PRIVACY POLICY
This Privacy Policy (the “Privacy Policy”) gives information about the terms applicable to processing of personal data obtained upon visit to Cyberjump Trampoline Park operated by Cyberjump Austria GmbH (the “Operator”), use of website (www.cyberjump.at the “Website”) by visitors or registered users for getting information, making reservations and purchasing tickets, and related services and tools, in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), the Austrian Data Protection Act (DSG) and the Telecommunication Act (TKG).
Information provided in this document apply where we process personal data as a controller. More information about personal data protection can be provided also in a separate notice or representation.
1. Operator
Name: Cyberjump Austria GmbH
Registered address: Hermann-Gebauer-Straße 4, 1220 Wien
Court of registration: HANDELSGERICHT WIEN (Marxergasse 1a, 1030 Wien )
Address of location where personal data is processed: Hermann-Gebauer-Straße 4, 1220 Wien
Website where personal data is actually administered and stored: www.cyberjump.at
E-mail contact: info@cyberjump.at
Telephone contact: +43 664 526 5981
Operator’s registration (identification) number: FN 586425
Purpose of personal data processing and legal ground for processing
The Operator processes personal data about visitors to Cyberjump Trampoline Park for the purposes of finding what they require and demand so as to provide them more useful and better targeted content and services custom-tailored to visitors, and to ensure adequate safety during the online purchase of tickets, and for the purpose of contract execution in particular to:
- improve the quality of services provided by the Operator (legal ground: Article 6(1)(f) GDPR – legitimate interest consisting in improvement of our services);
- fulfilment of obligations under applicable laws, including keeping of internal records (legal ground: Article 6(1)(c) GDPR – our legal obligations);
- develop appropriate content of the website that suits the needs of the visitors (legal ground: Article 6(1)(f) GDPR – legitimate interest consisting in improvement of our services);
- exercise the rights and perform the obligations arising out of an agreement made with visitors (legal ground: Article 6(1)(b) GDPR – performance of a contract);
- send newsletters via e-mail (promotional e-mails, notices, offers, loyalty schemes, promotions, advertising) related to Operator’s business (legal ground: Article 6(1)(a) GDPR – your consent and Article 6(1)(f) GDPR – legitimate interest consisting in advertising of Operator’s products and services);
- contact registered visitors by e-mail, phone or in writing for market research (legal ground: Article 6(1)(f) GDPR – legitimate interest consisting in improvement of our services);
- provide customer support services to visitors and to confirm the transaction upon online ticket purchase using a credit card, and for potential fraud monitoring for the protection of users (legal ground: Article 6(1)(f) GDPR – legitimate interest consisting in maintaining adequate security);
- creation of customer account (legal ground: Article 6(1)(b) GDPR – performance of a contract);
- processing of orders and reservations (legal ground: Article 6(1)(b) GDPR – performance of a contract);
- present the operations of Cyberjump Trampoline Park (and use of such presentations on its online platforms and social networks, such as Website, Facebook, Instagram, Youtube, Google+ and others) (legal ground: Article 6(1)(f) GDPR – legitimate interest consisting in marketing presentation of the trampoline park).
2. Use of cookies
The Operator uses cookies on its website. Cookies are small text files that contain little information stored by internet browser on computer hard drive. Cookies allow the web application to collect and store information about preferences of website visitors and so to adjust its operations to needs and preference of such visitors. Technically unnecessary cookies are only used after your express consent Legal basis in this case is Article 6 (1) (a) DSGVO.
Specific rules on use of cookies are available at: www.cyberjuamp.at/en/cookie-policy
3. Registration
Group of persons eligible for registration on Operator’s website (collectively as “Visitors” or each of them as a “Visitor”): adults, underage persons whose personal data were entered during registration by an adult visitor (for protection of underage persons, registration can only be made by a person aged 18 or more).
During the registration, the Visitor will create his own password to be used to login to the Website. The Visitor is responsible for keeping his password in secret and for not sharing such password with any third party.
4. Personal data processed by Operator
When registering a customer account or purchasing a ticket, you voluntarily provide us with the following personal data
4.1 During an online and on-site presentation, a Visitor must provide the following personal data:
- surname;
- name;
- date of birth;
- e-mail address;
- underage Visitor’s surname, name and date of birth.
