Privacy policy

Identification

Data Controller: ESCAPE ROOM EXPERIENCES ANDALUCIA, S.L.
NIF: B19398296
Address: Calle Albasanz, 14-BIS, 1A
City: MADRID
Postal Code: 28037
Province: MADRID
Country: SPAIN
Email: info@experiencity.es
Phone: 610424880

Information and Consent

By accepting this Privacy Policy, the user is informed and gives their free and specific consent for the personal data they provide through our websites, hereinafter the "Website", and those they may provide through other means or in the future, to be processed by ESCAPE ROOM EXPERIENCES ANDALUCIA, S.L., hereinafter referred to as the CONTROLLER.

Obligation to provide data

The data requested in the Website forms are mandatory unless otherwise indicated in the field. If they are not provided or not provided correctly, the user's request cannot be processed.

The user may freely view the Website content if they accept the use of cookies, otherwise they will be invited to leave the website or to browse, if applicable, content without cookies.

For what purpose will the controller process the user's personal data?

– what is the legitimization for processing the user's data?

The personal data provided through the Website will be processed by the CONTROLLER in accordance with the following purposes:

a. For contractual compliance purposes.

To comply with agreements in the supply of products or services that you contract with us and to be able to carry them out according to the conditions set out in each case. Also for the establishment of agreements and employment contracts.

Legitimization basis GDPR article 6.1b processing is necessary for the performance of a contract to which the data subject is party or for the application at the request of the data subject of pre-contractual measures;

b. For commercial communication and information purposes based on your consent.

In order to communicate commercial promotions, product information and news, invite you to events and activities, we request your express consent, which can be easily revoked at any time you consider appropriate.

Legitimization basis GDPR article 6.1a the data subject gave consent to the processing of their personal data for one or more specific purposes

c. Data provided for Newsletter sending.

Manage the subscription and/or cancellation of the Newsletter, carried out through the channel provided on the CONTROLLER's Website.

Legitimization basis GDPR article 6.1a the data subject gave consent to the processing of their personal data for one or more specific purposes

d. Data provided in contact forms.

Manage user contact and information requests through the channels provided for this purpose on the CONTROLLER's websites, to respond to the request made.

Legitimization basis GDPR article 6.1f processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

e. Navigation data provided.

Carry out analysis on the use of the Website and check user preferences and behavior.

Legitimization basis GDPR article 6.1f processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

What user data will the controller process?

The CONTROLLER will process the following categories of personal data depending on the request made by the user:

– Personal characteristics – Social circumstances – Academic and professional – Employment details – Commercial information – Economic, financial and insurance – Transactions of goods and services – Navigation data – User identification codes or keys.

With which recipients will the user's data be shared?

The user's data, depending on the relationship established and always with their authorization, could be communicated to:
– Organizations or persons directly related to the controller.
– Social security organizations.
– Tax administration.
– Banks, savings banks and rural banks.
– Insurance entities.
– Health entities.
– Trade unions and staff boards.
– Public administration with competence in the matter.

International Data Transfers

We inform you that your data will not be transferred internationally.

Data Retention

a. For contractual compliance purposes.

The data will be retained during the term of the contract and, once terminated, during the limitation period for legal actions that may arise from it.

b. For commercial communication and information purposes based on your consent.

The data will be retained as long as the user does not revoke the consent granted.

c. Data provided for Newsletter sending.

The data will be retained as long as the user does not revoke the consent granted.

d. Data provided in contact forms.

The data will be retained as long as the user does not revoke the consent granted, during the term of the requested service and, once terminated, during the limitation period for legal actions that may arise from it.

e. Navigation data provided.

The data will be retained as long as the user does not revoke the consent granted.

User Responsibility

The user guarantees that they are of legal age and that the data they provide to the CONTROLLER is true and up to date. The user will keep the information provided properly updated.

The user guarantees that they have informed third parties from whom they provide data, if applicable, of the aspects contained in this document, also guaranteeing that they have obtained their authorization to provide their data to the CONTROLLER.

The user will be responsible for false or inaccurate information provided through the Website and for direct or indirect damages that this may cause to the CONTROLLER or third parties.

Exercise of Rights

The user may send a written request to the CONTROLLER, at the postal or electronic address indicated in the header of this Policy, attaching a photocopy of their identity document or equivalent document, at any time and free of charge, to:

Revoke the consents granted.

Obtain confirmation as to whether the CONTROLLER is processing personal data concerning them.

Access their personal data.

Rectify inaccurate or incomplete data.

Request the deletion of their data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Obtain from the CONTROLLER the limitation of data processing when any of the conditions provided for in current data protection regulations are met.

Request the portability of the data provided in those cases provided for in current data protection regulations.

File a complaint with the Spanish Data Protection Agency at Calle de Jorge Juan, 6, 28001 Madrid, if they consider that the CONTROLLER is not processing their data in accordance with the law.

Security Measures

The CONTROLLER will process the user's data at all times confidentially and maintaining the mandatory duty of secrecy regarding them, in compliance with what is advised and provided for in EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, adopting the necessary technical and organizational measures that guarantee the security of their data and prevent its alteration, loss, processing or unauthorized access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.