PRIVACY POLICY
Date: 28.11.2023
WHO ARE WE ?
Founded in 2015 in Geneva, the company Trip Trap SA aims to create qualitative and creative immersive experiences. From “Escape Games” to corporate “Team-building” modules, mandates for institutional partners through the operation of a bar, our purpose is to “create moments of dream and adventure to constantly surprise our customers. »
Trip Trap SA makes a point of fully respecting the fundamental rights and the private sphere of all people affected by its activity. In order to be fully transparent on the processing of data in the broad sense within Trip Trap SA, this Privacy Policy has been put in place. Its primary purpose is to present the definitions, principles and rights regarding data protection.
PURPOSE OF DATA PROTECTION
Given technological and digital developments, data protection is a major issue in our society. Data protection results from the fundamental right to the protection of life and privacy protected by our Swiss Federal Constitution.
Since September 1 , 2023, Switzerland has adopted a law (Federal Data Protection Act, FPD) and revised ordinances in order to align with European protections in terms of personal protection, in in particular, to the General Data Protection Regulation (GDPR).
These legislative developments aim to establish secure data processing that respects the private sphere by allowing individuals increased protection of their personality by creating new institutions and legal avenues, as well as greater control of their personal data, while creating the trust necessary for the digital economy to continue to develop.
Trip Trap makes it a point of honor to protect the privacy, individual freedoms and fundamental rights of everyone. The purpose of this privacy policy is to strengthen the confidence of users of the website regarding the processing of their personal data by demonstrating transparency and clarity regarding their collection, use, storage or even deletion.
DEFINITIONS
The definitions regarding data protection are taken from current Swiss legislation. We hear by :
- personal data : all information concerning an identified or identifiable natural person;
Examples : Name, first name at birth or chosen, nickname, date of birth, postal address, postcode, locality, email address.
- data subject : the natural person whose personal data are subject to processing;
- sensitive personal data ( sensitive data ):
data on religious, philosophical, political or trade union opinions or activities,
data on health, intimate sphere or racial or ethnic origin,
data ,
data uniquely identifying a natural person,
data on criminal and administrative proceedings or sanctions,
data on social assistance measures;
- processing : any operation relating to personal data, whatever the means and processes used, in particular collection, recording, conservation, use, modification, communication, archiving, erasure or destruction of data;
- communication : the fact of transmitting personal data or making them accessible;
- profiling : any form of automated processing of personal data consisting of using these data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict elements concerning performance at work, economic situation, health, personal preferences, the interests, reliability, behavior, location or movements of this natural person;
- high-risk profiling : any profiling entailing a high risk for the personality or fundamental rights of the data subject, because it leads to a data matching which makes it possible to assess the essential characteristics of the personality of a natural person;
- data security breach : any security breach resulting in accidental or unlawful loss of personal data, modification, erasure or destruction, unauthorized disclosure or access to such data;
- federal body : the federal authority, the federal service or the person entrusted with a public task of the Confederation;
- data controller : the private person or federal body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- subcontractor : the private person or federal body which processes personal data on behalf of the controller.
For the remainder, we mean by:
- anonymization : consists of data processing making it impossible to identify a person from a set of data and thus allows privacy to be respected. Anonymous data is not subject to the LPD because it is not personal data .
- pseudonymization : consists of the processing of personal data carried out in such a way that the data can no longer be attributed to an identified or identifiable natural person without additional information. Pseudonymized data is subject to the LPD because it is still personal data.
- minor and child : the two concepts are used synonymously and designate any natural person who has not reached the age of 18.
- capacity for discernment : is defined as the ability to act reasonably and refers to the ability to understand information and act freely, to form one’s own will and opinions. It is analyzed on a case-by-case basis, according to the degree of development and maturity, without an age limit being legally fixed.
PRINCIPLES
Principle of responsibility
The data controller and its subcontractors endeavor to take all necessary measures to proactively comply with the law.
Principle of purpose
Each data processing, throughout its entire life cycle, must be implemented for a clear, defined, lawful purpose and clearly communicated from the start to the person concerned.
Principle of permissibility
Any processing must be based on a justifiable reason (legal basis, legitimate public or private interest, such as a contract and/or free and informed consent).
Principle of proportionality
Only data suitable and necessary to achieve the intended purpose may be processed. Any unnecessary collection should be avoided and processing should be minimized to what is strictly necessary for the purposes pursued.
