Privacy declaration Toverland B.V.
Your privacy is very important to Toverland B.V. Therefore we shall process and use your data in a safe manner according to the General Data Protection Regulation (GDPR). This privacy declaration is written to explain which kind of information we collect from you and why we are doing this. You can also read about your rights with regards to data processing. For any question regarding your privacy, please contact us via firstname.lastname@example.org.
Article 1: Who are we?
Toverland B.V. is a limited company located in (5975 MR) Sevenum at Toverlaan 2. We are registered with the Kamer van Koophandel (Chamber of Commerce) under number 14067923. We are responsible for processing your personal data.
Article 2 Which data do we use?
Below you can find a summary of the kind of information we process from you, why we are doing this, what legal grounds we have to collect and process your data and for how long your data is stored.
As a visitor of our park we process your name, the name of your business if applicable, address, email and any other data needed to deliver the best possible service to you. Think hereby of the age of our visitors, perhaps a signature and other (personal) information you fill in while making a booking. This data helps us to make you a satisfied customer during the running time of our agreement. The data is stored up to 1 year after ending our agreement. After this period, your data will be anonymised. Your data will also be stored by our CDP for a maximum of 5 days unless you have had an annual pass for the past 2 years, registered for our newsletter or filled in a (contact) form on our website in the past 2 weeks.
In case of a group request, including a school trip, we additionally process the name of your organisation, business address, phone number, email address, billing address, age and height of the persons from that group and contact details of the contact person.
If you have an annual pass, we process your name, gender, email address, phone number and date of birth. Optionally, you can also leave your address behind. Your in-park purchases including food & beverages are also stored in our CDP system if your annual pass was scanned at the till. This information will be removed after a maximum of 2 years when cancelling your annual pass. With guest passes, we additionally process the name, address, phone number and gender of the applicant.
When you stay in our accommodation we process the title, initials, surname, address, language, email address, phone number, date of birth and annual pass number if applicable from the main guest. From the other guests included in the booking we process the name, date of birth and annual pass numbers if applicable. We store this data up to 7 years after your last stay.
When you make a (business) request for an event we process the name of your organisation, gender, name, address, title, position, billing address, phone number and email address. If the request does not lead to an agreement, the quote will be removed after 1 year. If it leads to a booking, we store the data up to 7 years after which it will be removed.
In case you make a booking for our restaurant we process your name, address, email address and phone number. If applicable we also process any dietary requests. Two weeks after you have made your request we will remove this information, unless you’ve had an annual pass for the past 2 years, purchased a ticket in the past 4 days or registered for one of our newsletters.
When purchasing our merchandise we process your name, address and email address. Additionally, when you buy a gift voucher we process your gender so that we can address you in the correct way. We store the data related to your order in our administration for tax purposes up to 7 years after your last purchase.
With regards to billing and our financial administration, we process the name, position, email address, phone number and eventual fax number of the contact person. We also process, if applicable, a company name together with its Chamber of Commerce information, VAT registration number, business sector and size of the business, billing address, website, bank details and outstanding balances. Without this data we cannot process your payment. In accordance with tax legislation we have to keep this data for 7 years. After this period we shall anonymise your data.
If you wish to file a complaint about our service, you can do so by filling in the corresponding form on our website. We shall process your name, email address, phone number and the nature of your complaint so that we can come up with a suitable solution for you. Optionally, we also process your gender to allow us to address you properly. This information will be used by us so that we can execute the agreement in the best possible way. All complaints-related data will be removed after 1 year since handling.
We have a commercial interest to use some of your personal details for marketing purposes. We process your name, email address, and country of residence for direct marketing and/or sending job vacancy alerts. We shall remove this data once you have unregistered from our newsletter or indicate that you don’t want to be approached by us. When you register for our development plan newsletter we also process your town or city of residence.
When you participate in one of our prize draws, you must leave your name and email address behind. We remove this data after the closing date of the prize draw.
To make our website possible and to optimise it, we use analytics services. We have a commercial interest to use your surfing behaviour and all related data for analysing and, where needed, to improve our service. We shall track your use of our website with Google Analytics and are bound to the storage period of this party.
For more information about cookies, we refer to our cookie statement.
To make it possible for you to place reviews about our services, we process the contents of your message as it is placed on TripAdvisor. These messages are passed on to us anonymously. Reviews about our services can be placed by us on our website and social media channels out of commercial interest and will be removed by us once they are no longer representative for our operational management or by your own request.
When you want to contact us via our website we request your name, email, and phone number. Optionally you can also enter your address and gender. By sending the contact form, this information, including your IP-address, becomes visible to us so that we can contact you. The data of a sent contact form will be deleted by us 2 weeks after the contact request has been completed, unless an agreement has arisen from this.
As an annual pass holder we process your password as part of your personal account. This password is encrypted and stored in combination with your email address and/or user name. We are doing this to prevent security fraud. In this account we also process the data you fill in yourself, billing data and possible messages. We keep these account details until you remove your account.
For the sake of security, we use camera surveillance in our spaces. We do this by virtue of social relevance. We store these camera images for a maximum of four weeks.
When we carry out a guest satisfaction survey we process your gender, date of birth, address and email address as part of this survey. We remove this data once we have completed our survey.
Article 3: How do we obtain this data?
The abovementioned information of you as a guest, contact person or website visitor is in our possession, because you have given us this information. There is also the possibility that we have collected your data via LeadElephant.
We do our very best to ensure that information regarding minors is only collected after parental permission. If you are convinced that we have collected any personal information of a minor without permission, then please get in touch with us.
Article 4: What are your rights in connection with this data?
The GDPR has given you a number of rights related to the personal data you have allowed us to process.
Access – At all times can you ask us to show you what kind of information we have on you.
Updating – Based on the fact that we have given you a look into the information we have on you, and you wish to edit, rectify, supplement, shield or remove any of your data, you have the right to put in such a request to us. If you have an annual pass, you can edit some information in your personal account yourself.
Object – Based on a balance of interests, you can object against the processing of your data.
Data portability – If you want to have your data stored with a different provider, we shall disclose your data in a structured and common form which can be accessed by current digital systems.
Withdrawal – When we have processed data based on your explicit permission, you have the right to withdraw this permission. It may have consequences for the services that we can offer you.
To exercise your rights, you can send us a request with a copy of your ID (with photo and BSN protected), to email@example.com. We shall assess your request as soon as possible, but no later than 30 calendar days. If we are unable to honour your request, we will let you know why it was rejected.
Article 5: Who receive your data?
We shall not issue your data to third parties, unless this is necessary for the operational management or is required by law. In order to carry out an agreement, your data can be passed on to processors, parties involved in carrying out our agreement and external advisors. We enter into processing agreements with these third parties to protect your privacy the best we can. We will not sell your data to third parties. Whenever we process your data outside the EEA we shall take the necessary (security) measures.
Article 6: Final provisions
We advise you to regularly view this statement because we can make changes to our policy. If you have any questions about this statement or the way in which we use your data, you can send an email to firstname.lastname@example.org. If you have a complaint about the way we handle your data you can also let us know. Besides that you can get in touch with the Autoriteit Persoonsgegevens (Dutch Information Commissioner’s Office).