Privacy Policy

Privacy Policy

1. Preamble
This privacy policy contains the guidelines of EVENT PARK GmbH, Zur Weissen Mark 1, 04249 Leipzig, Germany (“BELANTIS”) for the handling of personal data that is collected, processed and used when using our services (online & offline). The careful handling of your personal data is important to BELANTIS. For this reason, we establish technical and organizational measures to reliably protect the data we receive from you.

We will always endeavor to help you with any questions regarding the security of your data in connection with the use of our website or our other offers. In this case, please contact our data protection officer directly.

Section V. “Our data processing principles in brief” provides you with a general overview of our data protection principles. In the subsequent sections, the processing, storage, etc. of your personal data is explained in detail.

For the sake of better readability of this privacy policy, we have refrained from using double references as well as gender-neutral and/or gendered spelling. The personal designations used in this privacy policy apply equally to all genders and do not imply any valuation.

 

2. Table of contents

1. Preamble

2. Table of contents

3. Name and address of the controller

4. Contact details of the data protection officer

5. Our data processing principles in brief

A) Basic principle

B) Personal data

C) Scope of processing personal data

D) Legal basis for the processing of personal data

E) Data erasure and storage duration

6. To whom will your data be shared

A) Compagnie des Alpes Group internal recipients:

B) External recipients of the Compagnie des Alpes group:

7. When are your personal data collected?

8. What data do we collect?

9. How do we use your data and how long do we keep it?

10. Are there any special measures for children?

11. Where is your data stored?

12. How is your data secured?

13. Detailed description of individual processing activities

A) Data processing when purchasing "Season Pass"

B) First Aid / Medical Service

C) Lost property

D) Camera recording of the public areas in the park

14. Processing of Personal Data for Job Applications

A) General information

B) Legal basis

C) Deletion deadlines

D) Revocation

15. Our presence on social networks

16. What rights do you have in relation to your data?

17. Do you have any questions? Contact us!

18. Final Provision

 

3. Name and address of the controller
When you book and/or use our services, your personal data will be processed by the following entities:

·        EVENT PARK GmbH – which operates BELANTIS
(followed named as EVENT PARK or BELANTIS),
and a affiliated company of the Compagnie des Alpes group,
with company address: Zur Weissen Mark 1, 04249 Leipzig (Germany)

·        Compagnie des Alpes – as the parent company of EVENT PARK GmbH,
(followed named as Group Compagnie des Alpes or CdA)
with company address: 50-51 Boulevard Haussmann, 75009 Paris (France)

In this Privacy Policy, the word "we" refers to these two companies, which may jointly act as controllers for the processing specified below.

Although Compagnie des Alpes is responsible for managing and monitoring the IT system for collecting and processing your data, it is the exclusive responsibility of EVENT PARK GmbH, as the independent data controller, to manage the contractual relationship with you, to provide you with the services you have ordered and to carry out marketing and promotional activities for its services and brands.

Additional details for EVENT PARK GmbH:
represented by the management board (see https://www.belantis.de/en/legal-notice)
Commercial register number: HRB 31458 (Local Court of Leipzig)
Tax ID number: DE 203978220

Website: www.belantis.de

 

4. Contact details of the data protection officer
The contact details of the data protection officer of BELANTIS are:

EVENT PARK GmbH
- Data Protection Officer -
Zur Weissen Mark 1
04249 Leipzig
Germany

datenschutz@belantis.de

 

5. Our data processing principles in brief
A) Basic principle

The implementation of German laws and European regulations and directives on data protection is a top priority for BELANTIS. BELANTIS not only makes every effort to comply with data protection legislation but also strives to comply with the recommendations of recognized data protection bodies for voluntary self-regulation.

B) Personal data

The following information relates to the processing of your personal data.

Pursuant to Art. 4 (1) GDPR, “personal data” means any information relating to a natural person that allows that person to be identified. Personal data includes, for example Name, address, e-mail address, payment information or user behavior.

