Privacy Policy
This Privacy Policy explains how the Company collects, uses, stores, and protects your personal information, in accordance with the Israeli Protection of Privacy Law, 1981 (the “Privacy Protection Law”), including Amendment No. 13 thereto (entering into force on August 14, 2025), the Protection of Privacy Regulations (Data Security), 2017 (the “Privacy Regulations”), and the Israeli Communications Law (Telecommunications and Broadcasting), 1982 (the “Communications Law”).
By using the website www.escaperoom.co.il, operated by Escaperoom Ltd., Company No. 515415289, 22 HaRakevet Street, Tel Aviv (the “Company”), you confirm that you have read and understood this Privacy Policy.
This Privacy Policy applies to information collected through your use of the Company’s website at www.escaperoom.co.il and any subdomains thereof, as well as through landing pages, digital campaigns, digital forms, social media platforms, applications, and any other digital interface operated, managed, or controlled by the Company (collectively, the “Website”).
This Policy shall also apply, with the necessary adaptations, to information collected through any communication with the Company via any channel (including telephone, WhatsApp, email, social networks, and similar means), as well as to information collected at the Company’s physical premises and/or those of its franchisees, including in connection with reservations and purchases, customer service, and documentation by security cameras, where applicable.
This Privacy Policy constitutes an integral part of the Website’s Terms of Use.
By entering, accessing, and using the Website and/or the Company’s services, including placing an order, purchasing a gift, joining a customer club, applying for a position, or contacting the Company in any manner, you confirm that you have read and understood this Privacy Policy and that you agree to the collection, processing, use, and retention of your personal information in accordance with this Privacy Policy and applicable law.
If you do not agree to the terms of this Privacy Policy, you are requested to refrain from using the Website and/or the Company’s services.
Providing personal information to the Company is subject to the user’s consent and is not legally mandatory. However, failure to provide certain information may prevent the provision of certain services offered on the Website, including placing orders, contacting the Company, or receiving related services.
Definitions
Personal Information
Any data relating to an identified or identifiable individual, directly or indirectly (such as name, address, email address, IP address, location data, payment details).
Sensitive Information
Medical, financial, biometric, genetic information, precise location data, political opinions, sexual orientation, criminal record, as defined under applicable law.
Data Processing
Any operation performed on personal information, including collection, storage, use, transfer, disclosure, deletion, or destruction.
Database Controller
A person or entity that determines, alone or jointly with others, the purposes and means of processing personal information in a database, whether a public or private body. For the purposes of this Privacy Policy, the Company is the controller of the database and is responsible for its processing in accordance with applicable law and regulations.
Privacy Protection
The Company undertakes not to misuse personal information without the user’s consent, unless required by law, necessary to prevent misuse, or required to protect its rights. Access to personal information shall be granted only to employees who require such access for the purpose of providing services.
At the time of data collection, the Company shall inform the user of the purposes of use, whether the provision of information is mandatory or voluntary, the identity of the database controller, and the applicable data retention period.
Databases
The Company manages its databases in accordance with the requirements of the Privacy Protection Law and the regulations enacted thereunder. Where reporting, registration, or notification obligations apply to the Company in connection with its databases, the Company shall act in accordance with applicable law.
Prohibition on Processing Unlawfully Collected Data
The Company strictly prohibits any processing of personal information collected unlawfully and is committed to verifying the legality of data collection from any source.
Purposes of Data Collection and Processing
Personal information shall be retained only for the period required for the purposes for which it was collected. Upon expiration of such period, or where the information is no longer required, reasonable steps shall be taken to delete or anonymize it so that the data subject can no longer be identified by reasonable means.
The Company may collect personal information in several ways: information you provide voluntarily; information collected automatically through your use of the Website; and information collected through interactions with the Company via additional channels.
Types of Information Collected
Technical and Digital Identifiers
Technical information regarding your browsing device and communication, such as IP address, device type, operating system, browser type and version, language, advertising or device identifiers (such as Google Advertising ID / IDFA, where collected), and general location data (e.g., city or region level, subject to permissions and technological capabilities).
Website Usage and Browsing Data
Information regarding your use of the Website, including referral source, visit duration, pages viewed, navigation paths, interactions on the Website, and, in certain cases, information related to campaigns or advertisements that directed you to the Website, subject to applicable analytics tools.
Information Provided via Forms and Inquiries
Information you provide through registration, contact forms, information requests, orders, newsletter subscriptions, job applications, or event inquiries, such as name, phone number, email address, general area of residence, order details (e.g., date, time, number of participants, game name), and any content entered in open text fields.
Orders, Purchases, and Customer Service Information
Information required to manage orders, changes or cancellations, provide services, handle inquiries, and document interactions with you (including via phone, WhatsApp, email, social networks, or any other communication channel), including call recordings where carried out in accordance with applicable law and required notices.
It is clarified that every data collection form on the Website shall include a concise notice in accordance with Section 11 of the Privacy Protection Law, with a reference to this Privacy Policy.
