Last Updated: 5th June, 2021
Escape The Room Ltd, is a Cyprus company with registered number HE 338665 and business address at Theokritou 3AB,1060, Nicosia, Cyprus and EU VAT number CY10338665D (hereinafter “EscapeTheRoom”, “we”, “us”, or “our”). EscapeTheRoom owns and operates www.escapetheroom.com.cy, including any subdomains thereof, and any other websites through which EscapeTheRoom makes its services available (collectively, “Website“) and all associated services (collectively, “EscapeTheRoom Services“). The Website and EscapeTheRoom Services together are hereinafter collectively referred to as the “EscapeTheRoom Site”.
EscapeTheRoom is committed to protecting your privacy and handling your personal data in an open and transparent manner. The personal data that we collect and process will vary depending on how you use the EscapeTheRoom Site.
- • provides an overview of how EscapeTheRoom collects and processes your personal data and tells you about your rights under the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”);
- • when we refer to “personal data” or “personal information” we mean data which identifies or may identify you and which may include, for instance, your email or IP address;
- • when we refer to “processing” we mean the handling of your personal data by us, including collecting, protecting and storing your personal data; and
- • when we refer to “sensitive data” we mean personal data which may reveal information about racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
1. WHO WE ARE
Escape The Room Ltd, is a Cyprus company with registered number HE 338665 and business address at Theokritou 3AB,1060, Nicosia, Cyprus.
2. HOW WE COLLECT YOUR PERSONAL DATA
We obtain your personal data mainly through any information you provide directly to us through our EscapeTheRoom Site. Sometimes your personal data can also be shared with us, if for example you use an authentication system to log in. Below is a list of ways we collect your personal data:
- • when you visit and/or use our EscapeTheRoom Site;
- • when you make a booking via EscapeTheRoom Site;
- • when you provide your email to receive our newsletter;
- • when you take part in surveys or report a problem with our EscapeTheRoom Site;
- • when you contact with us via email, text, post or other ways of communication; and/or
It does not apply to information collected by:
- • us offline or through any other means, including on any other website operated by us or any third party (including our affiliates and subsidiaries); or
- • any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the EscapeTheRoom Site. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
3. IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect and process your personal data in order to provide you with our services and you fail to provide that data when requested, we may not be able to provide you with access to our Site and/or the services we offer. In this case, we may have to restrict the services we provide to you.
4. PERSONAL DATA THAT WE COLLECT AND PROCESS
(a) Personal data we collect and process from Browsers
- • Technical Data, including your Internet Protocol (IP) address and associated country, your browser type and version, time zone setting and location, browser plug-in types and versions, smart device information, mobile phone network information, operating system and platform and other technology on the devices you use to access this EscapeTheRoom Site.
- • Cookies including tags. For more information on the cookies we collect, please visit our Cookies Policy.
- • User Submitted Data, including data collected for a specific function, for instance a contest or a survey.
- • Communications and correspondence, including any correspondence between you and us and any other communication between you and anyone else on the EscapeTheRoom Site, including customer service requests, emails and live chats.
- • Consents, including any permissions, consents or preferences that you give to the EscapeTheRoom Site.
- • Identity and Contact Data, including full name, email address and phone number.
- • Usage Data, including data about which services you use and purchase, all bookings you place on the EscapeTheRoom Site and all metrics and measurements regarding your orders, advertisements, campaigns and any other of your activities on the EscapeTheRoom Site.
- • User Submitted Data, including data collected at your discretion for a specific function, for instance your username and password, your interests, preferences, feedback and survey responses, or any text, images, videos, blog posts, forum comments or other content or media you choose to upload on the EscapeTheRoom Site.
- • Financial and Transactional Information. To use certain features of the EscapeTheRoom Site (such as reserving or creating a Listing), we may require you to provide certain financial information including bank account details, direct debit data, billing address transfers and other relevant financial information; and
- • Marketing Data, including preferences in receiving marketing from us, our affiliates and third-parties.
(b) Information we collect from Third Parties
EscapeTheRoom may collect information, including personal information, that others provide about you when they use the EscapeTheRoom Site, or obtain information from other sources and combine that with information we collect through the EscapeTheRoom Site. We do not control, supervise or respond for how the third parties providing your information process your personal information, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.