C) Scope of processing personal data

We collect and use our users' personal data only to the extent necessary to provide a functional website tailored to your needs and our content and services. The collection and use of our users' personal data only takes place regularly with the user's consent. An exception only applies in cases where prior collection or consent is not possible for factual reasons and/or the processing of the data is permitted by law.

D) Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.

When processing personal data that are required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures, i.e. if you have placed an order in our online store and we have not yet confirmed your request or you have applied for a job vacancy at our company.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is obligated, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.

If the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.

If the processing is necessary to pursue a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.

E) Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply or a previously granted consent is withdrawed. Data may also continue to be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

 

6. To whom will your data be shared
A) Compagnie des Alpes Group internal recipients:

Your data will be processed jointly by EVENT PARK GmbH and Compagnie des Alpes, the parent company of the Compagnie des Alpes Group.

Within these two companies, your data will only be accessible to a limited number of people within certain departments (customer service, sales, accounting, IT, etc.) if access to the data is necessary for the needs of their functions.

However, your data will not be shared with other companies in the Compagnie des Alpes group, unless you have given your express consent or you are a business customer (e.g. tour operators, distributors, B2B customers).

Data of our business customers may be disclosed to other companies of the Compagnie des Alpes group that operate amusement parks, unless you object to this processing, so that you can receive our offers for products that may be of interest to you. The list of affected companies is the following:

·        Chaplin’s World – By Grévin (Reg. Genève CH-660-0618000-4)

·        Family Park - Familiypark m.b.H. (FN 126549 b)

·        France Miniature (RCS Versailles 348 677 196)

·        Futuroscope (RCS Poitiers 444 030 902)

·        Grévin et Compagnie – Parc Astérix (RCS Compiègne 334 240 033)

·        Musée Grévin (RCS Paris 552 067 811)

·        Walibi Belgium and Bellewaerde Park – Belpark (Reg. Waver 0439 050 308)

·        Walibi Holland – Harderwijk Hellendoorn Holding (KvK 34161632)

·        Walibi Rhône-Alpes– Avenir Land (RCS Vienne 311 285 068)

 

B) External recipients of the Compagnie des Alpes group:

Your data may also be disclosed to recipients outside the Compagnie des Alpes Group:

-             With all our technical service providers whose intervention is necessary to carry out the processing mentioned below (IT service providers, payment service providers, etc.), for the purpose of processing your order and improving our services, and solely within the scope of our instructions;

-             where appropriate, with national or local authorities where required by law or as part of an investigation and in accordance with the regulations.

 

7. When are your personal data collected?
We may collect your personal data on various occasions:

·        Online:
Via our website or our mobile application, for example when you subscribe to our newsletters, log in to your account, place orders, or use our digital services.

 

·        Within our leisure park:
While you are enjoying our facilities, alone or with friends and family, such as during offline ticket purchases, on-ride photography, general photography, video surveillance, etc..

 

·        During our interactions with you:
When you open or respond to a newsletter, take part in a customer satisfaction survey, or participate in a competition. This also includes situations in which you contact customer service with a complaint or an inquiry.

 

·        Through our partners:
When you access our services via an intermediary (e.g. travel agencies or partner distributors).

 

8. What data do we collect?
We collect only the data that are strictly necessary for their intended use – and no more.

Depending on your visit to our park or your use of our websites, we may collect the following data:

·        Information required to create your customer account (last name, first name, email address, gender)

·        Payment information

·        Postal address

·        Telephone number

·        Date of birth

·        Browsing data on our website and our mobile application (please refer to our Cookie Policy [TK1] for further information)

·        Geolocation data (only for services provided via our mobile application)

·        Where necessary, and depending on the product you have purchased, the names, email addresses, postal address (optional), and dates of birth of your family members and friends for season passes

·        Proof of eligibility for discounted rates or priority access, the conditions of which are detailed on our website. Original documents must be presented at our ticket counters.

 

9. How do we use your data and how long do we keep it?
After the retention periods set out below have expired, we will delete your data from our systems or anonymise it so that it can no longer be used to identify you.

