Privacy Policy - Escapp

The University of Eastern Finland is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, use, share, and protect personal data obtained through the Escapp web platform (https://escapp.es). This policy applies to all personal data collected and processed by this platform, in accordance with Finnish and European data protection laws, including the General Data Protection Regulation (GDPR).

1. Data Controller

The University of Eastern Finland, with registered office at YLIOPISTONRANTA 1 E, PC 70211, KUOPIO, Finland, and Business Identification Number 2285733-9, is the data controller for personal data collected through the Escapp web platform (https://escapp.es). If you have any questions or concerns regarding the protection of your personal data, you may contact our Data Protection Officer via the following email address: sonsoles.lopez@uef.fi.

2. Personal data collected

Escapp may collect and process the following personal data:

• Data provided through the registration form, including first name, last name, email, password, age or date of birth, gender, education level, and user type (student/teacher).
• Automatically collected data regarding participation and progress of players and teams in escape rooms, including shift registrations, team names and members, escape room attendance, completed escape rooms, failed and successful attempts to solve puzzles, solved puzzles, hints requested, hints received, and grades.
• Timestamps automatically collected related to the actions listed above, including the moments when users register for an escape room, attempt to solve puzzles (successful or not), and request or receive hints.
• Technical information necessary for the platform to function, including IP address, browser type, and login data.

3. Purpose of data processing

The personal data collected by Escapp is used for the following purposes:

• To ensure proper operation and improvement of the platform.
• To manage your participation in escape rooms offered through the platform.
• To manage the creation and monitoring of escape rooms via the platform.
• To improve escape rooms and the teaching and learning processes related to them.
• To conduct research and statistical analysis. Data collected by Escapp may be used in academic articles and presentations. Additionally, once anonymized, any dataset collected by Escapp may be deposited under a Creative Commons license in institutional open-access repositories. Under no circumstances will non-anonymized data be deposited or published. Anonymized data will not allow user identification.
• To occasionally send registered users emails with surveys or study invitations related to the platform and its activities, as well as other activities or initiatives of the data controller that may be of interest to them.

4. Legal basis for data processing

The processing of your personal data collected through Escapp is based on your explicit consent, freely given, specific, informed, and unambiguous, in accordance with the General Data Protection Regulation (GDPR). Consent is considered granted when you check the box to accept the Privacy Policy in the registration form or, if applicable, in the form accepting a new version of the Privacy Policy when updated.

5. Data retention

Your personal data will be retained for as long as necessary to fulfill the purposes stated in this Privacy Policy and in accordance with applicable law, unless a longer retention period is required by law. Once the data is no longer needed, it will be deleted or anonymized.

Anonymized data may be retained indefinitely and used for the purposes described in this Privacy Policy.

6. Users’ rights

As the owner of your personal data, you have certain rights that you may exercise, including:

• Access and rectification of your personal data.
• Erasure or restriction of processing of your personal data.
• Objection to the processing of your personal data.
• Portability of your personal data.
• Withdrawal of your consent at any time.

To exercise any of these rights, you may contact our Data Protection Officer at the email address provided above.

7. Data recipients

Data is securely stored on servers located in the European Union. The data controller will not share personal data with third parties, except as specified below.

Anonymized data may be shared as described in this Privacy Policy.

The platform allows a user who owns an escape room to access the following personal data of its participants (i.e., users who participate in it):

• Identifying and demographic data: first name, last name, email, age or date of birth, gender, and education level.
• Automatically collected data on participation and progress in the escape room, including shift registrations, team names and members, attendance, attempts at solving puzzles (successful and failed), solved puzzles, hints requested, hints obtained, and grades.
• Timestamps associated with the actions listed above, including the times at which users register, attempt to solve puzzles (successful or not), and request or receive hints.

The owner of an escape room may use the above data of its participants solely for the following purposes:

• To manage participation, monitoring, and grading of participants.
• To improve the escape room and related teaching and learning processes.
• To conduct research and statistical analysis, provided that participants have given their consent.

8. Use of cookies and tracking technologies

Essential cookies are used to ensure the proper functioning of the web platform. No tracking or third-party cookies are used. You can find more information about the cookies used by the platform in the Cookie Policy.

9. Updates to the Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in data protection practices related to the Escapp platform. Any significant changes will be communicated via email or directly through the platform.

Last updated: May 5, 2025.