To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or information to help detect fraud and safety issues, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive background check results (with your consent where required) or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive information about you and your activities on and off the EscapeTheRoom Site through partnerships, or about your experiences and interactions from our partner ad networks.
5. SENSITIVE DATA
We do not collect sensitive data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, political opinions, trade union membership, information about your health and genetic and biometric data) when you use the EscapeTheRoom Site.
If you provide us with sensitive personal information such as that relating to a disability or any other health issue, we will use this for the purpose of facilitating your visit at our premises and making sure that you get the best experience. We never store or save such sensitive personal information.
6. AUTOMATED PERSONAL DATA COLLECTION
As you navigate through and interact with our EscapeTheRoom Site, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect these data by using cookies and other similar technologies. We may also use these technologies to collect information about your online activities across third-party websites. Please see paragraph “Choices About How We Collect, Use and Disclose Your Personal Information” below and our Cookies Policy for further details on how you can opt out of behavioural tracking on this EscapeTheRoom Site and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioural tracking.
7. WHY WE NEED YOUR PERSONAL DATA AND HOW WE USE IT
We will most commonly use your personal data in the following circumstances:
a) where we need to perform our services to you, as necessary in accordance with our EscapeTheRoom Site’s Terms;
b) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
c) where we need to comply with a legal or regulatory obligation; and/or
d) where you have given us your consent.
Below, we describe these circumstances in further detail.
(a) Performance of our services to you
(1) Provision of services
We may collect and process your personal data where it is necessary in order to present our EscapeTheRoom Site and its contents to you and enable you to access and use the EscapeTheRoom Site, including any interactive features on our EscapeTheRoom Site and to provide you with information, products or services that you request from us, as well as to reply to your enquiries.
Please note that if you do not agree to provide us with the requested information, it may not be possible for us to provide you with the services you have requested.
(2) Customer management
We may collect and process your personal data where it is necessary in order to provide customer support and notices to customers and inform you about any notices about changes to our EscapeTheRoom Site or any products or services we offer or provide through it.
(b) Legitimate interests
(1) Customization of content
We may collect and process your personal data where it is necessary in order to measure and perform research and analysis about your use or, or interest in, our EscapeTheRoom Site content and/or services, so as to develop and display content and advertising tailored to your interests on our EscapeTheRoom Site.
We may collect and process your personal data where it is necessary in order to determine whether users of the EscapeTheRoom Site are unique, or whether the same user is using the EscapeTheRoom Site on multiple occasions, and to monitor aggregate metrics such as total number of visitors, pages viewed and demographic patterns.
(3) Functionality and security
We may collect and process your personal data where it is necessary to diagnose or fix technology problems, and to detect, prevent, and respond to actual or potential fraud, spam, abuse, security incidents, harmful activities, illegal activities, or intellectual property infringement, to conduct security investigations and risk assessments.
(4) Other legitimate interests
In addition to the above, we may process your data, to the extent required for our business needs in order to:
- 1) operate or update our EscapeTheRoom Site;
- 2) develop new services on our EscapeTheRoom Site as well as analyze and target new markets;
- 3) enforce our Terms and other policies and protect our legal rights and interests (including legal claims and preparing our defence in litigation);
- 4) maintain our list of contacts;
- 5) monitor, maintain and improve internal business processes, information and data, technology and communication solutions and services;
- 6) ensure network information security, including monitoring Browsers’ to our information technology for the purpose of preventing cyber-attacks, unauthorized use of EscapeTheRoom Site and prevention or detection of crime;
- 7) send you relevant marketing information (including details of other services provided by us which we believe may be of interest to you), but only where you are customer of the EscapeTheRoom Site (For more information, see paragraph “Choices About How We Collect, Use and Disclose Your Personal Information”) below;
- 8) to send you our email newsletter if you have actively opted-in to receive it;
- 9) to send you non-marketing commercial communications, to collect customer feedback via TripAdvisor’s ‘Review Express’ service, and to respond to queries or complaints made by or about you relating to our EscapeTheRoom Site;
- 10) we monitor our games via CCTV – necessary to allow us to run our escape games effectively and provide in-game assistance to players, for maintaining the security of our property and premises, and to prevent and investigate crime;
- 11) to conduct our publicity activities, for example publishing team photos on social media platforms (with your consent, where not already covered in our booking Terms and Conditions)
- 12) monitor the performance and effectiveness of our services and the EscapeTheRoom Site;
- 13) assess the quality of our customer services;
- 14) verify or authenticate information provided by you;
- 15) enforce our agreements with third parties;
- 16) protect your, our and third parties’ rights; and
- 17) respond to any legal process or requests for information issued by public authorities or third parties.