Processing of Transactions
Legal basis
Data retention period
Customer Account
performance of a contract
As long as your customer account is active, and up to 3 years after the last connection to your account.
Order processing
performance of a contract
For 10 years from the date of purchase For online orders: The data associated with your bank card will be retained by our payment service providers for 13 months after the date of the last debit for evidence purposes in case the transaction is disputed (15 months for deferred debit payment cards). The cryptogram is not retained after the transaction.
Access control at the park entrance
Legitimate interest
Until the end of the season of each year
Satisfaction surveys
Legitimate interest
Time required to achieve the survey goal, anonymized after 6 months.
Sweepstakes
Legitimate interest
Winner's dates: 6 years from the end of the competition;
All other participants: 6 months from the end of the competition; For direct raffles in the park: All data immediately after the winner has been drawn.
Sending information about your purchased product
Legitimate interest if you are a customer who has purchased a product on our website or mobile application.
3 years for potential customers, from the date of your last contact with us (e.g. requesting business documents, clicking on a hyperlink in our newsletter)
Sending newsletters by e-mail
Consent
3 years from the date of your last contact with us (e.g. requesting business documents, clicking on a hyperlink in our newsletter)
Special communication for season ticket holders (e.g. exclusive events), by email
Performance of the contract
Until the expiry date of the pass
Complaint processing and customer service
Performance of a contract & legitimate interest
until an amicable agreement has been reached or until a legally issued decision is incontestable
Request for information
Consent
At the end of the following season
Creating statistics
Legitimate interest
Time required to reach the goal of the statistics, then anonymized.
Photos of visitors at attractions
Performance of the contract
Only on the day of the visit;
If the photo is sold: 30 days from the date the photo was taken
Biometric data from user’s photo (season pass)
Consent
Photo is deleted after the extraction of the biometric data (array). The digital array is kept for the duration of the validity of the season pass.
Video/photo shoots on site
(Image shots etc.)
Consent
For the duration of the signed authorisation of the use of image rights by the person concerned
Video surveillance
Legitimate interest
72 hours after recording
Lost property
Performance on the contrat (enquiry form)
One year
Geolocation (for mobile applications only)
Consent
For the duration of the use of the mobile application (data is stored only on the visitor's device)
First Aid Service
Consent and/or legal basis
In case of first aid measures:
visitors: 3 years.
for company first aid: 5 years
Exercising your GDPR rights
Legal obligation
3 years after the completion of the request. If proof of identity was requested, it will be deleted once the verification is complete.
Litigation management
Legitimate interest
until an amicable agreement has been reached or until a legally issued decision is incontestable
Job application
Legitimate interest and/or consent
Application phase: The data will be stored for the duration of the application process, but at least six months, or for 12 months if you voluntarily agree to be included in our applicant pool. In the case of employment: The data will be stored for the duration of your employment contract and up to 10 years if employment references are issued, subject to legal retention obligations.
Cybersecurity - Vulnerability Reports
Legitimate interest
6 years after receiving a vulnerability report
 

10. Are there any special measures for children?
Even though our activities are primarily family-oriented, we do not process any data specifically relating to children unless the parents have provided written consent to receive birthday mailings for minor season pass holders.

If our services are used by persons under the age of 16, we recommend that they are accompanied by an adult. Parental or guardian consent may be obtained when collecting personal data from minors, if required.

 

11. Where is your data stored?
All your personal data will be stored exclusively on servers located in the European Union or in countries that provide an "adequate" level of protection (e.g. United Kingdom, Switzerland).

Although this data is hosted in the European Union, it may be accessible from third countries if we use technical service providers (e.g. AWS, Adobe, Microsoft, Google) based abroad (e.g. United Kingdom, United States). Access from these countries is considered a data transfer, but it is necessary for the proper operation and maintenance of the IT tools they provide. These service providers have in-depth expertise that justifies their involvement.

