Privacy Policy

    Your privacy is important to us

    Last updated: June 2025

    Your Data in Safe Hands

    The most important information at a glance

    GDPR Compliant

    Full compliance with all EU data protection regulations

    SSL Encryption

    Secure HTTPS transmission (TLS 1.3)

    Data Minimization

    We only collect necessary data

    Your Rights Guaranteed

    Access, deletion, revocation possible at any time

    Guaranteed Promise

    We never sell your data to third parties! Your data is used exclusively for contract fulfillment and, with your consent, for marketing purposes.

    1. Data Controller

    Team Mania GmbH

    Pappelallee 78
    10437 Berlin

    Managing Director: Dervis Kilic

    Email: info@exitmania.com

    Data Protection Officer: Not appointed pursuant to Art. 37 GDPR (fewer than 20 employees with regular data processing)

    For data protection inquiries, please contact: datenschutz@exitmania.com

    2. General Information on Data Processing

    We process personal data exclusively within the framework of the legal provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

    Principles of our data processing:

    • Data Minimization: We only collect data that we really need
    • Purpose Limitation: Data is only used for the specified purpose
    • Transparency: You will be informed about every data processing activity
    • Security: Technical and organizational protection measures

    3. SSL/TLS Encryption & Security

    This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser line.

    Our security measures:

    • HTTPS encryption (TLS 1.3)
    • Secure password hashing procedures
    • Regular security updates
    • Access restrictions on servers
    • Firewall and DDoS protection

    4. Hosting & Servers

    Platform: Supabase (PostgreSQL database)
    Database: PostgreSQL (encrypted)
    Server Location: EU (Frankfurt, Germany)
    Backups: Daily automatic backups with encryption
    Legal Basis: Art. 6 Abs. 1 lit. f DSGVO (legitimate interest in secure hosting)

    5. Log Files & Server Logs

    With each access to our website, information is automatically recorded in server log files:

    • • IP address (anonymized after 7 days)
    • • Date and time of request
    • • Time zone difference to Greenwich Mean Time (GMT)
    • • Content of the request (specific page)
    • • HTTP status code
    • • Browser type and version
    • • Operating system
    • • Referrer URL (previously visited page)

    Purpose: Ensuring operation, error analysis, fraud detection

    Legal Basis: Art. 6 Abs. 1 lit. f DSGVO (legitimate interest)

    Retention Period: 7 days, then automatic deletion

    6. Booking and Payment Processing

    Important to Know

    We do not store credit card data or payment information ourselves. All payment data is processed exclusively by our certified payment partners.

    7. Contact Forms and Customer Communication

    Contact Form

    When you contact us via the contact form, we collect:

    • • Name
    • • Email address
    • • Message/Inquiry
    • • Optional: Phone number, company

    Purpose: Responding to your inquiry

    Legal Basis: Art. 6 Abs. 1 lit. f DSGVO (legitimate interest)

    Retention Period: Until complete processing, max. 6 months

    Live Chat (Crisp)

    For the live chat on our website, we use the Crisp service. To ensure effective communication, entering an email address may be required.

    Processed Data: Email address (optional), chat messages, session ID

    Server Location: EU and USA

    Legal Basis: Art. 6 Abs. 1 lit. f DSGVO (Customer service)

    Retention Period: Chat history is deleted after processing

    More Information: Crisp Privacy Policy

    8. Cookies & Tracking Technologies

    Our website uses cookies and tracking technologies to improve the user experience and optimize our marketing efforts. You can consent to or object to the use of cookies when you first visit the site.

    Cookie Table

    Cookie NamePurposeCategoryDuration
    exitmania_cookie_consentStores your cookie preferencesNecessary1 year
    _ga, _gidGoogle Analytics - User identificationPerformance2 years / 24 hrs
    _fbpFacebook Pixel - Conversion TrackingTargeting3 months
    crisp-client/*Live chat session managementFunctionalitySession

    Manage Cookie Settings

    You can change your cookie settings at any time. To do so, click on "Cookie Settings" in the footer or delete the cookies in your browser.

    9. Use of the Loquiz App

    Participation in the game requires the installation of the Loquiz app (available in the App Store and Google Play Store). No personal data is required within the app to activate the game. After booking, all teams will receive individual access credentials via email.

