You are here


Please read carefully the following privacy policy, drafted within the meaning of Art. 13 of the General Data Protection Regulation N. 2016/679 (hereinafter, also "GDPR”), providing you with full details about the processing of your data collected through the sites / (hereinafter, also the “sites”) and the Mirabilandia Application (hereinafter the “App”).


Data controller

Parco della Standiana S.r.l. having its registered office in Savio 48125 (RA) - I - Strada Statale 16 Adriatica Km 162 and Parques Reunidos Servicios Centrales S.A., having its registered office in Madrid -E-, Paseo de la Castellana, 216, as Joint Data Controllers

In addition, the Data Controllers have suppliers who are allowed to process your personal data, also with the aim of providing the services necessary to carry out the purposes we have informed/ are informing you about (including, by way of example and without limitation, companies operating in the following fields: technology, legal advice, marketing, multidisciplinary professional services, IT services, etc.) These suppliers will access your personal data only to carry out their services on behalf of the Data Controllers, following their security and data protection procedures and without using them for their own purposes and/or for unauthorized purposes.

Among the above-mentioned suppliers, the Data Controllers have appointed Salesforce Group (Salesforce), who provides services related to our Customer Relationship Management (CRM) platform and is the owner of companies all over the world. For these purposes, Salesforce will process your personal data within the European Economic Area (EEA) and in accordance with applicable European data protection regulations. However, if necessary, Salesforce may also provide its services through companies located outside the European Economic Area, which may involve the execution of international transfers of personal data. However, taking this case into account, the Data Controllers have also signed legally binding agreements and security measures agreements necessary to ensure that your personal data will be processed according to an adequate level of protection, comparable to the level required in the European Economic Area (standard contractual clauses approved by the European Commission on data protection in accordance with the European Data Protection Regulation (GDPR), complementary security measures in accordance with the judgment C-311/18 of the Court of Justice of the European Union and subject to certification mechanisms).

For further information, please do not hesitate to contact the data protection officer of the data controller, using one of the contact addresses indicated in this Privacy Policy.

In summary, your data can be shared with:

  1. people authorised by the Joint Data Controllers to process personal data who have committed themselves to confidentiality or are under a statutory obligation of confidentiality;
  2. other companies of Parques Reunidos Group, subjects that are delegated and/or appointed by the Joint Data Controllers to carry out activities that are strictly related to the achievement of the above-mentioned purposes (including technical maintenance activities on the systems), duly appointed as data processors;
  3. individuals, companies or professional firms that provide support and consultancy to the Data Controllers, duly appointed as data processors;
  4. subjects, bodies or authorities to whom your personal data must be communicated owing to legal provisions or orders issued by the competent authorities.


We process two kinds of data:

  • data provided by the user;
  • data collected automatically.
Data provided by the user

Here is an example of the data we request:

  • Name and surname
  • Date of birth
  • Gender
  • Email account
  • Mobile phone
  • Address
  • City
  • Postcode
  • Province
  • Country
  • Region
Third-party data

If you decide to provide third-party data, make sure that those subjects have been previously and suitably informed about the processing methods and purposes stated herein. In this event, you will act as an autonomous Data Controllers, assuming all obligations and responsibilities under the law.

Data of minors under 16

In this respect, we inform you that if you are under 16 you cannot provide any personal data to us, and in any case, we shall not accept any responsibility for false information provided by you. If we become aware of the existence of false statements, we will immediately delete all personal data acquired.

Data collected automatically

We collect the following data through the services you are using:

  • technical data: This data category includes the IP addresses or domain names of the computers used by users that connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code stating the status of the server's response (successful outcome, error, etc.), and other parameters about the operating system and the user's IT environment. These data are used for statistical information only (therefore they are anonymous) and to control the correct operation of the site and they are deleted immediately after processing. The data may be used for the purposes of ascertaining responsibility in the event of hypothetical IT crimes jeopardising the site security: with the exception of this case, data on website contacts are not maintained for more than 7 days.
  • data collected through cookies and similar technologies: for any further information, we invite you to visit the "Cookie" section.


