to top


Postal Adress

Gerstlauer Amusement Rides GmbH
Industriestrasse 17
D-86505 Münsterhausen

Telephone, Fax & E-Mail

Tel.:  +49 82 81 99 68 - 0
Fax: +49 82 81 99 68 - 33
E-Mail: info @

Managing Director

Dipl. -Ing. (FH) Siegfried Gerstlauer

Trade Register Memmingen

HRB 4240


DE 241769861

Head Quarter

86505 Münsterhausen

Responsible Person for

E-Mail: webmaster @

Owner of the Domain

Gerstlauer Amusement Rides GmbH

Technical Changes

The contents of our website were compiled with care and show our latest information. Nevertheless, we would like to point out that the updates of the website cannot occur simultaneously with the technical development of our products. Therefore, please don't hesitate to contact us on specific issues.

Design & Programmierung

[d]Ligo design + development

Picture Credits

Among others we use on this homepage pictures from:

Julian Omonsky (Admusement)

Frank Lanfer (Kirmes & Park International)

Tobias Atzkern (Coredia - Medienproduktion)

Photos on page "Bobsled Coaster":
Introduction, No. 7
Vehicles, No. 3
Acceleration, No. 2
Theming, No. 2
& Photo on page "Spinning Coaster":
Theming Options, No. 2
© Wolfgang Payer (movemotions productions)


Privacy Policy (valid as of 2022-06-28)

This Privacy Policy shall give you an overview of what happens to your personal data (hereinafter also referred to as "data") in our company and to inform you of the data protection claims and rights to which you are entitled in line with the European General Data Protection Regulation ("GDPR") and national data protection legislation, for example the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG"). We therefore ask you to take note of this Privacy Policy and if necessary, to print it out or save it.

Personal data is all data with which you can be personally identified. Your personal data may be processed for various purposes. Basically, the data processing operations by Gerstlauer Amusement Rides GmbH (hereinafter also referred to as "Gerstlauer Amusement Rides" or "We") can divide into the following areas of application:

  • General information on data protection, data processing procedures and data subject rights, which applies to all data processing procedures carried out for us, can be found in Part A below.
  • In connection with the website (hereinafter referred to as "Website") or comparable external online presences, such as our social media profiles (“Website and external online presences hereinafter also referred to collectively as "Internet Presences"), we process data of the visitors which are exchanged between their internet-capable end devices and the server operated by us, as well as data which are communicated to us in the context of the use of the website. Details of this can be found in Part B.
  • For the purpose of processing or initiating contracts, we process the necessary data of our customers and interested parties. You can find more information on this in Part C.
  • The data of our business partners and suppliers is used exclusively for the placing, processing and execution of orders.  You can find more information on this under Part C.

Please visit each section for quick and contextual information on specific processing situations.


A.     General Information on Data Protection and Data Subject Rights

I. Who Is Responsible For Data Processing and Who Can You Contact If You Have Any Questions?

“Controller” according to the GDPR and other national data protection laws of the member states as well as other provisions of data protection law is:

Gerstlauer Amusement Rides GmbH
Industriestrasse 17
86505 Münsterhausen

The responsible contact person at Gerstlauer Amusement Rides is Mr. Erwin Haider, ibidem.

As an external data protection officer of Gerstlauer Amusement Rides has been appointed:

LLP Data Protect GmbH
Würmtalstraße 20a
81375 München

Telefon:          089 / 552 75 50 0
E-Mail:            r.metz @



II. What Rights Do You Have With Regard to Your Personal Data?

If your personal data is processed, you are a "data subject" within the meaning of the GDPR, which may entitle you to the rights described below. Insofar as you assert rights against Gerstlauer Amusement Rides as the responsible body, we recommend that you address these to our contact details mentioned above.

1. Right of Access

In accordance with Art. 15 GDPR, you can request confirmation from us as to whether personal data relating to you is being processed by us and to what extent we are processing your data.

2. Right to Rectification

If personal data concerning you is incorrect or incomplete, you have a right to correction and/or completion pursuant to Art. 16 GDPR.

3. Right to Erasure

If the legal requirements of Art. 17 GDPR are met, you can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to erasure, we will immediately and completely erase your data in order to fulfil our statutory obligations to erase after the processing purpose has ceased to apply, provided there is no legal or statutory retention period to the contrary.

4. The Right to Restriction of Processing

In the cases specified in Art. 18 GDPR, you may request us to restrict the processing of your data. If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

5. Right to Data Portability

Pursuant to Art. 20 GDPR, you have the right to have data provided by you, which we process automatically on the basis of your consent or in fulfilment of a contract, transferred to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible.

