GDPR RULES

ENIGMARIUM BLÅVAND
COOKIE AND PRIVACY POLICY

By using our website, you agree that Enigmarium Blåvand APS processes your personal data in accordance with this privacy policy. If you cannot accept Enigmarium Blåvand APS’s privacy policy, please refrain from using the website.

Background

In connection with bookings, gift card purchases, contact forms and participation in experiences operated under the Enigmarium® brand, we process a number of information about you. We have prepared this privacy policy because we need to provide you with information about how we process your data.

Important

It is important for us to emphasize that we only process your information for purposes related to bookings, customer service, legal obligations and operation of our experiences. We never resell information about our customers to others, nor do we provide your data to others other than as described in this privacy policy.

Data Controller

Enigmarium Blåvand APS is the data controller for the processing of the personal data that we have received from you, and we ensure that your personal data is processed in accordance with the law. Enigmarium Blåvand APS can be contacted here:

Enigmarium Blåvand
Operated by BHGK Catering ApS
Skallingevej 5, 6857 Blåvand

6857 Blåvand
CVR-no: 38268716
Phone: +45 75 27 55 55
Email: info@enigmarium.dk

The purpose

The purpose of processing your personal data is to manage bookings, participation in escape room experiences, gift card purchases and related customer communication for experiences operated under the Enigmarium® brand by Enigmarium Blåvand APS.

Your information is processed solely for purposes related to the operation and administration of escape room experiences and related services, which includes:

  • information about Enigmarium® activities, events, campaigns and experiences, for example through newsletters and customer communication
  • managing reservations and access to booked escape room experiences
  • processing payments and gift card purchases
  • planning and administration of private events, team buildings and group bookings
  • handling customer rights and obligations related to bookings and participation
  • customer service and communication regarding bookings, changes, cancellations or support requests
  • organizing promotional, social and entertainment-related activities
  • use of situational photos taken during or after experiences where consent has been given
  • storage of information required for accounting, legal compliance, statistics and business operations
  • information about parents or guardians of children and young people under the age of 18 for contact and safety purposes
  • If you participate in events, collaborations or activities organized by Enigmarium®, your contact information in the form of name, email, telephone number and picture may be shared internally with relevant staff members or service providers where necessary for communication, organization and operation of the booked experience or event.

Legal basis

The legal basis for our processing of your personal data follows from Article 6(1)(b) of the General Data Protection Regulation, as the information is processed in order to fulfill the agreement between you and Enigmarium Blåvand APS regarding bookings, participation in experiences, purchases or related services. Certain processing activities may also be based on legitimate interests under Article 6(1)(f), including operation of the business, customer service, fraud prevention, safety and improvement of customer experiences. Where required by law, processing may additionally take place in order to comply with legal obligations.

Categories of personal data

We process personal data on:

  • Customers and participants, including both children, young people under 18 and adults.
    As a rule, we only process “general personal data” in the form of registration and contact information such as name, gender, address, telephone number, date of birth, e-mail address and booking-related information.
  • Gift card purchasers and recipients
    We only process “general personal data” in the form of name, email address and payment-related information necessary for issuing and managing gift cards.
  • Visitors and event participants
    We only process “general personal data” in the form of contact information such as name, telephone number, date of birth and email address where relevant for bookings, participation, communication or safety purposes.
  • Business customers and partners
    We may process contact information such as company name, VAT/CVR number, contact person, telephone number, email address and billing information.

Sharing your personal data

We disclose personal data to the following recipients where relevant and necessary:

  • Booking and reservation systems
  • Payment service providers for the purpose of payment processing
  • Accounting and financial systems
  • Bank
  • IT and hosting providers
  • Professional advisors such as lawyers and accountants
  • Public authorities where required by law, for example SKAT
  • Relevant service providers or partners involved in the operation of booked experiences or events

Where do we get your personal information from?

The personal data processed by Enigmarium Blåvand APS is collected solely from you, from the person making the booking, or from a parent or guardian where relevant.

Storage of your personal data

We retain your personal data only for as long as necessary for the purposes described in this privacy policy, including legal, accounting and administrative requirements. Booking and transaction information may be retained for up to 5 years where required by applicable accounting or tax legislation. If we have a legal claim involving you, or are otherwise legally required to retain information longer, we will retain the relevant data for as long as necessary for those purposes.

Your rights

You have a number of rights under the General Data Protection Regulation in relation to our processing of information about you. If you wish to exercise your rights, please contact us.

You have the right to access the information we process about you, as well as a number of additional information.

You have the right to have incorrect information about yourself corrected.

In special cases, you have the right to have information about you deleted before the time of our regular general deletion occurs.

In certain cases, you have the right to restrict the processing of your personal data. If you have the right to restrict the processing, we may only process the data – with the exception of storage – with your consent, or for the establishment, exercise or defence of legal claims, or to protect a person or important public interests.

You have the right to object to our lawful processing of your personal data in certain cases. You can also object to the processing of your data for direct marketing purposes.

You can read more about your rights in the Danish Data Protection Agency’s guidance on the rights of data subjects, which you can find at www.datatilsynet.dk.

Complaint to the Danish Data Protection Agency

You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Data Protection Authority’s contact information at www.datatilsynet.dk.

Revision of the privacy policy

We will update this privacy policy if there are any changes to the way we process your personal data. In the event of changes, the date at the top of the privacy policy will be changed. The privacy policy in force at any time will be available on our website.

What is a Cookie?

A cookie is a data file that is stored on your hard drive. A cookie is not a program and does not contain a virus. Cookies do not identify you as a user, but your use of the website, i.e. cookies recognize your navigation on the site, remember whether you have visited the website previously, etc.

Cookies are necessary for a website to function and they help to optimize and adapt the website to your needs and interests.