Mundo Aquático, S.A. ("Zoomarine"), as part of the provision of its services, needs to collect some personal data from its customers.
On the other hand, the increasingly frequent interaction with the users of our websites (hereinafter "the Pages") and mobile application (hereinafter "APP"), also requires, in some cases, the collection of personal information from the user to allow the latter to benefit from services provided by Zoomarine, or the collection of data from their devices (via cookie files), to improve the performance of the Pages and APP.
- We want our Customers to be aware of the general rules on privacy and the terms of processing the data we collect, ensuring strict respect for and compliance with the legislation applicable in this area, in particular (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 ("General Data Protection Regulation" or "GDPR").
- Zoomarine seeks to respect best practices in terms of the security and protection of personal data by promoting actions and improving systems in order to ensure the protection of the data made available to us by our Customers.
- Personal data shall mean any information of any kind, whatever the medium used, including sound and image, relating to an identified or identifiable natural person (data subject). A person who can be identified directly or indirectly, in particular by reference to an identification number or to more specific elements of his/her physical, physiological, mental, economic, cultural or social identity, shall be considered identifiable.
- Zoomarine collects and processes the personal data necessary for the provision of its services or for managing your contacts with us. We can also receive your personal data from our suppliers who provide you with services on our behalf, from our partners or from third parties acting on our behalf (e.g. travel agents or other entities that book a ticket for you).
- For further information about the sharing of your data with other entities, see the section "UNDER WHAT CIRCUMSTANCES DOES DATA REPORTING TO OTHER ENTITIES OCCUR?" below.
- In this regard, your personal data may include, inter alia, your name, your identification and contact details or other data (e.g. your booking number) or information about how you use our Pages or how you interact with us.
- Biometric data (fingerprint) may be collected and used for the purchase of “2nd Day Entries”, with the prior consent of the Customer. That data will be processed in encrypted and unalterable format, guaranteeing its security and inviolability.
- Zoomarine also collects localisation data with the prior consent of the Customer, subject to compliance with the applicable legal rules.
- Zoomarine is particularly concerned about the protection of children's rights, so the collection of personal data from minors under the age of 18 years is dependent on the consent of their parents/guardians. To this end, when collecting data from minors, the e-mail of the parents/guardians shall be requested to confirm that they consent to the processing of personal data of the minors concerned.
|The provision of certain personal data is compulsory and, in the event of the lack or inadequacy of said data, Zoomarine will not be able to provide the product or service concerned. In such cases, the Customer or user will be duly informed of the obligation to provide said data in order to continue the process.||
When booking a ticket
When you purchase in our online shop
|Biometric data (fingerprint)||When purchasing a “2nd Day Entrance”, and provided Customer consent is obtained|
|Information about your bookings, if you need specific assistance. This information may include any changes to your ticket bookings.||When booking your ticket or managing your Zoomarine experience|
|Information about your health, if you have a medical condition that may affect your experience (see the section "Special Data Categories" below for more information in this regard)||When you give us this information.|
|Geographical location data||
When using the search/booking services on our Pages, if you have said functionality active on your devices and with your consent, in order to speed up the ticket search and booking process
|Information about other visitors in your booking, including the ages of any children accompanying the Customer.||When making a booking on behalf of other visitors
(If you book a ticket on behalf of someone else, you must have that person's consent to use their personal data. As regards visitors under the age of 18, consent should be given by the respective holders of parental responsibility.
|Information about your transaction, including your payment card details||When purchasing Zoomarine products or services|
|The communications you exchange with us (for example, your e-mails, letters, or calls to the Zoomarine Contact Center)||When you contact Zoomarine or are contacted by Zoomarine|
|Your publications and messages on social media addressed to Zoomarine||When you interact with us on social media|
|What you think about us||When participating in our satisfaction questionnaires/surveys|
Information about how to use the Page, applications or other platforms
|When you use our Pages and APP|
4.2 Special Personal Data Categories
- When providing our services, we may collect information that could reveal your racial or ethnic origin, information about your health, religious beliefs or criminal offences and also biometric data. Said information shall be regarded as "special data categories" in accordance with the General Data Protection Regulation.
