Privacy Policy

Identification

Data Controller: SCAPEROOMEXPERIENCE S.L.
Tax ID: B88251780
Address: CALLE ALBASANZ, 14-BIS, 1A
City: MADRID
Postal Code: 28037
Province: MADRID
Country: SPAIN
Email: info@experiencity.es
Phone: 610424880

Information and Consent

By accepting this Privacy Policy, the user is informed and gives their free and explicit consent for their personal data, provided through our websites hereinafter referred to as the "Website", and any data provided through other means or in the future, to be processed by SCAPEROOMEXPERIENCE S.L., henceforth referred to as the CONTROLLER.

Obligation to Provide Data

The data requested in the forms on the Website is mandatory unless stated otherwise in the specific field. If the data is not provided or is provided incorrectly, the user’s request cannot be processed.

The user may freely browse the Website if they accept the use of cookies; if not, they will be invited to leave the website or browse, where applicable, content without cookies.

Purpose of Processing the User’s Data by the Controller

– What is the legal basis for the processing of the user's data?

The personal data provided through the Website will be processed by the CONTROLLER for the following purposes:

a. For the purpose of contract fulfillment.

To comply with agreements for the provision of products or services that you have contracted, and to execute them according to the terms outlined in each case. Also, for the establishment of agreements and employment contracts.

Legal basis under the GDPR Article 6.1b: the processing is necessary for the performance of a contract in which the data subject is a party or for the application of pre-contractual measures at the request of the data subject;

b. For commercial communication and information purposes based on consent.

In order to communicate promotions, product information, and updates, invite you to events and activities, we request explicit consent, which can be revoked at any time.

Legal basis under the GDPR Article 6.1a: the data subject has given consent to the processing of their personal data for one or more specific purposes.

c. Data provided for Newsletter subscription.

To manage the subscription and/or unsubscription to the Newsletter, through the channel provided on the Website by the CONTROLLER.

Legal basis under the GDPR Article 6.1a: the data subject has given consent to the processing of their personal data for one or more specific purposes.

d. Data provided in contact forms.

To manage user requests for contact and information through the channels provided on the CONTROLLER's websites, to respond to the submitted request.

Legal basis under the GDPR Article 6.1f: the processing is necessary for the legitimate interests pursued by the data controller or a third party, provided that the rights and freedoms of the data subject do not override these interests, particularly when the data subject is a minor.

e. Navigation data provided.

To analyze the use of the Website and check user preferences and behavior.

Legal basis under the GDPR Article 6.1f: the processing is necessary for the legitimate interests pursued by the data controller or a third party, provided that the rights and freedoms of the data subject do not override these interests, particularly when the data subject is a minor.

Which user data will the Controller process?

The CONTROLLER will process the following categories of personal data depending on the request or inquiry made by the user:

– Personal characteristics – Social circumstances – Academic and professional details – Employment details – Commercial information – Economic, financial, and insurance data – Transactions of goods and services – Navigation data – User identification codes or keys.

Who will the user’s data be shared with?

Depending on the relationship established and with the user's authorization, their data may be shared with:
– Organizations or people directly related to the controller.
– Social security bodies.
– Tax administration.
– Banks, savings banks, and rural banks.
– Insurance entities.
– Health entities.
– Unions and personnel boards.
– Public authorities with relevant jurisdiction.

International Data Transfers

We inform you that your data will not be transferred internationally.

Data Retention

a. For contract fulfillment purposes.

Data will be retained during the validity of the contract and, once completed, for the statute of limitations of any legal actions arising from it.

b. For commercial communication and information purposes based on consent.

Data will be retained until the user revokes the consent given.

c. Data provided for Newsletter subscription.

Data will be retained until the user revokes the consent given.

d. Data provided in contact forms.

Data will be retained until the user revokes the consent given, during the validity of the requested service, and once completed, for the statute of limitations of any legal actions arising from it.

e. Navigation data provided.

Data will be retained until the user revokes the consent given.

User Responsibility

The user guarantees that they are of legal age and that the data they provide to the CONTROLLER is true and up-to-date. The user will ensure the information provided is kept updated.

The user guarantees that they have informed third parties whose data they provide, if applicable, about the contents of this document, ensuring they have obtained their authorization to provide their data to the CONTROLLER.

The user will be responsible for any false or inaccurate information provided through the Website and for any damages, direct or indirect, caused to the CONTROLLER or third parties.

Exercise of Rights

The user can send a written request to the CONTROLLER, at the postal or electronic address provided in the header of this policy, attaching a copy of their identity document or an equivalent document, at any time and free of charge, to:

– Revoke any consents given.
– Obtain confirmation as to whether the CONTROLLER is processing personal data concerning them.
– Access their personal data.
– Rectify inaccurate or incomplete data.
– Request the deletion of their data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
– Obtain restriction of processing when any of the conditions set forth in current data protection regulations are met.
– Request the portability of the data provided in cases outlined in the current data protection regulations.
– File a complaint with the Spanish Data Protection Agency at Calle de Jorge Juan, 6, 28001 Madrid, if they believe that the CONTROLLER is not processing their data in accordance with the law.

Security Measures

The CONTROLLER will process the user's data confidentially at all times, maintaining the necessary technical and organizational measures to ensure the security of the data, preventing its alteration, loss, processing, or unauthorized access, in compliance with the EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016.