privacy policy

privacy policy

I. General Provisions

1. A MindQuest.hu Kft. (hereinafter Controller) as Controller provides the information as follows based on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (hereinafter Regulation) about the data that comes into its possession by the online bookings and online payments performed on the website https://mindquest.hu/. By performing online booking or online payment on the website https://mindquest.hu/ the provisions laid down in this Data Processing Policy are accepted as final and binding.

– About the Controller:

Name: MindQuest.hu Kft

Office: 2473 Vál, Vajda János u. 44.

Company registration number: 07 09 027015

EU VAT Number: 25572014-2-07

Court of registration: Székesfehérvári Törvényszék Cégbírósága

E-mail: info@mindquest.hu

Postal address: 1450 Budapest, Pf. 79.

– Data protection officer:

Name: Somfai Sándor

Office: 2473 Vál, Vajda János u. 44.

E-mail: somfai.sandor79@gmail.com

Phone: +36 20 211 8785

2. This Privacy Policy aims to define the types of personal data processed, the methods of data management and to ensure that the constitutional principles of data protection and the requirements of data safety are kept, furthermore to prevent the unauthorised access to, the arbitrary modification and the unauthorised publication and/or use of personal data.

3. In terms of the aims defined in paragraph 2, we shall manage your personal data according to the current legal environment, ensure data safety and shall take the necessary organizational and technical measures and developments, moreover shall create the policies which are required to enforce the relevant legislative provisions.

II. Legal background

Data management at MindQuest.hu Kft. is mainly based on the policies defined in the following laws:

– Act V of 2013 on the Civil Code section 2:43

– Act CXII of 2011 on information self-determination and freedom of information 

– Regulation (EU) 2016/679 of the European Parliament and of the Council 

– Act CVIII of 2001 on certain issues of electronic commerce activities and information society services

– Act C of 2003 on electronic communications

Act XC of 2005 on the freedom of electronic information

– Act XLVII of 2008 on the prohibition of consumer-related unfair business practices

– Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising

– Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising activity

– Act VI of 1998 on the declaration of Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Strasbourg, 28/01/1981

– Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of research and Direct Marketing

III. The legal basis for data processing

Your personal data shall be processed in accordance with the relevant legislation on the below detailed legal basis: 

– as per point (a) of Article 6 (1) of the GDPR: your given consent after having been adequately informed;

– as per point (b) of Article 6 (1) of the GDPR: processing is necessary for the performance of a contract to which the data subject is party (performance of a contract);

–  as per point (c) of Article 6 (1) of the GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. accounting or bookkeeping obligation (compliance with a legal obligation);

– as per section 13/A of Act CVIII of 2001 on certain issues of electronic commerce activities and information society services (hereinafter E-Comm Act), The service provider may process personal data of the recipient of the service, suitable and sufficient for the identification thereof, for the purpose of drawing up the contract for the information society service, determining and modifying the contents thereof, monitoring the performance thereof, billing the charges arising therefrom as well as enforcing the claims related thereto, moreover for the purpose of billing the charges arising under the contract for the information society service, the service provider may process personal data related to the use of such service, provided that such data are indispensable for establishing and billing the charge, thus, especially, the data regarding the time, duration and place of using the service;

– as per section 6 of Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising activity

IV. The type of data, the purposes and duration of processing:

1. User identification, registration (online booking, gift voucher purchasing)

The below listed particulars shall be mandatory for user identification during the registration process:

Full name

E-mail address

Phone number

The purpose of processing: Service user identification, establishing the contract, provision of personalized service for the service users: online booking, gift voucher purchasing, i.e. the fulfilment of the service contract.

The legal basis of processing: point (b) of Article 6(1) of the GDPR. i.e. the registration cannot be completed, and a service contract cannot be established with Mindquest.hu Kft (online booking, gift voucher purchasing) without the mandatory particulars defined in point VI/1 above, moreover section 13/A of the E-Comm Act.

The duration of processing: 5 years the expiration time of the claims laid down in the contract. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

In case of online booking or purchasing gift vouchers the below particulars may be provided on a voluntary basis part from the ones defined in point VI/1 above:

personalized needs regarding the booking

headcount

name of site/partner where the booking was processed

The purpose of processing: személyre szabott kiszolgálás megvalósítása, valamint a partnerkapcsolati relációk értékelése.

The duration of processing: Until the service user withdraws consent on which the processing is based or 5 years. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Besides the particulars described in in point IV/1, the following data related to the booking and the service user shall be processed:

booking details: location, game of choice, date and time with the purpose of fulfilment of the booking;

language of choice with the purpose of providing personalized service for the user.