6. Right to Object

If we process your data on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you may object to this data processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions (see Art. 21 GDPR). If you file an objection, we will no longer process your personal data concerned unless we can prove compelling legitimate grounds for the processing which override your interests as a data subject or for the establishment, exercise or defence of legal claims.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

7. Right to Withdraw Consent Under Data Protection Law

Some data processing operations are only possible with your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please note that even after withdrawing your consent, it may still be possible to process the data concerned in whole or in part on the basis of other legal principles.

8. Right to Withdraw Consent Under Data Protection Law

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes upon GDPR (Art. 77 GDPR in conjunction with § 19 BDSG). 

A list of data protection authorities in Germany and their contact details can be found at the following link:

If you are of the opinion that we violate German or European data protection law when processing your data, please contact us in order to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for our company headquarters:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach; poststelle @



III. Which Personal Data Are Processed and From Which Sources?

1. Origin of Personal Data

We mainly process the data that we receive directly from the data subjects in the course of a business initiation or in the course of the business relationship (see also Part C). In individual cases, we also process data that we have received or acquired from other third parties such as credit agencies, creditor protection associations or authorities, or that we have obtained, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media). 

Via our Website, we process data that we receive during your visit to the Website or that you actively communicate to us when using the Website, e.g. when using our contact form. Other data is automatically collected by our IT systems when you visit the Website. These are mainly technical data (e.g. Internet browser, operating system or time of the page view). This data is collected automatically as soon as you enter our Website. Details can be found under Part B.

2. Categories of Personal Data

Among the personal data that we regularly process are personal master/contact data such as: First and last name, address, e-mail address, telephone number, fax, position in the company.

In addition, we also process the following additional personal data depending on the order/service:

  • information on the type and content of our business relationship such as contract data, order data, sales and document data, customer and supplier history, consulting documents.
  • information on financial status (for example, creditworthiness data)
  • advertising and sales data,
  • documentation data (e.g. consultation protocols, data from service meetings or support cases)
  • information from your electronic dealings with us (e.g. IP address, log-in data),
  • other data that we have received from you in the context of our business relationship (e.g. in discussions with customers),
  • the documentation of declarations of consent


IV. For Which Purposes and On What Legal Basis Are Data Processed?

We process your data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as amended, in particular on the following basis:

1. Fulfilment of (Pre-)Contractual Obligations (Art. 6 para. 1 lit. b GDPR)

Personal data is processed on the basis of Art. 6 para. 1 lit. b GDPR in order to fulfil Gerstlauer Amusement Rides‘ contractual obligations, in particular in connection with the sale and distribution of our goods and services as well as all activities customary in the industry for the operation or administration of Gerstlauer Amusement Rides (e.g. customer administration). The data may also be processed on a pre-contractual level as part of initiating business with Gerstlauer Amusement Rides or in the course of other contractual relationships with Gerstlauer Amusement Rides .

For example, Art. 6 para. 1 lit. b GDPR, is the legal basis in the following cases:

  • creating and maintaining a customer account or a supplier account
  • keeping customer/prospect files or our customer/prospect database
  • sending information
  • offering and selling of Gerstlauer Amusement Rides products or services

Details for the purpose of this data processing can be found in the respective contract documents and terms and conditions.

2. Legitimate Interests (Art. 6 para. 1 lit.f GDPR)

On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of a contract in order to safeguard the legitimate interests of Gerstlauer Amusement Rides or third parties. That is permissible except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Data processing to safeguard legitimate interests is carried out in the following cases, for example:

  • consultation of and data exchange with credit bureaus and creditor protection associations to determine creditworthiness data and maintenance of a group-wide creditworthiness database to identify financial default risks in specific business transactions
  • execution of payment transactions via external service providers
  • use of debt collection service providers and lawyers to collect receivables and/or enforce them in court
  • assertion of other legal claims and defence in legal disputes
  • advertising or marketing
  • market and opinion surveys
  • image and sound recordings at public events (e.g. trade fairs, open days, workshops, industry events)
  • measures for business management and further development of our services;
  • maintaining databases on customers/prospects and service providers to improve our offering
  • carrying out a risk assessment (due diligence) in the context of any company restructuring or a company acquisition or sale
  • ensuring the IT security and IT operations of our company
  • measures for building and plant safety

3. Fulfilment of Legal Obligations (Art. 6 para. 1 lit.c GDPR)

The processing of your data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from the German Commercial Code (Handelsgesetzbuch “HGB”) or the German Tax Code (Abgabenordnung “AO”).

4. Consent (Art. 6 para. 1 lit.a GDPR):

If, in individual cases, you have given us your consent to process your data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given, e.g. for sending a newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the contact data listed under A. No. I or No. II. Please note that processing which took place before the withdrawal is not affected by the withdrawal and under certain circumstances data processing may continue to be possible at least partially on the grounds of some other legal basis.

For this we use your data for the following purposes

  • quality assurance: In order to continuously improve our services, our products and our services for you, we conduct surveys to your satisfaction, as well as your experiences from your contractual relationship.
  • general and personalised advertising by e-mail, fax or telephone.