(c) For compliance with legal obligations
When you visit and/or use and/or register in our EscapeTheRoom Site (and throughout your relationship with us), we are required to comply with certain legal and regulatory obligations which may involve the processing of your personal data. This may include processing to:
- 1) perform checks, including checks against databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent, where required;
- 2) comply with laws relating to fraud;
- 3) identify other infringements of our Terms and Conditions; and
- 4) manage contentious regulatory matters, investigations and litigation.
(d) You have provided your consent
We will ask for your consent when we wish to provide marketing information to you in relation to our services which we believe may be of interest and of benefit to you.
You have the right to revoke your consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
(e) Performance of a contract
We will process your personal information for the performance of a contract i.e. to enter into a contract with you or to perform a contract that we entered into with you. For example, to enter you into a prize draw or competition, and contact winners to deliver prizes.
(f) TripAdvisor Review Express
We may also use the email provided during booking to forward you a review request after your experience via TripAdvisor’s Review Express service.
TripAdvisor recognises the value and importance in protecting our guests’ information therefore, email addresses submitted for Review Express are not used for any other purpose and you will not be subscribed to general TripAdvisor email campaigns.
If you are not comfortable with us using Review Express to contact you for a review after a game, then please let us know in writing at email@example.com.
8. WHO WE SHARE YOUR PERSONAL DATA WITH
(a) to our authorized service providers that perform certain services on our behalf, such as PayPal, QuickBooks. These services may include fulfilling orders, processing credit card payments, risk and fraud detection and mitigation, providing customer service, performing business and sales analysis, customization of content, analytics, security, supporting our EscapeTheRoom Site functionality, and supporting contests, surveys and other features offered through our EscapeTheRoom Site. These service providers may have access to personal data needed to perform their functions but are not permitted to share or use such information for any other purposes.
(b) governmental and regulatory bodies, including law enforcement authorities, in connection with enquiries, proceedings, legal process, governmental requests or investigations by such parties or in order to enable the EscapeTheRoom to comply with its legal and regulatory requirements. We specifically reserve the right to disclose any and all information to law enforcement in the event that a crime is committed or suspected or detected or if we are compelled to do so by lawful criminal, civil or administrative process, discovery requests, subpoenas, court orders or writs, to enforce applicable terms and conditions, including investigation of potential violations thereof, to detect, prevent or otherwise address security or technical issues, protect against harm to the rights, property or safety of our company, our users, our employees, or others; or to maintain and protect the security and integrity of our EscapeTheRoom Site or infrastructure. In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
(d) legal, accountants, banks and other professional consultants.
We may also disclose aggregated information about our users, and information that does not identify any individual, without restriction any other anonymized information. We also may share such aggregated information with third-parties for conducting general business analysis. This information does not contain any personal data and may be used to develop content and services that we hope you and other users will find of interest and to target content and advertising, for regulatory compliance, industry and market analysis, research, marketing and other business purposes.
Please note that we have never sold and will never sell your personal data to third parties nor distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
9. FINANCIAL INFORMATION
Financial information (including personal information) that you have provided to us will only be shared with our third-party processors and banks in order to initiate and complete any orders made by you or to make payments owed to you by EscapeTheRoom. All credit card transactions and such are processed with industry standard encryption through third party processors who only use your financial information and personal information for that purpose. All financial data and related personal information will not be shared by us with third parties except with your authorization or when necessary to carry out all and any transactions requested by you with the understanding that such transactions may be subject to rules, terms, conditions and policies of a third party. All such information provided to a third party is subject to their terms and conditions.
10. SECURITY OF YOUR PERSONAL DATA
We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your personal data from unauthorized access and disclosure. For instance, only authorized employees are permitted to access personal data, and they may do so only for permitted business functions. In addition, we use encryption in the transmission of your personal data between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your personal data. However, please be advised that we cannot fully eliminate security risks associated with the storage and transmission of personal data as we cannot guarantee that our security measures will prevent third-party hackers from illegally obtaining this information.