4.2 In a cashless transaction (payment using a payment card) to purchase the ticket, the Visitor will enter the following personal data for obtaining receipt (invoice):
- customer’s name on receipt (invoice) – surname, name;
- billing address;
- e-mail address;
- telephone number.
4.3 No data other than personal data indicated above are required, and such data will be deleted automatically, unless there is a legal necessity to store the data.
5. Purchase of tickets, payment using payment card, invoicing (receipt)
Upon an online purchase of ticket (see General Terms and Conditions of Contract, part [NUMBER], section [NUMBER]), the Visitor acknowledges that the following personal data stored in a user database of Cyberjump Austria GmbH, www.cyberjump.at will be provided to the entity Cyberjump Austria GmbH as controller: surname, name, country, phone, e-mail address.
During an online ticket purchase on the website www.cyberjump.at , the Operator will not combine the personal data entered on the payment interface with data about applicant for registration on Operator’s website, and these will be treated separately and will be transferred to billing (accounting) software BlueGastro for issuing an electronic receipt.
6. E-mailed newsletters
By his registration, the Visitor grants his consent to receive, from the Operator and by e-mail, information materials concerning the Operator’s business (such as promotional e-mails, notices, offers, loyalty schemes, promotions, advertisements, and other). The Visitor may withdraw his consent at any time.
The Operator keeps records of personal data specified in Section 9 about recipient of information materials until withdrawal of consent given. In the event where a Visitor deregisters from receipt of such materials, the Operator will delete from its records, without any delay, such receiving Visitor’s personal data, and will discontinue sending any newsletters to such Visitor.
7. Use of CCTV system
In the area of Cyberjump Trampoline Park, the Operator operates a CCTV system. More information on CCTV monitoring system is available here and also at the entrance of Cyberjump Trampoline Park.
The Operator brings it to the attention of Visitors in the entry to Cyberjump Trampoline Park and through notice that premises are monitored that recordings through CCTV system will be made.
If such recordings are used or provided for any purposes other than those listed in the CCTV Notice, a Visitor may raise an objection under Article 15.
8. Making of pictures and videos
The Visitor acknowledges and expressly agrees that, upon registration and entry to area of Cyberjump Trampoline Park, the Operator may, within entire area of Cyberjump Trampoline Park and for the purposes of marketing presentations, take group pictures and videos captured by CCTV system, and use such pictures and videos on its online platforms and social networks (Website, Facebook, Instagram, Youtube, Google+ and other). The visitor acknowledges that this consent is given free of charge. In this regard, the user waives any claims under §78 Copyright Act.
9. Processing of personal data
Personal data is processed by the Operator, save for cases listed in Clause 6, Clause 10 and Clause 11 below.
10. Period for which personal data is stored
Personal data is processed from the time when the Visitor takes registration until the date when the Visitor asks for registration to be cancelled or for his or her user account to be deleted unless the law provides for mandatory retention of the data. If a Visitor asks for cancellation of registration, or deletion of his or her user account, the Operator will delete all personal data of such Visitor within 3 business days. In the case of pictures made in compliance with Clause 8, the time of processing equals the time for which the Operator keeps such pictures posted on individual online platforms and social networks but not more than for time necessary to achieve the purpose of the processing. In the case of online purchase of ticket, personal data entered will be processed, for the purposes of payment using a payment card, by Global Payment , as a separate controller of personal data in compliance with notice published on the website www.globalpayment.sk
11. Storing and transferring personal data, recipients of personal data
The Operator will store the personal data it collects on its own server and in its own computers, and stores personal data in both printed and digital form. The Operator is free to store the personal data of Visitors also in computer systems operated by a third party assigned to such task.
The Operator will process personal data solely within the European Economic Area (the “EEA”) and will not transfer it outside the EEA. The data will also not be used for any automated decision making.
Access to personal data is granted, as for Operator’s employees, only persons appropriately authorised that participate in the provision of services related to such processed personal data and that are bound with a confidentiality undertaking.