- We only collect this information if you have given us your specific consent, if it is necessary because of a legal obligation imposed on Zoomarine or if you have made said information manifestly public.
- For example: we may collect this information for your safety, when you have a specific health condition that you have to inform us about; if you need special assistance during a visit, which may reveal information about your health (e.g. if you request a wheelchair); if you inform us about specific food requirements, this could potentially indicate that you have certain religious beliefs; and when you provide us with the details of your travel document, your nationality may reveal your racial or ethnic origin.
- Browsing data (e.g. browser type, operating system, source Website domain, pages viewed, geographic origin of session) are collected automatically (i.e. without logging in) by third parties (e.g. Google Analytics).
- Sometimes, we may collect non-individualized images of our visitors, in the context of events with an audience, in accordance with paragraph 2 of article 79 of the Portuguese Civil Code and paragraph f), paragraph 1 of article 6. of the GDPR.
- On the same day, at the entrance to the Park, information about the collection of images (video and/or photography) will be available.
- The image will not be reproduced or used if it results in damage to the honor, reputation or simple decorum of any of the people portrayed.
- If you do not wish your image to be captured in this context, please inform the nearest staff member
5. Why is your personal data collected?
- The personal data of Zoomarine Customers is generally used in the provision and management of contracted or booked services, as well as for the study, improvement and adaptation of services to the needs and interests of the Customer, in particular to speed up ticket booking processes or purchasing Zoomarine products.
- However, customers may provide their personal data for other purposes, such as for receiving institutional information from Zoomarine, participating in competitions and market surveys, receiving marketing communications (such as campaigns and promotions about our services and products) and submitting complaints and suggestions.
- In this regard, we use your personal data for the following purposes:
- 5.1 To manage your bookings and provide our services
- When you visit us, we use your aforementioned information to provide our services on your ticket, for example, to issue tickets and manage your experience and stay in the park.
- 5.2 To communicate and manage our relationship with you
- Occasionally, we may contact you by e-mail and/or SMS for administrative or operational reasons, for example, to send you confirmation of your bookings, purchases and payments or to inform you about changes to your visit, tickets or products.
- Since these communications are not made for marketing purposes, you will continue to receive them even if you have chosen not to receive marketing communications.
- We will also use your personal data to respond to your requests, suggestions or contacts, to improve our services and your experience as a Zoomarine customer.
- 5.3 To inform you about news and offers in your interest
- We may send you marketing communications if you have indicated that you want to receive them, for example when you make a booking with us at https://tickets.zoomarine.pt/pt/ if you choose to receive these communications.
- If you agree to receive marketing communications, we will send you newsletters with news about us or offers you might like. These offers may include information about our tickets and other associated products.
- The data collected in the Newsletter subscription is stored on an “E-Goi” CRM tool for database management. The database is owned by Mundo Aquático, S.A and access is restricted to the data controller entity responsible for sending the newsletter.
E-mail tracking data is collected to monitor the performance of the action and to adapt the contents.
- This e-mail data will only be stored for as long as the user keeps his/her subscription active.
- Please note that we do not share your personal data with other companies for marketing purposes unless we have your consent to do so.
- If you do not wish to receive any more marketing communications from us, just click the "remove" link to cancel the subscription at the bottom of any marketing communication sent by Zoomarine. Alternatively, you may ask Zoomarine not to send you marketing communications by sending an e-mail to email@example.com entitled "Unsubscribe".
- 5.4 To improve our services and meet our administrative and business objectives
- The business objectives for which we use your information include accounting, billing and auditing, fraud analysis, security, legal and procedural effects, statistical studies and systems development and maintenance.
- 5.5 To meet our legal obligations
- 5.6 Para análise estatística
- The navigation data on the pages collected is used for statistical analysis and is studied using associated enterprises (e.g.: Google Analytics) to monitor the level of interest on our Page and improve its performance and adapt the contents. This same navigation data may be used to create target audiences to show their content, whether sponsored or otherwise, through Google Adwords, matching the information in the right way and in the interests of the user, based on previous interests, location, age or demography
- 5.7 To offer online mobile app services
- Online applications services use your location; for example, to display your places of interest.
