1. An overview of data protection

General information

The following information will provide you with an easy to navigate overview of
what will happen with your personal data when you visit this website. The term “personal data”
comprises all data that can be used to personally identify you. For detailed information about the subject matter of
data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data recording on this website

Who is the responsible party for the recording of data on this
website (i.e., the “controller”)?

The data on this website is processed by the operator of the
website, whose contact information is available under section “Information about the responsible party
(referred to as the “controller” in the GDPR)” in this Privacy Policy.

How do we
record your data?

We collect your data as a result of your sharing of your data with us. This may, for
instance be information you enter into our contact form.

Other data shall be recorded by our IT systems
automatically or after you consent to its recording during your website visit. This data comprises primarily technical
information (e.g., web browser, operating system, or time the site was accessed). This information is recorded
automatically when you access this website.

What are the purposes we use your data for?

A
portion of the information is generated to guarantee the error free provision of the website. Other data may be used
to analyze your user patterns.

What rights do you have as far as your information is concerned?

You have the right to receive information about the source, recipients, and purposes of your archived personal
data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data
are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at
any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of
your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the
competent supervising agency.

Please do not hesitate to contact us at any time if you have questions about
this or any other data protection related issues.

2. Hosting

We are hosting the content of our website at the following provider:

Hetzner

The provider is the Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
(hereinafter referred to as Hetzner).

For details, please view the data privacy policy of Hetzner: https://www.hetzner.com/de/rechtliches/datenschutz.

We use Hetzner on the basis of
Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable depiction of our website possible. If appropriate
consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25
(1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end
device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-
mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data
of our website visitors only based on our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data
very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory
data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety
of personal information will be collected. Personal data comprises data that can be used to personally identify you.
This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also
explains how, and for which purpose the information is collected.

We herewith advise you that the
transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not
possible to completely protect data against third-party access.

Information about the responsible party (referred to as the “controller” in the GDPR)

The data processing controller on this website is:

Adventure World GmbH
Brooktorkai 7 / Block X
20457 Hamburg

Phone: +49 (0)172/4585266
E-mail: info@kja.hamburg

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as
to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your
personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a
justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have
other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the
latter case, the deletion will take place after these reasons cease to apply.

General information on the legal basis for the data processing on this website

If you have consented
to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special
categories of data are processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of
personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to
the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data
processing is additionally based on § 25 (1) TDDDG. The consent can be revoked at any time. If your data is
required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your
data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation,
we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of
our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case
is provided in the following paragraphs of this privacy policy.

Recipients of personal data

In the scope of our business activities, we cooperate with various
external parties. In some cases, this also requires the transfer of personal data to these external parties. We only
disclose personal data to external parties if this is required as part of the fulfillment of a contract, if we are legally
obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure
pursuant to Art. 6 (1)(f) GDPR, or if another legal basis permits the disclosure of this data. When using processors,
we only disclose personal data of our customers on the basis of a valid contract on data processing. In the case of
joint processing, a joint processing agreement is concluded.

Revocation of your consent to the processing of data

A wide range of data processing transactions
are possible only subject to your express consent. You can also revoke at any time any consent you have already
given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your
revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21
GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU
HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON
GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON
THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED,
PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO
LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT
COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH
YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING,
EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU
HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE
PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT
IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL
SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO
ART. 21(2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the
GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state
where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The
right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal
recourses.

Right to data portability

You have the right to have data that we process automatically on the basis of
your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable
format. If you should demand the direct transfer of the data to another controller, this will be done only if it is
technically feasible.

Information about, rectification and eradication of data

Within the scope of the applicable statutory
provisions, you have the right to demand information about your archived personal data, their source and recipients
as well as the purpose of the processing of your data at any time. You may also have a right to have your data
rectified or eradicated. If you have questions about this subject matter or any other questions about personal data,
please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions
as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to
demand restriction of processing applies in the following cases:

• In the event that you should dispute
  the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that
  this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
• If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand
  the restriction of the processing of your data instead of demanding the eradication of this data.
• If we do not
  need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right
  to demand the restriction of the processing of your personal data instead of its eradication.
• If you have
  raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each
  other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of
  the processing of your personal data.