Principle of transparency
Both the purpose and the collection must be recognizable and clearly communicated to the person concerned.
Principle of good faith
Data processing must not be carried out without the knowledge or against the wishes of the person concerned.
Safety principle
must be ensured and data must be protected against unauthorized processing by appropriate technical and organizational measures.
Principle of recognizability
Both the collection of data and its purposes must be recognizable and communicated to the person concerned.
Principle of correctness
The data must be complete and current.
Principle of data protection by design and by default
All data protection regulations must be complied with throughout the entire life cycle of the data (from collection, to processing in the narrow sense, including archiving, to deletion).
PERSONAL DATA PROCESSED
As part of your browsing on our website or during a reservation made by telephone, we may obtain personal information about you via:
- The reservation form for our games;
- Purchases of products, including gift vouchers;
- The contact email;
- Your participation or an invitation to one of our games ;
- Any reservation for a corporate event (outside or within our walls );
- Any reservation for a Trip Trap Kids event.
The personal data we may collect is as follows:
- Name ;
- First name ;
- Address ;
- Telephone number;
- Birthday ;
- Age ;
- Email Address ;
- Online cookies (refer to the “Cookies banner on our website” section);
- Any personal data necessary to process one of your requests;
- Photographs;
- Video surveillance ;
- Banking or payment data.
Furthermore, we may also collect sensitive data about you:
- We do not collect sensitive information about you ourselves. However, we may process such data if you provide it to us of your own free will.
Any information that is not relevant to the processing of a request on our website will not be kept and will be destroyed or even anonymized for statistical purposes.
We invite you to refer to the “ Rights of data subjects ” section if you would like information regarding the modification of some of your personal data, for example.
USE OF PERSONAL DATA
Trip Trap may process your personal data that it collects for the following purposes:
- Book an activity;
- Monitoring your participation in an activity that we organize;
- Process a complaint or any other request from you;
- Process your purchases and drinks at the bar;
- Manage and organize your personal or corporate event ;
- Sending newsletters.
Trip Trap’s processing of your personal data, as described above, will take place on one of the following grounds:
- A contractual relationship;
- Your free and informed consent;
- A specific legal basis;
- A legitimate private or public overriding interest;
- Compliance with its legal obligations.
SPECIAL CASE OF USE OF CALLED “SENSITIVE” PERSONAL DATA
“Special categories” of particularly sensitive personal information, such as information about your health or intimate sphere, require higher levels of protection.
We need additional justification for collecting, storing and using this type of personal information. Trip Trap has therefore put in place appropriate safeguards which we are required by law to maintain when processing this data. We may process special categories of personal information in the following circumstances:
- in limited circumstances, with your prior express written consent;
- when we need to fulfill our legal obligations;
- when necessary in the public interest.
More rarely, we may process this type of information where it is necessary in relation to legal claims or where it is necessary to protect your vital interests (or those of a third party) and you are not in a position to do so. able to give your consent.
COOKIE BANNER ON OUR WEBSITE
What is a cookie ?
Cookies are small text files used to store information and are stored on your device (tablet, smartphone or computer) when the website is loaded on your browser. These cookies help us to manage the website properly, make it more secure, provide a better user experience, understand how the website works and analyze what works and what can be improved.
What cookies do we use?
Like most online services, our website uses cookies for various purposes. First-party cookies are essentially necessary for the website to function properly. They do not collect any of your personally identifiable data.
The third-party cookies used on our website are mainly used to understand how this site works, your interaction with our website, the security of our services, the delivery of advertisements that are of interest to you and your overall results, experience user, and speed up your future interactions with our website.
You are able to control the cookie settings and can change your browser settings to block/delete cookies. To find out more about managing and deleting cookies, visit wikipedia.org, www.allaboutcookies.org .
By using our website you agree to our use of cookies.
We use the following cookies:
COOKIES | DURATION | DESCRIPTION |
analytical | 11 months | This cookie is set by the GDPR Cookie Consent plugin. The cookie is used to store user consent for cookies in the “Analytics” category. |
functional | 11 months | The cookie is set by the GDPR cookie consent to record user consent for cookies in the “Functional” category. |
required | 11 months | This cookie is set by the GDPR Cookie Consent plugin. It is used to store user consent for cookies in the “Necessary” category. |
others | 11 months | This cookie is set by the GDPR Cookie Consent plugin. This cookie is used to store user consent for cookies in the “Other” category. |
performance | 11 months | This cookie is set by the GDPR Cookie Consent plugin. This cookie is used to store user consent for cookies in the “Performance” category. |
Cookie policy seen | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to record whether or not the user has consented to the use of cookies. It does not store no personal data . |
What is a cookie headband?
