Data protection information for park visitors and overnight guests
On the following pages, we inform you about the processing of personal data in the context of park visits and the use of overnight accommodations. You will also find information about your rights under the EU General Data Protection Regulation (GDPR).
This data protection information applies generally to the initiation and execution of customer relationships. What applies in your specific case depends on the particular subject of your interest or the contract concluded with you.
Who is responsible for data processing?
Serengeti-Park Hodenhagen GmbH
Am Safaripark 1
29693 Hodenhagen
Telephone: +49 5164 / 97 99 142
Email: sekretariat@serengeti-park.de
Who is the contact person for data protection questions?
We have an external data protection officer:
HUBIT Datenschutz GmbH & Co. KG
Lise-Meitner-Str. 2
28359 Bremen
Phone: +49 421 / 33 11 43 00
Email: datenschutz@hubit.de
Which data sources do we use?
We generally receive personal data directly from park visitors, overnight guests, and other interested parties as data subjects.
As part of our tourist services, we may also receive personal data from third-party providers, such as tour operators or organizers of competitions.
We only collect data from other sources in exceptional cases. This is always done with explicit consent, unless the source is publicly accessible (e.g., website, telephone directory).
What data is processed?
In general, we process the following data:
▪ Personal data
▪ Address and contact details
▪ Inquiry / Business interest
▪ Contract and billing data
▪ Bank and payment details
▪ Vehicle registration number (origin statistics)
▪ ID check (overnight guests)
▪ Planning and control data
▪ Photos (e.g., action cams, rides, events)
▪ Video footage (access control; security at ticket counters, rides, and animal enclosures)
For what purpose do we process the data?
We process personal data only to the extent specifically necessary to answer general inquiries and to initiate and execute contracts.
We comply with all applicable legal regulations, in particular the GDPR and the German Federal Data Protection Act (BDSG). Depending on the specific subject of the data processing, it is based on one of the following legal grounds:
▪ Consent of the data subject
Art. 6 para. 1 lit. a GDPR
If you have given us your consent to process your personal data for specific purposes (e.g., publishing a photo), this constitutes the legal basis for the data processing.
▪ Initiation and performance of contracts
Art. 6 para. 1 lit. b GDPR
The processing of personal data generally takes place for the initiation and performance of a contract (oral or written) that you wish to conclude or have already concluded with us.
▪ Compliance with legal obligations
Art. 6 para. 1 lit. c GDPR
Some data processing is mandatory based on a statutory or other legal provision. This includes, for example, documentation and retention obligations or identity verification for overnight stays.
▪ Overriding legitimate interest
Art. 6 para. 1 lit. f GDPR
Otherwise, we may also process personal data to protect the legitimate interests of our company or third parties, provided that these interests outweigh your interests as a data subject upon balancing of interests.
An overriding legitimate interest exists in particular in the following cases:
▪ Ensuring animal welfare and species protection
▪ Safety of park visitors / rides
▪ Exercising our right to control access to our premises
▪ Prevention and investigation of criminal offenses
▪ Assertion or defense of legal claims
▪ Ensuring IT security
▪ Statistical analysis / controlling
▪ Business management / further development
To whom will my data be disclosed?
Within our company, only those individuals who require access to your data within the framework of internal task allocation for the fulfillment of the specific purpose, in particular contractual or legal obligations, have access to it.
Data is transferred to third parties in accordance with legal regulations, in particular the GDPR and the German Federal Data Protection Act (BDSG). Data may be transferred to, in particular:
▪ Payment service providers (cashless, online)
▪ Banks / credit institutions (payment processing)
▪ Tax advisors / auditors
▪ Lawyers / insurance companies (if applicable)
▪ Public authorities and institutions
▪ IT service providers (hosting, maintenance)
If you have given us your consent to transfer your data to specific recipients, data may also be transferred to them.
Is my data transferred to a third country?
Data is generally processed in Germany or in other EU or EEA member states.
If IT contractors are under the controlling influence of parent companies located in a third country and a transfer of at least metadata cannot be completely ruled out, they have been contractually obligated to comply with data protection regulations in accordance with the GDPR by means of EU Standard Contractual Clauses and/or an adequacy decision by the EU Commission and, where necessary, certification (e.g., EU-U.S. Data Privacy Framework/DPF).
How long is my data stored?
Your data is processed and stored by us for as long as it is necessary to fulfill the respective specific purpose. Once this purpose has been fulfilled or no longer applies, your data is generally deleted.
Data is not deleted if a legal obligation to retain it exists, if the data must be retained for evidentiary purposes for the duration of a limitation period, or if consent has been given for longer data storage.
What (data protection) rights do I have?
Data subjects have the right to:
▪ Access, Art. 15 GDPR
▪ Rectification of inaccurate data, Art. 16 GDPR
▪ Erasure, Art. 17 GDPR
▪ Restriction of processing, Art. 18 GDPR
▪ Data portability, Art. 20 GDPR
▪ Objection, Art. 21 GDPR
▪ Withdrawal of consent, Art. 7 GDPR
▪ Lodge a complaint with a supervisory authority, Art. 77 GDPR
If you have given us your explicit consent to process your data, you can withdraw it at any time. Withdrawal of consent only applies to future data processing and does not affect the lawfulness of processing carried out before the withdrawal. In the event of withdrawal, further processing of the data for the specific purpose is no longer possible.
You can object to the processing of your data based on legitimate interest. In such cases, the specific processing may no longer be permitted unless we have compelling legitimate grounds for continuing the processing or the processing serves the establishment, exercise, or defense of legal claims.
If you wish to exercise your rights, please contact us directly or our data protection officer (see above).
What are my obligations?
As part of a customer relationship, you must provide the data necessary for the performance of the contract and for compliance with legal requirements.
Without this essential data, it is generally impossible to conclude and/or perform a contract. If mandatory data is not provided, a concluded contract may have to be terminated, and you may still have a financial claim for payment or damages.
The data you provide must be accurate, and any changes must be communicated to us.
Is automated decision-making or profiling used?
No, we make our decisions individually with human input and do not create profiles.
Is profiling carried out?
No, no profiling takes place.
Status: 09/2025