Privacy Policy
(Last updated 14th July, 2023)
Overview
We at Maurer Rides GmbH, along with our subsidiaries and affiliates (collectively, the "Maurer Group," "we," or "us") value your privacy rights and are committed to being transparent about our data practices. This Global Privacy Notice applies whether you visit us in person or interact with us online or via a mobile device and it provides you with information about the following:
- our use of your data;
- our sharing of your data;
- our collection of your data;
- which cookies we use;
- our international transfers of your data;
- our legal basis for processing your data;
- our data retention practices;
- our security measures;
- your rights and choices relating to your data; and
- contacting Maurer Rides.
How we use your personal data
We use your personal data to do the following:
- to provide goods and services to you;
- to process and track your orders, process payments, and coordinate delivery of merchandise;
- to verify your identity so that you can access, view, and share videos and photos;
- to manage any registered account that you hold with us;
- to operate, evaluate and improve our business (e.g. developing new products and services; improving our products and services; analyzing our customer base; and performing accounting, auditing, and other internal functions);
- to manage customer service interactions with you;
- to send you promotional materials and other communications,
- to comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations, and our policies; and
- to perform other functions for which we provide specific notice at the time of collection. In addition, we use data collected through cookies, web beacons, pixels, web server logs and other automated means for purposes such as (i) customizing your visits to our websites and apps, (ii) delivering banner advertisements to you on other websites, (iii) delivering content tailored to your interests and the manner in which you browse our websites and apps, and (iii) managing our websites, apps and other aspects of our business.
What personal data we share
We share your personal data under the circumstances described below.
Third Party Service Providers
We share your personal data with third party service providers we engage to perform services on our behalf, such as processing credit card payments, reducing credit risk, fulfilling orders, data storage, website hosting, performing data analytics, and sending marketing messages. We do not authorize these service providers to use, disclose, or otherwise process your personal data except as required to perform services on our behalf.
Maurer Group
Your personal data may be shared with other Maurer companies around the world that make up the Maurer Group. These companies process your personal data in accordance with this Global Privacy Notice.
Attraction Operators
We work closely with the operators of the attractions where we provide video and photographic services. We may share your data with these operators so that they can evaluate and improve their businesses and also provide you with information about their offers and promotional events.
Others
If you log in to one of our websites through Facebook or other social media platforms the information you share may be shared with those social media platforms. Your personal data may be disclosed to a third party if we are required to do so because of an applicable law, court order, or governmental regulation or if the disclosure is necessary to support a criminal or other legal investigation or proceeding. If we are involved in a liquidation, reorganization, merger, acquisition, or sale of our assets then your personal data may be transferred as part of that transaction.
With Your Consent
We may disclose your personal data to others with your consent. For instance, your data will be shared if you send a link or email to allow your friends and family to view your photographs or videos.
What personal data we collect
We may collect the following personal data:
- your name, prefix, age, date of birth, and gender;
- photographs and videos of you;
- your contact details including; postal addresses, telephone numbers, and email addresses;
- your payment card details when you make a purchase or place an order;
- your communications with us;
- the location of the attraction you visited and date and time of your visit;
- your ride data on the attraction you visited, such as ride time and ranking position;
- username and password;
- your communication and marketing preferences;
- publicly available personal data, including data you have shared via a public platform such as Twitter or Facebook;
- purchases made by you;
- your online browsing activities; and
- information we obtain from our third party service providers; In addition, when you visit our websites, open our emails, use our apps or interact with Maurer and Coaster.video related tools, widgets or plug-ins, we may collect certain information by automated means, such as cookies, web beacons and web server logs. The information we collect in this manner includes IP address, unique device identifier, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on our site, and dates and times of website visits.
What cookies we use
We use cookies. Cookies are small text files that are stored on your terminal device when you load the page. They cannot transmit viruses or malware to your computer, but they do contain information that enables the user to be identified. In terms of function, a distinction must be made between technically necessary and non-necessary cookies.
Technically necessary cookies
Technically necessary cookies are all cookies that are required for the operation of our website and its functions. These are usually set in response to an action you have taken. These include registration, login or settings such as language or cookie preferences. The processing of technically necessary cookies used on our website is based on § 6(1) f), DSGVO. The legitimate interest for necessary cookies is the user-friendly design of the website. It is possible to deactivate these cookies in the browser. In this case, error-free functioning of our website can no longer be ensured.
