II. Collection of Information.
A. Information You Provide To Us
1. Purchasing Tickets: If you purchase tickets or attend an event at one of our locations, we collect information “Attending Guest” information, including first and last name, email address, phone number, country, and zip code.
2. Payment Information: If you complete a transaction with us, we will collect your payment card information including credit/debit card number, expiration date, and cvv in order to process the payment. We may also collect the name of the card holder if it is different than the Attending Guest.
3. Queen’s Court: If you choose to sign up, we collect your email address and preferred castle location in order to send you email updates with special offers, birthday surprises, and other communications.
4. Event Details: If you are visiting one of our castles as part of a group event, we collect contact information about the guest representative, the dates of attendance, the size of the group, any business or organization affiliations, and any other information you provide to us.
5. Event Participation: When you attend our event, you may be filmed and/or recorded via video, audio, or photograph. While your image and likeness may be captured, we do not attempt to connect images or likenesses with other personal information except under exceptional circumstances. By visiting our castle and attending our events, you agree that we may collect your image and likeness via video, audio, or photograph and use it for purposes of our marketing or advertising.
6. Purchasing Alcohol: Medieval Times requires photo ID for the purchase of alcohol. We may review or swipe your government-issued ID in order to verify your age and identity.
7. Birthday Fellowship: You may be asked to provide proof of birth date in order to take advantage of our Birthday Fellowship admissions promotion.
8. Submitting Donations: If you submit a donation through DonationMatch, we may gather contact information and the specifics of your donation in order to process the donation.
9. Employment Application: If you interested in submitting an application for employment with Medieval Times, we will collect personal information submitted by you and/or others regarding you, your work experience, qualifications, and other relevant information in order to evaluate your application and your suitability for employment. More information is provided on our Careers page.
B. Automatically Collected Data
When you use our website or apps, we automatically collect certain technical information, including:
1. Log and Usage Information: We collect information related to your access to and use of the Services, including the type of browser you use, app version, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
2. Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
3. Information Collected by Cookies and Similar Tracking Technologies: We (and our service providers and partners) use different technologies to collect information, including cookies and web beacons. This information is associated with a unique identifier and includes information about your interaction with our Services, including:
the number of web visits;
ticket sales and revenue sales in advertising campaigns;
form submissions, click-to-call, click-to-email conversions for particular types of campaigns (corporate groups, education, birthdays, etc.);
website visits, page views, and behavior within a web page for particular sites/locations;
show features selected (show type, date, packages, experiences, etc.).
In addition to the above, there may be some circumstances where we may need to collect additional information. For example, if a guest or other person at our property requires medical or emergency assistance, or if we are screening for health and safety purposes, we may collect and share information about individuals in order to assure a healthy and safe experience for our guests, staff, and others. We may collect information about you from third parties, including but not limited to identity verification services, credit bureaus, mailing list providers, and publicly available sources. If you enter into a contest, sweepstakes, or other promotion, we may collect personal information from you in order to administer the event. In doing so, we may disclose your information to our co-sponsors, service providers, and other third parties in accordance with the event’s purpose and as described in the official rules or terms.
III. Our Operational and Commercial Purposes
As part of operating a first-class entertainment experience, we undertake a multitude of operations which require the processing of personal information. For example, our business purposes include: (1) accepting, coordinating, managing, and processing requests and accommodations; (2) facilitating purchase transactions for goods and services; (3) providing top-level customer support, accommodations, personalized services and amenities; (4) engaging in quality control in order to improve our offerings to you; (5) administering membership, rewards, and other incentive programs; (6) conducting marketing and sales promotions; (7) engaging in content based or interest-based advertising, (8) monitoring and analyzing trends, usage, and activities in connection with our offerings; (9) ensuring the safety and security of our guests, our staff, and all other persons visiting our online and real properties; (10) preventing, detecting, and investigating fraud, cyber incidents, or other illegal activity; (11) communicating with you and others in relation to your use of our Services; (12) administering our record-keeping for legal, tax, and operational purposes; (13) exploring new and unique ways to provide products and services; and (14) doing our best to fulfill your requests. Our commercial purposes are to advance our commercial interests, including through advertising and marketing.
IV. Disclosures of Your Personal Information
In order to provide you our Services and to fulfill our business and commercial purposes, we may disclose your personal information to our trusted third party service providers, including but not limited to our: (1) cloud service providers; (2) web development, analytics and security providers; (3) communications providers; (4) internal and external advisors and auditors; (5) premises operators; (6) advertising networks; (7) government entities; (8) online service provider; (9) social networks; and (10) data brokers. When doing so we will, when appropriate or required by applicable law, put in place appropriate contracts containing standard data protection clauses to protect that information and the rights of individuals. We may share your personal information among our affiliates, owners and operators of our locations. We also will disclose your personal information to any agents or third parties to whom you authorize us to disclose it.
We may disclose personal information in the following circumstances: (1) in order to comply with an applicable federal, state, or local law; (2) in order to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (3) to cooperate with law enforcement agencies concerning conduct or activity that web reasonably and in good faith believes may violate federal, state, or local law; (4) to exercise and defend legal claims; (5) when such disclosure is necessary to protect the rights and freedoms of other individuals; (6) as part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of Medieval Times USA, Inc. and (7) in any other manner permitted by law, including engaging in protected speech.
