This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our website.

​

I. Name and address of the person responsible

 

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

For all Virtual Escape locations in Austria:

Virtual Escape GmbH
Linzer Bundesstraße 33

5023 Salzburg
Managing Director: Tobias Kutschera
Commercial Register: District Court of Salzburg City
Telephone: +43 676 5841300
Email: office@virtual-escape.at

​

For all Virtual Escape locations in Germany:

Virtual Escape Deutschland GmbH

Sägewerkstraße 3

83395 Freilassing
Managing Director: Tobias Kutschera
Commercial Register HRB 29871

District Court of Traunstein
Telephone: +43 676 5841300
Email: deutschland@virtual-escape.games

​

​

II. General information on data processing

 

1. Scope of processing of personal data

In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

We process inventory data (e.g. name, address and email address), contract data (e.g. services used, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

​

2. Legal basis for processing personal data

Insofar as we obtain the consent of the person concerned for the processing of personal data, Art. 6 Abs. 1 lit. a EU General Data Protection Regulation serves (GDPR) as the legal basis.

When processing personal data that is required to fulfill a contract to which the data subject is a party, Art. 5cde-3194-bb3b-136bad5cf58d_b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Abs. 1 lit._cc781905-5cde-3194-bb3b serves -136bad5cf58d_c GDPR as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Abs. 1 lit._cc781905-5cde -3194-bb3b-136bad5cf58d_d DSGVO as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 Abs. bb3b-136bad5cf58d_1 lit. f GDPR as the legal basis for processing.

​

3. Data Erasure and Storage Duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

​

4. Cooperation with Processors and Third Parties

If, as part of our processing, we transfer data to other people and companies (contract processors or third parties) or otherwise grant them access to the data, this is only done on the basis of legal permission, you have consented, a legal obligation provides for this, for the processing of contractual relationships (e.g. bookingkit, Mangopay, Sofort, Paypal) with you or we have a legitimate interest in data transmission (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

​

5. Data Security

When you visit our website, we use the widespread SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed representation of the key or padlock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

​

6. Company Profiles on Social Media

We operate company profiles within social networks and platforms in order to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our data protection declaration, we process user data if they communicate with us within social networks and platforms, e.g. write posts on our online presence or send us messages.

​

​

III. Provision of the website and creation of log files

​

When you visit our website https://virtual-escape.at  , the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user's system accesses our website
(7) Websites accessed by the user's system via our website
(8) Protocol (GET or POST)
(9) Status code (including 200 or 500)

The data mentioned are processed by us for the following purposes:
• Ensuring a smooth connection establishment of the website,
• Ensuring comfortable use of our website,
• Evaluation of system security and stability as well
• for other administrative purposes.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. In addition, we use cookies and analysis services when you visit our website. You can find more detailed information on this under sections V and VIII of this data protection declaration.

​

​

IV. Use of cookies

​

We use cookies on our site. These are small files that your browser creates automatically and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not damage your end device and do not contain viruses, Trojans or other malware. Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we are immediately informed of your identity.

On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our site. In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specific period of time. If you visit our site again to make use of our services, it will automatically be recognized that you have already been with us and what inputs and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer (see Section VII). These cookies enable us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are required for the stated purposes to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

​

​

V. Email Contact

​

You can contact us via the email address office@virtual-escape.at in Austria and deutschland@virtual-escape.games in Germany. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. bb3b-136bad5cf58d_f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit._cc781905-5cde-3194 -bb3b-136bad5cf58d_b GDPR.

The processing of the personal data from the e-mail serves us solely to process the establishment of contact. This is also where the necessary legitimate interest in processing the data lies.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email ( office@virtual-escape.at ), he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data that was saved in the course of making contact will be deleted in this case.

​

​

VI. contact form

​

If you have any questions, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide the following personal data

- E-mail address

- Surname

so that we know who sent the request and to be able to answer it. Data processing for the purpose of contacting us takes place in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR. The personal data collected by us for the use of the contact form will be automatically deleted after the request you have made has been dealt with.

​

​

VII. Tracking Tools

​

The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

​

1.Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. ( https://www.google.de/intl/de/about/ ) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised usage profiles are created and cookies (see Section IV) are used. The information generated by the cookie about your use of this website such as

• browser type/version,
• operating system used,
• referrer URL (the previously visited page),
• host name of the accessing computer (IP address),
• time of server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking). You can prevent the installation of cookies by setting the browser software accordingly; we would like to point out to you however that in this case not all functions of this website can be used in full. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on ( https: //tools.google.com/dlpage/gaoptout?hl=de ). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help ( https://support.google.com/analytics/answer/6004245?hl=de ).

​

​

VIII. Social Media Plugins

​

We use social plug-ins from the social network Facebook  on our website on the basis of Article 6 Paragraph 1 Clause 1 Letter f GDPR in order to make Virtual Escape better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation is to be guaranteed by their respective providers. We integrate these plug-ins using the so-called two-click method in order to provide the best possible protection for visitors to our website.

