Data protection information for business partners, service providers and suppliers
On the following pages, we inform you about the processing of personal data within the context of business relationships with our company. You will also find information about your rights under the EU General Data Protection Regulation (GDPR).
This data protection information applies generally to the initiation and execution of business relationships. What applies in your specific case depends on the particular subject of your interest or the contract concluded with you.
Who is responsible for data processing?
Serengeti-Park Hodenhagen GmbH
Am Safaripark 1
29693 Hodenhagen
Telephone: 05164 / 97 99 142
Email: sekretariat@serengeti-park.de
Who is the contact person for data protection questions?
We have an external data protection officer:
HUBIT Datenschutz GmbH & Co. KG
Lise-Meitner-Str. 2
28359 Bremen
Telephone: 0421 / 33 11 43 00
Email: datenschutz@hubit.de
Which data sources do we use?
We generally receive personal data directly from our business partners, suppliers, service providers, or prospective clients. In the context of business referrals, we may also receive data from third parties in individual cases.
We collect data from other sources only in exceptional cases. This is always done with explicit consent, unless the source is publicly accessible (e.g., website, telephone directory).
What data is processed?
In general, we process the following data, sometimes only when you visit the park grounds:
▪ Personal data (name)
▪ Company/Job title (if applicable)
▪ Address and contact details
▪ Inquiry/Business interest
▪ Contract and billing data
▪ Bank and payment details
▪ Tax data (VAT ID, if applicable)
▪ Planning and control data
▪ Vehicle registration number (gatekeeper access)
▪ Video images (access control; security of ticket counters, rides, and animal enclosures)
For what purpose do we process the data?
We process personal data only to the extent necessary to answer general inquiries and to initiate and execute contracts.
We comply with all applicable legal regulations, in particular the GDPR and the German Federal Data Protection Act (BDSG). Depending on the specific subject of the data processing, it is based on one of the following legal grounds:
▪ Consent of the data subject
Art. 6 para. 1 lit. a GDPR
If you have given us your consent to process your personal data for specific purposes (e.g., advertising by email), this constitutes the legal basis for the data processing.
▪ Initiation and performance of contracts
Art. 6 para. 1 lit. b GDPR
The processing of personal data generally takes place for the initiation and performance of a contract (oral or written) that you wish to conclude or have already concluded with us.
▪ Compliance with legal obligations
Art. 6 para. 1 lit. c GDPR
Some data processing is mandatory based on a statutory or other legal provision. This includes, for example, documentation and retention obligations under commercial and tax law.
▪ Overriding legitimate interest
Art. 6 para. 1 lit. f GDPR
Otherwise, we may also process personal data to protect the legitimate interests of our company or third parties, provided that these outweigh your interests as a data subject in a balancing test.
An overriding legitimate interest exists in particular in the following cases:
▪ Ensuring animal welfare and species protection
▪ Safety of park visitors / rides
▪ Exercising the right of domicile
▪ Prevention and investigation of criminal offenses
▪ Assertion or defense of legal claims
▪ Ensuring IT security
▪ Statistical analysis / controlling
▪ Business management / further development
To whom will my data be disclosed?
Within our company, only those persons who need access to your data within the framework of internal task allocation for the fulfillment of the specific purpose, in particular contractual or legal obligations, have access to it.
Data is transferred to third parties in accordance with legal regulations, in particular the GDPR and the German Federal Data Protection Act (BDSG). Data may be transferred to, in particular:
▪ Banks / Credit Institutions (payment processing)
▪ Tax Advisors / Auditors
▪ Lawyers / Insurance Companies (if applicable)
▪ Public authorities and institutions
▪ IT service providers (hosting, maintenance)
If you have given us your consent to transfer your data to specific recipients, data may also be transferred to them.
Is data transferred to a third country?
Data is generally processed in Germany or in other member states of the EU or the EEA.t.
Insofar as IT contractors are under the controlling influence of parent companies located in a third country and the transfer of at least metadata cannot be completely ruled out, they have been contractually obligated to comply with data protection regulations in accordance with the GDPR by means of EU Standard Contractual Clauses and/or an adequacy decision by the EU Commission and, where necessary, certification (e.g., EU-U.S. Data Privacy Framework/DPF).
How long will my data be stored?
Your data will be processed and stored by us for as long as it is necessary to fulfill the respective specific purpose. Once this purpose has been fulfilled or no longer applies, your data will generally be deleted.
Data will not be deleted if a legal obligation to retain it exists, if the data must be retained for evidentiary purposes for the duration of a limitation period, or if consent has been given for longer data storage.
What (data protection) rights do I have?
Data subjects have the following rights:
▪ Right of access, Art. 15 GDPR
▪ Right to rectification of inaccurate data, Art. 16 GDPR
▪ Right to erasure, Art. 17 GDPR
▪ Right to restriction of processing, Art. 18 GDPR
▪ Right to data portability, Art. 20 GDPR
▪ Right to object, Art. 21 GDPR
▪ Right to withdraw consent, Art. 7 GDPR
▪ Right to lodge a complaint with a supervisory authority, Art. 77 GDPR
If you have given us your explicit consent to process your data, you can withdraw it at any time. The withdrawal only applies to future data processing and does not affect the lawfulness of processing based on consent before its withdrawal. In the event of a withdrawal, further processing of the data for the specific purpose is no longer possible.
You can object to the processing of data based on a legitimate interest as the legal basis. The specific processing may no longer be permitted unless we have compelling legitimate grounds for continuing the processing or the processing serves the establishment, exercise, or defense of legal claims.
If you wish to exercise your rights, please contact us directly or our data protection officer (see above).
What are my obligations?
As part of a business relationship, you must provide the data necessary for the performance of the contract and for compliance with legal requirements.
Without this essential data, it is generally impossible to conclude and/or perform a contract. If mandatory data is not provided, a concluded contract may have to be terminated, and you may still have a financial claim for payment or damages.
The data you provide must be accurate, and any changes must be communicated to you.
Is automated decision-making or profiling used?
No, we make our decisions individually with human involvement and do not create profiles.
Is profiling used?
No, no profiling takes place.
Status: 09/2025