provided that the existence of previous consent is confirmed at the same time.

Newsletter – Shipping service provider

The newsletter is sent by the shipping service provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany The shipping service provider’s privacy policy can be viewed under: https://www.inxmail.de/datenschutz. The shipping service provider is used on the basis of our legitimate interests according to Art. 6 para. 1 lit. f GDPR and an order processing contract according to Art. 28 para. 3 S. 1 GDPR.

The shipping service provider can use the recipient's data in pseudonymous form, i.e. without assignment to a user, to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletter or for statistical purposes. However, the shipping service does not use the data of our newsletter recipients in order to write to them themselves or to pass the data on to third parties.

Newsletter - Performance measurement

The newsletters contain what is referred to as a "web-beacon", i.e. a pixel-sized file which is downloaded from our server when the newsletter is opened or, if we use a shipping service provider, from their server. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. 

This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. This information can be assigned to the individual newsletter recipients for technical reasons. However, it is neither our endeavour, nor, if used, that of the shipping service provider, to observe individual users. These evaluations are used more to recognise the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

Hosting and e-mailing

The hosting services we use are designed to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, e-mailing, security and technical maintenance services we use to operate this online service. 

In this context we, or our hosting provider process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in an efficient and secure provision of this online service acc. to Art. 6 para. 1 lit. f GDPR in connection with Art. 28 GDPR (conclusion of data processing contract).

Collection of access data and log files

We, or our hosting provider, collect the following data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, on each access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Logfile information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 30 days and then deleted.  Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

Google Tag Manager

Google Tag Manager is a solution with which we can manage website tags via an interface (and integrate Google Analytics and other Google marketing services into our online service, for example). The Tag Manager itself (which implements the tags) does not process any of the user’s personal data. With regard to the processing of users' personal data, reference is made to the following information on the Google services. Guidelines for use: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of Art. 6 para. 1 lit. f GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”).  Google uses cookies. The information generated by the cookie about the use of the online service by the users is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online service by users, to compile reports on the activities within this online service and to provide us with further services related to the use of this online service and internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.

We use Google Analytics only with enabled IP anonymization. This means that Google will truncate the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Your full IP address will only be transmitted to a Google server in the USA and truncated there in exceptional cases.

The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online service and the processing of such data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent future collection by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again):

Deactivate Google Analytics

For more information about Google’s data usage, setting and objection options, please read Google’s Privacy Policy  (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymized after 26 months.

Google Remarketing

The provider uses the Google Inc. ("Google") remarketing or "similar target group" function on the website. This feature enables the provider to target visitors to the website with advertising by delivering personalized, interest-based ads to visitors to the provider's website when they visit other websites on the Google Display Network. Google uses cookies to analyse website usage, which forms the basis for creating interest-based advertisements. Google stores a small file with a sequence of numbers in the website visitor’s browsers. This number is used to record visits to the website and anonymized data on the use of the website. None of the visitor’s personal data is stored to the website. If you subsequently visit another website in the Google Display Network, you will see ads that are highly likely to include previously accessed product and information areas. You can permanently deactivate the use of cookies by Google by following the following link and downloading and installing the plug-in provided: https://www.google.com/settings/ads/plugin. Alternatively, you can disable the use of cookies by third parties by visiting the deactivation page of the Network Advertising Initiative at (Network Advertising Initiative) under http://www.networkadvertising.org/choices/ and implementing the additional opt-out information given. For more information about Google Remarketing and Google's privacy policy, please visit: http://www.google.com/privacy/ads/.

Google AdWords & Conversion-Tracking

We use the "Google AdWords" online advertising program and conversion tracking as part of Google AdWords. The Google Conversion Tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an ad served by Google, a conversion tracking cookie is placed on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.

If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. This means that it is not possible to track AdWords customers via cookies on the websites.

The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers can see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users.

If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies by setting your browser software accordingly (deactivation option). They are then not included in the conversion tracking statistics. Further information and Google's privacy policy can be found at: http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/

However, we would like to point out that you may not be able to use all functions on our website in this case. By using this website, you are declaring that you consent to the data collected by Google being processed in the manner and for the purpose described.

Facebook-Pixel, Custom Audiences, Facebook-Conversion & Facebook Remarketing/Retargeting

To support our legitimate interests in the analysis, optimisation and economic operation of our online service the "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used within our online service.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

With the help of the Facebook pixel, Facebook is able to determine the visitors of our online service as a target group for the presentation of ads (referred to as "Facebook ads"). Therefore we use the Facebook pixel to display the Facebook ads we post only to Facebook users who have also shown an interest in our online service or who have certain features (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to Facebook (referred to as "custom audiences"). We also use the Facebook pixel to ensure that our Facebook ads meet the potential interest of users and are not a nuisance. The Facebook pixel also helps us understand the effectiveness of Facebook ads for statistical and market research purposes by showing whether users have been redirected to our website after clicking on a Facebook ad (referred to as "conversion").