2. Invoicing

Besides the particulars provided at registration the following data shall be processed, which are indispensable for the financial fulfilment (pro forma invoice, invoice) of the service contract between the Service User and MindQuest.hu Kft. Hence these data are mandatory:

Name of the customer (in case it differs from the full name given at registration)

Address of customer

The purpose of processing: fulfilment of the purchasing process related to booking or gift voucher purchasing.

The legal basis of processing: point (b) of Article 6(1) of the GDPR and section 13/A of the E-Comm Act 

The duration of processing: data related to registration or gift voucher purchasing shall be contained until the general expiration time, i.e. for 5 years in order to provide justification in any disputes that may arise.

In order to fulfil audit obligations data related to invoicing shall be processed for 8 years in terms of section 169 of Act C of 2000 on accounting and until the expiration time defined by Act XCII of 2003 on the Rules of Taxation.

3.Bank Card Payment

Our website http://www.mindquest.hu/ provides the opportunity for the in advance financial settlement of the service booked online and for the purchase of our gift voucher by online bank card payment.

Data used in the course of online card payment (e.g. card number or account information) are not processed in any from by MindQuest.hu Kft. These data shall be only available for the bank providing the online payment service.

Details of the bank providing online payment service:

Name: OTP Bank Nyrt. 

Office: 1051 Budapest, Nádor u. 6

Phone: (+36 1/20/30/70) 3 666 666

E-mail: informacio@otpbank.hu 

Further information: https://www.otpbank.hu/portal/hu/adatvedelem

4. Sending Notifications

Non-marketing messages shall be sent to the email address provided in the registration process (online booking):

– Confirmation of registration (online booking);

– Confirmation of purchase;

– Sending pro forma invoice

Unless you gave your clear agreement to receiving newsletters, no marketing content shall be sent to you with the non-marketing messages.

The purpose of processing: Provision of personalised service for registered users, the completion of the service contract

The legal basis of processing: point (b) of Article 6(1) of the GDPR – contract completion

The duration of processing: The expiration time of the claims laid down in the contract, i.e. 5 years.

5. Newsletter Service:

Our website offers the opportunity to subscribe to our newsletter. Our company shall only send you marketing messages in case you give your clear consent to receive newsletters from us by indicating this in the respective check box found on our website (http://www.mindquest.hu).

The below data shall be processed related to our newsletter service:

– Full name

– E-mail address

The purpose of processing: To provide you as a subscribed User with the latest news and information about the services of MindQuest.hu Kft. 

You can unsubscribe from our newsletter at any time without any reason. Once you cancel your subscription to the newsletter, the data shall be deleted from our registry.

You may revoke your subscription:

– by clicking on the “Unsubscribe” link in the newsletter

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 

The legal basis of processing: point (a) of Article 6(1) of the GDPR – your prior voluntary agreement.

The duration of processing: Until your withdrawal of consent.

6. Cookie Policy

Our website and its pages use so-called cookies. Cookies are small text files that are placed on your computer and stored by your browser.

Cookies make it possible for a given website to recognise the User’s online device and store unique information about the User e.g. the country where the website is accessed from, the web browser and operational system used, the IP address, the browsing history within the site, the functions used. Most websites use cookies. Cookies do not process data that can be used to identify the User, unless the User provides such on a voluntary basis. 

We use the data to improve our website and services, to analyse the number of visitors and for our advertising strategy.

It is never mandatory to enable cookies in your browser. However, pleas note that enabling cookies improves your user experience to a great extent and allows full functionality. Disabling cookies may cause degraded website functionality.

 

The Types of Cookies We Use on Our Website:

Google Analytics 

Detailed description of the service can be found at:

https://www.google.com/intl/hu/policies/privacy

Google Adwords

Detailed description of the service can be found at:

https://www.google.com/intl/hu/policies/privacy

Facebook 

Detailed description of the service can be found at:

https://www.facebook.com/help/cookies/

Google Maps

Detailed description of the service can be found at:

https://www.google.com/intl/hu/policies/privacy

YouTube 

Detailed description of the service can be found at:

https://www.google.com/intl/hu/policies/privacy

7. Server log files

To be able to use our service, our system automatically logs the below listed data:

– Dynamic IP address of the workstation (computer) used to complete the registration;

– Depending on the local settings of the workstation, the type of internet browser and the operational system used;

– The User’s activity on the website.