Technically unnecessary cookies
Technically unnecessary cookies are cookies that are not absolutely necessary for the operation of our website and its functions. The use of such cookies constitutes data processing that is only permitted with your active consent (§ 6(1) a), DSGVO). This also applies to the transfer of your personal data to third parties. We use technically unnecessary cookies as explained in the following sections to improve the user experience and to optimize our website.
Sentry
We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as details of the device or the time of the error, are collected anonymously and are not used in a personalised manner and are subsequently deleted. For more information, please see Sentry's privacy policy: https://sentry.io/privacy/. You can delete individual or all cookies via your browser settings. In addition, you have the option of generally deactivating cookies or restricting them to certain domains via your browser settings.
PostHog
This site uses PostHog: an analytics tool which tracks live events such as page views and link clicks on the website. Through PostHog Cloud EU we gather information about how users interact with the website and also capture session recordings which allow us to see where visitors are getting stuck, find solutions to these obstacles and as a result create a better user experience for them. IP addresses are anonymised within the analytics tracking. For more information on PostHog and GDPR compliance, please visit https://posthog.com/docs/privacy/gdpr-compliance.
Stripe
We use a payment tool provided by the American technology company and online payment service, Stripe, on our website. For customers within the EU, Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible. This means that if you choose Stripe as your payment method, your payment will be processed through Stripe Payments. Data necessary for the payment process will be forwarded to and stored by Stripe. In this privacy policy, we provide an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.
The technology company Stripe offers payment solutions for online payments. With Stripe, it is possible to accept credit and debit card payments in our webshop. Stripe handles the entire payment process. One significant advantage of Stripe is that you never have to leave our website or shop during the payment process, and the payment processing is very fast.
Why do we use Stripe for our website?
Naturally, we want to provide the best possible service with our website and integrated online shop, ensuring your comfort and utilization of our offerings. We understand that your time is valuable, so payment transactions must work quickly and smoothly. In addition to our other payment providers, we have found a partner in Stripe that ensures secure and fast payment processing.
What data is stored by Stripe?
If you choose Stripe as your payment method, personal data about you will also be transmitted to Stripe and stored there. This data includes transaction data, such as the payment method (credit cards, debit cards, or account number), bank code, currency, amount, and payment date. In a transaction, your name, email address, billing or shipping address, and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Furthermore, Stripe may collect technical data about your device (such as IP address), name, address, phone number, and your country to prevent fraud, provide financial reporting, and fully offer their services.
Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies unrelated to Stripe. However, the data may be shared with internal departments, a limited number of external Stripe partners, or to comply with legal requirements. Stripe also uses cookies to collect data. Here is a selection of cookies that Stripe may set during the payment process:
Name: m
Purpose: This cookie appears when you select the payment method. It stores and recognizes whether you access our website via a PC, tablet, or smartphone.
Expiration Date: after 2 years
Name: __stripe_mid
Purpose: This cookie is needed to conduct a credit card transaction. The cookie stores your session ID.
Expiration Date: after one year
Name: __stripe_sid
Purpose: This cookie also stores your ID and is used by Stripe during the payment process on our website.
Expiration Date: after the end of the session
How long and where are the data stored?
Personal data is generally stored for the duration of service provision. This means that the data will be stored until we terminate our collaboration with Stripe. However, to fulfill legal and regulatory obligations, Stripe may also store personal data beyond the service provision period. As Stripe is a global company, data can be stored in any country where Stripe offers services. Therefore, data may also be stored outside your country, for example, in the United States.
How can I delete my data or prevent data storage?
Please note that when using this tool, your data may be stored and processed outside the EU. Most third countries (including the USA) are currently considered not safe under current European data protection law. Data cannot be transferred, stored, and processed in unsafe third countries without appropriate safeguards (such as EU Standard Contractual Clauses) between us and the non-European service provider.
You always have the right to access, correct, and delete your personal data. If you have any questions, you can contact the Stripe team at https://support.stripe.com/contact/email.