We strive with these service providers to ensure that your data is protected in accordance with European regulations. These service providers only act within the scope of our instructions. Contracts are systematically concluded with them, and the transfer of personal data is governed by extended contractual clauses (Standard Contractual Clauses – SCC) developed specifically for this purpose when the laws of the country concerned do not provide protection equivalent to the GDPR (so-called "adequate" countries). If necessary, additional technical or legal measures will be taken.

 

12. How is your data secured?
The security of your personal data is a key concern of the Compagnie des Alpes companies, which pool their resources to ensure you an adequate level of security that is in line with the state of the art.

In order to preserve the confidentiality and security of your personal data, and in particular to protect them against unlawful or accidental destruction, accidental loss or alteration, as well as against unauthorised disclosure or access, the Compagnie des Alpes Group adopts appropriate technical and organisational measures and imposes the same level of requirements on its subcontractors. These measures are adapted depending on the sensitivity of the data processed and the level of risk.

The Compagnie des Alpes Group has put in place procedures for detecting, analysing and monitoring security incidents and suspected breaches of your personal data in order to be able to block access to the data at any time. Procedures for managing personal permissions have also been put in place to limit access to the data as much as possible.

Despite our best efforts, vulnerabilities may still exist in our systems. If you believe you have discovered a vulnerability, please contact us.

 

13. Detailed description of individual processing activities
A) Data processing when purchasing "Season Pass"
You can purchase our season pass (annual ticket) online and at our ticket offices.
The data collected and stored by us for the purpose and in the context of the contract processing "Purchase of Season Pass" are: first name/last name of the individual Season Pass holder*, date of birth of the individual Season Pass holder*, postal address*², e-mail address*², as well as date* and time* of your purchase. The information marked with an asterisk is mandatory information for the performance of the contract. *² = Mandatory information when purchasing online in order to be able to issue and send you a provisional season pass.

When buying on site, the e-mail address is voluntary. In general, we use the e-mail address in the context of the season pass purchase for information on the purchase contract, for information on short-term changes to the service components, etc. However, the email address will enable you to receive promotions communications specific for the season pass.

The data is processed for the following purpose and basis:

The processing of first names, last names, date of birth, postal address and e-mail address in the purchase process takes place within the framework of the initiation and fulfilment of the contract in accordance with Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR. The legitimate interest (Art. 6 para. 1 lit. f) GDPR) lies in the clear identification in the event of loss and the prevention of misuse of the season pass.

The processing of all other data (no mandatory fields) is carried out on a voluntary basis by the customer in accordance with Art. 6 para. 1 lit. a) GDPR (your consent by entering the voluntary data).

The season pass is available in credit card format. We print a QR code on the season pass as a ticket, your first and last name and date of birth. If you have purchased the season pass online, you can exchange the provisional season pass on your first visit.

Processing of your access data to our park at scanner turnstiles / entrances

When you visit our park, your tickets are scanned at the entrances. As a result, we store the date and location of access along with your purchase data. We do this based on our legitimate interest in effective internal financial accounting and to be able to detect fraud. These data are deleted at the end of the season.

Illustration of simplified access procedure for season pass holders

If you would like to use a designated entrance with a biometric scanner for season pass holders, you must sign a separate consent form when you receive your season pass at the ticket office. If your children as season pass holders are under the age of 16, the consent to the simplified access procedure must be signed by a legal guardian.

Data processing then proceeds as follows:

When you use the turnstile for the first time, a photo of your face is taken, which is stored for a fraction of a second and then immediately deleted. Beforehand, intelligent software uses this photo to create so-called biometric measuring points, which it stores on an array in a form that cannot be read by humans. Although the data is also encrypted, it can never technically be made "readable". The array is linked to your season pass number.

On all subsequent visits, the scanner compares a live image with the stored measuring points to check whether you are the same person as on your first visit and whether your season pass number is still valid. No image is saved during this process. The location, access date and time as well as denied access attempts are saved. The arrays are deleted after the season pass expires. The information on season pass numbers and the access location and times are deleted at the end of the season. The data is not passed on to third parties. Only the data on access time, location and season pass number are processed by our contract processors. Data is not transferred to third countries.

