Last Updated: May 17, 2023
We, at Pomvom Ltd., together with our affiliated companies (collectively: “we”, “us” or “our”) put great efforts to make sure that we secure personal data related to you and use it properly.
This policy applies when we process personal data related to you when -
you use our application offered for visitors to theme parks or other venues owned or operated by our customers;
you use our services, including at: www.pomvom.com, landing pages and our other online assets; and,
you contact and interact with us on social media and through other online and offline channels;
(Collectively: the “Services”).
The term “personal data” refers to information that identifies an individual or relates to an identifiable individual. For example, personal data is your name, email address, telephone number, and other contact details which you submit to us.
The summary of this policy will give you a quick and clear view of our practices. Please take the time to read our full policy. If you do not agree to this policy, please do not access, or otherwise use the Services.
A Summary of this Policy
Personal Data We Receive, Collect, and Store
We receive, collect, and store information you enter, upload, or provide on the Services. Read More
What Do We Do with Personal Data?
We maintain the Services, make them better and continue developing them, and protect us and the Services from misuse and law violations. Read More
With Whom Do We Share Personal Data?
We use service providers, for example, to send email messages and to store data. We share data with our customers who own the theme park that you visit. We will transfer information when we change our corporate structure, and we will share the information with our affiliate entities. Read More
Disclosure of Personal Data to Authorities
We will obey orders and other lawful requirements by authorities to disclose information. Read More
Aggregated and Analytical Information
Aggregated data is not identifiable. We use it for legitimate business purposes and for standard analytical tools. Read More
You can opt out of our mailing lists and terminate your use of the Services. You can also request to exercise your privacy rights under applicable law. Read More.
Your EU Data Subject Rights
If we process personal data related to you when you are in the EU, further terms apply to our processing in relation to your rights as a data subject under EU data protection laws. Read More.
Specific Provisions for U.S. Residents
If you reside in the United States (U.S.), further terms apply to our processing in relation to your rights as a data subject under U.S. state privacy laws. Read More
Specific Provisions under Japanese Data Protection Laws
If Japanese data protection laws apply to the processing of personal data related to you by us, further terms apply to our processing activities. Read More.
Personal Data Retention
We retain personal data to maintain the Services, and for legitimate and lawful purposes, as further explained in the data retention section of this policy. Read More
Transfer of Data Outside Your Territory
We keep personal data related to you in Israel, Japan, the United States and in the EU, and will store them at additional sites, at our discretion. Our service providers provide us adequate security and confidentiality commitments. Read More
We implement systems, applications, and procedures to secure personal data related to you, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. Read More.
We will update our policy from time to time after giving proper notice. Read More.
We receive, collect, and store any information you enter on the Services or give us in any other way.
When you visit our venues, use our applications or Services, or contact us via the Services, we receive information you provide us. Examples are as follows:
If you are a venue visitor, personal data related to you such as your image in photos we take at our venues, your geo-location and time data, and your phone number and email address. In addition, if you are a guardian of a minor who visits our venue and wishes to use the Services, your digital profile - which is generated upon account creation.
If you are an individual who is part of our customers’ personnel (for example, an amusement park team member), personal data related to you such as your name, email address, job title, work location and phone number; as well as related logs of email exchanges or phone records, including transcriptions of conversations. For more information about this type of data subject, please read our sub-section titled “Sales, Finance, and Business Operations” below.
If you use our applications in connection with the Services, we collect similar types of information similar to what we collect when you visit our venue, along with Account ID which we automatically generate once you have set up your account through our applications, information related to purchases made as part of the Services, and information that you provide us with over the phone or via email.
When you contact us via the “Contact Us” link on our website, we collect any information you choose to provide us.
Marketing and Business Development
Information about your use of the Services and our business partners, including how you use the Services to help us improve them. Examples of such information we collect and analyze include the Internet Protocol (IP) address used to connect your device to the Internet; login; email address; password; access device and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform.
Information about whether you want to receive marketing communications from us and what your communication preferences are.
Information on how you interact with any of our emails or other communications, including if you have opened and engaged with such communications.
Information we get from third parties, including our business partners, service providers, and publicly available information.