    The app requires the following permissions:

    • Location: for orientation and navigation in the game
    • Camera & Microphone: for solving certain puzzles
    • Photos/Media: for saving images taken during the game on the device

    Server Location: Estonia (EU)

    Legal Basis: Art. 6 Abs. 1 lit. b DSGVO (Contract fulfillment)

    Retention Period: Access credentials expire after game ends

    Loquiz Privacy Policy: loquiz.com/privacy-policy

    10. Data Transfer to Third Countries

    Important Notice Regarding USA Servers

    We use services from providers based in the USA. Data transfer is based on Standard Contractual Clauses of the EU Commission. Access by US authorities (FISA, Cloud Act) is possible. You can object to the data transfer.

    Services with USA servers:

    Paddle

    Payment Processing

    Stripe

    Payment Processing

    Google Analytics

    Web Analytics

    Meta/Facebook

    Advertising & Marketing

    Resend

    Email Delivery

    Legal basis for transfer:

    • • Standard Contractual Clauses (SCCs) of the EU Commission
    • • EU-US Data Privacy Framework (if applicable)

    11. Data Processors Overview

    We work with the following data processors

    Paddle

    Payment Processing

    Location: USA

    Legal Basis: Art. 6 Abs. 1 lit. b DSGVO

    Privacy Policy

    Stripe

    Payment Processing

    Location: USA

    Legal Basis: Art. 6 Abs. 1 lit. b DSGVO

    Privacy Policy

    Resend

    Email Delivery

    Location: USA

    Legal Basis: Art. 6 Abs. 1 lit. b DSGVO

    Privacy Policy

    Google Analytics

    Web Analytics

    Location: USA

    Legal Basis: Art. 6 Abs. 1 lit. a DSGVO

    Privacy Policy

    Meta Pixel

    Marketing & Advertising

    Location: USA

    Legal Basis: Art. 6 Abs. 1 lit. a DSGVO

    Privacy Policy

    Crisp

    Live Chat Support

    Location: EU/USA

    Legal Basis: Art. 6 Abs. 1 lit. f DSGVO

    Privacy Policy

    Loquiz

    Game Platform

    Location: Estonia (EU)

    Legal Basis: Art. 6 Abs. 1 lit. b DSGVO

    Privacy Policy

    12. Legal Basis for Data Processing

    Art. 6 Abs. 1 lit. b DSGVO (Contract Fulfillment)

    Booking, payment processing, email delivery, Loquiz app access

    Art. 6 Abs. 1 lit. a DSGVO (Consent)

    Cookies, marketing emails, Google Analytics, Meta Pixel, newsletter

    Art. 6 Abs. 1 lit. f DSGVO (Legitimate Interest)

    Log files, contact form, fraud prevention, secure hosting

    Art. 6 Abs. 1 lit. c DSGVO (Legal Obligation)

    Tax-related retention, commercial legal obligations

    13. Data Retention

    Booking data6 months after ticket expiration
    Invoice data10 years (tax obligation)
    Contact inquiriesUntil processing, max. 6 months
    Marketing consentsUntil revocation
    Log files7 days
    CookiesSee cookie table

    14. Your Rights as Data Subject

    You have comprehensive rights regarding your personal data

    Right to Access (Art. 15 GDPR)

    You can request information about your stored data at any time

    Right to Rectification (Art. 16 GDPR)

    Incorrect or incomplete data will be corrected immediately

    Right to Erasure (Art. 17 GDPR)

    "Right to be forgotten" - Exception: legal retention periods

    Right to Restriction (Art. 18 GDPR)

    You can have the processing of your data restricted

    Right to Data Portability (Art. 20 GDPR)

    Receive data in a machine-readable format

    Right to Object (Art. 21 GDPR)

    Object to processing based on legitimate interests

    Withdrawal of Consent

    You can withdraw given consents (e.g., for marketing or cookies) at any time. The lawfulness of processing carried out until withdrawal remains unaffected.

    How can you exercise your rights?

    Email: datenschutz@exitmania.com or info@exitmania.com

    Response Time: Within 30 days

    Identity Verification: Identity verification is required to protect your data

    15. Right to Lodge a Complaint with Supervisory Authority

    You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

    Competent Supervisory Authority:

    Berlin Commissioner for Data Protection and Freedom of Information
    Friedrichstraße 219
    10969 Berlin
    www.datenschutz-berlin.de

    16. No Automated Decision-Making

    We do not use automated decision-making (including profiling) pursuant to Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

    17. Changes to this Privacy Policy

    We reserve the right to amend this privacy policy to adapt it to changed legal requirements or new features of our services. We recommend that you visit this page regularly to stay informed about changes.

    Last Updated: June 2025

    Questions about Data Protection?

    Team Mania GmbH - Data Protection Team

    Email: datenschutz@exitmania.com