The above data is not applicable for personal identification, no other personal data shall be related to them.

The purpose of processing: The data defined in point IV/6 serve technical reasons (ensuring stable functionality), moreover they are used in analysing web page usage statistics and user needs.

The duration of processing: Log file shall be deleted 15 days after recording an analysing.

8. Other Types of Data Processing

Any kind of personal data shall be processed for purposes differing from the above mentioned only after prior definition of the data processing purpose and with the User’s consent.

These data shall not be related to any data serving user identification and shall not be given out to any third party without the User’s consent.

We are obliged to delete these data from our records once the purpose of data processing has ceased to exist, or the User has withdrawn consent.

V. Details and Contact of Controllers and Processors:

Our website uses the Google Analytics service to gain data about independent website traffic and other web analytical data, hence these data are processed by Google Inc, as the data processor.

By using the Website, you agree that Google may process your data. 

 

Details of the hosting provider:

Company Name: DotRoll Kft.

Mailing Address: 1148 Budapest, Fogarasi út 3-5

Office: 1148 Budapest, Fogarasi út 3-5

Phone: +36 – 1 – 432 – 3232

EU VAT Number: 13962982-2-42

Content of data processing: webhosting

 

The online booking system is developed and operated by a legal entity authorized by our company:

Name: Berecz Sándor EV

Office: 1112 Veresegyház, Hegyalja utca 2.

Phone: +36 30 966 2003

E-mail: sandor.berec@gmail.com

 

The software Naturasoft Számla Standard is used for invoicing, which is operated by:

Company name: NATURASOFT Magyarország Kft. 

Office: 1113 Budapest, Bocskai út 77-79. (Kwenton irodaház)

Phone:  06-1-789-0217

e-mail:  info@naturasoft.hu

 

Furthermore, we reserve the right to use data processors other than those listed below. Details (name, address) of these data processors will be made available to users at the latest when the data processing begins.

VI. The Right of Access to Personal Data

The employees of our company, our agents and persons in cooperation with them who are required to access the processed data by their job tasks. In this respect, we are obliged to ensure that those with the right to access the data we process shall comply at all times with the provisions of this Privacy Policy and applicable laws.

 

VII. Your Rights Related to Data Processing

1.The right to information

  1. a) Upon your request, we shall provide written information (including electronic means) about the data processed by us and/or our agents without delay but within 25 days at the latest. We shall inform you about the origin of the data, the purpose of processing, the legal basis of processing, the duration of processing, the name and address of the processor and the activity related to processing and in case of forwarding your personal data we shall inform you about the legal basis and identify the recipient.
  2. b) The provision of information is free of charge. In case of clearly unfounded or exaggerated requests (particularly if they are of a repetitive nature), considering the administrative expenses that may occur in relation to the provision of the requested information or the fulfilment of the requested actions

– we may charge a reasonable fee;

– we may reject the request.

The justification of the unfounded or exaggerated nature of the request shall be the responsibility of MindQuest.hu Kft. in any case.

2. Right to erasure

a) We are obliged to erase personal data if:

– the processing is unlawful;

– you withdraw consent on which the processing is based, and where there is no other legal ground for the processing;

– the data are incomplete or erroneous;

– the purpose of processing has terminated, or the time of lawful storage has expired

– the erasure of the data is ordered by the competent court or authority.

 

b) Instead of erasing we may block your data upon your request, or if based on the available information, statements, the erasure of data would harm your legal interests. Data blocked this way may be processed until the purpose of processing which prevented the erasure is valid.

3. Right of access 

You shall have the right to obtain confirmation from us whether personal data concerning you are being processed, and, where that is the case, you shall have the right to access the personal data and the following information:

the purpose of processing;

– the categories of personal data concerned;

– the recipients to whom the personal data have been or will be disclosed based on any above-mentioned purposes of processing;

– the period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

 

furthermore, you have the right to:

– request from us the rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;

– lodge a complaint with a supervisory authority, where the personal data are not collected from you or your representative;

We shall provide a copy of the personal data undergoing processing. For any further copies requested, we may charge a reasonable fee based on administrative costs. In case you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.

4. Right to rectification

You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

 

5. Right to object

You shall have the right to object to the processing of personal data concerning you in the following cases:

the processing or transmitting of personal data is exclusively is necessary for compliance with a legal obligation or for the purposes of the legitimate interests pursued by a third party, except in case of mandatory data processing;

– if the personal data are processed for direct marketing, public opinion research or scientific research purposes;

– in any other case determined by law.

