The companies responsible for processing your personal data are Madrid Theme Park Management, S.L.U. the company responsible for operating Warner and Warner Beach parks and Parques Reunidos Servicios Centrales, S.A., with registered office at Calle Federico Mompou 5, Parque Empresarial "Las Tablas", Edificio 1 - Planta 3ª, 28050, Madrid, Spain each acting individually as controllers and together as joint controllers (the "Controllers").
If you have any questions about the processing of your personal data or if you would like to ask for relevant parts of the Joint Controllers agreement, please contact the Data Protection Officer (DPO) by post at Calle Federico Mompou 5, Parque Empresarial "Las Tablas", Edificio 1 - Planta 3ª, 28050, Madrid, Spain or by e-mail on dpo@grpr.com.
The Controllers will process your personal data for the purposes set out below, and consistently with the purpose of the channel through which you may have provided your personal data:
Managing your contractual relationship arising from your purchase or booking of products and services
Your personal data will be processed to manage the purchase or booking of the products and services of the Controllers, to process your payments, and to email you a confirmation of and a receipt for your purchase, together with any relevant documentation for your visit and access to the park.
If, during the purchase or booking process, you claim any special promotions that require you to fulfl certain conditions (e.g. large family, discount code for certain groups, etc.), please note that we may ask you to produce documentary evidence of your eligibility (e.g. large family card, official document showing your membership to a group, ID card, passport, driving licence, etc.). No information will be recorded or stored by the Controllers.
Should unforeseen events or circumstances arise that may impact on the product or service purchased by you (inclement weather, security or public health concerns, etc.), the Controllers may contact you by electronic means (e-mail, SMS, telephone calls) to inform you of the circumstances that may affect your visit.
Type of personal data processed: your first name, surname, email address, and telephone number; details of your purchase or booking; proof of payment and payment details, your date of birth to ensure that you are over fourteen (14) years of age. Please note that pursuant to European data protection regulations, if you are under fourteen (14) we will be required to obtain the consent from your parents or guardians. The Controllers may also process information about your country to ensure that any communications are sent to you in your chosen language.
Lawful basis: our lawful basis for processing your personal data are the terms and conditions applicable to the purchase of your product or service. Without such personal data, the Controllers would be unable to process your purchase or booking.
Customer care
If you request information about our products and services or send us any questions, suggestions, complaints or claims or would like to report an incident through any of the channels made available by the Controllers (e.g. a specific form, telephone or email) your personal data will be processed to deal with your request.
Type of personal data processed: your first name, surname, email address, and telephone number; details of your purchase or booking; proof of payment and payment details; your date of birth to ensure that you are over fourteen (14) years of age. Please note that pursuant to European data protection regulations, if you are under fourteen (14) we will need to obtain the consent from your parents or guardians. The Controllers may also process information about your country to ensure that any communications are sent to you in your chosen language and, generally, any other information that you may have voluntarily supplied in your request.
Lawful basis: your data will be processed for implementing, at your request, certain pre-contractual steps or pursuant to the terms and conditions of your agreement for the purchase or booking of products or services. Without the above personal data, your request may not be processed.
Surveys
If you purchase any of our products or services, the Controllers may send you surveys electronically (e.g. e-mail, SMS, phone, etc.). This is a valuable tool that enables us to find out our customers' degree of satisfaction whilst allowing them the opportunity to make suggestions. Your opinion will also enable the Controllers to improve their processes, and their range of products and services.
Type of personal data processed: your email, telephone, information related to your purchase or booking, your country (to ensure that the survey is sent in your chosen language) and any other non-personal information you provide on the surveys you chose to respond to.
Lawful basis: this processing is based on the Controllers' lawful interest in obtaining customer feedback related to the products and services purchased by them, their needs, and suggestions. The Controllers believe that no rights of their customers are infringed upon as a result of this processing. The Controllers also believe that a proper balance exists between their interests and those of their customers. Processing your personal data allows us to find out your opinion, which is necessary for us to improve our range of products and services and the park's operational processes for a better quality of our customers' experience. Additionally, due to the large number of visitors that may come to the park, sending surveys electronically is necessary for the purpose described and that there is no other effective mechanism to achieve this purpose. Likewise, we understand that our customers may reasonably expect for their personal data to be processed based on their contractual relationship with us, on the specific information provided to them as part of the purchase or reservation process, and on the fact that this type of processing is customary in the services industry. Please note that only strictly necessary non-sensitive personal data is processed, that no surveys are sent to children under fourteen (14) years of age, and that we only contact our customers occasionally and for a limited period of time.