If you believe that you have been denied access without authorization, please visit our colleagues at the information desk next to the turnstiles. Your right to entry is not affected by the result of the scanner. There is no automated decision-making within the meaning of Art. 22 GDPR.

You are not obliged to use the entrances with biometric scanners. There are other access points available to you (verification of an ID document is always required).

If you wish to revoke your consent to use the biometric access procedure, you must do so in a written form. You can then use a separate entrance without a biometric access procedure. The staff will check and scan your season pass manually. Please have an ID document ready for this. As a precaution, we would like to point out that there may be waiting times for manual access control on busy days.

The processing of biometric data (array) (data according to Art. 9 para. 2 lit. a)) is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

For the purchase process and the storage of personal data, we use the POS system & webshop of our service provider HKS Systeme:

HKS Systeme GmbH
Friedrich-List-Straße 89
33100 Paderborn
Germany

 

B) First Aid / Medical Service
When using the medical assistance of our medical service as well as the company first aid measures, personal data as well as personal data of a special category (in accordance with Art. 9 GDPR) are processed.

This data is processed primarily for patient treatment, for disclosure to the rescue service or hospital and for operational documentation.

The following data is collected:
- Identification data (name, etc)
- Communication data (address, telephone number, etc)
- Health data (description of the incident / accident; Treatment data such as blood pressure, temperature, pulse, etc.; Pain)
- Social security-relevant data (data on health insurance, etc.)
- In the case of children, additional data of the legal guardian

Legal basis:
In the case of visitors within the scope of our medical service:
in accordance with Art. 6 para. 1 lit. d) and f) GDPR in order to protect the vital interest or for legitimate interests of Belantis to ensure the safety of customers within the park   
and,
in accordance with Art. 6 para. 1 lit. c) GDPR on the basis of legal bases, resulting from § 195 BGB limitation periods for claims for damages.

In the case of workplace first aid measures:
in accordance with Art. 6 para. 1 lit. d) and f) GDPR in order to protect the vital interest or for legitimate interests of Belantis to ensure the safety of customers within the park
and
in accordance with Art. 6 para. 1 lit. c) GDPR on the basis of legal bases resulting from §24 para. 6 DGUV

Disclosure of personal data:
If the resources of our medical service are not sufficient or further treatment by the rescue service/emergency doctor is necessary, your data will be forwarded to the rescue coordination center, the rescue service or the hospital. This can be done either at the time of ordering or at the time of handover.

Storage period:
Your data will be stored for as long as this is necessary in compliance with the statutory retention periods for the respective task performance and documentation obligations.
As part of the medical service, we store the mission logs in accordance with § 195 BGB for 3 years after the end of the operation;
in the context of workplace first aid, the deployment logs are stored for 5 years in accordance with Section 24 (6) DGUV Regulation 1.

The full rights of data subjects can be found in the section "Our principles for data processing".

 

C) Lost property
If you unexpectedly lose something during your visit to the AbenteuerReich BELANTIS, you can report your loss by using our "Loss Report Form". In order to be able to process your request and to process your personal data in the event of a possible discovery, your consent to the processing of the personal data is required.

Mandatory information on the loss report:
- Surname, first name (for assignment of a lost property or for verification)
- E-mail address or telephone number (for contact)
- Day of visit (to narrow down the lost item)
- Possible place of loss ("Where" it was lost)
- Description of the lost item (for verification)

When returning the lost property, the following points are also mandatory:
- Street
- Postal code, place of residence

Legal basis:
Art. 6 para. 1 lit. a) GDPR by consent to processing on the inquiry form.
Unfortunately, we cannot process your loss request without consent.

The rights of data subjects can be found in the section "Our principles for data processing".