With the simultaneous suspension of data processing, we shall evaluate your application and inform you about the result in written form within not more than 15 days after the date on which the objection application is submitted.

If the objection is justifiable, we are obliged to discontinue processing and to block the data, and to notify anyone to whom we have previously transmitted personal information about the objection and the related measures taken and inform those who are obliged to enforce the right of object.

In case you disagree with our decision or we exceed the 15 days deadline you may bring a case before the Court of Justice (within 30 days from the publication of the decision or from the last day of the deadline).

 

6. Right to restriction of processing

We shall restrict processing where one of the following applies:

the accuracy of the personal data is contested by you;

– the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;

If you objected and processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

 

7. Right to data portability

You shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format if the processing is based on consent or on a contract.

In case your request for rectification, restriction or erasure cannot be fulfilled, we shall inform you in written from about the rejection and the factual and legal reasons for it not later than 25 days after receiving your request.

Your rights described in point VIII here may be restricted by law in terms of national security, defence, public security, for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, moreover in terms of an important economic or financial interest of the State or of a Local Government furthermore for the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions and in prevention of your and other’s rights. 

 

VIII. Remedies

In the event of any dispute that may arise, you may seek legal redress at:

1. Hungarian National Authority for Data Protection and Freedom of Information

Office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Mailing Address: 1530 Budapest, Pf. 5.

Phone: 06-1-391-1400

E-mail: ugyfelszolgalat@naih.hu

 

2. The competent Tribunal by permanent address or residence.

Kind regards,

MindQuest.hu – The live adventure game (c)

(c) 2018.05.31.

SECURITY CAMERA POLICY

The game areas are equipped with a video surveillance system. Please note that with the knowledge of this policy, entering the areas under video surveillance shall be deemed an expressed consent to data management.

 

1. CATEGORIES OF PERSONAL DATA PROCESSED:

 

The cameras transmit image and sound hence your facial image and recorded voice shall be data under surveillance.

 

2. THE CONTROLLER:

 

MINDQUEST.HU KFT. 

OFFICE: 2473 VÁL, VAJDA JÁNOS U. 44.

EU VAT NUMBER: 25572014-2-07

COMPANY REGISTRATION NUMBER: 07 09 027015

 

3. POSITION AND ANGLE OF VIEW OF THE CAMERAS:

3.1. Reception:

Camera: 1 pc.

 

View angle: ~ 180°

3.2 Reception corridor:

Camera: 1 pc.

View angle: ~ 180°

 

3.3. Game areas as defined for the service:

3.3.1.P.O.R.T.A.L.

Camera: 4 pcs.

 

View angle: ~ 180° each

 

3.3.2. The Bomb

Camera: 3 pcs.

 

View angle: ~ 180° each

 

3.3.3. The Diamond Heist

Camera: 3 pcs.

 

View angle: ~ 180° each

 

3.3.4. The Matrix

Camera: 4 pcs.

 

View angle: ~ 180° each

 

3.3.5. The Legacy of Noo’zaca

Camera: 4 pcs.

 

View angle: ~ 180° each

 

4. THE PURPOSE OF THE VIDEO SURVEILLANCE SYSTEM:

4.1. Service Rendered

 

Participation in our games include assistance provided by our colleague during the entire playing time. Because our colleague’s post is at the reception desk while the players are in the game areas, audio-visual connection is necessary for the seamless running of the game.

 

4.2. Safety:

 

In case our colleague should notice any problem during the game (e.g. a player may feel unwell), immediate action can be taken, help can be provided.

 

4.3. Security:

 

In the case of the misuse or of any damage caused to the furnishing of the escape game rooms, our colleague can immediately intervene and stop the game.

 

5. THE LEGAL BASIS OF PROCESSING:  

 

Service rendering, safety and security.

 

6. DATA STORING:

 

The security cameras are only for real-time audio-visual connection, no recording is made, no data is stored.

 

7. DURATION OF RECORDED DATA STORING:  

 

We do not store recordings.

 

8. PROCESSING RIGHTS:

 

The real-time image transmitted by the security cameras from the game areas can only be watched by our authorised colleague.

In the event of any dispute that may arise, you may seek legal redress at the following authorities:

a.) Hungarian National Authority for Data Protection and Freedom of Information

Office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Mailing Address: 1530 Budapest, Pf. 5.

Phone: 06-1-391-1400

Telefax: 06-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

b.) The competent Tribunal by permanent address or residence.

Facebook Instagram Tripadvisor