V. Who Receives My Data?

At Gerstlauer Amusement Rides, those employees or organizational units who need your data to fulfil our contractual and legal obligations or to process or pursue our legitimate interests receive it.

Your data will be forwarded to companies for the initiation or execution of a contractual relationship (e.g. provision of a service or sale of goods) in accordance with Art. 6 para. 1 lit. b GDPR or - depending on the type of concrete contractual relationship - and on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in particular to companies which we regularly use in connection with the provision of our service or the execution of the contract. This applies to the following recipients or recipient categories:

  • IT service provider (e.g. e-mail service providers, web hosting companies)
  • partner companies
  • sales partners
  • advertising partners
  • insurances
  • banks
  • communication provider (telephone provider, fax provider)
  • payment service providers
  • shipping and logistics service providers
  • credit bureaus
  • chartered accountant
  • tax and legal advisors

If we use a service provider in the sense of order processing in accordance with Art. 28 GDPR, we shall nevertheless remain responsible for the protection of your data. Insofar as required by law, contract processors are contractually obliged by means of an order processing agreement to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data insofar as they require the data to perform their respective services.

Your data will only be transferred to state institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you have commissioned us to do so.


VI. How long will my data be stored?

Your personal data will only be used for the purpose for which you provided it to us or for which you gave us your consent and will be stored until this specific purpose has been fulfilled. After complete processing of the purpose, or as soon as you request us to delete your data, your data will only be stored as long as it is necessary due to statutory limitation periods or retention periods (in particular tax and commercial law nature).

However, the data will be deleted at the latest after expiry of all time limits unless you have expressly consented to further or other use. You can also assert rights during the retention periods, such as blocking your data. See Part A. Point II.

Your data will be erased or blocked by us as soon as the purpose of storage no longer applies or you request us to erase it.

We process and in particular store your data in principle at most only until the termination of the business relationship or until the expiry of the applicable guarantee, warranty and limitation periods. For example, the statute of limitations according to §§ 195 ff. of the German Civil Code (BGB) is generally three years, but in certain cases also up to thirty years. In addition, it may be necessary for data to be retained until the legally binding termination of any legal disputes for which the data is required as evidence.

We are also subject to statutory documentation and storage periods (e.g. from the German Commercial Code (Handelsgesetzbuch, “HGB”) (e.g. § 257 HGB), the German Money Laundering Act or the German Tax Code (Abgabenordnung “AO”) (e.g. § 147 AO)). The time limits specified there for storage or documentation are two to ten years. For example, even after termination of a contract with you, we would be required to store your data for a period of time until the completion of the tax audit of the last calendar year in which you were our customer.


VII. Will Personal Data Be Transferred To A Third Country?

As part of our processing activities, in certain business transactions or areas of activity, personal data may also be transferred to locations in so-called third countries outside the EU or the EEA to which the EU Commission has not yet attested an adequate level of data protection, for example in the USA. If such data transfer should become necessary in individual cases, this will only be done on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your express consent.

By playing one of the YouTube videos embedded on our website by clicking on the play button, you consent (a) to the use of cookies by YouTube, which may also serve to analyse user behaviour for market research and marketing purposes by YouTube, and (b) to the processing of your data by YouTube in the USA in accordance with Art. 49 (1) sentence 1 lit. a DSGVO. More details can be found below, under B. Section III.2.


B. Use of Our Internet Presences

In principle, you can visit our Websites and use them for information purposes without having to provide any personal details (e.g. register, place orders or otherwise provide information about yourself).  In this case, we process personal data of our users only to the extent necessary to provide a functional Website and our content and services or to the extent that cookies used on the Website provide us with personal information when visiting the Website. For information on our own cookies used by us, please refer to Part B Section II. Other cookies enable our partner companies or third parties to recognise your browser on your next visit, if applicable. For information on such third party cookies, please refer to Part B Section III.

In addition, the processing of personal data of our users is carried out regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by statutory provisions.


I. Provision of The Website And Creation of Log Files

Description of Data Processing

Each time you access our Website, our system automatically collects data and information from the computer system of the accessing computer, which your Internet browser automatically transmits to us or our web host (so-called log files). These server logfiles contain IP addresses or other data that enable an assignment to a user. This could be the case, for example, if the link to the Website from which the user accesses the Website or the link to the Website to which the user switches contains personal data. The following information is collected:

  • IP address from which the access took place
  • date and time of access
  • the URL entered
  • HTTP status code, which provides information on whether the access was successful, for example
  • amount of data transferred
  • If applicable, the URL from which the user came to the website (referrer)
  • Browser used and, if applicable, operating system of the user

Prior to storage, each data set record is anonymised by our web host immediately upon collection by changing the IP address, in order to ensure a high level of data protection. Therefore, the server log files themselves do not contain any IP addresses in explicit form or any other data that would allow them to be assigned to a certain user. This data is not stored together with other personal data of the user.

