Privacy Policy for Mystic Tempest

Mystic Tempest is committed to protecting the privacy of our visitors and customers. This Privacy Policy outlines the types of information we collect, how we use it, and the measures we take to safeguard your data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy frameworks.

1. Information We Collect

We collect various types of information to provide and improve our escape room adventures, family-friendly puzzle games, group play event hosting, themed interactive challenges, and corporate team-building activities.

1.1 Personal Data You Provide Directly To Us:

• Contact Information: When you make a booking, sign up for our newsletter, or contact us, we may collect your name, email address, phone number, and postal address.
• Booking Details: Information related to your bookings, including event dates, number of participants, and any special requests or requirements.
• Payment Information: While we process payments through secure third-party payment gateways, we may receive confirmation of your payment. We do not directly store your full credit card details.
• Feedback and Communications: Any information you provide when you communicate with us, including customer service inquiries, survey responses, and reviews.
• Health and Safety Information: In certain circumstances, for specific activities, we may request relevant health or safety information to ensure your participation is safe and appropriate. This is collected with explicit consent.

1.2 Information Collected Automatically:

• Log Data: When you visit our online platform, our servers automatically record information that your browser sends. This may include your IP address, browser type and settings, the date and time of your request, and how you interacted with our site.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to track the activity on our service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

2. How We Use Your Information

We use the collected information for various purposes, primarily to operate our business and provide you with our services:

• To Provide and Manage Our Services: Fulfilling your bookings, organizing events, and delivering our escape room experiences.
• To Communicate With You: Sending booking confirmations, updates, customer support, and responding to your inquiries.
• For Marketing and Promotions: With your consent, sending you newsletters, special offers, and information about new games or events. You can opt-out at any time.
• To Improve Our Services: Analyzing usage patterns to enhance our offerings, improve our website functionality, and develop new experiences.
• For Safety and Security: Ensuring the safety of our premises and participants, and detecting and preventing fraudulent or unauthorized activity.
• To Comply with Legal Obligations: Adhering to applicable laws, regulations, and legal processes.

3. Legal Basis for Processing Personal Data (GDPR)

We process your personal data based on the following legal grounds:

• Performance of a Contract: When processing is necessary for the performance of a contract to which you are a party (e.g., booking an escape room).
• Legitimate Interests: When processing is necessary for our legitimate interests (e.g., improving our services, marketing, security), provided your interests and fundamental rights do not override those interests.
• Consent: When you have given explicit consent for specific processing activities (e.g., receiving marketing communications). You have the right to withdraw your consent at any time.
• Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.

4. Sharing Your Information

We do not sell your personal data to third parties. We may share your information with:

• Service Providers: Trusted third-party companies that perform services on our behalf, such as payment processing, website hosting, analytics, and marketing assistance. These providers are obligated to protect your information and use it only for the purposes for which it was disclosed.
• Legal and Regulatory Authorities: When required by law or to protect our rights, property, or safety, or the rights, property, or safety of others.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. When your personal data is no longer required, we will securely delete or anonymize it.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include encryption, access controls, and regular security assessments.

7. Your Data Protection Rights

Depending on your location, particularly if you are in the European Economic Area (EEA), you have certain rights regarding your personal data:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month.

8. Third-Party Websites

Our online platform may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise your data protection rights, please contact us at:

Mystic Tempest
42 Al Wasl Road
Suite 3A
Dubai, Dubai 00000
United Arab Emirates