We are Puzzle Activities BV, with our registered office at Universiteitstraat 9, 9000 Ghent, registered under company number 0656.751.168. In this Privacy Policy, we explain which personal information we collect as the ‘data controller’ and how we use and share it to improve our services, in accordance with the General Data Protection Regulation (GDPR). This Privacy Policy is an integral part of our General Terms and Conditions.
We collect data in the following ways:
Website & Bookings: When visiting our website or making a reservation, certain data is registered via cookies (see our Cookie Policy). We process your name, email address, phone number, and any company details necessary for the execution of the contract.
In the Escape Room (CCTV/Monitoring): For safety reasons and necessary game guidance, we use cameras in the rooms. The Game Master monitors the live feed to provide hints and ensure the game runs smoothly. These images are viewed live only and are not recorded, unless explicitly stated otherwise for security purposes (in accordance with the Belgian Camera Act).
Group Photos: After the game, we often take a group photo. If you give your consent, we may share this photo on our social media channels or send it to you via email. You can withdraw this consent at any time.
Marketing: With your explicit consent, we process your name and email address to send newsletters and promotional offers. You can unsubscribe at any time via the ‘unsubscribe’ link.
We process data based on the following legal grounds:
Execution of the contract: To manage your booking, game guidance, and billing.
Legal obligation: For example, for our accounting and tax obligations.
Legitimate interest: For the safety of our staff and customers (CCTV monitoring) and to improve our service quality.
Consent: For marketing purposes and the publication of group photos.
We never sell your data to third parties. We only share data with partners if it is necessary for our services (e.g., IT providers for the booking system or payment processors). If data is transferred to parties outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as the Standard Contractual Clauses (SCCs) of the European Commission or the EU-US Data Privacy Framework.
We do not store your data longer than necessary:
Customer data: Up to 7 years after the last transaction (legal retention period for accounting).
Marketing: Until you withdraw your consent.
CCTV footage: Generally, these are not recorded (live feed). If recordings are made for security, they are kept for a maximum of 30 days.
By law, you have the following rights:
Access and rectification of your data.
Erasure (the ‘right to be forgotten’).
Restriction of processing or objection to processing.
Data portability (transferring your data).
To exercise these rights, please contact us at [email protected]. We may ask for proof of identity to prevent unauthorized requests.
Do you have any questions? Please contact us first. Additionally, you have the right to lodge a complaint with the Data Protection Authority (DPA/GBA): Rue de la Presse 35, 1000 Brussels Tel: +32 (0)2 274 48 00 Email: [email protected] Website: www.dataprotectionauthority.be
We apply the necessary technical and organizational security measures to protect your personal data against loss, destruction, or unauthorized access. You remain responsible for the confidentiality of your login details and the use of your own equipment.
This policy is governed by Belgian law (including the Act of July 30, 2018) and the European Regulation 2016/679 (GDPR).