Sales, Finance, and Business Operations
We provide services to customers, some of them are corporations. If you are an employee or representative of this type of customers who is involved in some aspect in the relationship we have with these customers, we will collect information about you, such as your name, address, email address, job title, and telephone number so we can deliver the Services, provide proposals during a sales cycle and negotiate agreements, manage customer accounts and process and fulfil orders.
Information about training or the services we provide to you or to our customers.
Information we collect as part of partner on-boarding, including information we obtain from third parties to complete on-boarding compliance checks.
Information we collect to deliver support to our customers, including ticketing information and details of the support request.
Information we obtain from you to improve the Services.
Information captured by our cameras if you visit any of our premises, visitor logs and other information we collect to ensure our premises remain safe and secure.
We can record calls, correspondence and other communication channels, including screen capture, for compliance, quality, training and other purposes.
We can video record or screen capture training seminars, presentations, webinars for compliance, quality, training and other purposes.
Where we demonstrate the Services and solutions to you, we can collect personal data related to you as part of a trial or test.
Personal Data on behalf of Others
If you give us personal data about someone else through use of the Services, you must do so only with that person’s express authorization. You must inform them how we collect, use, disclose, and retain personal data related to them according to this policy before you provide us with such personal data.
To use the Services, you must be over the age of minority. With the exception of photos which are taken in public spaces which can include images of minors, we do not knowingly collect personal data from minors.
In relation to minors, we require a guardian's consent for the generation of a digital profile template and data matching. In order for a minor to use the Service, a guardian must hold a valid account with us. Minors can send a request to their guardian via our applications. Our applications will provide the guardian with an SMS request for authentication.
Of note, minors can still collect their images via QR code cards from our representatives. However, guardian authorization will be required to purchase and unlock these images.
We reserve the right to request proof of age, via a recognized identification method, at any stage so that we can verify that minors are not using the Services without appropriate consent. In the event that it comes to our knowledge that a minor is using the Services, we will prohibit and block the individual from accessing the Services until the individual’s guardian consents to the use of the Services.
Like many websites, we also use ‘cookies’ and we obtain information when your browser accesses our website. For further information on cookies please see our Cookies and Similar Tracking Technologies Policy.
We use personal data related to you for the following purposes:
To provide you with the Services.
To provide you with notifications related to your use of the Services and to send you marketing materials, via electronic newsletters, social media notifications or promotional emails.
To solicit your feedback and provide support.
To maintain the Services and to continue developing and making them better.
We obey the law and expect you to do the same. If necessary, we will use personal data related to you to enforce our terms, policies, and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Services, and to take any action in any legal dispute and proceeding.
We commit to processing personal data related to you solely for the purposes described in this policy.
We do not sell, rent, or lease personal data related to you.
We share personal data related to you with certain employees, as well as external consultants, within our corporate group, and with our affiliates, who are all governed by this policy. In addition, we also share personal data related to you with our business partners.
We share personal data related to you with our vendors worldwide and with third-party service providers which process personal data related to you on our behalf, for example:
Marketing and Business Development. To deliver our marketing and business development campaigns we will share information with digital marketing providers, social media and advertising companies, market research partners, potential customers and venues, event organizers and registration providers, and other trusted vendors who assist in the performance of our marketing campaigns.
Sales, Finance, Business Operations and Delivering Service. We use (a) third-party sales tools to track pipeline activity and order information, (b) finance and invoicing tools to assist in managing orders, customer billing and fulfillment, (c) legal and compliance tools to assist in our contracting and compliance activities, (d) consultants, contractors and other specialists to provide professional services, and (e) other vendors which support our business operations.
Such vendors and service providers are contractually bound to keep personal data related to you confidential and appropriately secure.
When you visit a theme park or other venue owned or operated by one of our customers, and you interact with our application, we will share personal data with our customer, including your name, contact details and associated information. The customers may use the personal data for their own independent purposes. Please review our customers’ privacy notices for further information about their personal data practices.
A merger, acquisition or any other structural change will require us to transfer personal data related to you to another entity, as part of the structural change, provided that the receiving entity will comply with this policy.
We will share personal data related to you only subject to the terms of this policy, or subject to your prior consent.
We will need to disclose personal data related to you, as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our Affiliates; (f) to protect our rights, privacy, safety, interests or property, and/or that of our Affiliates, you or others; (g) if we are involved in any discussions related to the sale of all or part of our business; and, (h) to allow us to pursue available remedies or limit the damages that we can sustain.