Legal Basis and Purpose of Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the Website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files in order to ensure the functionality of the Website. The data is also used to optimise the Website and to ensure the security of our information technology systems.

Duration of Storage / Right to Object and Erasure

Data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the purpose of providing the Website, this is the case when the session in question has ended.

The collection of data for the provision of the Website and the storage of data in log files is mandatory for the operation of the Website. Consequently, there is no possibility for the user to object.


II. Use of Cookies

Description of Data Processing

Our Website uses cookies or similar methods and collects, processes and uses usage data (e.g. access times, visited websites) or meta and communication data (IP address, device information). Cookies are text files with a characteristic string of characters that are stored in the Internet browser or by the Internet browser on the user's computer system and which enable the browser to be uniquely identified when the offer is called up again. If a user calls up a Website, a cookie can be stored on the user's operating system. A cookie contains a characteristic string of characters. The use of these cookies serves to make a website more user-friendly, effective and secure. When you visit a website on which a cookie is embedded, the data you enter is stored exclusively in the cookie on your computer. In this case, data will only be transmitted to the servers of our offer when a page request is made.

Some cookies are deleted after the end of the browser session when your browser is closed (so-called session cookies). These cookies are technically necessary, e.g. so that you can log in to the application and also remain logged in across pages while visiting our offer.

Other cookies remain on your device for a specified period of time and enable us to recognise your browser on your next visit (so-called persistent or protocol cookies). The purpose of the use of these cookies is to be able to offer you an optimal user guidance as well as to "recognise" you and to be able to present you with the most varied website and new content possible during repeated use.

Cookies that originate from partner companies or third parties may be used, for example, to collect information for advertising, customised content or statistics ("third-party cookies"). To the extent that we do not identify cookies as originating from third parties, the cookies originate from our offering ("first-party cookies"). We inform you separately about third-party cookies or "tracking" technologies that we use in the following sections of this privacy policy.

Flash cookies are stored on your device as data elements of web pages if they are operated with Adobe Flash. Flash cookies have no time limit.

We use the following cookies to make our website more user-friendly and store or transmit the following data:

Cookie name


Storage period

Type of cookie



Prevents cookies from being stored and data from being sent to advertising services when a YouTube video is played


Technically necessary

cc_socialStores interaction with our cookie consent management tool (in particular, acceptance or rejection of the consent-requiring cookies that we use)1 monthThird-Party-Cookie, Technically
_osm_locationUnlocking content from OpenStreetMap10 yearsThird-Party-Cookie, Technically
_osm_totp_tokenEnsuring the operation of a map section when using OpenStreetMap.1 hourThird-Party-Cookie, Technically
_osm_sessionStorage of session information when using OpenStreetMapSessionTechnically

For more information about which cookies we use to make our Website more user-friendly, what purpose they serve and what data is stored with them, or transmitted to third parties, please refer to our cookie management tool. By using our cookie management Tool, you can give your consent to the use of cookies when you access our website according to your chosen preferences.

Our cookie management tool collects log file and consent data using JavaScript. This JavaScript allows us to inform users of their consent to certain tags on our website and to collect, manage and document this consent. Cookie Management Tool stores the selected setting and the consent you gave when entering the website and processes the following data:

  • Consent data or data of consent (anonymized log data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp).
  • Device data or data of the devices used (including shortened IP addresses, device information, timestamp)
  • User data (e.g. browser information, SettingIDs, Changelog)

For this purpose, the cookie management tool stores one technically necessary cookie per cookie category (currently only "cc_social").

For more information about which cookies we use to make our website more user-friendly, what purpose they serve and what data is stored in them or transmitted to third parties, please refer to the detailed information provided by our cookie management tool. You can access this at any time by clicking on the "Privacy settings" link at the end of our Website.

Legal Basis and Purpose of Data Processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality and security of the Website and a customer-friendly and effective design of the site visit, unless we ask you for consent under Art. 6 para. 1 lit. a GDPR.

The purpose of using technically necessary cookies is to simplify the use of Websites for users. Some functions of our Website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change.

Duration of Storage / Right to Object and Erasure

As Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. In principle, it is also possible to use our Website without cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.  If cookies are deactivated for our Website, it is possible that not all functions of the Website can be used to their full extent.

You can also access our cookie management tool at any time at the end of our website under "Privacy Settings" and change the settings you have made, as far as technically not necessary cookies are concerned.


III. Further Information on Procedures, Plug-Ins and Tools Used

1. SSL or TLS encryption

This Website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

2. YouTube

Description of Data Processing

From time to time, we use content and services provided by YouTube LLC, 901 Cherry Ave. San Bruno, California, CA 94066, United States (hereinafter: "YouTube"), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, which is offered in Europe by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter: "Google"), to embed video content on our website by using a plugin.

