Privacy

The controller in accordance with the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection regulations, is:

H.A.L.T. GmbH
Berliner Allee 47
58642 Iserlohn
Managing Director: Torsten vom Lehn
Commercial Register: Local Court Iserlohn, HRB 8755
Phone: +49 (0)2331-4880630
Email: hallo(at)exit-hagen.de

II. GENERAL INFORMATION ON DATA PROCESSING

1. Scope of Processing Personal Data
We only process personal data of our users to the extent necessary to provide a functioning website as well as our content and services. Processing of personal data of our users generally only takes place with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal provisions.

We process master data (e.g., name, address, email address) and contract data (e.g., services used, payment information) to fulfill our contractual obligations and service provisions in accordance with Art. 6(1)(b) GDPR. Entries marked as mandatory in online forms are required for concluding a contract.

2. Legal Basis for Processing Personal Data
If we obtain consent from the data subject for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis.

For processing personal data required for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing necessary for pre-contractual measures.

If the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.

If vital interests of the data subject or another natural person require processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to protect legitimate interests of our company or a third party and the interests, rights, and freedoms of the data subject do not override this interest, Art. 6(1)(f) GDPR serves as the legal basis.

3. Data Deletion and Storage Period
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage may occur if required by European or national law, regulations, or other provisions to which the controller is subject. Data will also be blocked or deleted once a statutory storage period expires unless further storage is necessary for contract fulfillment.

4. Cooperation with Processors and Third Parties
If we transfer data to other persons or companies (processors or third parties) or grant them access to the data, this is done only based on legal permission, your consent, a legal obligation, for processing contractual relationships (e.g., bookingKit, Mangopay), or our legitimate interest (e.g., use of contractors, web hosts, etc.). Third parties acting as processors are bound by Art. 28 GDPR.

5. Data Security
We use SSL (Secure Socket Layer) during website visits with the highest encryption supported by your browser, typically 256-bit. If not supported, 128-bit v3 is used. Encrypted pages can be recognized by the closed key/lock icon in your browser. We employ appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access, which are continually updated according to technological advancements.

6. Corporate Profiles on Social Media
We maintain profiles on social networks and platforms to communicate with active users and inform them about our services. When accessing these networks, their terms and privacy policies apply. Unless stated otherwise, we process data only if users communicate with us within these networks, e.g., by posting or messaging.

III. WEBSITE PROVISION AND LOG FILES

When accessing our website https://exit-game.de/hagen, your browser automatically sends information to our server, which is temporarily stored in a log file. The following data are collected without your intervention:

1. Browser type and version

2. User’s operating system

3. Internet service provider

4. User IP address

5. Date and time of access

6. Referring websites

7. Websites accessed via our site

8. Protocol (GET or POST)

9. Status code (e.g., 200 or 500)

These data are processed to ensure smooth website operation, user-friendly website usage, system security evaluation, and administrative purposes. The legal basis is Art. 6(1)(f) GDPR. Data is never used to personally identify you. Cookies and analytics tools are also used (see sections IV and VIII).

IV. USE OF COOKIES

Cookies are small files created by your browser and stored on your device when visiting our website. Cookies cannot harm your device or contain malware. They store information related to your device and usage patterns but do not directly reveal your identity.

Cookies make our services easier to use (session cookies) and improve user experience (temporary cookies). They also allow statistical analysis for service optimization. Cookies are deleted automatically after a defined period. You can block or delete cookies in your browser settings, but some website functions may be limited.

The legal basis for cookie processing is Art. 6(1)(f) GDPR.

V. EMAIL CONTACT

You can contact us via hallo(at)exit-hagen.de. Personal data sent via email are stored and used only to process your request. They are not shared with third parties. Legal basis: Art. 6(1)(f) GDPR, or Art. 6(1)(b) GDPR if the email concerns a contract. Data is deleted once the purpose is fulfilled, e.g., when the conversation ends. You may withdraw consent at any time, which will terminate the conversation and lead to deletion of data.

VI. CONTACT FORM

To contact us via our website form, your email address is required to respond. Data is processed according to Art. 6(1)(f) GDPR and deleted after your inquiry is handled.

VII. TRACKING TOOLS

Tracking measures are used to optimize website design and evaluate usage. Legal basis: Art. 6(1)(f) GDPR.

1. Google Analytics
We use Google Analytics for website optimization. Pseudonymized usage profiles and cookies track browser type, OS, referrer URL, IP, and access time. Data is transmitted and stored in the USA and not merged with other Google data. Opt-out instructions and more info: https://tools.google.com/dlpage/gaoptout?hl=de

VIII. SOCIAL MEDIA PLUG-INS

We use social plugins of Facebook, Twitter, and Instagram via the two-click method. These plugins transmit information directly to the social media servers, including IP addresses, even if you do not have an account. Logging out prevents personal data association.

• Facebook: https://www.facebook.com/about/privacy

• Twitter: https://twitter.com/privacy

• Instagram: https://help.instagram.com/155833707900388

IX. THIRD-PARTY SERVICES

1. Google Maps – Used for map display and directions; legal basis: Art. 6(1)(f) GDPR.

2. bookingkit – Booking system; personal data processed for orders, authentication, payments. Privacy: https://bookingkit.net/de/datenschutzerklaerung/

3. MANGOPAY – Payment services; privacy: https://www.mangopay.com/privacy

4. PayPal – Payment services; privacy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

X. RIGHTS OF THE DATA SUBJECT

1. Right to Access – Request confirmation and details of processed data.

2. Right to Rectification – Correct inaccurate or incomplete data.

3. Right to Restrict Processing – Under certain conditions, e.g., data accuracy dispute, unlawful processing.

4. Right to Erasure (Right to be Forgotten) – Request deletion unless exceptions apply.

5. Right to Notification – Inform recipients of corrections, deletions, or restrictions.

6. Right to Object – Object to processing for legitimate interests, including profiling.

7. Right to Withdraw Consent – Consent can be withdrawn at any time without affecting previous processing.

8. Right to Lodge a Complaint – With a supervisory authority in your Member State, workplace, or place of the alleged violation.

Status: May 2018