PRIVACY POLICY CONTACT, RESERVATION

Introduction

Our privacy policy controls, that how the Horror Túra Kft. (in the following: us) collects and processes your personal data regarding to your booking on our website: www.nightmareinbudapest.com.

The personal data is crucial infromation on how we can identify our guests (in the following: you) for example: name, location, online identifier, sex, financial data. Our privacy policy includes your rights regarding your personal data. Please read our privacy policy before you book an appointment. If you contact us via phone or e-mail, then you are automatically accepting our privacy policy. If you are not accepting our privacy policy, then please do not use our website, do not book an appointment.

We are deeply committed towards the safety of personal data as well as providing secure services according to legislation. Our privacy policy contains the following sections:

Who is monitoring the data?

Our company controls the processing of your personal data. This activity is monitored by the Hungarian National Authority for Data Protection and Freedom of Information.

How can I send questions regarding the safety of personal data?

Please, at first read the FAQ section and our privacy policy. You can send your questions regarding to our privacy policy to the following e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.

What kind of personal data do the company process?

In case of booking an appointment we process the following data:

If you booked an appointment via e-mail we process the following data: first name, surname, e-mail address, phone number.

If you booked an appointment via phone we process the following data: first name, surname, phone number.

We are not keeping phone numbers in our device. We are deleting our call history weekly.

What purposes do my personal data serve?

We process your data for the following purposes:

1. Contact: We can inform you if we can not open in the time of your booked apointment because of technical or other issues.

2. For the protection of our and your rights. In certain kind of situations we can assume in good faith that it is necessary to record and publish your data: (i) To protect our privacy, our safety and our properties or to validate our lawful rights. (ii) To protect your public security, your privacy and your safety. (iii) For business risk management.

We will inform you if we process your personal data for diferent purposes or if we involve a third party.

What is the retention period?

We have to use these periods and criteria, unless the law does not provide for or allows another period, or our logical conviction is that the followings are necessary:

The above mentioned 2 points purpose is that the collected data will be preserved until the extent necessary for our services and for a period of time and/or if you made an application of deletion.

After the provided service your data will be deleted in 3 days.

If you have further queries please contact us on the aformentioned e-mail address in our privacy policy.

Safety and privacy protection measures!

Tha data will be processed by partially automated mechanical devices and we will protect it by appropriate security measures. We will provide data security against losses, theft and unauthorized use, disclosure, modification by appropriate legal, administrative, technical, personnel and physical measures.

The website may include links to partners, their websites/applications. If you follow any of these links you have to note that these websites/applications may following different policies and conditions than us. We do not take responsibility for the content of these websites/applications. Please, check the policies and conditions before you accept it or you send data to them.

Who has access to personal data?

The data can be processed in the European Economic Area (EEA) according to the following limits:

our staff who are responsible for data processing and storing (Gábor Dömsödi, Ferenc Baranyi);

government agencies for the purpose of enforcing legal obligations. This may include (if it is applicable) the suspicion of fraud or criminal offence towards the authority concerned or other authorized third parties.

If you need further information on the data processing contact us.

Are the personal data will end up abroad?

No.

What rights do you have related to your personal data?

Anytime:

you can receive confirmation of your personal data.

you can learn about the goals and measures of the data processing.

you can ask for the limitation of data processsing

you can ask for the deletion of the data without undue delay. This decision could lead to the termination of our services that we granted for you.

you may file a complaint for the data protection authority.

Amendments of Privacy Policy

This privacy policy is valid from the date that is marked in the header. We can make further changes to it for business development, as well as legal and regulatory changes. In case of major changes we will notify you in advance.

Official name: Hungarian National Authority for Data Protection and Freedom of Information.

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Postal address: 1530 Budapest, Pf.: 5.

Phone number: +36 (1) 391-1400

Fax number: +36 (1) 391-1410

E-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.

The URL of the site: https://naih.hu/general-information.html

Costumer service or public relation availability: Hungarian National Authority for Data Protection and Freedom of Information costumer service: Phone number: +36 (1) 391-1400, Fax number: +36 (1) 391-1410, Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Postal address: 1530 Budapest, Pf.: 5.

Online administration availability: http://naih.hu/online-uegyinditas.html

PRIVACY POLICY CAMERAS

The surveillance systems data handling regulation operating on the premises of the Horror Túra Kft, on the territory of the Nightmare in Budapest - Haunted house.