We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies, and they use their own cookies to provide their service (for further information about cookies, please see our Cookies and Similar Tracking Technologies Policy).
We use the standard analytics tools of Google Analytics and Mixpanel, and we will use additional or other analytics tools, from time to time, to learn about how you and other visitors use the Services, in support of the Services-related activities and operations.
We use anonymous, statistical, or aggregated information and will share it with our affiliates for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically to you.
We will give you choices about the ways we use and share personal data related to you, and we will respect the choices you make.
We will send newsletters or promotional communications to our users. To unsubscribe to these communications, you will be required to click an “Unsubscribe” link in these emails and confirm the email address for which you would like to unsubscribe.
We collect and receive personal data related to you that we need for the purposes described in this policy. You can stop using the Service at any time, thereafter we will stop collecting personal data related to you. However, we will store and continue to use or make available certain personal data related to you as detailed above.
You can request that your account with us be terminated, and that personal data related to you be deleted by contacting us. Any termination of your account will involve deletion of your account information from our live databases and all the information and data stored for the account in the service. When we process personal data related to an individual who is our customer’s customer, we handle the deletion request in collaboration and discussions with our customer.
You can request a copy of the personal data related to you that we store about you by contacting us.
When we delete personal data related to you that we have collected from or about you, it will be deleted from our active databases, but we will keep a reasonable number of copies in our archives. Although we will deactivate your account, we will continue to retain the personal data related to you for legitimate business purposes as set forth above.
We understand that some individuals can not wish for us to process personal data related to them in any form. Due to the automated nature of our photography systems, it is not possible for us to offer to not capture the likeness of the individual. In these circumstances, where an image has been captured but you do not wish for us to retain your photograph, you can speak to any member of our staff, and we will remove your images from our system. You can still purchase a physical print prior to enacting this feature. Once an image is removed, the deletion is permanent and the image cannot be recovered, even by us.
Post capture, your image will be uploaded to our cloud platform where the initial stages of processing will be applied, which include compositing and image adjustment. No further processing will occur until you engage with the Services. Your images will be deleted automatically after up to 90 days.
If you wish to exercise any of your rights in relation to personal data related to you, including exercising your choices or opt out rights, please send us an email to: firstname.lastname@example.org.
If EU data protection laws apply to the processing of the personal data related to you by us, then the following terms apply:
Where we process personal data related to you when you visit or use the Services, our processing activities are based on the following lawful grounds:
All processing activities of personal data related to you which are not based on the lawful grounds indicated below, are based on your consent.
We will process personal data related to you to comply with a legal obligation and to protect your and others' vital interests.
We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
Communications with you in the following circumstances:
Where you contact us through the Services and other digital assets:
After you sign up for our marketing or newsletter.
After you, on behalf of your company, sign up for any of the Services.
Support, customer relations, service operations.
Fraud detection and misuse of the Services.
In addition to your rights under other sections in this policy, you have the following rights:
At any time, contact us if you want to withdraw your consent to the processing of personal data related to you. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.
Request to delete or restrict access to personal data related to you. We will review your request and use our judgment, pursuant to the provisions of applicable law, to reach a decision about your request.
If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you can request to be informed that third parties that hold personal data related to you, in accordance with this policy, will act accordingly.
You can ask to transfer personal data related to you in accordance with your right to data portability.
You can object to the processing of personal data related to you for direct marketing purposes. Additional information about this right is available under the ‘Your Choice’ section in this policy.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR.
A summary and further details about your rights under EU data protection laws, is available on the EU Commission's website available at: Rights for citizens | European Commission (europa.eu).
Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us with credentials to make sure that you are who you claim to be and will further ask you some questions to understand the nature and scope of your request.
If we need to delete personal data related to you following your request, it will take some time until we completely delete residual copies of personal data related to you from our active servers and from our backup systems.
If you have any concerns about the way we process personal data related to you, you are welcome to contact our Data Protection Officer at: email@example.com. We will look into your inquiry and make good-faith efforts to respond promptly.
Data Protection Officer(s) and EU and UK Representatives
Our Data Protection Officer can be reached at: firstname.lastname@example.org.
Our EU representative is located at C/ Federico Mompou 5, Parque Empresarial Las Tablas, Edificio 1, Planta 3, 28050, Madrid, Spain; email address: email@example.com.