Our YouTube videos are all embedded in the "extended data protection mode", that means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos, the data mentioned below will be transferred. By embedding our videos via the domain, our YouTube videos can be played without cookies otherwise set by YouTube by default. Nevertheless, data is transmitted to YouTube when YouTube videos are played. This data transfer is neither initiated by us nor do we have any influence on it.

If you want to play the videos embedded on our website using the plugin (by clicking the play button), your IP address is sent to YouTube, as YouTube cannot send the video content to your browser without the IP address. The IP address is therefore required for displaying the video. Furthermore, your user settings of the YouTube player and which part of our website you have visited are transmitted to the YouTube server under an ID created by YouTube.

If you are logged-in to your YouTube account as a YouTube member when playing our videos, you also enable YouTube to assign your usage behaviour directly to your personal profile on the basis of the user agreement you have closed with YouTube, when registering your member account. However, we have no influence on the scope and further use of the data collected and processed by YouTube on that occasion.

According to Google, user data colleted by Google in connection with YouTube (even for users who are not logged in), is used in particular to provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you therefore have to contact YouTube to exercise this right.

Further information on data processing by YouTube can be found in the applicable Privacy Policy for YouTube:

Legal Basis and Purpose of Data Processing

YouTube is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to provide video content on our website, unless we ask for your consent pursuant to Art. 6 para. 1 lit. a GDPR.

By playing one of the YouTube videos embedded on our website by clicking on the play button, you consent (a) to the use of cookies by YouTube, which may also be used by YouTube to analyse user behaviour for market research and marketing purposes, and (b) to the processing of your data by YouTube in the USA pursuant to Art. 49 (1) sentence 1 lit. a GDPR.

Duration of Storage / Right to Object and Erasure

To prevent the assignment of user data described above, log out of your YouTube account before playing our video content. You have further options to restrict the processing of your data in the general settings of your Google account. In addition to these tools, Google also offers specific privacy settings on YouTube. You can find out more about this in Google's guide to data protection in Google products:

3. Embedding of OpenStreetMap content

Description of Data Processing

We have integrated OpenStreetMap on our Website, an online mapping tool of the OpenStreetMap Foundation, St. John's Innovation Centre, Cowley Road, Cambridge, CB3 0WS, United Kingdom (hereinafter: "OpenStreetMap"), via an API interface to display interactive maps.

To enable OpenStreetMap to offer its service in full, the company must collect and store data from you. This includes, among other things, your IP address, information about the use of the interactive map, data about browser, device type, operating system, time and day of use of OpenStreetMap. However, this data storage happens on the website or servers of OpenStreetMap. We can only inform you about this, but have no control over it. With each individual launch of OpenStreetMap, cookies are set by OpenStreetMap in order to process user settings and data when displaying the page on which the OpenStreetMap component is integrated. These cookies store the aforementioned data about your user behavior. OpenStreetMap uses this data primarily to optimize its own service. Theese cookies are only partially deleted by closing the browser, but expire after a certain time, unless you delete them manually beforehand.

OpenStreetMap stores your data as usage profiles and uses them for the purpose of market research and/or the demand-oriented design of the service. We do not receive this data ourselves and do not initiate its collection. In the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with OpenStreetMap as the provider of the online map tool and responsible body for this. Only the provider has access to the users' data and can take appropriate measures and provide information directly.

For more information about OpenStreetMap privacy, please visit:

Legal Basis and Purpose of Data Processing

The integration of OpenStreetMap is based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR to provide a simple and intuitive display of interactive maps to visually display geographic information (our location, locations of our products for reference purposes).

Duration of Storage / Right to Object and Erasure

Cookies are stored on the user's device and transmitted from it to our Website. Therefore, you as the user also have full control over the storage of cookies on your device. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the Website.


IV. Internet Presences on Social Networks and Platforms

Description of Data Processing

Gerstlauer Amusement Rides maintains further Internet Presences within social networks and/or industry networks (Facebook, Instagram) and Platforms (e.g. Youtube) (hereinafter jointly referred to as "SN") and links to them from our Website. By clicking on the respective buttons (recognizable by the respective logos of the social networks or platforms) you get to the respective online presence of the SN. The purpose of these online presences is to communicate with active customers, interested parties and users and to inform them about our services.

When accessing the respective SN, the terms of use and the data processing guidelines of the respective operators apply. As this use of SN takes place outside our Websites or other Internet Presences, we have no influence on this, unless otherwise stated below. However, we would like to point out that when using the SNs to which we link, data may also be processed by them in the USA and may also be processed by the respective operators of the SNs for market research and advertising purposes, including the creation of user profiles. If you are logged in to the respective SN, they may also store their cookies on your terminal device, which record that you are using our website, in addition to additional information about your usage behaviour. In order to make it easier for you to find information on the data processing and objection options of the respective SN operators, we refer to the data protection notices and information of the operators of the respective SN at the end of this section VI.

