Houdini APP respects and takes care of your personal data, guaranteeing your rights. If you deal with Houdini APP as a client, consumer or simply as a member of the general public, you have the right to the protection of your personal data.

This data will relate to: your name, telephone number, email address and age.

In this General Privacy and Data Protection Policy of Houdini APP (hereinafter, “this Policy”) we describe what personal data is collected, how and why we collect your personal data, the management of this data, with whom we share it, how we protect it and the decisions regarding the treatment that you can exercise over your personal data.

This Policy applies to the processing of your personal data within the framework of various services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. in the context of the exercise of our activity which consists of: facilitating and optimizing escape room experiences for both companies and users. Hereinafter “the activity”.

Whenever your personal data is necessary and collected for the exercise of the activity as set out above, you will be notified through the privacy notices.

This Policy applies to all your personal data collected by Houdini APP and referred to in this Policy, so that, by accepting it, you agree that we process your data in the manner and conditions set out below.

1. Who is responsible for the processing of your personal data?
   

    

TAX AND IDENTIFICATION DATA:
Business name: HOUDINI APP
Company name: Luis Alejandro Rodríguez Alonso NIF: 53784014D
Address: C/Mariano Pola 57 S/N
Email: contacto@houdiniapp.com
Telephone: +34684617739

2. Who can you contact if you have questions or requests? The data protection contact point

Houdini APP has a data protection contact so that you can contact them and direct any questions or requests related to our company’s Policy, privacy notices and the processing of your personal data.

For any questions, requests or complaints regarding the application of this Policy or to exercise your rights as described in this Policy, you may contact us at the Data Protection Contact Point: contacto@houdiniapp.com

To exercise your rights, you must provide a copy of your NIF/DNI/CIF for identification.

3. Principles under the European Data Protection Regulation

We value the personal data you have entrusted to us and we are committed to treating it in accordance with the following principles that Houdini APP applies:

• Legality: We will only collect your Personal Data for specified, explicit and legitimate purposes and will not process your Personal Data in a manner that is incompatible with those purposes.
• Legality: in accordance with article 6 of the General Data Protection Regulation, your personal data will be managed provided that you express your consent to the processing of said data as a form of externalisation of your will and free and informed consent. Your personal data may be necessary to formalise a contract, agreement or service, in which the interested party is a party, to comply with legal obligations, to protect vital interests of the interested party and another natural person, to fulfil a mission of public interest or in the exercise of public powers conferred on the data controller or to satisfy the legitimate interests pursued by the data controller when these do not violate the fundamental rights and freedoms of the interested party or the protection of personal data of the interested party.
• Loyalty and transparency: in accordance with article 5 of the General Data Protection Regulation as a manifestation of transparency and proof of this is that the interested party is informed of the existence of the processing operation and its purposes.
• Data minimization: We limit the collection of personal data to what is strictly relevant and necessary for the purposes for which it was collected.
• Purpose Limitation: We will only collect your personal data for specific, explicit and legitimate purposes, and which we maintain in the way we process them.
• Accuracy: We will keep your personal data accurate and up to date.
  Data Security: We apply appropriate technical and organisational measures to ensure the appropriate level of security taking into account the risks and nature of the data in order to prevent it from being disclosed or accessed by unauthorised personnel, or from any loss or alteration. In short, any form of unlawful processing.
• Access and Rectification: the client, consumer or any person who, having given their consent for the collection of data, wishes to request any management regarding the processing, is recognized and may exercise: the right of access, rectification, opposition, deletion, limitation of processing, portability and not to be subject to individualized decisions. Its exercise will be free of charge and said request will be corrected within a period of one month, which may be extended for another two months depending on exceptional circumstances such as, for example: number of requests, complexity, or others of a similar nature. Point 14 of this document provides information on how to exercise these rights and the means and channels through which we will make your request effective.
• Principle of limitation of the conservation period: the data will be kept for the necessary time and for the purposes of the treatment without undue delay, and during which, the personal data of the users and clients will be available to them when they request it.
  International transfers: We do not carry out international data transfers, but in the event that they are carried out, we will guarantee that all personal data transferred outside the European Union are adequately protected and in accordance with the legislation of the country and the European Union.
• Third parties: We will ensure that access to and transfer of personal data to third parties will be done in accordance with applicable laws and regulations and with appropriate contractual guarantees.
• Direct Marketing and Cookies: We will ensure compliance with applicable legislation regarding advertising and cookies.

4. Processing of your personal data: What personal data do we collect?

Whenever we request your Personal Data, you will be informed of the data we collect through a Privacy Notice generated specifically for you to give us express consent regarding such collection and processing.

There is data that must be collected and stored in accordance with current legislation and regarding which you will be informed.

The personal data we collect refers to name, surname, age, gender, images, contact telephone number and email.

5. For what purposes do we process your personal data?

We only process your personal data for specified, explicit and legitimate purposes and will not process your personal data in a way that is incompatible with those purposes.

This may be the execution of an order you have placed, the improvement of your visit to one of our websites or portals, the improvement of our products and services in general, the offering of services or applications, communications and marketing actions, etc.

The purpose of each processing of your personal data will be clearly defined in the specific privacy notice related to that particular processing and which can be accessed through the electronic means from which you are informed (website, application, etc.).

By making a purchase, the customer agrees that their data will be transferred to the escape room in which they will carry out the activity in order to manage the reservation.

