Privacy Policy for Ambrose Haunted Maze
1. Introduction
At Ambrose Haunted Maze (“we”, “our”, “us”), accessible via ambrosehauntedmaze.com, your privacy is a paramount concern. We are dedicated to safeguarding and respecting your personal data, and we commit to handling your information transparently, securely, and in compliance with all applicable privacy laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you visit our website or interact with us through any digital or offline channels.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all users of our website, ambrosehauntedmaze.com, and to all personal data collected, processed, or shared through our services or direct communication. Ambrose Haunted Maze is the data controller for the purposes of applicable data protection laws.
For any inquiries related to data privacy or this Policy, you may contact us via email at [email protected].
3. Categories of Personal Data We Process
We may collect, use, store, and transfer the following categories of personal data:
– Usage Data: Includes information about your browser type and version, IP address, time zone settings, device identifiers, referral URLs, clickstream data, and session information as you navigate and interact with ambrosehauntedmaze.com.
– Account Data: Encompasses details you provide upon registration or purchase, including your full name, billing/shipping address, email address, and phone number.
– Profile Data: Involves your account preferences, purchase history, event participation, and on-site engagement behavior.
– Communication Data: Includes records of your correspondence with us, such as support requests, general inquiries, or complaints, along with any contact history.
– Technical Data: Covers device information, operating system, screen resolution, and system configurations used to access our services.
– Transaction Data: Contains payment details (processed by third-party providers), purchase details, order confirmation, and delivery status.
– Preference Data: Reflects your marketing communication preferences, consent status, and interests related to our events, products, or services.
4. Legal Bases for Processing Personal Data
We rely on the following lawful bases for processing your personal data:
– Consent: Where you have expressly agreed to the processing of your personal information for specific purposes, such as marketing communications.
– Performance of a Contract: When processing is necessary to fulfill our contractual obligations (e.g., ticket purchases, merchandise delivery).
– Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your data protection rights (e.g., understanding user behavior to improve services).
– Legal Obligations: As may be required to comply with applicable legal or regulatory obligations.
5. Your Data Protection Rights
Under data protection laws including the GDPR and CCPA, you may exercise the following rights with regard to your personal data:
– Right of Access: Obtain confirmation as to whether we process your data and access to that personal data.
– Right to Rectification: Request correction of any inaccurate or incomplete data we hold about you.
– Right to Erasure: Request deletion of your personal data, when there is no legitimate reason for us to continue processing it.
– Right to Restriction: Ask us to restrict the processing of your data under certain circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
– CCPA-Specific Rights: If you are a California resident, you may request a list of categories of data collected, and request deletion of your personal data, subject to specific conditions and exceptions.
To exercise these rights, please contact us at [email protected]. We may need to verify your identity before fulfilling such requests.
6. Security Measures
We employ a comprehensive framework of technical and organizational security controls to protect your personal data, which includes:
– Encryption of data in transit and at rest where applicable.
– Secure HTTPS protocol across ambrosehauntedmaze.com.
– Role-based access controls and user authentication for internal systems.
– Routine data backups and disaster recovery procedures.
– Employee data privacy training and robust internal policies.
7. International Data Transfers
As part of our operations, your personal data may be transferred to and processed in jurisdictions outside your country of residence, including countries that may not provide the same level of data protection as your jurisdiction. Where such transfers occur, we ensure adequate protection through legally recognized safeguards, such as Standard Contractual Clauses approved by the European Commission or other recognized legal mechanisms.
8. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected, and in accordance with applicable laws and regulatory obligations. Typical retention periods include:
– Account and Profile Data: Retained for the duration of your use of the services and for a maximum of 24 months following account inactivity.
– Transaction and Communication Data: Retained for up to 7 years as required by accounting and compliance standards.
– Usage and Technical Data: Retained for analytical and service improvement purposes for up to 13 months.
– Preference and Marketing Data: Retained until you withdraw your consent or unsubscribe.
9. Cookie Policy
We use cookies and similar technologies on ambrosehauntedmaze.com to enhance user experience and collect anonymous data to improve our services. Cookies include:
– Essential Cookies: Necessary for core website functionality, including session management and security.
– Functional Cookies: Allow the website to remember user choices (e.g., region, preferences) and provide enhanced features.
– Analytics Cookies: Help us understand website performance and visitor behavior via tools such as Google Analytics.
– Performance Cookies: Monitor the loading speed and responsiveness of the website.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA requirements:
– First-time visitors are presented with a cookie consent banner allowing them to accept, reject, or customize cookie settings.
– You may update your preferences at any time through our cookie management tool available at the footer of ambrosehauntedmaze.com.
– Most browsers also allow users to modify cookie settings or to delete existing cookies entirely.
We honor “Do Not Track” signals and Global Privacy Control (GPC) signals to the extent required under applicable law.
11. Children’s Privacy
Ambrose Haunted Maze does not knowingly collect personal information from children under the age of 13. If we become aware that personal data from a child under 13 has been inadvertently collected, it will be promptly deleted from our records.
Parents or legal guardians who believe that their child’s data may have been collected are encouraged to contact us immediately at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in legal requirements, our data practices, or website functionality. We encourage you to review this Policy periodically. Substantial changes will be communicated via notices on our website or directly via email if required.
13. Contact
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: https://ambrosehauntedmaze.com
We are committed to handling your personal data responsibly and in compliance with global privacy standards. If you have concerns about your privacy, please do not hesitate to reach out.