1. The data handling: On the premises of the Horror Túra Kft, on the premises Nightmare in Budapest – haunted house (from now referred to as: haunted house) 1072 Budapest, Rákóczi Street 30.  The surveillance is done by electronic surveillance units – cameras – during which recordings are made containing personal information. The surveillance system is operated by the Horror Túra Kft.

2. The purpose of data handling:

2.1 The purpose of surveillance and video recording is to protect the well being of personnel residing within the territory of the haunted house, as well as the belongings of guests and the workers in use assets. Within these our goal is to prevent any violation of law, sighting of violations, further more to be used when needed in correlation with the above mentioned as evidence by the proper authorities.

2.2 The recording of experiences during the show and uploading them to video media sharing websites (e.g.: YouTube). There are no personal information presented when uploading the videos, only the date and time of visiting. The uploading is voluntary, the guests are able to declare before the show, whether or not they consent to share the video.

3. The claim of the data handling: The employees of the haunted house get a written notification of the video surveillance systems data handling. The consent of individuals, not mentioned previously is voluntary, with proper behaviour, except the show experience recordings, and the uploading of these on YouTube. About the application of the surveillance system we are obligated to post an informative, visible and well readable notice for the visiting third party. The information within said notice is contained in the 1st attachment.

4.The duration of the data handling: The video recordings are stored within the central main recording unit for three workdays, after this period they are automatically deleted!

5. The authority of the data handling: The personnel authorised to access the continuous video stream are listed on the 2nd attachment. The only personnel authorised to access the recorded and stored footage are listed in the 3rd attachment. The personnel authorised to transfer and copy recorded and stored videos are listed in the 4th attachment. The recording unit is placed behind the reception desk for safety precautions. The recordings are only accessible with a password for safety precautions.

6. Data security measures:

6.1. The surveillance monitors are placed such that during video streaming no unauthorised individuals can observe them

6.2. The surveillance recordings are only accessed for filtering out violations and can only be observed for initiating measures against violations. The only exceptions are the cameras surveying the “labyrinth”, “train” and the exit, these can be observed and recorded by the receptionist to create a bigger and a more impactfull experience. The computer located by the reception is able to record the video stream just like the central main recording unit. These recordings are deleted after a three workday period. The computer is protected by a password.

6.3. The access of the recordings is only possible in a safe condition and so that the data handling individual is easily identifiable (with personal codes). With the discontinuation of someone’s authority any further access to the recordings is immediately denied.

6.4 No safety copies are made from the recordings.

6.5. There are registered records about the replays according to the 5th attachment.

6.6. After sighting any violations we are obligated to store the footage and take immediate measures, with that we must notify the proper authorities that there are recordings of the crime. There are records about any data out handing according on a legal form according to the 6th attachment.

7. Within the territory of the haunted house there are 11 working cameras, out of these 9 are capable of video recording, the remaining 2 are only capable of surveillance. The cameras exact location and surveyed territory is contained in the 7th attachment.

8. The affected individuals rights:

8.1. Affected: Any defined, identified by personal identification or - directly or indirectly – furthermore identifiable natural individual (The law of information autonomy and of information freedom 2011. CXII. 3§1 point).

8.2. Those whose rights or rightful interests are affected by the recordings or affected by other means of personal data storage, can request with rightful claims within three workdays not to delete their data. By the request of any proper authority we are obliged to immediately hand the recordings over. If the authority’s request does not arrive within 30 days from the original request the data must be immediately deleted. The request must be made by the manager.

8.3. The affected can request by the Horror Túra Kft.:

8.3.1. Information about their personal data’s handling,

8.3.2. Correction of their personal data,

8.3.3. The deletion of their personal data.

8.4 The deletion of their personal data,

8.4.1. If the data handling or data transfer is needed to fulfil the legal duty of the data handler or to validate the rightful interests of the third party or the data handler, except in case of obligatory data handling;

8.4.2. If the personal data handling happens because of personal gain, public opinion research or used for scientific research, furthermore in any other legally defined case.

8.4.3 In tbe above mentioned legally defined cases the manager inspects the requests within at most 15 days and notifies the requester in a written form about the decision.

8.5. In the case of violation of ones rights a report can be made to the law court against the data handler. The data handler is obligated to prove that the taken actions are based in law.

9. The data handling regulations are available in our headquarters, on our premises and on our website as well (www.nightmareinbudapest.com). The regulation is valid from this day.

Budapest, 2018. May 24.