When providing services, personal data may be shared with the following entities:
– with entities that perform hosting services in connection with Operator’s Website;
– with entities that provide administrative support to Operator’s Website;
– with providers of social media services;
– with suppliers of marketing tools and services;
– with external providers of communication platforms;
– with external providers of security services that can also operate CCTV system;
– with external companies providing legal services;
– with relevant State and other authorities to extent of obligations set out by law.
The Operator is entitled to disclose personal data to third parties only in cases listed in this Privacy Policy (see above); otherwise, the Operator may only disclose such data under a prior consent freely and knowingly given by the Visitor subject to detailed and exhausting information. However, this does not apply in situations where the Operator must disclose personal data further to provisions of applicable laws.
12. Security of personal data
The Operator uses a protection system to ensure security of personal data, and makes sure that such protection system is regularly updated and upgraded. In addition, the Operator agrees to take any measures that may be necessary to prevent access by unauthorised persons to the processed personal data.
All processors are contractually obligated to treat the transmitted data confidentially and to process it only within the agreed scope.
13. Rights of Visitor as data subject
The Visitor, as data subject, holds right set out in the relevant provisions of GDPR. The Visitor is entitled to request, at any time, by a letter addressed to the Operator or by electronic means to the e-mail address shown above:
- information about the processing of such Visitor’s personal data;
- access to personal data, and copy of such data;
- rectification of personal data;
- erasure of personal data in areas allowed by GDPR;
- restriction of personal data processing to extent shown in GDPR;
- right to object to processing of personal data (see Clause 15 below).
The Operator will provide written information about Visitor’s personal data processed by the Operator, without any delay but not later than one months of receipt of relevant request from the Visitor, as data subject. if there are doubts about the identity, this must be proven.
Provision of information is free of any charge. The Operator may charge a reasonable fee on account of costs spent where a Visitor’s request is manifestly unfounded or excessive (including in the event of repetitive requests).
If personal data is processed subject to a consent, the Visitor may withdraw his or her consent at any time in writing by a letter addressed to the Operator Cyberjump Austria GmbH ,Hermann-Gebauer-Straße 4, 1220 Wien ) or by electronic means sent to info@cyberjump.at ). Withdrawal of consent will not affect the legitimacy of processing subject to a consent before its withdrawal.
Where a Visitor asks for erasure of any of the registration details kept by the Operator, or withdraws the consent given for processing of personal data in connection with the registration, this will result in deletion of Visitor’s registration, unless retention is provided for by law . In such case, the Visitor may use the services of Cyberjump Trampoline Park only subject to a subsequent registration (following a subsequent provision of all requested personal data upon registration).
14. Rectification and erasure of personal data
Where any personal data is inaccurate, and is available to the Operator, the Operator will make rectification of such inaccurate personal data.
Personal data must be erased where
- the processing of such data is unlawful;
- so requested by the Visitor concerned, unless the data storage is required by law ;
- such personal data is incomplete or inaccurate, and this cannot be lawfully remedied, provided that such erasure is not forbidden by law;
- the purpose for which such data was processed no longer exists, or the period set by law for storing such data has expired;
- so ordered by a court or other authority.
The Operator will give to the relevant Visitor a written notice that such data has been rectified or erased.
15. Right to object
Where the Visitor provided personal data to the Operator, the Visitor may object to processing of personal data where personal data is:
- used for the purposes of direct marketing purposes;
- used on the grounds of our other legitimate interest. In such case, the objection requires stating the grounds relating to Visitor’s particular situation; and the Visitor must inform the Operator about the ground under which the Operator should not continue to process such personal data.
In this case, the operator may not further process the data of the data subject. The person concerned shall be informed in writing of the measure carried out.
16. Making of claims
Pursuant to Art. 77 GDPR, every visitor has the right to lodge a complaint with the data protection authority if he or she considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation
Austrian Data Protection Authority
Barichgasse 40-42,
1030 Vienna
17. Special provisions
Operator’s websites may feature links that redirect to sites operated by other service providers in respect of which the Operator has no control over privacy policy. After the Visitor clicks on such link, he or she may be redirected to websites of other service providers. As such websites are not under Operator’s control, the Operator is not liable for disclosure of Visitor’s personal data by such websites, nor for policies and principles related to protection of Visitor’s personal data on such websites.
18. Final provisions
This Privacy Policy becomes valid on 05/9/2022