If you have restricted the processing of your personal data,
these data – with the exception of their archiving – may be processed only subject to your consent or
to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for
important public interest reasons cited by the European Union or a member state of the EU.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential
content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an
SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line
of the browser switches from “http://” to “https://” and also by the appearance of the
lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be
read by third parties.

Encrypted payment transactions on this website

If you are under an obligation to share your
payment information (e.g. account number if you give us the authority to debit your bank account) with us after you
have entered into a fee-based contract with us, this information is required to process payments.

Payment
transactions using common modes of paying (Visa/MasterCard, debit to your bank account) are processed
exclusively via encrypted SSL or TLS connections. You can recognize an encrypted connection by checking whether
the address line of the browser switches from “http://” to “https://” and also by the
appearance of the lock icon in the browser line.

If the communication with us is encrypted, third parties will
not be able to read the payment information you share with us.

Rejection of unsolicited e-mails

We herewith object to the use of contact information published in
conjunction with the mandatory information to be provided in our Site Notice to send us promotional and
information material that we have not expressly requested. The operators of this website and its pages reserve the
express right to take legal action in the event of the unsolicited sending of promotional information, for instance via
SPAM messages.

4. Recording of data on this website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies
are small data packages that do not cause any damage to your device. They are either stored temporarily for the
duration of a session (session cookies) or they are permanently archived on your device (permanent cookies).
Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on
your device until you actively delete them, or they are automatically eradicated by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies).
Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies
for handling payment services).

Cookies have a variety of functions. Many cookies are technically essential
since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or
the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.

Cookies, which are required for the performance of electronic communication transactions, for the provision of
certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the
optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience),
shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has
a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision
of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies
has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and
§ 25 (1) TDDDG); this consent may be revoked at any time.

You have the option to set up your browser
in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in
specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-
function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions
of this website may be limited.

Which cookies and services are used on this website can be found in this
privacy policy.

Consent with Usercentrics

This website uses the consent technology of Usercentrics to obtain your
consent to the storage of certain cookies on your device or for the use of specific technologies, and to document the
former in a data protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger
Straße 7, 80331 München, Germany, website: https://usercentrics.com/ (hereinafter referred to as
“Usercentrics”).

Whenever you visit our website, the following personal data will be
transferred to Usercentrics:

• Your declaration(s) of consent or your revocation of your declaration(s) of
  consent
• Your IP address
• Information about your browser
• Information about your
  device
• The date and time you visited our website
• Geolocation

Moreover,
Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any
revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate
them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be
without prejudice to any mandatory legal retention periods.

The Usercentrics banner on this website has
been configured with the assistance of eRecht24. This can be identified by the eRecht24 logo. To display the
eRecht24 logo in the banner, a connection to the image server of eRecht24 will be established. In conjunction with
this, the IP address is also transferred; however, is only stored in anonymized form in the server logs. The image
server of eRecht24 is located in Germany with a German provider. The banner as such is provided exclusively by
Usercentrics.

Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of
specific technologies is Art. 6(1)(c) GDPR.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-
mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data
of our website visitors only based on our instructions and in compliance with the GDPR.

Contact form

If you submit inquiries to us via our contact form, the information provided in the
contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry
and in the event that we have further questions. We will not share this information without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a
contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our
legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your
agreement (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.

The
information you have entered into the contact form shall remain with us until you ask us to eradicate the data,
revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer
exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory
legal provisions, in particular retention periods.

Request by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, your request,
including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing
your request. We do not pass these data on without your consent.

These data are processed on the basis of
Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-
contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective
handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has
been obtained; the consent can be revoked at any time.

The data sent by you to us via contact requests
remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage
lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention
periods – remain unaffected.

