- IN GENERAL
1.1 This policy on the processing of personal data ("Privacy Policy") describes how Mystery Makers ApS ("Mystery Makers", "us", "our", "we") collects and processes information about you.
1.2 The Privacy Policy applies to personal data that you provide to us in connection with your contact with Mystery Makers as a customer or business partner. For example, if you purchase a product from Mystery Makers, sign up for our newsletter, contact Mystery Makers' booking department either by phone, through our contact form or chat, when you visit/interact with our social media, or when you use Mystery Makers' website, www.mysterymakers.dk (mysterymakers.dk), and when you visit one of our physical locations or are in dialogue with Mystery Makers' head office.
1.3 Mystery Makers ApS is the data controller for the processing of the personal data we have received about you. You can find our contact details below.
Name: Mystery Makers ApS
Address: Grønningen 15, kl. 1., 1270 Copenhagen K
CVR no.: 36912901
Phone: 30 80 30 30 50
Written contact: mysterymakers.com/contact
- WHAT PERSONAL DATA WE COLLECT, FOR WHAT PURPOSES AND THE LEGAL BASIS FOR PROCESSING
2.1 When you visit www.mysterymakers.dk (mysterymakers.dk), we automatically collect information about you and your use of mysterymakers.dk. This information will typically be the type of browser you use, which products you are interested in, your IP address, including your network location, and information about your computer. On the website www.mysterymakers.dk cookies are used in connection with statistics of behaviour on the website. The information is anonymous and we use it to improve the content and functionality of the site.
2.1.1 Purpose is to optimise the user experience and the function of mysterymakers.dk and to generate useful and accurate statistics based on the information we receive from you through your use of mysterymakers.dk. To carry out personalised marketing, including retargeting via e.g. Facebook and Google. This processing of data is necessary for us to fulfil our interests in improving mysterymakers.dk and showing you relevant offers.
2.1.2 The legal basis for the processing is your consent to our use of cookies and Article 6(1)(a) of the General Data Protection Regulation, your consent to chat with our online booking staff and Article 9(2)(a) and Article 6(1)(a) of the General Data Protection Regulation, as well as our legitimate interest in improving our website and being as relevant in our marketing as possible, cf. Article 6(1)(f) of the General Data Protection Regulation.
2.2 When you purchase a product or communicate with us regarding our productswe collect the information you provide yourself. This may be your name, address, e-mail address, telephone number, CVR number and company name, method of payment, information about which products you purchase and may have returned, information about enquiries and complaints, delivery requests, and information about the IP address from which the order was placed if the order is placed on mysterymakers.dk.
2.2.1 Purpose is so that we can deliver the products you have ordered and otherwise fulfil our agreement with you, including to be able to administer your rights to return and complain and, if necessary, to contact you regarding relevant information about the product you have purchased. We may also process information about your purchases to comply with legal requirements, including product withdrawal, bookkeeping and accounting. When purchasing on mysterymakers.dk, the IP address is collected in order to fulfil our interest in preventing fraud.
2.2.2 The legal basis The legal basis for the processing is Article 6(1)(b) GDPR and our mutual agreement to purchase from Mystery Makers, (c) and our legal obligation to comply with legal requirements on withdrawals and accounting, and (f) and our legitimate interest in preventing fraud.
2.3 When you are subscribed to our newsletterwe collect information about your name and email address.
2.3.1 Purpose is to fulfil our interest in delivering newsletters to you.
2.3.2 The legal basis for the processing is your consent to receive our newsletter and Article 6(1)(a) of the General Data Protection Regulation.
2.4 When you visit Mystery Makers' social media profiles (e.g. Facebook, Instagram, TikTok and LinkedIn)For example, we process the information you have made available through our social media settings, your reactions to our posts, and your sharing and comments on our posts.
2.4.1 Purpose The purpose of our processing of your personal data is to market Mystery Makers, to respond to your enquiry and/or to let you participate in our competitions and contact you if you win. When Facebook Inc. uses personal data collected on our Facebook and Instagram pages, for example to improve their advertising system, Facebook Inc. and Mystery Makers may be considered joint data controllers. In this regard, we refer to Facebook's data policy (read more here).
2.4.2 The legal basis for this processing is our legitimate interest in marketing Mystery Makers, responding to your enquiry or allowing you to participate in a competition and contact you if you win, cf. Article 6(1)(f) of the General Data Protection Regulation.
2.5 If you enter into a commercial relationship with us either as a private individual or as an employee of a company we work with, we process information about your name, email, telephone number, business or private address and any other information you provide us with in connection with our relationship and your enquiry.
2.5.1 Purpose The purpose of our processing is to manage our working relationship with you and the company you represent and to fulfil Mystery Makers' obligations in this regard.
2.5.2 The legal basis The legal basis for this processing will normally be the contractual relationship established or being established between you and/or the company you represent and Mystery Makers, cf. Article 6(1)(b) of the General Data Protection Regulation. Depending on the nature of the cooperation, the legal basis may also be different, typically Mystery Makers' legitimate interest in establishing and managing the relationship between you and/or the company you represent, cf. Article 6(1)(f) of the General Data Protection Regulation.
