Privacy Policy

I. – WHO IS YOUR DATA CONTROLLER?

The data Controller for this website is Parques Reunidos Servicios Centrales, S.A. (hereinafter, referred to as the “Controller”), with registered office in C/ Federico Mompou 5, Parque Empresarial Las Tablas, Edificio 1, Planta 3, 28050 Madrid, Spain. If you have any data protection questions, you can write to the Controller’ Data Protection Office at the email dpo@grpr.com or the address C/ Federico Mompou 5, Parque Empresarial Las Tablas, Edificio 1, Planta 3, 28050 Madrid, Spain.

 

II.- FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO YOU PROCESS YOUR DATA?

The Controller inform the user or their legal representative qualified to provide their data through this website or for the acquisition of any of its products and/or services that their data will be processed by the Controller for the following purposes:

  1. Management of the purchase and services purchased and of the booked events. To formalise and manage the purchase of products and provision of the services offered by the Controller through this website, as well as to manage the organization of the booked events (e.g. corporative events, first communion event, etc.) The data will also be used to manage their contractual relationship to the customer. To this end, the Controller will process the customer’s data for purposes of contact, invoicing, collection and debt management, customer service, and claim management, among others.
    Legal basis: This processing is required for the enforcement of the agreement.
  2. Fulfilment of accounting, legal, tax, and administrative duties.
    Legal basis: This processing is required for the enforcement of the agreement.
  3. Delivery by electronic means of information about offers and promotions regarding products and services offered by the Controller. In order to offer products and services that might be of their interest, the customer will be sent information about leisure and hotel products and services offered by the Controller for their consideration. In any case, the customer may opt not to receive this kind of communication through the means provided in section V of this privacy policy.
    Legal basis: This processing will only be performed if the Controller have the customer’s consent.
  4. To send commercial communication including offers connected to products and/or services offered by the Controller that might be appealing of the customer, your personal data may be processed to create profiles based on internal sources (e.g. navigation from history and statistical cookies) whose result make it possible to create and analyse personalised products through segmentation into different groups on the basis of common patterns. To this end, the customer’s preferences regarding the communications received may be monitored and their behaviour regarding those communications may be analysed. These profiles may be used to send you personalised communications about products and/or services offered by the Controller.
    Legal basis: This processing will only be performed if the Controller have the customer’s consent.
  5. Answering queries. The Controller will process the data to answer any queries sent by the customer through the website. Legal basis: This processing will only be performed if the Controller have the customer’s consent. When sending a query, a customer will be understood to give their consent to the processing of their data for this purpose.
  6. Surveys among customers or potential customers. In order to verify the quality of communications, of the Controller’ procedures, of the customer services, as well as of the Controller’ products and/or services, the Controller may conduct satisfaction surveys among their customers and/or potential customers.
    Legal basis: This processing is based on the Controller’ legitimate interest. To improve the Controller’ procedures, surveys may be conducted among customers and/or potential customers to find their level of satisfaction and thus improve those matters that require it. The customer and/or potential customer may always opt not to receive this kind of communication from the Controller.

IF YOU ARE UNDER 13, we need your parents’ or tutors’ consent, so they must confirm that they are your parents or tutors and given their consent for us to accept your request.

 

III. – HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

Any personal data to which access is given will be processed for as long as the contractual relationship lasts. After this period, the Controller will retain your personal data, duly blocked, after the contractual relationship has come to an end, in order to make them available to the competent Public Administrations, Judges and Courts or the Prosecutor’s Office until any actions that might derive from the relationship with the client become time-barred and/or the retention periods established by law end. The Controller will proceed to physically eliminate your data once these deadlines have elapsed.
Also, if the customer has consented to the delivery of commercial communications, the Controller may process their personal data as described in this privacy policy. You may opt out of receiving these communications if you see fit by the means stated in section V or by de-subscribing from the newsletter.

 

IV. – TO WHOM WILL WE TRANSFER YOUR DATA?

The Controller will transfer customer data to:

  • Regulatory and controlling authorities, competent public bodies, Judges, and Courts.
  • The Controller work with third-party service providers that have access to customers’ personal data and process those data for and on behalf of he Controller as a result of their provision of services. More specifically, the Controller outsource the provision of services from third-party providers that, without limitation, work in the following sectors: legal advisory services, multidisciplinary professional services, technological services, IT services.

 

V. – WHAT RIGHTS DO YOU HAVE WHEN YOU GIVE US YOUR DATA?

The user/customer may exercise, if they so wish, their rights of data access, rectification, and deletion, as well as request that the processing of their personal data be restricted and that they not be the object of individual automated decisions, by sending a message in both cases in writing to the Parques Reunidos Data Protection Delegate at C/ Federico Mompou 5, Parque Empresarial Las Tablas, Edificio 1, Planta 3, 28050 Madrid, Spain, or else by sending an email to dpo@grpr.com, attaching in both cases a copy of their national identification number, tax identification number, or identifying official document.
The user/customer may, regarding any processing based on their consent, withdraw their consent at any time and object to processing on the basis of legitimate interest if they see fit, by means of the procedure detailed in the previous paragraph.

 

VI. – HOW DID WE OBTAIN YOUR DATA?

The personal data processed by the Controller are the personal data obtained from interested subject when they entered their data through this website and/or during the contractual relationship between the parties.
During the contractual relationship, the Controller may process third-party data provided by the customer. In this regard, the customer agrees to inform all these individuals of these data protection provisions and obtain the third parties’ consent to the processing of their data by the Controller.

 

VII. – BEFORE WHICH AUTHORITY MAY YOU BRING YOUR CLAIMS?

The user/customer may file a claim with the Spanish Data Protection Agency regarding the answer received from the Controller when exercising their rights. In any case, you may initially address the Parques Reunidos Data Protection Officer at the email address dpo@grpr.com or else at C/ Federico Mompou 5, Parque Empresarial Las Tablas, Edificio 1, Planta 3, 28050 Madrid, Spain, to solve any problem so that the Controller may assist you.