You can delete, disable, or manage cookies used by Stripe in your browser. The method may vary depending on the browser you use. Under the "Cookies" section, you can find the respective links to the instructions for the most popular browsers.
Legal Basis
To handle contractual or legal relationships (Art. 6(1)(b) GDPR), we offer Stripe as a payment service provider, in addition to traditional banks/credit institutions. The successful use of the service also requires your consent (Art. 6(1)(a) GDPR) if the use of cookies is necessary.
Stripe processes data from you in the USA and other locations. We want to inform you that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may involve various risks to the legality and security of data processing.
As the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfers to these countries, Stripe uses so-called Standard Contractual Clauses (= Art. 46, para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA). These clauses commit Stripe to maintain the level of European data protection when processing your relevant data, even when the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
For more information about the Standard Contractual Clauses and the data processed through the use of Stripe, please refer to the Privacy Policy at https://stripe.com/at/privacy.
What personal data we transfer internationally
Maurer Rides operates a global business. As a result, we may transfer your personal data outside of the country in which it was originally collected, such as the United States or the United Kingdom. This will typically occur because a service provider is located outside the country where the personal data was collected. The United States, European Economic Area ("EEA") Member States, and other countries have different laws. For example, the circumstances in which law enforcement can access personal information may vary from country to country. Data in the US, in particular, may be accessed by government authorities in accordance with US law. If your data is collected or otherwise processed in the European Union we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside the EU. These include implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect any personal information they process from the EEA in accordance with European Union data protection law.
Legal basis for processing personal data
Generally, we rely on three separate and overlapping bases to process your personal information lawfully.
Consent
First, when you have given us consent to process your data in certain ways, we will rely on your consent. For example, we generally rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message. Customers have the right to withdraw consent at any time.
Contract fulfillment
Second, we process personal data when it is necessary to perform a contractual obligation. For example, we provide your shipping address to a third-party fulfillment vendor so that merchandise you have ordered can be shipped to you.
Legitimate interests
Third, we may process your personal data where necessary to fulfill our legitimate interests, where those interests are not overridden by your rights or interests. These legitimate interests include:
- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health, and welfare;
- promoting, marketing, and advertising our products and services;
- sending promotional communications which are relevant and tailored to individual customers;
- understanding our customers' behavior, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behavior and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- managing insurance claims by customers;
- protecting Maurer Rides, its employees, and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Maurer Rides;
- effectively handling any legal claims or regulatory enforcement actions taken against us; and
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
How long we retain personal data
We keep your personal data in accordance with our own guidelines, procedures, and principles. Generally, if you register an account with us then we will retain your personal data for as long as your account is active. We will deem your account inactive if you do not upload, download, or sign in to the account for a period of five years, in which case your personal data will be deleted. For additional information about your rights concerning your data please review the information below under "Your rights and choices."
How we protect personal data
We maintain administrative, technical, and physical safeguards that are designed to protect your personal data against, accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use.
Your rights and choices
If our processing of your data is subject to EU privacy rules, you have the following rights (some of which are subject to conditions or qualifications):
- to ask what personal data we hold about you and to obtain a copy of your personal information in an easily accessible format and (for some data) also a right of portability;
- to ask us to update or correct the personal data we hold about you;
- to ask us to delete personal data we hold about you;
- to ask us to restrict or limit the ways in which we use your personal data; and
- to opt out of any marketing messages we may send you. If you would like to exercise any of these rights or would like further information please contact us through one of the channels listed under "Contact Maurer Rides." We will respond as promptly as possible. You have the right to lodge a complaint with a data protection authority. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm). The data controller of your personal information is Maurer Rides GmbH.
Do not track
Do Not Track ("DNT") is an optional browser setting that allows you to express your preferences regarding tracking across websites. We currently do not respond to DNT signals. We may continue to collect information in the manner described in this Privacy Policy from web browsers that have enabled DNT signals or similar mechanisms.
Update to this privacy notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. You can see when this Privacy Notice was last updated by checking the "last updated" date displayed at the top of this Privacy Policy.
Contact Maurer Rides
If you have any questions about your personal data or if you want to exercise your rights regarding your personal data please contact us by any of the following means: Email us: info@coaster.video Write: Maurer Rides GmbH Ammerthalstr. 34 85551 Kirchheim/Munich Germany