- To simplify the use of our online services or applications, we may analyse the data we collect regarding the use of digital media and combine it with information collected through cookies and similar technologies. The data collected are used to know which digital channel (email, social media) or device (desktop, tablet or mobile) you prefer, so that we can focus our communication on that channel or device.
- The personal data collected shall be processed in strict compliance with the applicable law and shall be stored on specific databases created for that purpose.
- The period of time during which data is stored and retained varies according to the purpose for which the information is used. There are, however, legal requirements that require the retention of data for a certain period of time. Hence, whenever there is no specific legal requirement, the data shall be stored and retained only for the period necessary for the purposes of its collection, as identified above.
- The retention periods for each type of data are as follows:
|Video Surveillance images ||30 days|
|“Photo and Video” services images ||30 days|
|Data collected for bookings management||As long as the data is required|
|Biometric data (“2nd Day Entry”) ||10 days|
|Group booking data|| 1 year|
|Data required to enter into the “Dolphin Emotions” contract ||3 years|
|Data collected when providing “First Aid” assistance||3 years|
|Invoicing data||10 years|
|E-mail address for sending marketing information||50 years, or on the withdrawal of consent|
7. What are the rights of data subjects?
- Under the applicable law, the data subject may at any time request access to personal data concerning him or her, and the rectification, erasure or limitation of their processing, the portability of their data, or opposition to the processing thereof (with the exception of data strictly necessary for the provision of the service), upon written request to Zoomarine at the e-mail address firstname.lastname@example.org or at the address EN 125, KM 65, Guia, 8201-864 Albufeira.
- You may obtain confirmation that personal data relating to you has been processed and accessed, receiving a copy of the data processed by Zoomarine on request.
Under the law, you are also guaranteed the right to withdraw your consent to the processing of the data whose consent forms the basis for the legitimacy of the processing of said data. To this end, you are entitled to withdraw your consent at any time, though this shall not invalidate the processing carried out up to said date on the basis of the prior consent given.
The customer or user may also at any time request the deletion of his/her personal data in accordance with the legal provisions.
- You are also entitled, under the applicable law, to request the limitation of the processing or portability of your data, provided that the legally stipulated conditions have been met. To this end, you shall submit a request for the aforementioned contacts.
Subject to any other administrative or judicial appeal, the data subject shall be entitled to lodge a complaint with the CNPD or other competent supervisory authority under the law if he/she considers that his/her data is not being lawfully processed by Zoomarine in accordance with the applicable law and this Policy.
- Despite the security measures taken by Zoomarine, we advise all our Customers and users that when going online they should regularly take precautions and take additional security measures in this area, including through the use of an updated computer and browser, and ensure the use of shared computers, as well as access to their personal Customer accounts, by not sharing their access data with third parties.
- Mundo Aquático, S.A., does not assume any responsibility arising from the use of uncertain or incomplete data, or data provided by users that has not been updated, provided that it has not been informed about the correction or updating thereof. However, Mundo Aquático, S.A. shall take appropriate measures within its power to ensure, that inaccurate data is erased or rectified without delay, taking into account the purposes for which it is processed.
- As the Internet is an open network, the data circulating on it can be seen and used by third parties, therefore Mundo Aquático, S.A. can only guarantee the security of the data stored internally and that it owns.
- We provide security in using our platforms through Secure Socket Layer (SSL) technology, which consists of encrypting the communications produced between your personal computer and the server so that it cannot be intercepted.
- The payment pages available at our page https://tickets.zoomarine.pt and https://store.zoomarine.pt are the responsibility of the respective entity: MeoWallet and Paypal, thus the Credit or Debit Card and Paypal account data that is processed is collected by the latter. Zoomarine does not have access to your Credit/Debit Card or Paypal account data.
- For further information about cookies and how Zoomarine uses them on its websites or applications, see the Cookies Policy in point 15.