Our UK representative is located at 9 Victoria Way, Pride Park, Derby, United Kingdom DE24 8AN; email address: firstname.lastname@example.org.
This section applies solely to all Services visitors, users and others who reside within the United States (U.S.). We have adopted this section to comply with U.S. state privacy laws, and any terms defined under U.S. state privacy laws will have the same meaning when used in this section. This chapter supersedes any contradicting provisions under the other sections of this policy.
We have collected the personal data related to you which is described above under the section “Personal Data We Receive, Collect, and Store” of this policy. Such Information consists of the following categories:
Identifiers and Personal data categories listed in the applicable laws, such as the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with the Services.
Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Geolocation data, namely your physical location or movements.
Inferences drawn from any of the above-mentioned information.
We obtain the categories of personal data related to you listed above from the following categories of sources:
Directly and indirectly from you and your activity on the Services.
Third parties such as reliable service providers.
We use the personal data related to you that we collect or receive for the purposes mentioned under this Policy.
We disclose personal data related to you to third parties for business purposes as described above under the section titled “With Whom Do We Share Personal Data?”.
Selling and Sharing Personal data
We do not sell or share personal data. However, we engage third parties to provide us with services such as analytics, marketing automation and user experience and allow them to collect personal data on the Services.
We do not knowingly sell or share the personal data of consumers who are under 16 years of age.
The categories of personal data collected by these third parties in the preceding 12 months include identifiers, online activities and inferences drawn from such activities.
These third parties do not pay us for collecting such information, but the right granted to them to collect personal data can be considered as disclosure for the purpose of sale or sharing for cross-context behavioral advertising. At any time, you can opt out of the collection of personal data by our service Providers by contacting us.
Your rights as a U.S. Resident
In addition to your rights under other sections under this policy, if you are a resident of California or any other applicable US State, you are entitled also to the following specific rights under the CPRA or other applicable US state consumer privacy acts, regarding personal data related to you:
Access to specific personal data and data portability rights - you have the right to request that we disclose certain information to you about our collection and use of personal data related to you over the past 12 months. Upon verification of your request, we will disclose to you:
The categories of personal data we collected about you;
The categories of sources for the personal data we collected about you;
Our business or commercial purpose for collecting that personal data;
The categories of personal data that we disclosed for a business purpose, and the categories of third parties with whom we disclosed that particular category of personal data;
The specific pieces of personal data that we collected about you;
If we disclose personal data related to you for a business purpose, we will provide you with a list which will identify the personal data categories that each category of recipient obtained.
Deletion rights - you have the right to request that we delete any personal data related to you. Upon confirmation of your request, we will delete personal data related to you from our records, unless an exception applies.
Non-discrimination – you also have a right not to be discriminated against for exercising your rights under the CPRA.
Exercising Your Rights
To exercise the access, data portability, and deletion rights described above, please submit your request to us by sending an email message to: email@example.com.
Only you or a person authorized to act on your behalf can make a request related to personal data related to you. A request for access can be made by you only twice within a 12-month period.
The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with the requested Personal data if we cannot verify your identity or authority to make the request and confirm the personal data related to you. We will only use the personal data provided in your request to verify your identity or authority to make the request.
We will do our best to respond to your request within 30 days of its receipt. If we require more time (up to an additional 30 days), we will inform you of the reason and extension period in writing. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before completing your request.
We will not require that you create an account in order to exercise your rights under this policy and we will not increase the cost, or decrease the availability, of the Services based solely on the fact that you have chosen to exercise one of your rights under U.S. privacy laws.
After receiving our reply, you can appeal against our decision by contacting us. We will review your appeal and provide you with our answer and our explanation of the reasons for our decision(s) within 60 days of receiving it. We will also provide you with a link (to the extent available) where you can submit a complaint with the relevant Attorney General.
We have adopted this section to comply with Japanese privacy laws, such as the Act on the Protection of Personal Information (the “APPI”), where applicable. This chapter applies only when the APPI applies to our processing activities of personal data related to you and supersedes any contradicting provisions under the other sections of this policy.
Information about the types of personal data related to you, the purposes we process such personal data, and the third parties with whom we share it, is detailed in this policy.
