General information

This document describes the methods through which Get Me Out processes personal data provided by users through the room reservation form on the website

Personal data provided by users will be processed in accordance with the provisions of EU Regulation 2016/679 (GDPR) and, in particular, in compliance with the principles of need, transparency, lawfulness, accuracy and proportionality of the processing of personal data.

Data Controller

The Data Controller of the data collected on this site is GET ME OUT Srl, P. IVA 09490820967, with legal residence in Milan, Via Balduccio da Pisa n. 7, in the person of its present legal representative Mrs Lucia Meleleo (hereinafter referred to as "GetMeOut"): the Data Controller decides autonomously on the purposes and methods of the processing, as well as on the security procedures to be applied to ensure confidentiality, integrity and the availability of data.

Object of the treatment

The Data Controller processes the personal data, identifying and non-sensitive data communicated by you during the booking of the rooms on the website and/or to be able to receive the newsletter offered by the Data Controller.

Navigation data may also be processed, personal data whose transmission is implicit in the use of internet communication protocols (such as IP addresses, type of browser, operating system, domain name and website addresses from which was done the access or exit, information on the pages visited by users within the Site, access times, permanence on the single page, internal route analysis and other parameters related to the operating system and the user's computer environment) , acquired from the computer systems and software procedures used to operate the website of the Data Controller. In this regard, the Website uses cookies that collect your personal data. We invite you to read the Cookie Policy that describes the cookies used by the website and the purpose.

Modality and storage of your data

The processing of your personal data is carried out through the operations indicated in art. 4 n. 2) GDPR and in compliance with the principles of lawfulness, accuracy and transparency, and the other principles indicated in art. 5 GDPR.

The Data Controller will process your data for the purposes of service, pre-contractual and contractual, for the time necessary to fulfill the purposes of the processing and in any case for no more than 10 years from the termination of the relationship for contractual, tax and accounting purposes. The data for marketing/newsletter purposes, where your specific consent has been given, will be kept for the time necessary to pursue the purposes of the processing or before if the User withdraws the specific consent.

As soon as personal data are no longer necessary for the purposes for which they were collected, GetMeOut deletes them, unless the law establishes storage obligations or the user has not consented to the processing for a longer time or that they are archived.

Purposes of processing, legal basis of processing, need for consent and consequences of non-consent 

The data is processed exclusively for the purposes for which it was collected, described below.

GetMeOut uses the data provided by the interested parties for the following purposes:

  1. for the management of reservations and related activities, including the management of payments;
  2. management of your requests: technical, commercial, on the progress of reservations and requests for information in a broad sense;
  3. for purposes related to obligations under the law, regulations and community legislation.
  4. subject to explicit and specific written consent, to receive promotional e-mails from GetMeOut and/or other direct marketing activities to receive promotional, commercial and/or advertising material through automated e-mail, traditional mail or other means of communication related to products and services offered, as well as commercial initiatives that will be organized by GetMeOut;;

For all the aforementioned purposes, GetMeOut may entrust external suppliers to whom only the data strictly necessary for the performance of the assignment is transmitted.

Mandatory or optional nature of providing data 

The provision of data for the purposes referred to in points n. 1 and 2, as necessary to fulfill specific user requests, is mandatory and the refusal to give consent to the treatment makes it impossible to perform the required services or to follow up the requests made.

The provision of personal data in the fields marked with the symbol * is optional, but necessary to submit the contact request or for other specific features and the failure to provide such data may result in the inability to obtain what is required or to use the services of the Data Controller. The provision of personal data in fields not marked with *, however, is optional and the failure to fill in these fields does not have negative outcomes on the use of the services provided by the Data Controller.

The consent to the processing of data for the purposes referred to in point 4 - that is for promotional purposes, commercial communication and/or marketing in general by GetMeOut - is always optional and the refusal to give consent to the processing will make it impossible to be updated about commercial initiatives and/or promotional campaigns, to receive offers or other promotional material and/or to send personalized offers to the user. In case of consent, GetMeOut may send the user advertising or promotional messages, using the e-mail address provided, within the limits of the GDPR and without prejudice to the user's right to deny at any time such use. In the absence of consent, the Data Controller may in any case provide the services referred to in points 1 and 2 and the user may nevertheless complete the other functions and benefit from the services provided by the Data Controller.

Subjects or categories of subjects to whom your data may be disclosed

Your data will be communicated to third parties only with your express consent, except in cases where communication is mandatory by law or is required for purposes established by law, for the pursuit of which the consent of the interested party is not required; in such cases, the data may be made available to third parties who will treat them autonomously and solely for the aforementioned purposes (for example, in the event of a request made by the police or by the judiciary or other competent bodies or to fulfill obligations arising from the contract with you concluded). Your data will not be disseminated in any way.

Individuals that can process your personal data

GetMeOut may use third parties to process your personal data for certain activities. The third parties who perform these operations have been adequately selected and have experience, capacity and reliability and offer a suitable guarantee of full compliance with the current provisions on treatment, including the profile of data security.

These third parties will be appointed "Data Processors" for this purpose and will carry out their activities according to the instructions given by GetMeOut and under its control. Periodically, we verify that those responsible have promptly fulfilled the tasks entrusted to them and continue to provide suitable guarantees of full compliance with the provisions on the protection of personal data. The updated list of Data Processors can always be requested to the Data Controller. Your data is then processed by our persons in charge of the individual services

Security measures

GetMeOut adopts appropriate security measures in order to minimize the risk of destruction or loss - even accidental - of data, unauthorized access or processing that is not permitted or does not comply with the purposes indicated in our Privacy Policy.

However, GetMeOut cannot guarantee its users that the measures taken for website security and the transmission of data and information on the website limit or exclude any risk of unauthorized access or dispersion of data by devices belonging to the user: We recommend that you ensure that your computer is equipped with appropriate software for the protection of data transmission online, both incoming and outgoing (as up-to-date antivirus systems) and that your Internet service provider has taken appropriate measures for the security of data transmission over the network (such as firewalls and antispam filters).

The rights of the interested parties

As an interested party, you can exercise the rights referred to in Articles from 15 to 22 GDPR, in particular the right to access data, to correct or delete it, to request the limitation or to oppose the processing, in addition to the right to data portability. You also have the right to submit a complaint to the competition authority.

In case of violation of the personal data of the interested party, considering the provisions of art. 34 GDPR, the Data Controller will notify the interested party of the violation.

Contacts for exercising the rights of the interested party

You can exercise your rights at any time by sending an e-mail to

For further information, please also refer to the Privacy Policy of the website

Changes and updates to this Privacy Policy

GetMeOut may modify or simply update, in whole or partially, the site's Privacy Policy, also in consideration of changes in the laws or regulations governing this matter and protecting your rights. Changes and updates to the Privacy Policy will be notified to users on the Home Page as soon as they are adopted and will be binding as soon as they are published on the website. We therefore ask you to regularly access this section to check the publication of the most recent and updated Privacy Policy.

Date of update: 1stof June 2018

Via Emanuele Filiberto 13 - Milano
Via Balduccio da Pisa 7 - Milano
Via Serrano, 4 -Torino
+39 389.94.70.823
getmeoutescaperoom_mi get me out milano getmeoutescaperoom_to get me out torino

Copyright 2017 — Get Me Out Srl — P.IVA 09490820967 — Sede legale Via Balduccio Da Pisa 7/A, 20139 Milano
Privacy Policy - Condizioni d'uso del sito - Termini e condizioni