Our website incorporates remarketing tags used by the social media network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. When you visit our website, the remarketing tag will establish a direct connection between your browser and the Facebook server. This will inform Facebook that you (along with your IP address) have visited our website. This enables Facebook to trace your visit on our website to your user account. We can use the information obtained from this process to display Facebook ads. We would like to point out that, as the operator of the website, we are not aware of the transmitted data or how it is used by Facebook. For further information on this matter, please see Facebook's privacy policy at https://www.facebook.com/about/privacy/. If you do not wish your data to be recorded by Custom Audience, you can deactivate Custom Audiences here.

Facebook processes the data in accordance with Facebook's Data Usage Policy. General information on the display of Facebook ads is contained in Facebook's Data Usage Policy: https://www.facebook.com/policy.php. For specific information and details about the Facebook Pixel and how it works, visit the Facebook Help section: https://www.facebook.com/business/help/651294705016616.

You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what types of ads you see within Facebook, you can visit the page set up by Facebook and follow the instructions on usage-based advertising preferences: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You may also object to the use of cookies for coverage and promotional purposes via the opt-out page of the Network Advertising Initiative  (http://optout.networkadvertising.org/) and additionally to the US website (http://www.aboutads.info/choices) or the European website  (http://www.youronlinechoices.com/uk/your-ad-choices/).

Twitter Social Plugins

Our website incorporates plugins for the social media network Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Twitter plugins (tweet buttons) are marked by a Twitter logo on our website. You will find an overview of the various tweet buttons here:

http://dev.twitter.com/

When you visit a page on our website, the plugin will establish a direct connection between your browser and the Twitter server. This will inform Twitter that you (along with your IP address) have visited our website. If you click the Twitter tweet button while you are logged into your Twitter account, you will be able to link content from our website to your Twitter profile. This enables Twitter to track your visit to our website to your user account. Even if you are not a member of Twitter, there is still a risk that Twitter will be able to obtain your IP address and store it. We are not aware of which and how much data is transmitted to Twitter and are unable to influence this. For further information on this matter, please see Twitter's privacy policy at:

http://twitter.com/privacy

If you do not want Twitter to be able to trace your visit on our website to your Twitter user account, please log out of your Twitter account before visiting our website.

Swat.io

We use swat.io to edit our social media channels. The provider is "Die Socialisten" Social Software Development GmbH Andreasgasse 6, Top 1, 1070 Vienna.

The basis for data processing is Art. 6 para. 1 lit. F GDPR. We have a legitimate interest in analysing user behaviour and optimising efficient communication, customer service and our advertising.

Playbuzz.com

The HTML codes of Playbuzz Playbuzz Ltd, 3 Aluf Kalman Magen St., Building A, 1st Floor, Tel. Aviv, 6107075 (Israel) are included on the website www.phantasialandblog.de. When you visit a sub-page of our website that includes such a Playbuzz HTML code, the browser connects you to Playbuzz's servers. The content of the HTML code is sent directly from Playbuzz to the browser on which the page you are viewing is based, so Playbuzz processes your data in this process. Refer to Playbuzz's privacy policy to see what data Playbuzz collects and for what purposes www.playbuzz.com/PrivacyPolicy. We have neither influence on their data handling processes nor are we aware of the full extent of data collection, the purposes and the storage periods.

Online presence in social media

We maintain online presences within social networks and platforms to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. 

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us within social networks and platforms, e.g. write articles on our websites or send us messages.

Use of Webfonts

A JavaScript code will be loaded on our website. If you have activated JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal data. We do not know which data is linked to the data received and for what purposes this data is used. To prevent the execution of JavaScript code altogether, you can install a JavaScript blocker (e.g. www.noscript.net).

On our site we use the following webfonts:

Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043 USA (further information can be found in Google's privacy policy)

Revocation, right to information, right to correction, deletion and blocking

You have the right to obtain information about which personal data we have stored at any time, including the origin and recipient of your data and the purpose for which it is processed. In addition, you can obtain information about personal data or object to the use of personal data at any time or revoke your consent. Please withdraw your approval or request in writing or by email by contacting:

Phantasialand Schmidt-Löffelhardt GmbH & Co. KG
Datenschutzbeauftragte
Herta Becker
Berggeiststraße 31 – 41
D - 50321 Brühl

E-Mail: herta.becker@phantasialand.de

Information regarding the use of personal data can be found on the corresponding section of our website and cannot be amended retrospectively.

Data acquisition for regional identification codes

Phantasialand Brühl records the regional identification code on the number plates of all arriving vehicles. It does not store the individual number plates for individual vehicles belonging to its visitors. The camera's signal is rendered anonymous by the local storage device and then immediately deleted.