1. General Information
2. Which personal data do we process?
3. How and why do we process personal data?
4. Provision of personal data to others (in and outside the EEA)
5. Your rights
6. How long do we store your data?
7. How do we secure your personal data?
8. Cookies
9. Duinrell App
10. Complaints about the use of personal data?

1. General information

Duinrell always follows the applicable privacy legislation, including the General Data Protection Regulation (GDPR). In doing so, we apply a number of basic principles.

 

This means that we will:

 

• Process your personal data in accordance with the purpose for which they were provided. These purposes and types of personal data are described in this privacy statement;
• Limit the processing of your personal data to only those details that are minimally necessary for the purposes for which they are processed;
• Ask for your explicit permission if we need this for the processing of personal data;
• Have taken appropriate technical and organisational measures so that your personal details are protected;
• Not pass on personal data to other parties, unless this is necessary for the execution of the purposes for which they were provided;
• Inform you of your rights regarding the processing of personal data.

 

 

2. What personal data do we process?

We process the personal data that you have given us, for example in the context of your visit to our amusement park and/or holiday park, or that we have obtained through your use of our website, by filling in a contact form, by reporting a complaint or by registering for our newsletter.

 

The personal data that we process may fall into the following categories:

 

Name and contact details

These include your name, the address where you live, gender, date of birth, nationality and sometimes the registration number of your car. We may also store your telephone number and email address. 

 

Information about subscriptions, bookings and purchases

When purchasing a season ticket, making a booking or buying a ticket, in addition to your name and contact details we also process your bank account number, information about the type of season ticket, the length of stay at our park and the composition of the family or travel companions.

 

Images

For the security of you, our employees and our property, we have camera surveillance at our park, around accommodations and in the Tiki Pool. Some cameras at our park save the images. Other cameras only have a live stream. Our security staff are equipped with body cams that are activated in the event of an incident.

 

There are also photo cameras installed at various attractions that capture images of the visitors. The photos can later be purchased by those pictured on them.

 

Information from social media

We may receive information through the social media you use, such as Facebook, Instagram, Snapchat, Twitter, etc. For example, if you log in to our network using one of these services, we may receive your profile on said services. The use of social media such as Facebook, Instagram, Twitter or YouTube is not governed by our terms and conditions and privacy statement, but by the terms and conditions, privacy and cookie statement and other statements of the respective social media. We encourage you to read them carefully if you have any questions about them.

 

Information you provide us

You may share information with us, for example, by participating in a promotional activity such as a contest. We also send out surveys about your experience at Duinrell. If the survey is completed, we will process this information and add it to the personal details already known to us. In addition, these data are shared with our management team. We also process your personal data when you communicate directly with us by email.

 

Information we obtain through our website, apps and other digital media

When you visit our websites or use one of our apps, we may record your IP address, browser type, operating system, buying behaviour, transaction details, voucher codes redeemed, referring website, browsing behaviour and app usage. We may receive an automatic notification when you open a newsletter or click on a link in such a newsletter. Our Cookie Statement explains how we use cookies in this process. 

 

 

3. How and why do we process personal data?

We use your personal data for a number of different purposes. The use we make of your personal data can always be based on one of the principles mentioned in the GDPR. Below we explain the use of your personal data.

 

Executing the agreement 

If you enter into an agreement with us, for example by purchasing a ticket for our amusement park or booking a stay at our holiday park, we need your personal data, such as contact details, to execute the agreement. Without these details we cannot follow up on a reservation or issue a ticket.

 

In addition, we may collect personal data during your visit to our amusement park and/or holiday park, such as the photos that are taken at certain attractions and which you may purchase. At the attractions where a photo is taken, a sign will indicate this. You are then free to decide whether to make use of this attraction.

 

Executing he agreement is the basis for these processes. 

 

Maintaining contact

The contact details we have obtained because you have visited our park are kept in our customer system and can be used by us to send newsletters, updates, invitations to events and to send information that you have requested from us.

 

We base the use of your personal data on the basis of executing the agreement and the justified interest we have in using the data. We therefore do not require your permission to use these contact details. The legitimate interest consists of the fact that we would like you to visit our park again.

 

Improving our information services and marketing activities

We would like to provide you with relevant information so that we can give you a clear picture of our park and our services. Of course, we hope that you will visit our park and continue to do so. This is our legitimate interest in using your personal data.

 

To achieve this aim, we analyse personal data obtained from contact between you and Duinrell, for example via our website. We also analyse personal information about your behaviour, such as your preferences, opinions, wishes and needs. We can derive these data from your surfing behaviour on our website, from reading our newsletters or from your request for information.

 

We also analyse the use of our website. The website's user statistics enable us to get an idea of, among other things, the number of visitors, the length of the visit and which pages of the website are viewed. It concerns the collection of generic data, without personal information. We use the information obtained to improve our website.