​

1.Facebook

Social media plugins from Facebook are used on our website to make their use more personal. For this we use the "LIKE" or "SHARE" button. This is an offer from Facebook. If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website. By integrating the plugin, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. Facebook can use this information for advertising, market research and needs-based design of the Facebook pages. For this purpose, usage, interest and relationship profiles are created by Facebook, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to inform others about the use of Facebook provide related services. If you do not want Facebook to associate the data collected through our website with your Facebook account, you must log out of Facebook before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's data protection information ( https://www.facebook.com/about/privacy ).

​

​

 

IX. Third Party Services

​

1.Google Maps

To optimize our website, we use the "Google Maps" map service from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Our legitimate interest in improving our website with regard to the display of maps and the creation of directions lies in accordance with Art -3194-bb3b-136bad5cf58d_f GDPR. When using Google Maps, Google collects, processes and uses data about the use of the Maps functions by users of our website. In particular, the user's IP address is required to display the Google Maps content for displaying maps. The data collected by Google is transferred to the USA and stored there. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

For more information about data processing by Google, please refer to the Privacy Policy from Google . 

​

2. Regiondo

 

In order to sell our offers (Virtual Escape missions and vouchers), we use the booking system of Regiondo GmbH, Neumarkter Str. 63, 81673 Munich ("Regiondo"). By making a booking on our site, you consent to the storage and processing of your personal data by Regiondo . Your personal data will be forwarded to Regiondo  and processed. This data is stored and processed for the purpose of supporting and processing your orders, your authentication, processing payment transactions and improving Regiondo's services. For more information on terms of use and data protection and the possible commissioning of third parties for data processing by Regiondo , see   https://www.regiondo.com/privacy-policy .

​

3. stripes

 

Services for payment by [bank transfer, credit and debit cards, SEPA Direct Debit, Sofortüberweisung, Giropay, iDeal and Przelewy24] are provided by stripe, 510 Townsend Street San Francisco, CA 94103, USA ._cc781905-5cde -3194-bb3b-136bad5cf58d_ For the use of these services, stripe collects, stores and processes personal data in accordance with the striüe terms of use and is responsible for the lawful handling of these. For more information, see stripe's privacy policy at  https://stripe.com/at/privacy .

​

4. PayPal

The PayPal service is provided by PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. When paying with PayPal, you will be redirected to the PayPal website via a link. For the use of this service, PayPal collects, stores and processes your personal data such as your name, your address, your telephone number and your e-mail address as well as your credit card or bank account details. PayPal is solely responsible for the protection and handling of the data collected by PayPal. In this respect, the PayPal terms of use apply, which you can access at   www.PayPal.com  . Further information on the handling of your data and the possible commissioning of third parties  can be found in PayPal's data protection declaration, which can be accessed under the following link:_cc781905-5cde-3194-bb3b- 136bad5cf58d_ https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

​

5. R&S Online Sales and Marketing OÜ

 

In order to sell our vouchers, we use the help of the R&S Online Sales and Marketing OÜ, Ahtri tn 12, 15551 Tallinn. By buying a voucher on our site, you consent to the storage and processing of your personal data by R&S Online Sales and Marketing OÜ. Your personal data will be forwarded to R&S Online Sales and Marketing OÜ, who also use Regiondo for processing. This data is stored and processed for the purpose of supporting and processing your orders, your authentication, processing payment transactions and improving Regiondo's services and the services of R&S Online Sales and Marketing OÜ. For more information on terms of use and data protection and the possible commissioning of third parties for data processing by Regiondo , see   https://www.regiondo.com/privacy-policy .

​

​

X. Rights of the data subject

​

If personal data is processed by you, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

​

1. Right to information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.

If such processing is present, you can request information from the person responsible for the following information:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information about the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling according to Art. 22 Abs. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

​

2. Right to Rectification

You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

​

3. Right to restriction of processing

Under the following conditions, you can request the restriction of the processing of your personal data:

(1) if you dispute the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons .

If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

​

4. Right to erasure

​

a) Obligation to delete

You can request the person responsible to delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent to which the processing is based in accordance with Art . 9 Abs. 2 lit. a DSGVO and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 Paragraph 1 DSGVO and there are no overriding legitimate reasons for the processing, or you object objection to the processing pursuant to Art.
(4) The personal data concerning you was processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
(6) The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

b) Exceptions

The right to erasure does not exist if processing is necessary

(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller became;
(3) for reasons of public interest in the field of public health pursuant to art. 9 para. 2 lit. h and i as well Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. said right is likely to render impossible or seriously impair the attainment of the objectives of this processing, or
(5) to assert, exercise or defend legal claims.

5. Right to Information
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the person responsible.

​

6. Right to Object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 136bad5cf58d_1 lit. e or f DSGVO to file an objection; this also applies to profiling based on these provisions.

The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

​

7. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

​

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates violates the GDPR.

The supervisory authority to which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Status: October 2023