Purposes of Use
The information is collected and processed for the following purposes:
Enabling orders via the Website and changes and/or cancellations thereof;
Providing the Company’s services and customer support, including contacting users regarding orders, inquiries, or services;
Statistical analysis, measurement, monitoring, and service improvement, including analysis of usage patterns, where possible using aggregated or anonymized data;
Sending operational and service-related messages (such as order confirmations, updates, reminders, and responses to inquiries), as well as contacting customers for feedback and service improvement;
Security, fraud prevention, detection of unusual activity, enforcement of terms of use, and protection of the Company’s rights and the rights of third parties;
Compliance with legal and regulatory obligations, including requirements of competent authorities;
Any other purpose specified in this Privacy Policy or in the Terms of Use.
At the time of data collection, the Company shall inform the user whether the provision of information is mandatory or voluntary and the consequences of refusing to provide it.
Marketing Communications Consent
At the time personal details are provided, including registration, submission of an email address, or placement of an order, the user may consent to receive from the Company and/or affiliated parties marketing communications of any kind, including promotional offers, system messages, service messages, or other communications, via any communication channel, at the Company’s discretion.
Such communications shall be sent in accordance with Section 30A of the Communications Law and only after obtaining explicit opt-in consent from the user.
Unsubscribing from Marketing Communications
Email
Users may unsubscribe at any time by clicking the unsubscribe link included in each promotional email or by sending a removal request to privacy@escaperoom.co.il. Removal shall be completed within up to three business days. Separate requests are required for each email address.
SMS and Other Channels
Unsubscription may be requested via reply message or as instructed in the relevant message. Unsubscribing from SMS or other channels does not automatically remove the email address from email marketing lists.
Rights of Access, Correction, and Deletion
Users may request access to personal data held about them, as well as request correction or deletion thereof.
In the event of deletion, all records relating to the user shall be deleted, except for the deletion request itself and data relating to actions performed on the Website, including orders.
The Company shall respond to such requests within 30 days.
Users are also entitled to:
Receive their data in a machine-readable format (data portability);
Request temporary restriction of processing or object to the use of their data for direct marketing purposes;
File a complaint with the Israeli Privacy Protection Authority:
https://www.gov.il/he/departments/the_privacy_protection_authority
Sharing Information with Third Parties
The Company may share personal information with third parties solely for defined purposes, including payment processors, mailing and CRM providers, hosting and technological infrastructure providers, and advertising and analytics service providers, subject to confidentiality and data security obligations.
Specific services may involve external providers, including:
Customer Club: Valuecard
Gift Cards: BUYME
Payment Processing: Cardcom (credit card details are not stored by the Company)
Information may also be disclosed where required by law, court order, or competent authority, or where necessary to protect the rights of the Company or third parties.
Aggregated or anonymized data may be used and shared without limitation.
International Data Transfers
Some services used by the Company, including analytics, advertising, and data hosting services, may involve the transfer of personal data to servers located outside Israel. Such transfers shall be carried out in accordance with applicable cross-border data transfer regulations.
Cookies and Similar Technologies
The Company may use cookies and similar technologies for Website operation, security, analytics, user experience improvement, and marketing purposes, including tools such as Google Analytics, Google Tag Manager, Meta Pixel, Google Ads, and additional tools.
Cookies may be first-party or third-party cookies. You may block or delete cookies via your browser or device settings; however, doing so may impair Website functionality or prevent access to certain services. The Company shall not be responsible for any consequences resulting from such changes.
Recording and Monitoring at Physical Locations
During visits to the Company’s or its franchisees’ premises, recording via cameras and/or microphones may take place inside game rooms and public areas for purposes of game operation, participant safety, real-time supervision, and service provision (including providing hints), as well as quality control and experience improvement.
Recordings are not intended for marketing or promotional purposes and are retained for a limited period (generally up to 30 days), unless a longer retention period is required by law or necessary for the investigation of an exceptional incident or dispute.
Minors
The Website is not intended for the intentional collection of personal information from children under the age of 13. If such information is collected without parental or guardian consent, the Company shall take reasonable steps to delete or anonymize it.
Data Retention
The Company shall retain personal information only for as long as necessary for the purposes for which it was collected and in accordance with applicable law. The Company shall periodically review the personal data it holds and delete data that is no longer relevant.
Information Security and Limitation of Liability
The Company implements reasonable and accepted technical and organizational measures to protect personal information in accordance with the Privacy Regulations. However, data transmission over the internet is not completely secure, and the Company cannot guarantee absolute protection against unauthorized access, failures, breaches, or cyberattacks. By providing information through the Website or digital means, you acknowledge and accept the inherent risks involved.
The level of security applied to the Company’s databases is determined based on the scope, nature, sensitivity, and processing characteristics of the data, as defined in the Privacy Regulations.
Changes to the Privacy Policy
The Company reserves the right to update this Privacy Policy from time to time at its sole discretion. In the event of material changes, the Company shall notify users by publishing a prominent notice on the Website or through other communication channels. Continued use of the Website following such changes constitutes acceptance of the updated Privacy Policy.
Contact Information:
Escaperoom Ltd.
Email: privacy@escaperoom.co.il
Address: 22 HaRakevet Street, Tel Aviv
Last updated: January 26, 2026