 

The basis for these processes is our legitimate interest. For some processing, such as the placement and analysis of cookies, we rely on the basis of consent.

 

Security of persons and property

The camera surveillance is for reasons of safety and security of our employees, visitors to our park and our property. The images recorded are only stored for a limited period of 30 days and then deleted. In the event of an incident, images may be stored for a longer period, for example until the incident is resolved. We base the processing of images on the basis of legitimate interest.

 

Compliance with laws and regulations

We are obliged to keep a so-called 'night register' if you are staying in one of our accommodations. The night register records the name and place of residence of the (principal) guest, the date of arrival and departure and which identity document the (principal) guest has presented. We must be able to show this register to the authorities. This processing is therefore based on a legal obligation.

 

 

4. Transfer of personal data to others [in and outside the EEA]

In order to process your personal data, we may engage service providers (processors) who process personal data solely on our behalf.

 

For example, to process your booking and reservation through our website. We also use services of third parties to send newsletters, commercial emails and online questionnaires as part of customer satisfaction surveys. We conclude a (data) processing agreement with these parties. This agreement states, among other things, that the processors may only act on our instructions, may not use the personal data for their own purposes and must take adequate security measures.

 

The processor outside the EEA that provides us with services to analyse the use of our website is Google Inc. Google is based in the United States and is registered for the EU-US Privacy Shield. You can find more information about this at: https://www.privacyshield.gov/welcome

 

Your personal data will not be shared with third parties for commercial purposes.

 

 

5. Your rights

Every person can, on the basis of the law, exercise certain rights with regard to his or her personal data.

 

For example, you have the right to inspect, correct and delete personal data. You can also object to the use of your data or ask to limit this use. In certain cases, you can even request your data to be transferred to another party. For all these questions, please contact us at [email protected].

 

If we have asked you for permission to process your personal data and you have granted permission, you also have the right to withdraw this permission at any time. Upon receipt of your notification that you are withdrawing your consent, we will immediately follow up on this. The use we made of your personal details up to the moment you withdrew your permission will remain lawful.

 

 

6. How long do we store your data?

We retain your personal data for as long as is necessary for the purpose for which we have obtained the data, unless a statutory retention period applies. If we no longer need the personal details, we remove or anonymise them. Anonymisation means that we ensure that the data cannot be traced back to you.

 

 

7. How do we protect your personal data?

Your privacy is important, so we take the security of your data very seriously. We have taken various measures to ensure that your data is and remains safe. When securing your data, we take into account any processing risks of your data: for example, if it is lost or misused.

 

 

8. Cookies

We use cookies on our website. A cookie is a small text file that is stored on your computer by a web browser. You can block the use of cookies by changing the settings in your web browser. However, this may affect the functioning of the website. For more information, see our Cookie statement.

 

 

9. Duinrell App

Information Automatically Collected In the Duinrell - Official Mobile App.
When you use the App, we automatically collect specific data that are required for the use of the App. This data includes:

 

• Location, accuracy and date/time periodically throughout the day (only while at the attraction)
• Each visit to the resort including date/time first seen and last seen
• Operating system
• Operating system version
• Device name
• Battery level
• Battery status (charging or not)
• Bluetooth status (on or off)
• Mobile network carrier name
• Currently connected Wi-Fi SSID
• Location permission status (on or off)
• IP address
• User's preferred locale
• Current time zone
• App version and build number
• App interactions (captured as events fed to Firebase Analytics and Keen IO)
• Date/time entered/exited geofence region (if you enter an offered geofence region)

 

This data is automatically sent to us, (1) so that we can make the service and the associated functions available to you; (2) to improve the functions and features of the App and (3) to prevent misuse and to rectify malfunctions and (4) to offer you a personalized guest experience. This data processing is justified on the basis that (1) the processing is required in order to fulfil the requirements of the contract between you as the data subject and us in accordance with Art. 6(1)(b) GDPR for the use of the App, or (2) we have a legitimate interest in guaranteeing the functionality and fault-free operation of the App and being able to offer a service that is in line with the requirements of the market and with the interests of the users and prevails over your rights and interests in the protection of your personal data in accordance with Art. 6(1)(f) GDPR.

 

 

10. Complaints about the use of your personal data?

If you have any complaints or questions about how we handle your personal data, you can contact us by sending an e-mail to [email protected]. Complaints can also be sent in writing to: Vakantie- en attractiepark Duinrell, Duinrell 1, 2242 JP Wassenaar, The Netherlands. To ensure that only you have access to your details, we always ask you to send us a copy of your identity document.

 

We will be happy to help you find a solution. Should this not be possible, then it is always possible to turn to the Dutch Data Protection Authority ("Autoriteit Persoonsgegevens").