Netherlands Theme Parks & Attractions

Privacy Policy

Last updated: December 2025

1. Introduction

Netherlands Theme Parks & Attractions ("we", "our", "us", or "Company") is committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) and the Dutch Data Protection Act (Algemene Verordening Gegevensbescherming - AVG). This Privacy Policy explains how we collect, use, process, disclose, and safeguard your personal information when you visit our website located at www.netherlands-themeparks.nl (the "Website").

2. Data Controller

Netherlands Theme Parks & Attractions is the data controller responsible for your personal data. Our contact information is:

Netherlands Theme Parks & Attractions
Damrak 1
1012 LG Amsterdam
Netherlands
Email: [email protected]
Phone: +31 (0) 20 945 38 01

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Consent: When you voluntarily provide information through our contact form
  • Legitimate Interest: For website analytics, security, and improvement of our services
  • Legal Obligation: To comply with applicable laws and regulations

4. Information We Collect

We collect the following categories of personal data:

4.1 Personal Data You Provide

When you contact us through our contact form, we collect:

  • Name (first name and last name)
  • Email address
  • Subject of inquiry
  • Message content and any additional information you voluntarily provide
  • Any attachments or files you may upload

We process this data based on your consent when you submit the contact form. You have the right to withdraw your consent at any time.

4.2 Automatically Collected Data

When you visit our Website, we automatically collect technical information through server logs and analytics tools:

  • IP address (may be anonymized)
  • Browser type and version
  • Operating system and device type
  • Screen resolution and color depth
  • Language preferences
  • Access times and dates
  • Pages viewed and navigation patterns
  • Time spent on pages
  • Referral source (how you arrived at our Website)
  • Search terms used
  • Click patterns and interactions
  • Geographic location (country and city level, based on IP address)

This data is collected based on our legitimate interest in understanding how our Website is used and improving user experience. We use this information in aggregated and anonymized form.

4.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior. For detailed information about the types of cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

4.4 Data from Third-Party Sources

We may receive information about you from third-party services:

  • Google Analytics: Aggregated and anonymized website usage statistics
  • Google Maps: Location data when you interact with embedded maps
  • Social Media Platforms: If you interact with our content on social media, we may receive basic profile information

5. How We Use Your Information

We use the collected information for the following purposes:

5.1 Service Provision

  • To respond to your inquiries and provide customer support
  • To process and manage your contact form submissions
  • To communicate with you regarding your requests
  • To provide information about theme parks and attractions

5.2 Website Improvement

  • To analyze usage patterns and trends
  • To improve our Website functionality and user experience
  • To identify technical issues and optimize performance
  • To conduct research and analytics
  • To personalize content and recommendations

5.3 Communication

  • To send administrative information, including updates to our terms and policies
  • To notify you about important changes to our services
  • To respond to your questions and feedback

5.4 Legal and Security

  • To ensure Website security and prevent fraud, abuse, or unauthorized access
  • To detect and prevent security threats
  • To comply with legal obligations and respond to legal requests
  • To enforce our Terms of Service and other policies
  • To protect our rights, property, and safety, as well as that of our users

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

  • Contact Form Submissions: Retained for 24 months from the date of submission, unless you request deletion earlier or we have a legal obligation to retain it longer
  • Website Analytics Data: Retained in anonymized form for up to 26 months (Google Analytics default retention period)
  • Server Logs: Retained for 12 months for security and troubleshooting purposes
  • Legal Requirements: Some data may be retained longer if required by law, such as tax or accounting records (typically 7 years in the Netherlands)

6.2 Deletion

Upon expiration of the retention period or upon your request (where applicable), we will securely delete or anonymize your personal data. Deletion may be delayed if:

  • We have a legal obligation to retain the data
  • The data is needed for ongoing legal proceedings
  • Deletion would compromise legitimate business interests

7. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at [email protected]. We will respond within one month.

8. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

8.1 Service Providers

We may share data with third-party service providers who perform services on our behalf, such as:

  • Website hosting providers
  • Email service providers
  • Analytics providers (Google Analytics)

All service providers are contractually obligated to protect your data and comply with GDPR.