Legal Basis and Purpose of Data Processing

Unless otherwise stated in our data protection declaration, we process user data on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR effective information of users and communication only if they communicate with us within social networks and platforms (e.g. if users write articles on our online presences or send us messages).

In some cases, the SN maintain servers in the USA to which your data may be forwarded.  Details are given in the list below.

Duration of Storage / Right to Object and Erasure

For information on the duration of data storage by the respective SN, please refer to the privacy policies of the respective SN.

If you are a member of one of the SN on which we maintain online presences and do not want the SN to collect data about you via our service and link it to your data on the SN, you must log out of your SN before visiting our service. For a detailed description of the respective processing operations, information on the duration of the storage of data by the respective SN and the opt-out options, please refer to the information provided by the providers linked below.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.

Details are provided in the listing below.


We maintain a Facebook Company Page ("Fanpage") on the SN of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Facebook Ireland is jointly responsible with us for the collection of data from visitors to our Fanpage, which is why we have concluded an agreement with Facebook on the joint processing of personal data in accordance with Art. 26 GDPR, as well as additional data processing conditions:


We are responsible for providing the data subjects with at least the above and subsequent information on shared responsibility with Facebook. The information from Facebook required under Article 13 para. 1 lit. a) and lit. b) GDPR can be found in the Privacy Policy of Facebook Ireland at

Facebook Inc, Menlo Park, California, USA (hereinafter: Facebook Inc.) also collects and uses so-called Page Insights for analytical purposes. Page Insights is a compilation of data that allows both us and Facebook Inc. to understand how our users interact with our site. Page Insights may be based on personal information collected in connection with our users' visits or interactions with our Fanpage. For this purpose, we have concluded a Controller Addendum with Facebook (see above), which regulates in particular, which security measures Facebook takes in the context of the Page Insights and how Facebook answers user requests. The purposes for which the collection and transmission of personal data, which constitutes a joint processing of data, is carried, out are described in detail in the Terms of Use referred to in the Controller Addendum above.

Data collected, when users visit our Fanpage otherwise includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in Facebook's Privacy Policy:, and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data described in detail in "Device Information" in the Facebook Privacy Policy:

However, we share responsibility for the Page Insights by maintaining the Facebook Fanpage and we have therefore agreed with Facebook Ireland, that Facebook Ireland is responsible for complying with the rights of data subjects under Articles 15-20 of the GDPR in respect of personal data held by Facebook Ireland following joint processing. We therefore have an obligation to notify Facebook when we receive data protection enquiries about Pages Insights. Please note, that we will forward requests for Page-Insights to Facebook Ireland. For further information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland operates and the ways in which data subjects can exercise their rights against Facebook Ireland, please refer to the Facebook Ireland Privacy Policy at

The evaluation of the data collected via Page Insights serves to improve our internet presence and for advertising purposes. We maintain our Facebook Fanpage for the purpose of communication with and simple channeling of contact requests from Facebook users. The collection of this data and its further processing is in our legitimate interest and in the legitimate interest of Facebook Inc. in accordance with Art. 6 para. 1 lit. f GDPR.

We would like to point, out that we cannot switch the Page Insights technology on and off. We must therefore largely forward corresponding requests to Facebook-Ireland, unless we have collected data ourselves. If you do not want Facebook Inc. to collect your data, please do not use our Facebook company page and/or set your browser to prevent cookies from being set and/or log out from Facebook while you are using our page.

Privacy Policy:, ,

Right to object: und,


Instagram is a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Our Instagram page offers you the opportunity to respond to and comment on our posts and send us private messages. We process your personal data only in the context of a direct contact with us via Instagram or interaction with our page or its content on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to respond to your request. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1  lit. b DSGVO.

Insofar as personal data are processed in connection with our Instagram page and Facebook alone decides on the purposes and means of the processing, Facebook is otherwise the sole controller. Please check carefully which personal data you share with us via our Instagram account. If you wish to avoid Facebook processing any personal data you provide to us, please contact us by other means.

Privacy policy/Right to object:


V. Links to Websites of Other Provider

Our Website may contain links to other websites. We have no influence whatsoever on the content or design of other providers' websites. The statements in this data protection declaration therefore do not apply to external providers to whose offers or content we merely link with.

If you are forwarded via links from our Website to other websites, please inform yourself there about the respective handling of your data.


VI. Active Use of Our Website

1. Contact form and E-mail Contact

Description of Data Processing

A contact form is available on our Website, which can be used for electronic communication, for example for the purpose of support requests. If a user takes advantage of this option, the data entered in the respective form will be transmitted to us and stored.

At the time of sending your message via one of our contact forms, the following data is also stored:

  • the IP address of the user
  • Date and time of use

It is also possible to contact us via the e-mail address provided by us. In this case, the user's personal data transmitted with the e-mail will be stored.

