Privacy Policy
First General provisions
The
Mystery Cellar (7621 Pécs Rákóczi út 65.), as a Service Provider and at the same time a data controller (hereinafter: Service Provider), undertakes that all data management related to its activities complies with the requirements specified in these regulations and the applicable legislation.
The Service Provider has taken into account in particular the provisions of Regulation CXII of 2011 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”) on the right to information self-determination and freedom of information. Act (“Information Act”), Annual CVIII. Act - on certain issues of electronic commerce services and services related to the information society (Eker Act), the provisions of Act V of 2013 on the Civil Code (“Civil Code”).
The
The data protection guidelines arising in connection with the service provider's data management are continuously available on the website www.rejtelyekpinceje.hu.
The Service Provider treats the personal data confidentially and takes all technical and security measures that serve the secure handling of the data.
The
Data controller data:
Name: Hollósiné Sós Krisztina EV
Headquarters: 7632 Pécs Fazekas Mihály utca 6. 4/13.
Tax number: 53034658-1-22
No .: 55531450
Account number: 10102440-79139200-01004000
2. Principles of data management
The
The Service Provider handles personal data legally and fairly and transparently for the user, collects them only for a specific, clear and lawful purpose and does not process them in a way that is incompatible with the purposes.
The personal data collected and processed by the Service Provider are appropriate and relevant to the purposes of data management and are limited to what is necessary.
The Service Provider shall take all reasonable measures to ensure that the data handled by it is accurate and, if necessary, up-to-date, and shall delete or correct inaccurate personal data without delay.
The Service Provider stores personal data only in such a form that the user can only be identified for the time necessary to achieve the purposes of processing personal data.
The
The Service Provider ensures the adequate security of personal data against unauthorized or illegal handling, accidental loss, destruction or damage of the data by applying the appropriate technical and organizational measures.
The Service Provider handles the user's personal data, based on the user's prior informed and voluntary consent and only to the extent necessary and in all cases in a targeted manner, ie collects, records, organizes, stores and uses it.
In some cases, the handling of the user's data is based on legal regulations and is mandatory, in such cases the Service Provider draws the user's attention to this fact separately.
The
3. Managed data on the website
The
3.1. Visit website
Objective: To ensure the proper and high-quality operation of the Service Provider's website, to control and improve the quality of our services, to identify malicious visitors attacking our website, to measure traffic, statistical goals.
Data managed: date of visit, details of subpages visited, type of operating system and browser you are using.
Legal basis: Legitimate interest of the service provider.
Duration of data management: 1 month.
3.2. Online appointment booking
Aim: to provide a more complete and convenient user experience for website visitors, to provide a time booking option through an online booking system for a service.
Data Managed: A name that helps distinguish; A phone number that becomes important in the event that something intervenes or the game can only start later for some reason and the booker must be notified of the incident; E-mail address, which is important in order to send us an e-mail confirming the booking, so that we can confirm once again the date of the booked time and the name of the booked event; Address to create the invoice.
Legal basis: Data provision is based on voluntary consent.
Duration of data management: for all the above data, the Court of Auditors TV. In accordance with Section 169 (2), 8 years.
3.3. Correspondence with customers
Purpose: If the person visiting the website or booking an appointment has any questions about the service, he / she will reach the Service Provider at one of the contact details indicated on the website. Currently, the website also includes a telephone number and an e-mail address, so that customers can even visit the Service Provider in the form of an e-mail. The contact details of the service provider are continuously available on the main page, in the contact menu item.
Data handled: Name, E-mail address, Date of receipt of the letter, any other personal data mentioned in the notice.
Legal basis: The information is based on the voluntary consent of the visitor to the website.
Duration of data management: 5 years.
The
3.4. Google Adwords Conversion Tracking
The Service Provider uses Google Adwords to collect both Adword and DoubleClick cookie data for the purpose of Google's use of remarketing to serve and optimize its online advertising on the Google search and display network. Google provides detailed information about the measurement data and its management on the following page.
3.5. Facebook pixel, remarketing
The Service Provider also collects Facebook Pixel cookie data using the Facebook remarketing service for the purpose of using the Facebook remarketing service to serve its online advertisements on Facebook interfaces and to optimize the advertisements.
3.6. Sweepstakes
Aim: To influence the service provider's business in a positive direction by raising awareness and increasing customer satisfaction by drawing lots of valuable prizes.
Managed data: Name, Telephone number, E-mail address or Home address, which becomes important if the winner can only receive the prize by post during the game.
Legal basis: consent
Duration of data management: until the end of the game for participants, 8 years for winners.
With regard to the sweepstakes, the Service Provider only advertises, advertises and, in the event of a draw, notifies the winning individuals on and through their Facebook profile.
3.7. On - site monitoring system
An electronic monitoring and recording system operates in the service areas of the Service Provider. The purpose of data management: to follow the gameplay in specific rooms, to actively contact the gamemaster, to protect human life, physical integrity, property, to prevent and detect violations, to commit the perpetrator and to prove violations, to document the activities of unauthorized persons, possibly examination of the circumstances of accidents at work and other accidents. The legal basis of the data management: the consent of the data subject by entering the service area of the service provider, the SZVMt. § 30. The scope of the managed data: the portrait and other personal data of the persons entering the play area as seen in the images. Duration of data management: thirty days if not used.