Customers may object, at any time, to the processing of their personal data or exercise any other rights under applicable data protection regulations in accordance with the procedure described below in What are my rights on my personal data provided to you?” of this Privacy Policy.
Sending you information (including personalized information) about the products and services of the Parques Reunidos Group
Only if you expressly gives us your permission to do so by ticking the relevant box on any of the forms available on this website or by clicking on the "send" button on the newsletter form, your personal data will be processed by the Controllers to send you commercial information by any means, including electronically (e-mail, SMS, phone), about the European companies of the Parques Reunidos Group (the list of companies is included below in this Privacy Policy) that may include newsletters, discounts, promotions, relevant information or commercial information about the Group's activities, events, products and services related to the leisure and hospitality industries, including personalised information subject to prior profiling and analysis of your preferences via automated decisions for relevance. This personalisation will be based on profiling using automated decisions made in accordance with the configuration and filtering of the following parameters on our email marketing platform: demographic criteria based on your postcode and country, self-sourced information related to your purchase history, the type of products and services purchased (tickets, season passes or park passes, experiences, parking, food and drinks) and inferred socio-economic parameters based on your age, the type of product or service you purchase and the analysis of your behaviour when you receive a marketing communication from the Controllers (whether or not you activate the purchase of the product or service offered to you on the marketing communication sent).
Your profile will not be used to make automated decisions with legal implications for you or that will significantly affect you in a similar way (financial effects, denial of services, discriminatory, disadvantages compared to other customers, etc.), as it will only be used to ensure that you only receive communications with commercial information that we consider most appropriate for you.
Type of personal data processed: your email address and telephone number will be processed for the purpose of sending you marketing communications. Your country will be processed for the purpose of sending you marketing communications in your chosen language. The personalisation parameters indicated above (demographic criteria, transactional information and inferred socio-economic criteria) will be processed to ensure that you only receive communications with commercial information that we consider most relevant to your interests.
Lawful basis: your data will be processed for this purpose only if you voluntarily give your express consent by ticking the appropriate box on the relevant forms available on this website. Please note that, in addition to any other rights available to you under data protection regulations, you may withdraw your consent, request to unsubscribe from any marketing communications, and not to be subject to automated individual decisions, including profiling. You may also request human intervention in automated decision-making, express your point of view, have your queries addressed or object to such decisions. For further information, please read “What are my rights on my personal data provided to you?” in this Privacy Policy.
Market research and analysis
The Controllers will disassociate your postcode and country as supplied by you on the forms available on this website from any other personal data to produce quantitative and qualitative aggregated statistical reports for market analysis and research. This allows us to assess our market positioning based on the geographic area from which products and services are purchased and to make strategic business decisions (e.g. sales trends).
Type of personal data processed: your postcode and country information dissociated from any other personal data provided.
Lawful basis: this processing is required to satisfy our legitimate interests in knowing and understanding the geographical area from which our products and services are purchased. The Controllers believe that no rights of their customers are infringed upon as a result of this processing. The Controllers also believe that a proper balance exists between their interests and those of their customers. By processing our customers' personal data we are in a position to evaluate our positioning in the market, which in turn is necessary for us to make strategic business decisions and to improve our products, services and operational processes in our parks, resulting in a better quality experience for our customers. We also believe that there is no less invasive method to effectively achieve this purpose, as only basic, non-sensitive information (postcode and country) is used, as previously dissociated from any personal data that would allow the individual identification of customers. our customers may reasonably expect for their personal data to be processed based on their contractual relationship with us, on the specific information provided to them as part of the purchase or reservation process, and on the fact that this type of processing is customary in the services industry.
You can object at any time to the processing of your personal data or exercise the rest of your rights under data protection regulations by following the procedure described in the section “What are my rights on my personal data provided to you?” in this Privacy Policy.
Compliance with statutory obligations
Personal data will be processed in order to comply with legal obligations applicable to the Controllers as a result of the relationship with you as a customer and the processing of your personal data (for example, in the event that you request through the “Customer Web Portal” the issuance of an invoice).