Legal Basis and Purpose of Data Processing

The legal basis for the processing of usage data transmitted in the course of sending a contact form or an e-mail is Art. 6 (1) lit. f GDPR. This personal data processed during the transmission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Otherwise, the processing of the personal data disclosed by you serves us solely to process the contact. In the case of contacting us by contact form or e-mail, this also constitutes the necessary legitimate interest in processing the data.

If the the contact form request or e-mail contact is intended to close or execute a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR

The user's data may also be stored in our customer relationship management system or comparable inquiry organization on the basis of our legitimate interests.

Duration of Storage / Right to Object and Erasure

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail or contact form, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified and that no legal requirements call for longer storage.

If the user contacts us by e-mail or contact form, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In this event, all personal data stored in the course of contacting us will be deleted unless legal requirements require longer storage.

2. Applications at Gerstlauer Amusement Rides

Description of Data Processing

On our website, under the section "Career", we inform you from time to time about vacancies at Gerstlauer Amusement Rides as well as about the possibility of completing internships or apprenticeships with us and working with us in the framework of a dual study programme or as a student trainee.

If you send us your application as a result or as part of a proactive application, we regularly process personal and contact data such as: First and last name, address, e-mail address, telephone number, date of birth.

In addition, we process the data that you send us with your application documents (CV, photographs, certificates, etc.). Which of the data provided to us is processed in detail, depends largely on the position to be filled. At the very least, we require data regarding your previous educational/professional background, your qualifications, your skills and personal details in order to be able to assess whether your application is suitable for the vacant position. The processing of your data in this context is usually absolutely necessary for the preparation and completion of the application procedure. If you do not provide us with any or insufficient data, we might be not able to consider you as an applicant for the vacancy, having to reject you as an applicant or we might no longer be able to carry out the application procedure.

We do not require any information from you that is not usable under the General Equal Treatment Act under German law ("Allgemeines Gleichbehandlungsgesetz", (AGG)) or any other national or international equal treatment law. Please do not forward us any confidential information or trade secrets of your former or current employer.

We provide your data to those employees or organisational units that need it to fulfil our contractual and legal obligations or to process or pursue our legitimate interests, in particular the HR department and the management level of the department in which the position is to be filled.

Pursuant to Section 164, Paragraph 1, Sentence 4 of the German Social Code, Book IX ("Sozialgesetzbuch IX" (SGB IX)), we are obliged to inform the relevant representative body for severely disabled persons of every incoming application from persons with a severe disability and to provide the relevant data of the applicant.

Legal Basis and Purpose of Data Processing/Recipients

Personal data is primarily processed for the purpose of recruitment to fill vacancies and for the purpose of initiating an employment contract (Art. 6 para. 1 lit. b GDPR, or Art. 88 GDPR in conjunction with § 26 BDSG).

Based on a weighing of interests, data processing may take place beyond the actual initiation of an employment contract in order to protect our legitimate interests in the selection of personnel and the assessment of whether an applicant and the vacant position are a good match (Art. 6 para. 1 lit. f DSGVO). This is permissible unless your interests or fundamental rights and freedoms require the protection of your personal data. Data processing to protect our legitimate interests is performed, for example, when we use job exchanges, recruitment agencies or service providers to carry out recruiting procedures.

CVs, certificates and other data you provide to us may contain particularly sensitive information about mental or physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union or political party memberships or sex life. If you voluntarily provide us with such special personal data (see Art. 9 para 1 GDPR), the processing is carried out under the additional conditions of Art. 9 para 2GDPR.

Duration of Storage / Right to Object and Erasure

Severely disabled applicants have the right to refuse the involvement of the relevant representative body for severely disabled persons in accordance with Section 164 (1) sentence 8 of the German Social Code IX (SGB IX), thus preventing them from being informed by us. Please inform us as part of the application if you refuse the involvement of the relevant representative body for severely disabled persons.

If you are rejected or withdraw your application after the end of the application process, we will store your data for a period of 6 months from this point on in order to be able to meet any obligations to provide evidence under the Equal Treatment Act (AGG) and to defend ourselves against any legal claims.

In the event of a successful application, we store the applicant data provided in the personnel file for the purpose and for the duration of the employment relationship.


C. Contractual Relationships with Customers and Business Partners

I. Am I obliged to provide data?

Wenn Sie mit uns mit Fragen zu unseren Leistungen kontaktieren, mit uns in Vertragsverhandlungen eintreten, eines unserer Angebote annehmen oder mit uns sonstige vertragliche Vereinbarungen bestehen, verarbeiten wir die in diesem Zusammenhang von Ihnen mitgeteilten personenbezogenen Daten. Welche Daten im Einzelnen verarbeitet werden richtet sich maßgeblich nach den relevanten Kaufgegenständen bzw. nach den Leistungen, die Sie von uns beziehen oder die Sie anfragen. Die Verarbeitung Ihrer Daten ist in diesem Kontext in der Regel zur Vorbereitung, Abschluss und Abwicklung des Vertrages zwingend erforderlich. Wenn Sie uns diese Daten nicht zur Verfügung stellen, kann das dazu führen, dass wir den Abschluss eines Vertrags oder die Ausführungen des Auftrags ablehnen müssen oder einen bestehenden Vertrag nicht mehr durchführen könnten.

