MysteryEscape

Privacy Policy

Last Updated: March 27, 2024

1. Introduction

This Privacy Policy explains how Nurdaulet Otarov, operating as Daul Rinne, collects, uses, and protects your personal information when you interact with our demo escape room booking website.

IMPORTANT NOTICE

This website is created solely for hobby and portfolio demonstration purposes. The escape rooms featured on this website do not actually exist, and this service is not operating commercially. Any bookings submitted are not processed for actual services but may be stored for demonstration purposes.

2. Data Controller

Nurdaulet Otarov (Daul Rinne)
Sole Proprietor based in Finland
Contact: daul.rinne@gmail.com

3. Information We Collect

3.1 Booking Information

When you submit information through our demo booking form, we may collect:

  • Full name
  • Email address
  • Phone number
  • Selected room, date, time, and number of players
  • Special requests (if provided)

3.2 Technical Information

Our service automatically collects:

  • IP address (used for security and rate-limiting purposes only)
  • Browser session information

3.3 Local Storage Information

Our website uses browser localStorage to:

  • Prevent form submission abuse
  • Implement rate limiting for booking requests
  • Track login attempts for administrative purposes

4. How We Use Your Information

We use your personal information for:

  • Demonstrating the functionality of a booking system
  • Ensuring the security and proper functioning of our demo website
  • Preventing abuse of our systems
  • Portfolio presentation purposes

No actual escape room services are provided, and submitted bookings are not processed for commercial purposes.

5. Legal Basis for Processing

We process your personal data based on:

  • Legitimate Interests: Demonstrating website functionality, security measures, and portfolio presentation
  • Consent: When you voluntarily submit information through our forms

6. Data Storage and Retention

6.1 Storage Methods

  • Booking data is stored in our Supabase database
  • Technical information is stored in server logs
  • Rate-limiting data is stored in your browser's localStorage

6.2 Retention Periods

  • Booking information: Retained for up to 12 months
  • Technical logs: Retained for 30 days for security purposes
  • localStorage data: Stored only in your browser and automatically expires after set periods (maximum 24 hours)

7. Data Sharing

We do not sell or share your personal information with third parties except:

  • Our database service provider (Supabase)
  • Our hosting provider (Netlify)

These service providers have access to your personal data only to perform specific tasks on our behalf and are obligated to protect your information.

8. Your Rights

Under the GDPR, you have the following rights:

  • Right to access your personal data
  • Right to rectify inaccurate information
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Rights related to automated decision making and profiling

To exercise these rights, please contact us at daul.rinne@gmail.com.

9. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Database encryption
  • Secure transmission protocols (HTTPS)
  • Access controls to limit data access to authorized personnel

10. International Data Transfers

Your data is stored on servers located in the European Union. We do not transfer your personal data outside the European Economic Area (EEA).

11. Cookies and Tracking

Our website uses:

  • Strictly Necessary Storage: For the admin section, session cookies are used for authentication purposes
  • Local Storage: Used for rate limiting and not for tracking purposes
  • Netlify Services: Our hosting provider may use cookies for technical and security purposes

No third-party analytics, marketing cookies, or tracking technologies are used.

12. Children's Privacy

Our demo website is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy, please contact:

Nurdaulet Otarov (Daul Rinne)
Email: daul.rinne@gmail.com

15. Data Subject Access Request Procedure

To submit a request regarding your personal data (access, rectification, erasure, etc.), please:

  1. Send an email to daul.rinne@gmail.com
  2. Include "Data Subject Access Request" in the subject line
  3. Specify your request clearly in the email body
  4. Provide sufficient information to verify your identity

We will respond to your request within 30 days as required by the GDPR.

16. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Inform affected data subjects without undue delay, describing in clear language the nature of the breach, likely consequences, and measures taken to address it
  • Provide recommendations on how individuals can protect themselves following the breach

17. Governing Law

This Privacy Policy is governed by and construed in accordance with Finnish law. Any disputes arising under this policy are subject to the exclusive jurisdiction of the courts of Finland.