4. Cookies used on the Website
The
4.1. Description and use of cookies
Cookies are small data files (hereinafter referred to as "cookies") that are transferred to the user's computer via the website using the website and are saved and stored by the user's internet browser. Most of the most commonly used Internet browsers (Chrome, Firefox, etc.) accept and allow the download and use of cookies by default, but it is up to the user to refuse or disable them by changing their browser settings, as well as cookies already stored on the computer. can delete. For more information on the use of cookies, see the "help" menu item in each browser. There are cookies that do not require the prior consent of the user. Our website provides brief information about these when the user first visits, such as authentication, multimedia player, load balancing, session cookies to help customize the user interface, and user-centric security cookies. The Service Provider informs the user and asks for the user's consent about the cookies requiring consent - if the data management already starts by visiting the site.
The
The Service Provider does not use or allow cookies that allow third parties to collect data without the user's consent. Acceptance of cookies is not obligatory, however, the Service Provider is not responsible if, in the absence of enabling cookies, the website may not function as expected.
4.2. The type of cookies in use
System Cookies: A web application firewall session cookie that is used to prevent cross-reference abuse and is intended to ensure the proper functioning of the website. Non-consent cookies that expire at the end of the browser session.
Tracking Cookies: A cookie used for personalization. It aims to improve the user experience by increasing the efficiency of the service by memorizing user settings. Cookies based on user consent and valid for 30 days.
Tracking cookies (from third parties): Cookies used to identify new sessions and visitors that have been saved by the Google Analytics web tracking service. Its purpose is to connect to the services of third parties (eg Google) when visiting the website, to monitor visitor statistics. Cookies that do not require user consent and are valid for 60 minutes.
For more information on third party cookies, see https://www.google.com/policies/technologies/types/
You can read about privacy here: https://www.google.com/analytics/learn/privacy.html?hl=en_US.
5. Other data management issues
Service provider does not transfer data abroad.
The Service Provider is available to the user for the purpose of providing information, disclosing data or making documents available to the court, prosecutor's office and other authorities (eg police, tax office, National Data Protection and Freedom of Information Authority). In these cases, the Service Provider fulfills its obligation to provide data, but only to the extent strictly necessary to achieve the purpose of the request.
Contributors and employees participating in the data management and / or data processing of the Service Provider are entitled to get acquainted with the personal data of the user to a predetermined extent, subject to the obligation of confidentiality.
During the data management, the Service Provider protects the personal data with appropriate technical and other measures, as well as ensures the security and availability of the data, as well as protects them from unauthorized access, alteration, damage or disclosure and any other unauthorized use.
6. Remedies
Users may request information on data management, request the correction, modification, supplementation of personal data managed by the Service Provider, object to data management and request the deletion and blocking of their data (except for mandatory data management), seek legal redress, lodge a complaint with the supervisory authority or initiate proceedings. .
Supervisory Authority: National Data Protection and Freedom of Information Authority:
Head office: 1055 Budapest, Falk Miksa u. 9-11.
Mailing address: 1363 Budapest, Pf .: 9.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https: //naih.hu/
The
At the User's request, the Service Provider provides information on the data managed or processed by the Service Provider, their source, the purpose and legal basis of the data processing, duration, if not possible, the criteria for determining this period, the names, addresses and data processing incidents of our data processors, data protection incidents the circumstances, effects and measures taken to prevent and prevent them, as well as the legal basis and the recipient of the transfer in the case of the transfer of personal data of the user.
The
The Service Provider shall provide information within the shortest time from the submission of the application, within 10 days (but not more than within 1 month). The information is free of charge unless the user has already submitted a request for information to the Service Provider for the same data set in the current year. The Service Provider will reimburse the costs already paid by the User in case the data has been processed illegally or if the request for information has led to a correction. The Service Provider may refuse the information only in cases provided by law by indicating the place of law and by informing about the possibility of legal remedies or recourse to the Authority.
The
The Service Provider shall notify the user of the correction, blocking, marking and deletion of personal data, as well as all those to whom the data has previously been transmitted for the purpose of data management, unless the failure to notify does not infringe the user's legitimate interests. If the Service Provider fails to comply with the user's request for rectification, blocking or deletion, it shall notify the reasons for the rejection in writing or electronically with the consent of the user within 10 days (but not more than 1 month) after receiving the request and inform the user of the legal remedy, and the possibility of recourse to the Authority.
The
If the user objects to the processing of his / her personal data, the Service Provider shall examine the objection within the shortest time from the submission of the request, within 10 days (but not more than within 1 month) and inform the user of the decision in writing.
The
If the Service Provider decides that the user's protest is justified, then the data processing - including further data collection and data transfer - shall be terminated and the data blocked, and the protester and the measures taken on the basis thereof shall be notified to all persons affected by the protest. previously transmitted data and who are obliged to take action to enforce the right of objection. The Service Provider shall refuse to comply with the request if it proves that the data processing is justified by overriding legitimate reasons which take precedence over the interests, rights and freedoms of the user or which are related to the submission, enforcement or protection of legal claims.
If the user does not agree with the decision, or if the Service Provider fails to meet the deadline, the user may apply to the court within 30 days from the notification of the decision or the last day of the deadline.
The
Data protection lawsuits fall within the jurisdiction of the tribunal, which may, at the option of the data subject, be sued in the court of the data subject's domicile or residence. A foreign national may also lodge a complaint with the competent supervisory authority of his place of residence. The Service Provider asks the data subject to contact the Service Provider before submitting his complaint to the supervisory authority or court in order to reach a consultation and resolve the problem as quickly as possible.
The
7. The Service Provider reserves the right to amend this Data Management Information, of which it shall inform the data subjects in an appropriate manner.
Information related to data management is published on the website www.rejtelyekpinceje.hu.