- RECIPIENTS OF PERSONAL DATA
3.1 If you have consented to cookies, you can read in our cookie policy how cookies are used and handled.
3.2 When you make payment transactions on mysterymakers.dk, this is done via Mystery Makers' PCI (Payment Card Industry - Data Security Standard) certified partners, Bambora or MobilePay. The information is stored in a secure PCI certified environment that meets international security standards. When you use a payment card on mysterymakers.dk, only Bambora - and not Mystery Makers - has access to your information.
3.3 Information that Mystery Makers processes about you as part of a collaborative relationship will not be disclosed to third parties unless it is necessary for the purpose of the relationship or it is necessary for us to safeguard a legitimate interest, for example in connection with disputes where the information may be disclosed to advisors, authorities and legal bodies.
3.4 When you purchase a Mystery Hunt at Kronborg Castle or Christiansborg Castle, we pass on your full name to our Mystery Hunt partners at Kronborg Castle or Christiansborg Castle respectively.
3.5 Data may be transferred to external partners who process the data on our behalf. We use external partners for, among other things, technical operation of systems such as telephone and booking systems, billing and payment systems, improvements to mysterymakers.dk, distribution of newsletters and targeted marketing, including retargeting, and for your assessment of our company and products. These companies are data processors and under our instructions and process data for which we are the data controller. The data processors may not use the data for any purpose other than fulfilment of the agreement with us.
3.6 To the extent that we use data processors established outside the EU/EEA, this will always be done in compliance with valid transfer guarantees in the form of the EU Commission's standard contractual clauses, cf. Article 46 of the General Data Protection Regulation. If you would like a copy of the standard contractual clauses, you are welcome to contact us.
- ERASURE OF PERSONAL DATA
4.1 Information collected about your use of mysterymakers.dk in accordance with section 2.1 is deleted in accordance with the rules in our cookie policy. The cookies provided by Mystery Makers are deleted no later than one year after you last visited the site, while third-party cookies have varying expiry dates. The individual expiry dates are listed in our cookie policy, where you can also read more about how you can delete your cookies if you wish.
4.2 Information collected in connection with your purchases and enquiries to Mystery Makers in this connection, cf. clause 2.2, will generally be deleted 5 years after your purchase. The 5 years include a 3-year right of complaint and an additional 2 years to favour returning customers, making it easier to do business with Mystery Makers.
However, data may be stored for a longer period if we have a legitimate need for longer storage, for example if it is necessary for the establishment, exercise or defence of legal claims, or if storage is necessary for us to comply with legal requirements.
4.3 Data collected in connection with your subscription to our newsletter, cf. section 2.3, will be deleted when your consent to the newsletter is withdrawn, unless we have another basis for processing the data.
4.4 Information that you provide on Mystery Makers' social media profiles, see clause 2.4, will generally remain on these profiles as part of the site's history unless you delete them. The information we process about you as a result of your participation in competitions, and which in this connection is copied into our booking system, will be deleted according to the applicable information in section 4.2.
4.5 Data originating from a collaborative relationship, cf. clause 2.5, is stored for as long as it is relevant to the existing or potential collaborative relationship and for a subsequent period as long as it is necessary for Mystery Makers to document the relationship.
- YOUR RIGHTS
5.1 You have a number of rights under the General Data Protection Regulation in relation to our processing of information about you. If you want to exercise your rights, please contact us.
5.2 Right to see information (right of access)
You have the right to access the data we process about you as well as a number of additional information.
5.3 Right to rectification (correction)
You have the right to have incorrect information about yourself corrected.
5.4 Right to erasure
In certain cases, you have the right to have all or some of your personal data erased by us, e.g. if you withdraw your consent and we have no other legal basis to continue processing. To the extent that continued processing of your data is necessary, for example in order for us to comply with our legal obligations or for the establishment, exercise or defence of legal claims, we are not obliged to delete your personal data. You will be asked to document that you are who you claim to be.
5.5 Right to restriction of processing
You have the right to have the processing of your personal data restricted in certain cases. If you have the right to have the processing restricted, we may in future only process the data - except for storage - with your consent, or for the establishment, exercise or defence of legal claims or to protect a person or important public interests.
5.6 Right to object
In certain cases, you have the right to object to our or lawful processing of your personal data. You can also object to the processing of your data for direct marketing purposes.
5.7 Right to transmit data (data portability)
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one controller to another without hindrance.
5.8 If you wish to exercise your rights, you can contact us at https://mysterymakers.dk/kontakt/.
5.9 You can read more about your rights in the Danish Data Protection Agency's guidance on data subject rights, which you can find at www.datatilsynet.dk.
5.10 Complaints to the Danish Data Protection Agency
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You can find the Danish Data Protection Agency's contact details at www.datatilsynet.dk.
- SAFETY
6.1 We have implemented appropriate technical and organisational security measures against accidental or unlawful destruction, loss, alteration or deterioration of personal data and against unauthorised disclosure or misuse.
6.2 Only employees who have a genuine need to access your personal data to perform their work have access to the data. These employees are instructed on how to handle personal data responsibly.
- CHANGES TO THE PRIVACY POLICY
7.1 This privacy policy is updated regularly. The current version is the one that can be found here on mysterymakers.dk at any time.
- VERSIONS
8.1 This is the 2nd version of Mystery Makers ApS' privacy policy datedt 08-12-2021.