top of page

PRIVACY POLICY (GDPR)

1. Introduction

Elephant Escape j.d.o.o. (hereinafter: we, us, or the Data Controller) respects the privacy of its service users and website visitors. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the applicable laws of the Republic of Croatia. This Privacy Policy explains what personal data we collect, for what purpose, on what legal basis, how long we retain it, and what rights you have as a data subject.

2. Data Controller

Name: Elephant Escape j.d.o.o.

Address: Ulica Antuna Bauera 38, 10000 Zagreb, Croatia

PIN (OIB): 25746080694

E-mail: elephantescapezg@gmail.com

Phone: +385 91 7272 294

3. Personal Data We Collect

We may collect the following personal data:

  • First and last name

  • E-mail address

  • Phone number

  • Booking details (date, time, number of participants)

  • Communication via e-mail, messages, or telephone

  • Technical data (IP address, browser type, and device information)

During the game, a real-time audio and video feed is used to monitor the progress of the game (without data storage), while video surveillance with recording is conducted exclusively in the foyer/entrance area.

4. Purpose and Legal Basis for Processing

We process personal data for the following purposes:

  • Receiving and processing reservations

  • Providing the agreed service

  • Communicating with users

  • Ensuring the safety of persons and property

  • Resolving complaints and inquiries

  • Complying with legal and accounting obligations

  • Sending promotional offers, news, and newsletters (marketing)

The legal bases for processing are:

  • Performance of a contract (Art. 6, Para. 1, Item b of the GDPR)

  • Compliance with a legal obligation (Art. 6, Para. 1, Item c of the GDPR)

  • Legitimate interest of the Data Controller (Art. 6, Para. 1, Item f of the GDPR)

  • Consent of the data subject for marketing purposes (Art. 6, Para. 1, Item a of the GDPR), collected via a digital form on the business premises.
     

5. Video Surveillance and Game Monitoring

  • Video surveillance with recording: Conducted exclusively in the foyer (reception/entrance) for the safety of participants and staff and the protection of property, including cash handling. Recordings are kept for a maximum of 6 months, unless required longer in the event of an incident.

  • Game monitoring (Live stream): Monitoring of the game within the themed rooms may be conducted via real-time video and/or audio feed, solely to provide hints to participants and ensure their safety. This feed is not recorded or stored on any media.
     

6. Data Retention Periods

We store personal data only as long as necessary to fulfill the purpose of processing:

  • Booking and communication data: Up to 12 months after the service is rendered.

  • Marketing data: Until the user withdraws consent (unsubscribes).

  • Signed participant waivers: Up to 5 years.

  • Accounting and fiscal data: In accordance with legal obligations.

  • Video surveillance (foyer): Maximum of 6 months, except in the event of an incident.

  • Real-time game feed: Not stored.
     

7. Recipients and Data Processors

Personal data may be shared only with trusted processors providing technical or business support, such as:

  • Web and hosting service providers (e.g., Wix)

  • IT and technical support

  • Accounting services All processors are contractually bound to act in accordance with the GDPR.
     

8. Cookies

The website uses cookies to ensure functionality and improve user experience. For non-essential cookies, user consent is requested via a cookie banner. Detailed information is available in our Cookie Policy.
 

9. Rights of the Data Subject

Users have the right to:

  • Request access to their personal data

  • Request the correction of inaccurate data

  • Request the erasure of data, where applicable

  • Restrict or object to processing

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority
     

The competent supervisory authority in the Republic of Croatia is the Croatian Personal Data Protection Agency (AZOP).
 

10. Data Security

We apply appropriate technical and organizational measures to protect personal data from unauthorized access, loss, misuse, or damage.
 

11. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy. All changes take effect on the day of publication on the website.
 

12. Contact

For any questions regarding the processing of personal data or the exercise of GDPR rights, you may contact us at: E-mail: elephantescapezg@gmail.com

bottom of page