Category of personal data that may be processed depending on the applicable legal obligations: first name, last name, telephone number, email address, tax address, document proving the identity of the holder of the personal data or customer status (ID card, NIE, Passport, Driving License), large family card, bonus card, transactional information about your purchase, where applicable, data collected through the use of cookies or similar technologies (see our Cookies Policy) or any other mandatory information that may be required for the fulfillment of our legal obligations, including at the request or request of the competent authorities.
Basis of legitimacy: compliance with legal obligations applicable to the Controllers under European Union law and/or the applicable domestic legal regime (compliance with legal obligations required by tax, civil, commercial, privacy, e-commerce or consumer and user protection regulations, among others). Without your personal data, the Controllers would not be able to comply with their legal obligations under the terms and conditions set forth in this Privacy Policy.
Fraud prevention and detection
To put in place any measures as may be required to prevent and detect website misuse or potential fraud related to the purchase or booking of products and services involving the Controllers or their customers. Where potentially fraudulent activity is detected, the Controllers may give details of the relevant transaction, including the purchaser's identity, to the payment platform's owner and, where appropriate, to the competent authorities.
Type of personal data processed: information related to your purchases and bookings, your payment details and contact details provided in the course of potentially fraudulent purchases.
Lawful basis: we require to process your personal data to satisfy our lawful interests as Controllers. We believe that no rights of their customers are infringed upon as a result of this processing. We also believe that there is a right balance between our of legitimate interest to prevent and detect potentially fraudulent activity and the legitimate interests of our customers and website users, as it allows us to take the required measures to protect them from such unlawful activities such as attempted fraud. This processing is also beneficial for us, as it allows us to avoid misuse of their website, products and services and for society at large, ensuring that fraudulent activities are discouraged and detected when they do occur.
Use of cookies and related technologies
We use proprietary and third-party cookies and similar technologies (HTTP Cookies, Pixel Tracker and Premises and Premises Shared) on our website. As a result, we process, store and share user information and personal data when you browse this website, in accordance with the purposes and settings made available to users at all times.
For more information on the use of cookies and similar technologies, the processing of personal data and on how to manage your consent, please visit our Cookies Policy.
Abandoned Cart management and recovery
Only if you provide your email address and give your express consent through the pop-up notification that will displayed on your screen during the online purchase process in case of inactivity when navigating, your personal data will be processed so that, if you do not complete the purchase or reservation of products and / or services previously selected by you, we can send you email reminders to complete the purchase and / or reservation of the same. If finally, you decide not to formalize the purchase or reservation of such products and / or services, you will receive an email with a brief survey to find out why you do not want to formalize it, which will help us to improve the web experience of our customers.
Type of personal data processed: email address.
Lawful basis: your data will be processed for this purpose only if you voluntarily give your express consent on the pop-up notification to be displayed on your screen during the online purchase process in case of inactivity when navigating. Please note that, in addition to any other rights available to you under data protection regulations, you may withdraw your consent, request to unsubscribe from any marketing communications, and not to be subject to automated individual decisions, including profiling. You may also request human intervention in automated decision-making, express your point of view, have your queries addressed or object to such decisions. For further information, please read “What are my rights on my personal data provided to you?” in this Privacy Policy.
Based on the purpose for which we process your personal data, different retention periods apply as follows:
· Managing your contractual relationship arising from your purchase or booking of products and services: your personal data will be retained until such time as your contractual relationship with us continues to exist.
· Customer care: your personal data will be retained for such time as is required to deal with your request, complaint, incident or claim.
· Surveys: your personal data will be retained for up to 12 months unless you submit a request for your personal data to be deleted or you otherwise object to the processing. In either case, your personal data will no longer be processed for this purpose.
· Marketing communications (including personalised) about products and services of the Parques Reunidos Group: Your personal data will be processed until you withdraw your express and informed consent, submit your request to unsubscribe via any of the methods made available for this purpose on our marketing communications, or until you exercise your rights of erasure, objection or not to be subject to automated decisions, including profiling. In all such cases, your personal data will no longer be processed for this purpose.
· Market research and analysis: the information processed for this purpose cannot be linked with the rest of your personal information. If, however, prior to such dissociation you request deletion of your data or object to the processing, the data will no longer be processed for this purpose.