We are committed to protecting the security of any personal information you provide. For these reasons, certain financial information, such as credit card data, will generally be transferred over a Secured Socket Layer (SSL) connection (provided that it is supported or enabled on your browser). In spite of these protections, any information submitted over the Internet could be intercepted or otherwise corrupted during transmission, and we cannot guarantee the complete security of any data submitted over the Internet. Sensitive personal information is stored on servers or locations protected by procedures and technology designed to block reasonably foreseeable intrusions by unauthorized third parties. The servers are under our control at all times but may be hosted, managed or otherwise maintained by third party service providers with whom we contract. These third party service providers have no right to use or access this data other than in performing their services for us.
VI. International Data Transfers
For users located outside the jurisdiction of the United States, Medieval Times and its operating company are located in the United States. Information we collect from you will be processed in the United States, and by using our Services (including our website) you acknowledge and consent to the processing of your data in the United States. While we do not target individuals in the EU or other jurisdictions outside of the United States, we are aware that individuals from outside the EU may interact with us and inquire about the adequacy of our data protection. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 41 of the GDPR. We collect and transfers to the U.S. personal data only with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms.
VII. Your Marketing and Ad Choices
A. Email Marketing: We understand that your time and attention is precious to you. If you would like to opt-out from receiving marketing emails from us or our affiliates, you may opt out of receiving such communications by following the unsubscribe instructions set forth at the bottom of the e-mail messages.
Opt-Out of Third-Party Personalized Advertising
You may opt out of cross-site third party personalized advertising using several industry-provided frameworks that many advertisers and advertising networks, exchanges, platforms, and technology providers participate in:
Adjust Your Browser Setting to Block Third Party Cookies
You can also use your web browser to directly block all cookies, or just third-party cookies, through your browser settings. Using your browser settings to block all cookies, including strictly necessary ones, may interfere with proper site operation. Guidance on how to control cookies in popular browsers is contained here:
Your browser and other mechanisms may permit you to send do-not-track signals or other similar signals to express your preferences regarding online tracking. However, because there is not yet a defined response to do-not-track requests, our websites do not respond to your browser’s do-not-track request. We cannot control third parties’ responses to do-not-track signals or other such mechanisms. Third parties’ use of data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.
Adjust Other Settings
You can adjust the information that other third parties collect about you:
Using Google’s privacy controls to opt-out of ads and cookies set by Google. Please go here and here to opt-out of any personalized ads and cookies.
VIII. Children’s Privacy
We are committed to complying with the Children's Online Privacy Protection Act (COPPA). Our website is not directed to children under the age of 16. We do not knowingly collect personal information from children under the age of 16 online. If we receive personal information that we discover was provided by a child under the age of 16, we will promptly destroy such information. Parents are encouraged to supervise their children's online activities and consider the use of other means to provide a child-friendly online environment. Additional information is available on the Direct Marketing Association's home page at http://www.the-dma.org. If you would like to learn more about COPPA, visit the Federal Trade Commission home page at http://www.ftc.gov.
IX. Agreement and Changes
X. California Privacy Rights
If you reside in California, you have specific rights regarding your personal information. This section describes your CCPA rights and explains how to exercise those rights.
Categories of Personal Information Collected
In the preceding twelve months from the Effective Date of the policy, we have collected the following categories of personal information (as defined in the California Consumer Privacy Act (California Civil Code § 1798.100, et. seq.) about California residents:
Personal Information described in California Civil Code § 1798.80(e);
Characteristics of protected classifications;
Internet and Network Information;
Sensory Information (audio, visual, electronic);
Professional or employment related information;
Inferences drawn from other information.
We have in the last 12 months disclosed for a business purpose or sold the following categories of personal information: (i) Identifiers; (ii) Personal Information described in California Civil Code § 1798.80(e); (iii) Characteristics of protected classifications; (iv) Commercial Information; (v) Internet or network information; (vi) Geolocation data; (vii) Sensory information; (viii) Professional or employment related information; (ix) Education information; and (x) Inferences drawn from other information.
Access Rights: You have the right to request that we disclose what personal information about you. You may request and, subject to certain exemptions, we will provide:
The categories of personal information we collected about you.
The categories of sources of the personal information we collected about you.
Our business or commercial purpose for collecting the personal information.
The categories of personal information we disclosed about you to a service provider.
The specific pieces of personal information we collected about you (data portability) in the 12 months preceding your request.
Deletion Request Rights: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Upon submitting a request, we will attempt to verify your identity by matching the identifying information provided by you (or your authorized representative) to the personal information already maintained by us. The type of information you must provide depends on the type of request you make. Alternatively, we may use a third party verification service to verify your identity. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
If you are using an authorized agent to submit a request to know or request to delete, you must provide the authorized agent written permission to do so. Written permission must be submitted to us as part of the verification process and the agent must also verify their own identity with us using the verification methods described above. We may deny requests from an agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
The Right to Opt-Out/Opt-In to Sale of Your Personal Information: The California Consumer Privacy Act defines the “sale” of personal information in a way that would include many types of disclosures not normally considered a sale. We do not disclose personal information to third parties in exchange for money. However, we do share information with third parties who are not subject to contractual restrictions on how they may further use the information they receive.
If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the "right to opt-out"). We do not knowingly sell personal information from anyone under the age of 16.
We have in the last 12 months sold the following categories of personal information: (a) Identifiers; (ii) Commercial Information; (iii) Internet and network information (including information collected via cookies or other automatic collection technologies); and (iv) Location data.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by submitting a CCPA consumer request here: firstname.lastname@example.org.
The Right Against Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights conferred by the CCPA.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please submit a request here, or send an email or message to the addresses below.
XI. Contact Information