- Zoomarine is committed to ensuring the confidentiality, protection and security of the personal data of its Customers through the implementation of appropriate technical and organisational measures to protect its data from any undue or illegitimate processing and from any accidental loss or destruction of said data. To this end, we have systems and teams to ensure the security of the personal data processed by creating and updating procedures to prevent unauthorised access, accidental losses and/or destruction of personal data. We undertake to respect the legislation on the protection of personal data of Customers and to process this data solely for the purposes of its collection, as well as ensuring that said data is processed with suitable levels of security and confidentiality.
- Because we recognise the sensitivity of this information, we have drawn up and provided all our staff with a Personal Data Protection Policy in order to ensure that they know about the obligations imposed on them in this regard. In order to ensure the continued awareness of our staff, we have also provided them with training courses and they undertake not to disclose to third parties or to use for purposes contrary to the law any personal information about Zoomarine Customers that they become aware of during the exercise of their duties.
- Zoomarine uses other entities to provide certain services. Any such provision of services may involve access by these entities to the personal data of its Customers.
- Hence, any subcontracting entity of Zoomarine will process the personal data of our Customers, in the name and on behalf of Zoomarine, following our instructions. Zoomarine shall ensure that said subcontracting entities provide sufficient guarantees for the implementation of appropriate technical and organisational measures to ensure that the processing complies with the requirements of the applicable law, and ensures the security and protection of the data subject's rights, in accordance with the subcontracting agreement concluded with said subcontracting entities.
- Zoomarine may also transmit the personal data of its Customers to third parties when it considers said data communications to be necessary or appropriate
- (i) in light of the applicable law,
- (ii) in fulfilment of legal obligations/orders, or
- (iii) in response to requests by public or government authorities.
- In any of the above situations, Zoomarine commits to taking all reasonable steps to ensure the effective protection of the personal data it processes.
- The provision of services by Zoomarine may involve the transfer of your personal data to third countries (which do not belong to the European Union or the European Economic Area).
- In such cases, Zoomarine shall implement the necessary and appropriate measures in light of the applicable law to ensure the protection of personal data subject to any such transfer, in strict compliance with the legal provisions regarding the requirements applicable to said transfers, namely, informing Customers in this respect.
- The Zoomarine Pages may contain links to other websites. Zoomarine is not responsible for the privacy practices or contents of other websites.
- e-mail: email@example.com
- Morada: EN 125, KM 65, Guia, 8201-864 Albufeira
15.1 COOKIES – What are they and what are they used for?
- A Cookie is a small text file which, whilst not collecting personal information to identify the user, stores generic information on the access device that allows you to use the sites more quickly and efficiently.
Cookies have specific functions, which may last for the duration of the user's session or extend after this has been closed, persistently and depending on the purpose for which it is intended.
Cookies identify your browser on the server, allowing information to be stored on your device. This technology serves a variety of purposes, such as helping to determine the usefulness, interest and number of uses of websites or applications, enabling the user to browse faster and more efficiently, eliminating the need to repeatedly enter the same information.
Most browsing programmes are set to accept cookies, although you can configure your browser to decline all cookies (see "Disabling cookies" below).
- There are different types of cookies. The following Cookies, are used by Mundo Aquático, S.A. (“Zoomarine”), and they are necessary to provide the requested service to the user, or to measure web audience by Zoomarine:
|Type of cookie||Purpose||Personal data collected|
|Session cookies||They allow you to browse our page and use its features, as well as to access the secure areas of websites. Without these cookies, the services you wish to use cannot be provided.||No personal data is collected.|
|Analytical cookies||They are used anonymously for the purposes of creating and analysing statistics related to the use of websites, in order to improve their functioning.||No personal data is collected.|
15.3 Disabling cookies
- All browsers allow the user to accept, refuse or delete cookies, namely by selecting the appropriate settings on their browsers, so that the user can, at any time, partially or fully disable the cookies used at the Zoomarine website.
For further information, please see the browser's own instructions and manuals.
As regards cookies and their use, refer to the following links:
- If you have any queries or questions about cookies, you can contact Zoomarine via e-mail: firstname.lastname@example.org.
Date of last update [March 2022]