 

D) Camera recording of the public areas in the park
BELANTIS is under video surveillance as a large-scale publicly accessible meeting and entertainment venue as well as private property within the meaning of Art. 6 (1) (f) GDPR . In addition to the exercise of domiciliary rights and the prevention of vandalism and theft, the safety and protection of visitors, employees and facilities are considered to be particularly important interests. Data is not assigned to a specific person. The recordings are automatically deleted after 72 hours or continuously overwritten if no incidents have been reported.
If video recordings are stored as evidence for criminal and/or civil prosecution, they will be deleted in accordance with the statute of limitations. Disclosure and/or transmission of video recordings to authorised third parties (e.g. investigating authorities) will only take place upon written request with the reasons for the information.

The areas where camera recording takes place are clearly marked with signs.

14. Processing of Personal Data for Job Applications
A) General information
If you would like to apply for an advertised position with us, you have the option of applying on our website, by e-mail or by post.

As part of the application process, we collect and process the following categories of personal data:

·        Contact details in your application profile (e.g. first and last name, country, e-mail, telephone number).

·        Information from the application form (this includes, for example, desired salary, your motivation, if applicable, information on your disability (only if relevant to the advertised position).

·        Application documents (this includes, for example, CV, cover letter, professional development data, qualifications and language skills).

·        If applicable, references that you provide to us.

We store your personal data as part of the application history and send you a confirmation of receipt by e-mail.

The storage serves the sole purpose of being able to consider and contact you in connection with filling the vacancy. The data will be used exclusively for filling the advertised position and – if we hire you – for the implementation of the employment contract with you. The legal basis and storage period for this can be found in the following section.

For job advertisements in the area of "full-time employment", you have the option of being included in an applicant pool. If you have given your consent and we cannot consider you for the current job advertisement, we will store the data in our application management software for a maximum of 12 months or until you revoke it before the end of the 12 months.

B) Legal basis
The legal basis for the processing of your application data depends on the purpose of the data processing:

Data processing in the context of your application:
The legal basis for the processing of your application data for the above-mentioned purpose is Art. 6 para. 1 lit. b) GDPR in conjunction with §26 BDSG-neu. Without the data processing, we cannot process your application and carry out the application process.

Data processing for future job advertisements (application pool)
The legal basis for the processing of your application data for the above-mentioned purpose is Art. 6 para. 1 lit. a) GDPR and § 26 para. 2 BDSG-neu. We process your data in our applicant management system beyond the specific application process only if you give your express consent.

Data processing to defend legal claims:
The legal basis for data processing for the above-mentioned purpose is Art. 6 (1) (f) GDPR. In separate cases, we process your data to protect a legitimate interest. The interest could exist to defend possible legal claims, e.g. within proceedings under the General Equal Treatment Act (AGG). In addition, in the event of a possible legal dispute, we have a legitimate interest in securing the data for the purpose of evidence.

C) Deletion deadlines
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of an application, this includes 6 months after filling the vacancy for the applicants who were not considered, in order to be able to justify our decision in a comprehensible manner in a possible procedure under the AGG. If we establish an employment relationship with you, we will store the personal data insofar as they are necessary for the performance of the employment relationship (in accordance with BDSG-Neu §26). If you have agreed to be included in the applicant pool, the deletion period will be extended in accordance with your consent. The data will then be stored in the applicant pool for a maximum of 12 months. After that, your data will be automatically deleted.

D) Revocation
You can revoke your application and the associated storage of your personal data at any time.
With the hiring and signing of the employment contract, a complete deletion of all data is no longer possible due to §26 BDSG-Neu and Art. 6 para. 1 lit. b) & c) GDPR.

 

15. Our presence on social networks
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the area of the European Union. This can result in risks for users, for example, because it could make it more difficult to enforce users' rights.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the user's usage behaviour and interests are stored. Furthermore, data may also be stored in the user profiles regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.

Types of data processed: contact details (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, time details, identification numbers, consent status).

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: contact requests and communication; Feedback (e.g. collecting feedback via online form), marketing, enquiries about products and services

Legal bases:
The legal bases for processing the personal data on our social media channels differ depending on the case constellation of your use and/or request. The following legal bases may exist:

-          Legitimate interest pursuant to Art. 6 (1) (f) GDPR
Our legitimate interest exists in the analysis, communication, sales and advertising of our products and services.