· Compliance with statutory duties: personal data will be kept secure for as long as the controllers can be held legally responsible for the fulfilment of their statutory duties.
· Fraud prevention and detection: your personal data will be retained until any fraudulent actions detected are addressed. Thereafter your personal data be retained for as long as the controllers can be held legally responsible for such actions.
· Cart management and retrieval: your personal data will be retained for up to 30 days, unless you withdraw your express consent or indicate that you do not wish to be sent abandoned cart reminders. In either case, your personal data will no longer be processed for this purpose.
· Use of cookies and related technologies: our personal data will be processed for as long as your cookie consent remains in force. If you do not withdraw your consent via any of the methods offered in our Cookies Policy, your personal data will be retained for the duration of the cookies or similar technologies installed on your device
When your personal data are no longer relevant for the purposes for which they were collected or if you otherwise withdraw your consent or exercise your right of erasure or objection to the processing, the Controllers will keep your personal data duly blocked (identification and reservation of the personal data, adopting technical and organizational measures to prevent processing and viewing) strictly (and only to the extent necessary), to make such data available to the competent Public Administrations and in particular to the Supervisory Authority competent in data protection, Judges, or the Public Prosecutor's Office during the statute of limitations period for legal actions that may arise from the relationship maintained with you or from the processing of your personal data and/or the legally established retention periods in accordance with European Union Law and/or domestic regulations. Upon the expiry of these time limits, your personal data will be physically and irretrievably deleted.
Pursuant to European Union Law and/or domestic regulations Your personal data may be disclosed to the Public Authorities including, in particular, data protection authorities, the courts or the Public Prosecutor's Office to meet possible legal liabilities or to comply with statutory retention periods.
The Controllers rely on third party suppliers who may also process your personal data to provide services related to the purposes for which you are being informed, including, but not limited to, information security, customer relationship management (CRM), technology, legal consulting, marketing, customer service, professional services, and IT companies. These providers will only access your personal data to perform their services on behalf of the Controllers, following at all times the Controllers' instructions and without ever being authorized to use such data for their own purposes and/or unauthorized purposes.
One of these providers is Salesforce, a global company which provides cloud marketing platform services. Salesforce will operate on our behalf, within the European Economic Area (EEA) and in compliance with applicable European data protection regulations. Exceptionally, for example, in the event of a disaster recovery situation (i.e. the process to recover data and functionalities lost in the event of an accidental or a man-made disaster), Salesforce may also provide its services through companies outside the EEA, for which your personal data may need to be processed in countries that do not offer a standard of protection commensurate with the level of protection offered by European data protection legislation (e.g. the USA). To address these situations, the Controllers have entered into binding contractual commitments with Salesforce that guarantee the implementation of appropriate security measures to ensure that your personal data are at all times processed with an adequate level of protection comparable to that required in the EEA (standard contractual clauses approved by the European Commission on data protection in accordance with the European Data Protection Regulation (GDPR), additional security measures in accordance with decision C-311/18 of the Court of Justice of the European Union and subject to certification mechanisms). For further information, please do not hesitate to contact the Data Protection Officer at any of the addresses (postal or e-mail) indicated in the section “What are my rights on my personal data provided to you?” in this Privacy Policy.
If you expressly agree to receive marketing information about any of the companies of the Parques Reunidos Group, please note that these are based in the European Union and are primarily engaged in the management and exploitation of fun parks, aquatic parks, zoos, leisure centres and travel agency services (e.g. sale of ticket+hotel packages). The European companies of the Parques Reunidos Group are:
· Spanish companies of the Parques Reunidos Group: Parques Reunidos Servicios Centrales, S.A. (Bono Parques); Parque de Atracciones Madrid, S.A.U. (Parque de Atracciones Madrid); Madrid Theme Park Management, S.L.U. (Parque Warner y Parque Warner Beach); Gestión Parque de Animales Madrid, S.L.U. (Faunia); Zoos Ibericos, S.A. (Zoo Aquarium Madrid); Parques de la Naturaleza Selwo, S.L. (Selwo Aventura and Hotel Selwo Lodge); Aquópolis Cartaya, S.L.U. (Aquópolis Cartaya); Leisure Parks, S.A. (Aquópolis de Villanueva de la Cañada, Aquópolis Costa Dorada - Vilaseca, Costa Dorada-, Delfinario Costa Dorada – Vilaseca, Costa Dorada, Selwo Marina Aquópolis de Sevilla, Aquópolis de Cullera, Aquópolis de Torrevieja, Teleférico de Benalmádena); Mall Entertainment Centre Acuario Arroyomolinos, S.L.U. (Atlantis Aquarium); Mall Entertainment Centre Murcia, S.L.U. (Nickelodeon Adventure Murcia); Travelpark Viajes, S.L.U. (packages combining admission fees + hotel accommodation).