8.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

8.3 Google Services

Our Website uses Google Maps and may use Google Analytics. Your use of these services is subject to Google's Privacy Policy. We do not control Google's data collection practices.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our service providers are located.

9.1 Transfer Mechanisms

We ensure appropriate safeguards are in place to protect your data when transferred outside the EEA:

  • Standard Contractual Clauses: We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy Decisions: We may transfer data to countries with adequacy decisions by the European Commission
  • Binding Corporate Rules: Some service providers have Binding Corporate Rules approved by data protection authorities

9.2 Third-Party Transfers

When we use third-party services that transfer data outside the EEA:

  • Google Analytics: Data is processed in the United States. Google is certified under the EU-U.S. Data Privacy Framework
  • Google Maps: Location data may be processed by Google servers worldwide
  • Hosting Providers: Our hosting provider may process data in various locations, but we ensure GDPR-compliant contracts are in place

9.3 Your Rights Regarding Transfers

You have the right to be informed about international data transfers and to request information about the safeguards in place. You can also object to certain transfers, though this may affect our ability to provide certain services.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

10.1 Technical Measures

  • Encryption: SSL/TLS encryption (HTTPS) for all data transmission between your browser and our servers
  • Secure Servers: Hosting on secure, regularly updated server infrastructure
  • Firewalls: Network firewalls and intrusion detection systems
  • Regular Updates: Regular security patches and software updates
  • Backup Systems: Regular encrypted backups stored securely
  • Access Logging: Comprehensive logging of system access and changes

10.2 Organizational Measures

  • Access Controls: Limited access to personal data on a need-to-know basis
  • Authentication: Strong password policies and multi-factor authentication where appropriate
  • Staff Training: Regular training on data protection and security practices
  • Security Assessments: Regular security audits and vulnerability assessments
  • Incident Response: Procedures for detecting, reporting, and responding to security incidents
  • Data Minimization: Collecting only the data necessary for specified purposes

10.3 Security Limitations

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

10.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Dutch Data Protection Authority (AP) within 72 hours
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Provide information about the nature of the breach and measures taken

11. Children's Privacy

Our Website is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected data from a child under 16, we will delete such information promptly.

12. Third-Party Links

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Complaints

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens - AP):

Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
Netherlands
Website: www.autoriteitpersoonsgegevens.nl

14. Your Right to Lodge a Complaint

If you believe that we have not adequately addressed your privacy concerns or violated your rights under GDPR, you have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is:

Autoriteit Persoonsgegevens (AP)
Postbus 93374
2509 AJ Den Haag
Netherlands
Phone: +31 (0) 70 888 85 00
Website: www.autoriteitpersoonsgegevens.nl
Email: [email protected]

You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

15. Data Protection Officer

While we are not currently required to appoint a Data Protection Officer (DPO) under GDPR Article 37, we take data protection seriously. For any data protection inquiries, please contact us using the contact information provided in Section 16.

If our circumstances change and we become required to appoint a DPO, we will update this Privacy Policy accordingly and provide contact information for the DPO.

16. Automated Decision-Making and Profiling

We do not use automated decision-making processes, including profiling, that produce legal effects concerning you or similarly significantly affect you. If this changes in the future, we will update this Privacy Policy and provide you with information about the logic involved and the significance and consequences of such processing.

17. Special Categories of Personal Data

We do not intentionally collect special categories of personal data (sensitive personal data) as defined in GDPR Article 9, such as:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data
  • Health data
  • Sex life or sexual orientation

If you voluntarily provide such information in your communications with us, we will process it only with your explicit consent and in accordance with applicable law.

18. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons.

18.1 Notification of Changes

We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • For significant changes, we may provide additional notice via email or a prominent notice on our Website

18.2 Your Acceptance

Your continued use of the Website after changes are posted constitutes acceptance of the updated policy. If you do not agree with the changes, you should stop using the Website and may request deletion of your data.

18.3 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data.

19. Contact Us

For questions, concerns, or to exercise your rights regarding this Privacy Policy, please contact us:

Email: [email protected]
Phone: +31 (0) 20 945 38 01
Address: Damrak 1, 1012 LG Amsterdam, Netherlands