Privacy Policy

Effective Date: 25.10.2025

1. Introduction

Welcome to Escape Room Iași! We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy explains how we (PANIC ESCAPE ROOMS SRL, “we,” “us,” or “our”) collect, use, share, and protect your personal information when you visit our website (www.escaperoomiasi.ro), book our escape room experiences, or otherwise interact with us.
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

2. Who We Are (Data Controller)

For the purpose of the General Data Protection Regulation (GDPR) and relevant Romanian data protection laws, the data controller is:
PANIC ESCAPE ROOMS SRL
Calea Chisinaului 22H, Iasi
CUI: 52526009
paniciasi@gmail.com

3. What Information We Collect

We may collect and process the following types of personal data about you:

  • Identity Data: Full name, and in the context of group bookings, names of other participants (if provided by the booker).
  • Contact Data: Email address, phone number, billing address (if different from physical and only if online payment becomes an option).
  • Booking Data: Details of the escape room(s) booked, date and time of booking, number of participants, special requests related to bookings (e.g., for birthday celebrations).
  • Financial Data: (Currently, you mentioned cash only. If you introduce online payments, this would include payment card details, which are typically processed by a third-party payment processor, not stored by you directly). For now, state: “We currently only accept cash payments on-site and therefore do not collect or store financial data such as credit/debit card numbers through our website.”
  • Transaction Data: Details about payments to and from you (e.g., booking confirmations, receipts if issued).
  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage Data: Information about how you use our website, products, and services (e.g., pages visited, time spent on pages).
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties (if applicable) and your communication preferences.
  • Photographs/Videos: With your explicit consent (or the consent of a parent/guardian for minors), we may take photographs or videos of your group after your game for promotional purposes or as a souvenir.
  • Children’s Data (for Birthday Parties): Names and potentially ages of children participating in birthday parties, collected with the explicit consent of a parent or legal guardian.

4. How We Collect Your Information

We use different methods to collect data from and about you, including:

  • Direct Interactions: You may give us your Identity, Contact, and Booking Data by filling in forms on our website (e.g., booking form, contact form) or by corresponding with us by phone, email, or otherwise. This includes when you:
    • Book an escape room experience.
    • Inquire about our services.
    • Request marketing to be sent to you (if applicable).
    • Give us feedback.
  • Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy [Link to Your Cookie Policy, if separate] for further details.
  • Third Parties or Publicly Available Sources: We may receive Technical Data from analytics providers such as Google Analytics.

5. How We Use Your Information (Legal Basis for Processing)

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To Perform a Contract:
    • To process and manage your bookings for our escape rooms (Identity, Contact, Booking Data).
    • To communicate with you about your bookings (e.g., confirmations, reminders, changes) (Contact, Booking Data).
  • With Your Consent:
    • To send you marketing communications via email or other channels if you have opted in to receive them (Identity, Contact, Marketing and Communications Data). You can withdraw your consent at any time.
    • To use photographs or videos of your group for promotional purposes (Photographs/Videos).
    • To process children’s data for birthday parties with parental/guardian consent (Children’s Data).
  • For Our Legitimate Interests:
    • To respond to your inquiries made via our contact form or other communication channels (Identity, Contact Data).
    • To improve our website, services, marketing, customer relationships, and experiences (Technical, Usage Data).
    • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data) (Technical Data).
    • To prevent fraud.
  • To Comply with a Legal Obligation:
    • To comply with applicable laws and regulations (e.g., financial record-keeping).

6. Sharing Your Information

We do not sell your personal data. We may have to share your personal data with the parties set out below for the purposes set out in section 5:

  • Service Providers:
    • IT and system administration service providers.
    • Website hosting providers.
    • Booking system providers (if you use a third-party platform).
    • Payment processing providers (if you introduce online payments – ensure they are GDPR compliant).
    • Analytics providers (e.g., Google Analytics – data is often anonymized or pseudonymized).
    • Email marketing service providers (if you use one, e.g., Mailchimp, and have consent).
  • Professional Advisers: Acting as processors or joint controllers including lawyers, bankers, auditors, and insurers based in Romania who provide consultancy, banking, legal, insurance, and accounting services.
  • Legal Authorities: If required by law or in response to valid requests by public authorities (e.g., a court or a government agency).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Data Transfers

Some of our external third parties (e.g., Google Analytics, cloud service providers) may be based outside the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (Standard Contractual Clauses).

8. Data Security

We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
For example, booking information may be kept for [Specify Period, e.g., 3 years] after the game for administrative and potential dispute resolution purposes, unless a longer period is required by law (e.g., for tax records).

10. Your Legal Rights (GDPR)

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • Request access to your personal data (commonly known as a “data subject access request”).
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data (“right to be forgotten”).
  • Object to processing of your personal data where we are relying on a legitimate interest.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party (data portability).
  • Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us at paniciasi@gmail.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

11. Cookie Policy

What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us enhance your experience by remembering your preferences and analyzing site usage.

Types of Cookies We Use

  • Essential Cookies: Necessary for the website’s basic functions, such as session management and security.
  • Performance Cookies: Collect anonymous data to help us understand how visitors interact with our site, enabling us to improve its performance.
  • Functional Cookies: Remember your preferences and settings to provide a more personalized experience.
  • Targeting/Advertising Cookies: Used to deliver relevant advertisements to you and measure the effectiveness of our marketing campaigns.

Managing Cookie Preferences

You can control cookie settings through your browser preferences. Please note that disabling certain cookies may affect your experience on our website.ur website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy [Link to Your Cookie Policy – It’s best practice to have a separate, detailed Cookie Policy].
If you don’t have a separate Cookie Policy, include a brief section here:
“Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies for purposes such as analyzing site traffic, personalizing content, and improving your browsing experience. You can manage your cookie preferences through your browser settings.”

12. Children’s Privacy

Our services are generally not directed to individuals under the age of [Specify Age, e.g., 16, or align with local law for consent, e.g., 13 if under GDPR with parental consent for younger], except in the context of supervised participation in our escape rooms or for birthday parties.
For birthday party bookings involving children, we will only collect necessary information (such as name and age for planning purposes) with the explicit consent of a parent or legal guardian. We do not knowingly collect personal data from children for other purposes without such consent. If you believe we have collected personal information from a child without appropriate consent, please contact us so we can take corrective action.

13. Changes to This Privacy Policy

We keep our Privacy Policy under regular review. This version was last updated on 25.10.2025. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email (if we have your email address and consent to contact you). Please check back frequently to see any updates or changes to our privacy policy.

14. Contact Us

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us using the details set out below:

Full name of legal entity: PANIC ESCAPE ROOMS SRL
Email address for privacy inquiries: paniciasi@gmail.com
Telephone number: 0757560087

You also have the right to make a complaint at any time to the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP – Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal). We would, however, appreciate the chance to deal with your concerns before you approach the ANSPDCP, so please contact us in the first instance.