We are not responsible for circumventions of any privacy settings or security measures contained on the EscapeTheRoom Site.
11. ANALYZING YOUR COMMUNICATIONS
We may review, scan or analyse your communications on the EscapeTheRoom Site for fraud prevention, risk assessment, compliance with a legal or regulatory obligation, investigation, product development, research, analytics, and customer support purposes. For example, as part of our fraud prevention efforts, we scan and analyze messages to mask contact information and references to other websites. In some cases, we may also scan, review, or analyze messages to debug, improve, and expand product offerings. We use automated methods when reasonably possible. However, occasionally we may need to manually review some communications, such as for fraud investigations and customer support, or to assess and improve the functionality of these automated tools. We will not review, scan, or analyze your messaging communications to send third party marketing messages to you, and we will not sell reviews or analyses of these communications.
These activities are carried out based on EscapeTheRoom’s legitimate interest in ensuring compliance with applicable laws and our Terms and Conditions, preventing fraud, promoting safety and improving and ensuring the adequate performance of our services.
12. INFORMATION WE TRANSFER
Some of our external third parties are based outside the European Economic Area (“EEA”) so the processing of your personal data may involve a transfer of data outside the EEA.
Whenever we transfer your data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
b) Where we use service providers outside the EEA, including US, we may use model clauses or specific contracts approved by the European Commission which give personal data the same protection it has in the European Union.
We may additionally, in rare occasions, transfer your personal data to a party outside the EEA where we have your prior explicit consent to do so or where such transfer is necessary for the provision of our services to you.
13. MARKETING INFORMATION
We may process your personal data so as to inform you about existing and/or future services that may be of interest to you by sending you periodic announcements with details on existing and/or new services and/or programs, surveys, sweepstakes, contest, or other promotional activities or events sponsored by EscapeTheRoom or its third-party partners.
You have the right to object at any time to the processing of your personal data for marketing purposes, by sending us an email at firstname.lastname@example.org or by clicking at the opt-out link at the bottom of any marketing emails or we send you. If we send you a text message, opt-out instructions will be included in the text message we will send you.
We can only use your personal data to promote our services to you if we have your explicit consent to do so, or in certain cases such as for example when you are a customer of our EscapeTheRoom Site, if we consider that it is in our legitimate interest to do so. You may also occasionally receive marketing communications from our affiliates, but only provided you have given your explicit consent in receiving such communications.
Even if you inform us that you no longer wish to receive marketing material, you will still receive from us system notices and other information of similar nature from time to time.
14. HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where permissible, we will also delete your personal data upon your request. Information on how to make a deletion request can be found under the paragraph “Your data protection rights” below.
If you have questions about our data retention practices, please contact us electronically by sending as an email at email@example.com.
15. YOUR DATA PROTECTION RIGHTS
Subject to local law, you have certain rights regarding the personal data we collect, use or disclose and that is related to you. We want to make sure you are aware of your rights in relation to the personal data we process about you. We have described those rights and the circumstances in which they apply further below.
- • Right to Access: This enables you to get access or receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
- • Right to Data Rectification and Correction: If you believe that any of the information that we hold about you is inaccurate or incomplete, you have a right to request that we correct and rectify the inaccurate personal information.
- • Right to be Forgotten / Erasure: You may request that we delete your personal information if you believe that:
a) we no longer need to process your information for the purposes for which it was provided;
b) we have requested your permission to process your personal information and you wish to withdraw your consent; or
c) we are not using your information in a lawful manner.
Please note that if you request the erasure of your personal information:
- i. We may retain some of your personal information as necessary for our legitimate interests, such as fraud detection and prevention and enhancing safety.
- ii. We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, EscapeTheRoom may keep some of your information for tax, legal reporting and auditing obligations.
- iii. Because we maintain the EscapeTheRoom Site to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.
- • Right to object: You have the right to object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedom or for the establishment, exercise and defence of legal claims.
You also have the right to object where we are processing your personal data for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing.
If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
Depending on the circumstances, we may need to restrict or cease processing your personal data altogether or, where requested, delete your personal data. Please note that if you object us processing your personal data, we may have to suspend the services we provide to you.
- • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data if:
- • a) it is not accurate; or
- • b) it has been used unlawfully but you do not want us to delete it; or
- • c) it is not relevant any more, but you want us to keep it for use in possible legal claims; or
- • d) you have already asked us to stop using your personal data but you are waiting for us to confirm if we have legitimate grounds to use your personal data.
Please note that if you request us to restrict processing of your personal data, we may have to suspend the services we provide to you.
- • Right to data portability: Where we have requested your permission to process your personal data or you have provided us with information for the purposes of entering into a contract with us, you have the right to receive the personal data you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. We are not responsible for any such third party’s use of your information, which will be governed by their agreement with you and any privacy statement they provided to you.
If we ask for your consent to use your personal data, you can withdraw your consent at any time. Please note that in case of a withdrawal of your consent you may no longer be able to use several functionalities of our EscapeTheRoom Site.
Please note that for some requests to delete certain personal data, we may require additional information from you in order to verify your authorization to make the request and to honour your request.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us electronically by sending us an email at firstname.lastname@example.org or by post at Escape The Room Ltd, Theokritou 3AB,1060, Nicosia, Cyprus.
We endeavour to address all your requests promptly.
16. HOW TO ACCESS OR MODIFY YOUR PERSONAL DATA
We remain dedicated to the protection of your data and we want to be clear about the type of information collected, helping you make choices about your privacy. You may block cookies, including cookies associated with our services, by activating or deactivating the related cookies on your browser. Please note, however, that if you choose to disable all cookies (including essential cookies) you may not be able to access all or part of our EscapeTheRoom Site. Please see our Cookies Policy for more information.
17. CHOICES ABOUT HOW WE COLLECT, USE AND DISCLOSE YOUR PERSONAL INFORMATION
We strive to provide you with choices regarding the personal information you provide to us.
- • You can choose not to provide us with certain personal information, but that may result in you being unable to use certain features of our EscapeTheRoom Site because such information may be required in order for you to purchase products or services; participate in a contest, promotion, survey; ask a question; or initiate other transactions on our EscapeTheRoom Site.
- • You can limit the information you provide to EscapeTheRoom. Participation in promotions and marketing programs is voluntary.
- • You may opt out of the DoubleClick cookie or of Google Analytics by visiting the Google advertising opt-out page or by downloading and installing the browser plug-in available at Google Analytics opt-out page. Please see our Cookies Policy for more information.
- • When you visit our EscapeTheRoom Site or purchase a product or service, you may be given a choice as to whether you want to receive email messages, text messages, newsletters or both about product updates, improvements, special offers, or containing special distributions of content by us. If you no longer want to receive commercial or promotional emails or newsletters from us, you will need to avail yourself of the unsubscribe mechanism set out in the applicable communication. It may take up to seven (7) days for us to process an opt-out request. We may send you other types of transactional and relationship e-mail communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them. Please note that opting out of receipt of promotional email communications will only affect future activities or communications from us. If we have already provided your information to a third party before you have changed your preferences or updated your information, you may have to change your preferences directly with that third party.
- • You may opt out of interest-based advertising on mobile devices by activating the “Limit Ad Tracking” or equivalent feature offered by your mobile platform. It will transmit a signal to us and to third-parties that indicates your data should not be used for interest-based advertising.
- • You may opt-out of the collection and use of information for ad targeting by updating your Facebook account ad settings.
- • You may elect to no longer receive marketing communications from us by letting us know via email at email@example.com or by using the opt-out mechanisms provided to submit your marketing preferences.
18. OUR COMMUNICATION WITH YOU
19. RIGHT TO COMPLAIN
If you wish to lodge a complaint about how your personal data is used by the EscapeTheRoom, you may contact us electronically at the email address firstname.lastname@example.org or by post at Escape The Room Ltd, Theokritou 3AB,1060, Nicosia, Cyprus.
Upon receipt of your complaint, we will investigate it and respond to you within a reasonable time. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the collection, use and disclosure of personal data that cannot be resolved by an individual and us.
You also have the right to complain to the data protection supervisory authority of the country in which you reside, provided that such country is a Member State of the European Union or is located within the EEA.
20. THIRD-PARTY LINKS
23. NO ERROR FREE PERFORMANCE