For purposes related to the provision of requested services:

We use your data to make sure that you can access our services and their provision, such as:

  • Assistance by phone and/or email for the purchase of services offered through the sites and Apps;
  • Purchase of services offered through the sites and the App;
  • Communications related to the provision of the service;
  • Activities of administrative, financial or accounting nature;
  • Fulfilment of legal obligations, regulations and Community rules.

Data processing for the purposes above is necessary for the performance of any contract or pre-contract measures adopted upon your request. The provision of your personal data for this purpose is optional but please note that your refusal will not allow us to provide you with the service.

To keep you updated about our latest novelties

If you gave us your consent, we will use your data to carry out direct marketing activities.

In particular, we will use them to:

  • communicate promotional, commercial and advertising activities on events, initiatives or partnerships of Mirabilandia and Mirabeach and of other parks owned by the Parques Reunidos group by means of paper-based mail, telephone contacts through an operator ("traditional methods"), email, texting, push notifications ("automated methods").
  • carry out analysis and reporting activities related to promotional communication systems, such as detecting the number of opened emails, of clicks made on the links included in the communication, the type of device used to read the communication and the related operating system or the list of users who decided to stop receiving the newsletter.
  • The provision of your personal data for this purpose is entirely optional.


Personal data will be stored in paper and/or electronic format and for the time strictly necessary to achieve the purposes stated in Point 3.

If the purchase of services offered is completed through the sites and/or the App, the invoices, accounting documents and data related to transactions will be stored for 11 years as provided by the law (including tax requirements).

If the purchase of services offered is not completed through the site, your personal data will be stored for a maximum period of 12 months.

For direct marketing purposes, pursuant to what is provided for in applicable rules, we store your data for a maximum period of 24 months.

Finally, we inform you that, in compliance with counter-terrorism requirements introduced by Art. 24 of Law 167/2017, transposing the EU Directive 2017/541, we will store data related to electronic traffic, excluded the contents of communications, for a maximum period of 72 months since the communication date.


Withdrawal of consent

In order to withdraw the consent given for direct marketing purposes you only have to press the Unsubscribe button at the bottom of all our communications or, if you find it more convenient, write to

Exercise of your rights

In line with what is provided under GDPR, you have the right to request to the Joint Data Controllers, at any time, access to your personal data, their rectification or erasure or to object data processing. Moreover, the law allows you to exert the right to request the restriction of processing in the cases envisaged by Art. 18 of GDPR, as well as to obtain your data in a structured, commonly used and machine-readable format, in the cases envisaged by Art. 20 of GDPR.

Requests can be sent to this email address:

Finally, we inform you that you always have the right to lodge a complaint to the relevant supervisory authority (Privacy Guarantor), within the meaning of Art. 77 of GDPR, if you believe that processing of your data infringes the rules in force.


Your personal data are processed by the subjects stated in point 1, in compliance with what is provided in the applicable rules. In particular, in order to guarantee the security of your data taking into account the state-of-the-art and implementation costs, as well as the nature, subject, context and the purposes of processing, and risks with a varying likelihood and severity degree for the rights and freedom of our users, we adopted suitable technical and organizational measures to guarantee a security level that is appropriate to the risk.

If you decide to use the Mirabilandia App by enabling the detection of your location, please note that we could process information about your current (approximate) location. Those data are processed anonymously, in a format that does not allow us to detect the personal identity of the user and they are only used to optimize some location-based functionalities of the service.

At any rate, please note that you can enable/disable the location-based services accessing the settings of your browser and/or of your device as follows:


Go to Chrome settings: chrome://settings/content/location and remove Mirabilandia from the list


Run Firefox and go to the address about:preferences#privacy, search “Permission” > “Location” > “Settings” and remove Mirabilandia from the list

Internet Explorer

open Internet Explorer, click on the settings icon and select “Internet options” in the privacy tab, go to "Location" and press the "Clear Sites" button


“Preferences” > “Web sites” > “Location” and remove Mirabilandia from the list


“Settings”> “Privacy” > “Location services” > “Mirabilandia” > “Never”


“Settings”> “Advanced settings” > “Location-based services”> “Disable”


This privacy policy was published in May 2018 and may be subjected to changes over time, also in connection with the coming into force of new sector regulations, the updating or provision of new services or the introduction of technological innovation. In this case, the Joint Data Controllers will inform you giving evidence of those updates.