However, you are not obliged to give your consent to data processing with regard to data which is not relevant for the fulfilment of the contract or which is not required by law.


II. Which personal data is processed and for what purpose?

As far as we use data in the context of contract initiation or performance with a customer, business or cooperation partner, our interest in handling your data lies in enabling and maintaining the exchange with the customer or the respective business or cooperation partner, typically in the context of a contract or other relationship (see section A. number V).  

If you act as a contact person - typically in your function as an employee at these companies - you usually have no overriding opposing interest, insofar as this interaction with us is part of your area of responsibility, so that a right of objection is regularly excluded.

1. Communication

Basically, we collect the necessary data from you ourselves through personal contact. Of course, you can also contact us by telephone, fax, post or alternatively via our e-mail address (see Legal Notice) or via the e-mail addresses of our employees provided to you. In the latter case, the personal data transmitted with the e-mail will be stored. Please note that e-mail communication is not encrypted for technical reasons.

Your data will be used for the processing of the conversation and the post-processing of the respective inquiry or meeting contents, for example, to check contractual offers and to decide on their acceptance (pre-contractual obligation) or to be able to conclude and execute a contract with the communication partner.

Your data will be processed on the basis of Art. 6 para. 1 lit. b GDPR if the communication is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.

In all other cases, processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the effective processing of enquiries addressed to us.

In this context, the data will not be passed on to third parties unless it is necessary to pursue our claims or legitimate interests (Art. 6 para. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 para. 1 lit. c GDPR).

2. Data processing within the framework of distribution and execution of contracts

Personal data will be processed on the basis of Art. 6 Para. 1 lit. b GDPR in order to provide the service you have commissioned us to provide, in particular to implement our contracts or pre-contractual measures, as well as all activities required for the operation and administration of Gerstlauer Amusement Rides.

The resulting purposes of data processing shall primarily depend on the activities and individual services specifically agreed with you and may include, but are not limited to, consulting activities or activities within the scope of controlling sales processes (e.g. compiling documents, sending Gerstlauer Amusement Rides product or event information, providing Gerstlauer Amusement Rides services) or accompanying sales negotiations and concluding contracts.

Further details on the scope, purpose and recipients of your data can be found in the relevant contractual documents and associated terms and conditions.

To the extent necessary within the framework of our operational processes, we process your data in connection with our services beyond the actual fulfilment of the contract to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR).

In connection with the offer or provision of our services, we may be subject to special legal obligations, such as requirements of tax legislation. The purposes of processing your data may therefore include, among other things, compliance with fiscal control and reporting obligations, customs or export regulations and the assessment and control of risks. The data processing required for this is based on Art. 6 para. 1 lit. c GDPR.

3. Marketing communication with existing customers

Description of Data Processing

We would like to inform our customers and interested parties at regular intervals about our products, services, webinars, innovations or news at Gerstlauer Amusement Rides by e-mail or other electronic notifications (hereinafter referred to as "Newsletter"). We therefor use your e-mail address for this purpose. Further information may be requested in the respective newsletter registration forms in order to provide you with personalised content tailored to your interests. For this purpose, we use the data available from our customer relationships in addition to the processing of the contract in order to inform existing customers by e-mail about similar goods/services. You can object to the use of your data for this purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates.

Legal Basis and Purpose of Data Processing/Recipients

Newsletters are sent to existing customers on the basis of our legitimate interest in direct marketing measures pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with. § 7 para. 3 UWG. 

Duration of Storage / Right to Object and Erasure

You can object to the sending of the newsletter at any time by contacting us directly using our contact details given at the entrance.

By unsubscribing the newsletter, the business communication is not affected. Your data will be stored by us for the purpose of contract processing, our support and services, software updates or registration for events. In addition, we reserve the right to store the necessary proofs until the statutory limitation periods have expired in order to provide evidence of a legally compliant newsletter mailing.


III. Transmission of data

Depending on the scope of the work to be performed, your data or documents may be passed on to public authorities or private service providers or persons with whom we regularly cooperate, both in the enquiry or offer phase and in the contract implementation phase (see Section A. IV). A transfer of data to third countries is generally not intended, unless this necessity arises from the circumstances of the individual contact with the respective customer or business partner.


 D. Miscellaneous

Due to the further development of our Website or our offers as well as due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access the current data protection declaration on our Website at any time and print it, if necessary.

Contact Form

Do you have any questions?

Get in touch with us by using the contact form.