-          Consent of the user in accordance with Art. 6 (1) (a) GDPR
The user has already given prior consent to the use of his or her personal data vis-à-vis the platform operator.

-          Fulfilment of a contract or implementation of pre-contractual measures in accordance with Art. 6 (1) (b) GDPR
The communication with the user or the (e.g. queries about purchased products with purchase contract, application, etc.)

Further information on processing processes, procedures and services:

Instagram: Social network;
Service Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
Website: https://www.instagram.com.
Privacy Policy: https://instagram.com/about/legal/privacy.

Facebook: Profiles within the social network Facebook
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
Website: https://www.facebook.com;
Privacy Policy: https://www.facebook.com/about/privacy;
Basis for third-country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses, https://www.facebook.com/legal/EU_data_transfer_addendum .
Agreement on joint responsibility: https://www.facebook.com/legal/terms/information_about_page_insights_data.

X (formerly Twitter): Social network;
Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland;
Website: https://www.twitter,com
Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).

TikTok: Social network / video platform;
Service Provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP;
Website: https://www.tiktok.com.
Privacy Policy: https://www.tiktok.com/de/privacy-policy.

LinkedIn: Social Network
Service Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland;
Website: https://www.linkedin.com;
Privacy Policy: https://www.linkedin.com/legal/privacy-policy;
Data Processing Agreement: https://legal.linkedin.com/dpa;
Basis for third-country transfers: Standard contractual clauses (https://legal.linkedin.com/dpa).
Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

YouTube: Social network and video platform;
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Website: https://www.youtube.com;
Privacy Policy: https://policies.google.com/privacy;
Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
Right to object (opt-out): https://adssettings.google.com/authenticated.

Xing: Social network;
Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany;
Website: https://www.xing.de;
Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.[EP2] [TK3] 

 

16. What rights do you have in relation to your data?
You have a number of rights in relation to your personal data held by us:

·        The right to object: you no longer wish to receive our commercial communications, object to a decision related to your profiling or withdraw your consent

·        The right to rectify your data: Have you changed your place of residence or email address? Inform us by keeping your data up to date!

·        The right to access your data: You can request a copy of all your personal data held by us in an intelligible format.

·        The right to erasure of your data: You wish to delete your entire customer account and destroy all personal data in our possession. We will comply with your request, with the exception of the accounting and tax records relating to your transactions, as well as the data necessary for the preparation of our evidence files (in the event of legal proceedings), which must be kept.

·        The right to block the use of your data: If you are in a procedural situation and want to prevent the deletion of your data, your data will be kept without being used.

·        The right to take your data with you: You want to recover some of your data. You are then free to store them elsewhere or easily transfer them from one system to another so that they can be reused for other purposes.

Below you will find all our contact details for exercising these rights.

 

17. Do you have any questions? Contact us!
Do you have a question? Do you no longer want to receive our newsletters? Delete your account?

Then contact our data protection team, who will answer all your questions and ensure the protection of your personal data.

You can contact our Data Protection Officer and his team directly:

·        By post to the following address:
EVENT PARK GmbH, Data Protection Department, Zur Weißen Mark 1, 04249 Leipzig, Germany

or

·        by e-mail to the following address: datenschutz@belantis.de

If there are serious doubts about your identity and there is no other option, you may be asked to provide proof of identity for the processing of your request, simply to ensure that we are dealing with the right person.

If, despite our efforts, you have the impression that our answer is incomplete, you can contact the responsible data protection authority: Saxon Data Protection and Transparency Officer, P.O. Box 11 01 32, 01330 Dresden; www.datenschutz.sachsen.de; post@sdtb.sachsen.de

18. Final Provision
We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out or adjustments to legal requirements make this necessary. We will inform you as soon as the changes require you to cooperate (e.g. consent) or other individual notification.

The current data protection declaration can be  accessed, viewed and printed by you at any time on our website under www.belantis.de/datenschutz.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.

Version: 5.0 / 2026
Leipzig, January 2026