A cookie banner allows users of a website to be informed of the use made of cookies and other online tracking technologies. Cookies can track the behavior of an Internet user and collect personal data about them. The visitor’s free and prior informed consent should be obtained before visiting the website for the management of cookies, in particular non-necessary cookies (
DATA SHARING
In order to respond to your requests for the purposes described in this privacy policy, we may share your personal data within our administration, but also with third parties.
We may disclose personal information about you:
- if we are required or authorized to do so under applicable law or legal process (court order or subpoena);
- to competent judicial authorities or other government officials in order to comply with a lawful and legitimate judicial request;
- as part of a criminal investigation;
- in all other cases, with your permission.
In addition, depending on the specific follow-up of your request, we may collaborate with external parties, either as co-controllers, data controllers or subcontractors who are listed below:
- Share information between participants in the same personal event;
- Payment platform ( Lightspeed and Worldline);
- M365;
- developers ;
- Sites (Online.net);
- Mailchimp ;
In the context of data transfers outside Switzerland or the European Union, all contractual, technical and organizational measures are taken to ensure the confidentiality, integrity and availability of the data.
Furthermore, Trip Trap undertakes not to sell or disclose your personal data without your free and prior informed consent.
Trip Trap staff, subject to professional or official secrecy, reserve the right not to transmit requested information if the examination of the specific case justifies it.
STORAGE OF YOUR PERSONAL DATA
Our website is hosted in Europe. Your data may be stored with foreign providers who offer a level of data protection equivalent to that offered in Switzerland.
Trip Trap employees are subject to various constraints and obligations in terms of confidentiality and security.
DURATION OF STORAGE OF YOUR PERSONAL DATA
To the extent permitted by applicable law and specific legal requirements, we retain the personal data we obtain about you for as long as:
- the contractual relationship lasts;
- this is necessary for the purposes for which we collected it, in accordance with the provisions of this Privacy Policy;
- we have another justifying reason, indicated in this Privacy Policy, for retaining said data beyond the period during which it is necessary to achieve the initial purpose of obtaining the personal data;
- video surveillance taken during an escape game is not kept;
- security video surveillance of common premises is kept for a period of 90 days .
We invite you to refer to the “ Rights of data subjects ” section if you would like information regarding the retention period or erasure of your personal data, for example.
PROTECTION AND SECURITY OF YOUR PERSONAL DATA
Trip Trap establishes security in accordance with the principles of applicable laws, in particular the GDPR and the LPD. The measures taken are technical and organizational measures ( TOM’s ) relating to data security which guarantee an adequate level of protection with regard to confidentiality, integrity, availability of data and resilience of systems.
These measures are part of the life cycle of our organization and are implemented at all levels of the system. Furthermore, security is an ongoing process and not a static element.
From this perspective, technical and organizational measures are constantly subject to technological progress and developments as well as further development, like risks and threats.
MODIFICATION OF THE DOCUMENT
This document may be updated periodically and without prior notice to reflect changes to our information practices.
The date it was modified is indicated at the beginning of the document.
THE RIGHTS OF THE PERSONS CONCERNED
The LPD provides for rights which can be exercised directly with the data controller:
The right to be informed about processing (art. 19 LPD);
The right not to be the subject of an automated individual decision (art. 21 LPD);
The right to be informed in the event of a data security breach (art. 24 LPD);
The right of access (art. 25 LPD);
The right to portability (art. 28 LPD).
There are also other rights (art. 32 LPD) which can be exercised directly with the data controller or before a civil judicial authority, provided that an unlawful infringement can be demonstrated:
Right to opposition;
Right to erasure;
Right to rectification.
Any request from a data subject must comply with Trip Trap’s internal procedures and will be responded to as soon as possible, after verification of their identity.
Any request can be made by the means indicated in the “ Contact Us ” section.
CONTACT US
By email info@triptrapescape.ch
By post Trip Trap SA
Chemin de la Gravière 6
1227 The Acacias