· Rest of European companies of the Parques Reunidos Group: Italy - Parco della Standiana S.R.L (Miraiblandia and Mirabilandia Beach) and Travelparks Italy, S.R.L.( admission+hotel packages); Norway - Tusenfryd A/S (Tusenfryd) and Bø Sommarland AS (Bo Sommarland); Belgium - Bobbejaanland, B.V.B.A (Bobbejaanland); BonBon-Land A/S (BonBon -Land); Germany - Movie Park Germany GmbH y Movie Park Germany Services GmbH (Movie Park), Event Park GmbH (Belantis), Nature Park Germany GmbH (Vogelpark Walsrode), Tropical Island Management (Tropical Island) and TI Hotel Asset GmbH (Tropical Island Hotels); The Netherlands - Attractie- en Vakantiepark Slagharen B.V. (Slagharen and Slagharen Beach); France - Marineland SAS (Marineland, Aquaplash Marineland, Marineland Resort and Kids Island) and LB Investissement (Aqualud); UK - Grant Leisure Group LTD (Blackpool Zoo), Real Live Leisure Company LTD (The Bournemouth Aquarium and Aquarium of the lakes) and Lakeside Mall Entertainment Centre Limited (Nickelodeon Adventure-Lakeside).
You may exercise your right of access, rectification, objection, erasure, restriction, portability and, where appropriate, your right not to be subject to automated individual decisions, including profiling, by sending your request by post to the attention of the Data Protection Officer at Calle Federico Mompou 5, Parque Empresarial “Las Tablas”, Edificio 1 – Planta 3ª, 28050, Madrid, Spain or electronically at dpo@grpr.com. If we have reasonable grounds to doubt the identity of the data subject, we may require a copy of an official Id. document (Spanish National or Foreign Id. Card/Passport) before processing your request.
For consent-based processing operations, please note that you can withdraw your consent or object at any time to the processing of your data following the procedure described in the previous paragraph. Also, we would like to remind you that if you have expressly authorized us to send to you marketing information or information about discounts and promotions, including subject to prior profiling and analysis of your preferences via automated decisions for relevance, you may also unsubscribe from this type of communications by using the methods that will be made available to you for this purpose in each commercial communication that you will receive. Finally, please note that you can also tell us not to be subject to decisions based exclusively on the automated processing described above, or ask us for human intervention, express your point of view, raise any queries about or object to automated decisions by sending your request to the Data Protection Officer at any of the addresses indicated in this section.
The personal data processed by the Controllers are provided directly by you as the data subject through this website and/or during the relationship with you.
If you provide personal data of third parties, you agree to obtain their express and informed approval to provide their personal data to the Controllers in accordance with the provisions described in this Privacy Policy.
If information on allergies and/or intolerances must be provided to the Controllers (e.g. to design the menus that may be served during an event or reception), please remember that you must only provide the number of people and the type of allergy and/or intolerance and not personal data that would allow the person with such allergy and/or intolerance to be individually identified.
Children under fourteen (14) years of age are not authorized to purchase or book our products, services or events on this website.
However, if as a result of purchasing any of our products, services or events available on this web site and, particularly following an event, you voluntarily decide to provide personal data of a child under fourteen (14) years of age, you will be deemed to have given your express and informed consent for the Controllers to process the personal data as part of the contractual relationship arising from your purchase pursuant to the provisions of this Privacy Policy.
You may lodge a claim with the Spanish Data Protection Agency to protect your rights at any time you deem appropriate. However, we advise you to approach first our Data Protection Officer on dpo@grpr.com or at Calle Federico Mompou, 5, Parque Empresarial "Las Tablas", Edificio 1 - Planta 3ª, 28050, Madrid, Spain to seek assistance with your request and to resolve any incident related to the processing of your personal data.
This Privacy Policy was last updated in March 2022