5.1. Marketing

We want to make it easy for you to take advantage of the escape room opportunities available on our website. One of the methods we use to do this is by sending you email messages containing information about your escape room interests.

You will receive marketing messages from us if you have given your consent, requested it or purchased goods or services from us and if you have not opted out of receiving marketing messages.

Each time you receive such an email, you will be able to tell us if you do not wish to receive such further emails. You may unsubscribe from these marketing communications at any time by clicking on the unsubscribe link, which you can find at the bottom of each communication you receive from us.

6. Keep your personal data accurate and up to date

It is important for us to keep the record of your personal data up to date. Please inform us of any changes or errors in your personal data as soon as possible by contacting us at the Data Protection Contact Point: contacto@houdiniapp.com

We will take steps to ensure that any incorrect information about you is deleted or amended.

7. Access to your personal data

You may access the personal data we hold about you upon request by contacting the data protection contact point: contacto@houdiniapp.com  and, if such personal data is inaccurate or incomplete, to request the rectification or cancellation of such personal data.

8. Duration of data processing

Pursuant to data protection legislation, your data will be retained for as long as necessary to comply with applicable law or for the purposes for which it is processed, as explained throughout the Policy.

For information on the duration of storage of personal data before deleting it from our systems and databases, please contact us at the Data Protection Contact Point: contacto@houdiniapp.com

9. Data security

Houdini APP has a set of technical and organizational security measures to protect your Personal Data against illegal or unauthorized access or use, as well as against accidental loss or damage to its integrity.

These have been designed taking into account the infrastructure of Houdini APP and the programs and processes it uses, the possible impact on your privacy and the possible consequences of a failure in the security systems in accordance with current industry standards and practices.

Your personal data may only be processed by a third party if the Data Processor undertakes to adopt the technical and organisational measures necessary to comply with the security commitment in the processing of data, thereby protecting the confidentiality, integrity and availability of the data.

10. Communication of personal data

This website does not transfer data to third parties except:

• As required by law or as legally necessary to protect Houdini APP.
• To comply with the law, requests from authorities, court orders, legal proceedings, reporting obligations and the provision of information to authorities, etc.
• To verify or enforce Houdini APP policies and agreements.
• To protect the rights, property or safety of Houdini APP and its customers.
• To manage reservations with escape rooms in case of purchase.

11. Transfers outside the European Union

Your personal data will not be transferred to recipients outside the European Union and, if this were done and these countries do not have the security measures and guarantees of our legislation, Houdini APP undertakes to implement the appropriate security measures and controls to adapt the level of security to that which we offer.

Furthermore, if this is the case, the user will be notified through a separate privacy notice that will be included in the Houdini APP and its website’s communication media, such as, for example, in emails, offers or any means or communication channel that mediates between the user and Houdini APP.

12. Legal information

The requirements of this Policy supplement, and do not replace, any other existing requirements under applicable data protection legislation. In the event of a conflict between what is written in this Policy and the requirements in applicable data protection law, the applicable data protection law will take precedence.

Houdini APP may modify this Policy at any time. When this occurs, we will notify you of any changes and ask you to re-read the most recent version of our Policy and confirm your acceptance. You can also check this Policy periodically on our website, where it will be visible.

13. Rights

13.1. Right of access

Article 15 of the General Data Protection Regulation recognises the right of the interested party to know whether or not their personal data are being processed and the purposes of the processing, the categories of data, the recipients, the origin of the data, the retention period and the criteria for determining said period. Thus, the data controller will provide a copy of the personal data being processed in electronic format upon submission of the request.

You may also request from the person responsible: rectification, deletion or limitation of data and processing.

In order to facilitate the exercise of this right by the user, we provide the form that must be completed for the request via the following link:

Right of access form

13.2. Right to rectification and deletion

Article 16 and 17 of the General Data Protection Regulation establishes that, in terms of rectification and deletion of personal data, the client or user may request the rectification of their personal data because they consider it inaccurate or that it be completed or deleted because it is not necessary for the purposes for which it was collected and processed.
In order to facilitate the user’s exercise of this right, we provide the form that must be completed for their request through the following link:

Right of rectification form
Right of deletion form

13.3. Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing of personal data where he or she contests the accuracy of the personal data. That is, the data may only be processed, with the exception of storage, with the consent of the data subject, for the exercise or defence of legal claims, to protect the rights of another natural or legal person or for reasons of public interest of the Union or of a Member State. Furthermore, the data subject shall be informed by the controller before such restriction is lifted.

In order to facilitate the exercise of this right by the user, we provide the form that must be completed for the request via the following link:

Right of limitation form

13.4. Right to data portability

Article 20 of the General Data Protection Regulation recognises the right of the interested party to receive the personal data concerning him or her, that is, to have it transmitted directly from one controller to another, whenever technically possible, in a structured, commonly used and machine-readable format, without being prevented by the controller to whom the data were provided, when consent has been expressly externalised or there is a contract.

In order to facilitate the exercise of this right by the user, we provide the form that must be completed for the request via the following link:

Right of access form

14. Category of data collected

The data collected will be stored in different files in order to organize them and be able to process them efficiently while maintaining security levels according to their sensitivity.
The data collected will be stored in:

• Non-automated files: will collect data sets non-automatically on physical media.
• Automated files: they cover data automatically and are thus managed using programs, computer equipment and others of a similar nature.

These in turn must be protected according to their relevance by different levels of security as described in the Privacy Policy and which you can access through our website.