5. Social media

Instagram

We have integrated functions of the public media platform Instagram into this website.
These functions are being offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5,
Ireland.

If the social media element has been activated, a direct connection between your device and
Instagram’s server will be established. As a result, Instagram will receive information on your visit to this
website.

If you are logged into your Instagram account, you may click the Instagram button to link contents
from this website to your Instagram profile. This enables Instagram to allocate your visit to this website to your user
account. We have to point out that we as the provider of the website and its pages do not have any knowledge of the
content of the data transferred and its use by Instagram.

The use of this service is based on your consent in
accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Insofar
as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or
Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the
collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that
takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly
have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are
responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-
secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook or
Instagram products. You can assert data subject rights (e.g., requests for information) regarding data processed by
Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to
forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC)
of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-
de.facebook.com/help/566994660333381.

For more information on this subject, please consult
Instagram’s Data Privacy Declaration at: https://privacycenter.instagram.com/policy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF
is an agreement between the European Union and the US, which is intended to ensure compliance with European
data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply
with these data protection standards. For more information, please contact the provider under the following link: https:
//www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt0000000GnywAAC&status=Active.

6. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need
from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address
provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on
a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such
data with any third parties.

The processing of the information entered into the newsletter subscription form
shall occur exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given
to the archiving of data, the e-mail address, and the use of this information for the sending of the newsletter at any
time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without
prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data
deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from
the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you
unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-
mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest
in accordance with Art. 6(1)(f) GDPR.

Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the
newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the
blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest
in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art.
6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests
outweigh our legitimate interest.

7. Plug-ins and Tools

Google Fonts (local embedding)

This website uses so-called Google Fonts provided by Google to
ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to
Google’s servers will not be established in conjunction with this application.

For more information
on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy
Declaration under: https://policies.google.com/privacy?hl=en.

Google Maps

This website uses the mapping service Google Maps. The provider is Google Ireland
Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the means of this service,
we can integrate map material on our website.

To enable the use of the Google Maps features, your IP
address must be stored. As a rule, this information is transferred to one of Google’s servers in the United
States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps
has been activated, Google has the option to use Google Fonts for the purpose of the uniform depiction of fonts.
When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly
display text and fonts.

We use Google Maps to present our online content in an appealing manner and to
make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art.
6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art.
6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to
information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This
consent can be revoked at any time.

Data transmission to the US is based on the Standard Contractual
Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information
on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF
is an agreement between the European Union and the US, which is intended to ensure compliance with European
data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply
with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

8. eCommerce and payment service providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and
contract data for the establishment, content arrangement and modification of our contractual relationships. Data
with personal references to the use of this website (usage data) will be collected, processed, and used only if this is
necessary to enable the user to use our services or required for billing purposes. The legal basis for these processes
is Art. 6(1)(b) GDPR.

The collected customer data shall be deleted upon completion of the order or
termination of the business relationship and upon expiration of any existing statutory archiving periods. This shall be
without prejudice to any statutory archiving periods.

Data transfer upon closing of contracts for online stores, retailers, and the shipment of merchandise

Whenever you order merchandise from us, we will share your personal data with the transportation company
entrusted with the delivery as well as the payment service commissioned to handle the payment transactions. Only
the data these respective service providers require to meet their obligations will be shared. The legal basis for this
sharing is Art. 6 (1)(b) GDPR, which permits the processing of data for the fulfillment of contractual or pre-
contractual obligations. If you give us your respective consent pursuant to Art. 6 (1)(a) GDPR, we will share your
email address with the transportation company entrusted with the delivery so that this company can notify you on
the shipping status for your order via email. You have the option to revoke your consent at any time.

Data transfer upon closing of contracts for services and digital content

We share personal data with
third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial
institution tasked with the processing of payments.

Any further transfer of data shall not occur or shall only
occur if you have expressly consented to the transfer. Any sharing of your data with third parties in the absence of
your express consent, for instance for advertising purposes, shall not occur.

The basis for the processing of
data is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual
actions.