In addition to your rights under other sections within this policy, you are entitled to the following specific rights under the APPI or other applicable Japanese privacy acts:
* You have the right to request a deletion of personal data related to you, or cessation of processing of personal data related to you, to the extent such processing is out of scope necessary to provide you with our Services, protect and improve them, and comply with applicable law.
* You have the right to request access to personal data related to you, a summary of our data security measures in relation to the same, and a list of third parties that have access to personal data related to you including their territories.
To exercise your privacy rights, please submit your request to us by sending an email message to: firstname.lastname@example.org. Only you or a person authorized to act on your behalf can make a request related to personal data related to you. You must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
The entity in charge of managing the use of personal data is: Pomvom Ltd., and the person in charge of managing the use of personal data is: Pomvom's DPO, available at: 9 Victoria Way, Pride Park, Derby, United Kingdom DE24 8AN; email address: email@example.com.
You may be able to download photos, images, videos or any other content created by third parties, including WARNER BROS. STUDIOS JAPAN LLC and its vendors, from the imagic™ system operated by Pomvom (“Content”). In such circumstances, we are not responsible for the Content and the relevant content services operated by the third parties. You agree to respect other users’ privacy and other relevant rights and use such Content for private use only. By using any content service provided by third parties, you agree and consent that images which include you together with other people may be captured, modified and included in the Content and sold or otherwise distributed to others. You agree not to assert any portrait right, publicity right, privacy right or any other applicable right in relation to the Content
We retain different types of personal data related to you for different periods, depending on the purposes for processing the information, our legitimate business purposes, and pursuant to legal requirements under applicable law.
We will maintain your contact details, to help us stay in contact with you. At any time, you can contact our Data Protection Officer at: firstname.lastname@example.org and request to delete your contact details. Note that we will keep your details without using them if necessary, and for the necessary period of time, for legal requirements and proceedings.
We will retain personal data related to you after you have terminated your use of the Services, if retention is reasonably necessary to resolve disputes between our users, to prevent fraud and abuse, or to enforce this policy and our Terms and Conditions. We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
In any case, we will keep information about you for as long as you use the Services, unless applicable law requires us to delete it, or if we decide to remove it at our discretion, according to the terms of this policy and our Terms and Conditions.
We store and process information, including personal data, either directly or using third parties, such as data hosting service providers, in Israel, Japan, the United States and in the EU. The laws of the territories where your data will be stored and processed can differ from the laws of the jurisdiction in which you live.
If you are a resident in a jurisdiction where transfer of personal data related to you to another jurisdiction requires your consent, then you provide us with your express and unambiguous consent to such transfer.
If you are located in the European Economic Area (EEA), note that we will transfer personal data related to you to other jurisdictions, which are not deemed to provide an adequate level of data protection. In such case, we will use appropriate safeguards, in particular, by way of entering into the European Union (EU) Standard Contractual Clauses as amended from time to time with the relevant recipients, or by adhering to equivalent data transfer regulations to protect the security and confidentiality of such personal data. You can obtain a copy of the suitable safeguards that we use when transferring personal data as described above or receive further information about data transfer by contacting us at: email@example.com.
We make sure that our third-party service providers, provide us with adequate confidentiality and security commitments and we will take all steps reasonably necessary to ensure that personal data related to you is treated securely and in accordance with this policy.
We are committed to ensuring the security of personal data. We and our hosting services implement systems, applications, and procedures to secure personal data related to you, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. These measures provide sound industry standard security.
However, please understand that no security system is impenetrable, and although we make efforts to protect your privacy, we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
For more information on how the technology underlying our Service works and what we do to protect your privacy in accordance with applicable law, please review our Technology and Privacy Frequently Asked Questions (FAQ).
From time to time, we will update this policy.
Where the updates have minor if any consequences, they will take effect 7 days after we post a notice on the Services. Where the updates have substantial consequences, they will be effective 30 days after we initially posted the notice.
Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy you can choose not to accept it and terminate your use of the Services.
Continuing to use the Services after the new policy takes effect means that you agree to the new policy.
Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required by law.
Please contact us at: firstname.lastname@example.org.
We can only process requests received with sufficient information to enable us to process your request. If we need to request additional information in order to complete your request, we will do so. If you do not provide sufficient information initially and do not respond to our request for additional information, we will not be able to complete your request.
Please note that email communications are not always secure, so please do not include any sensitive information in your emails to us.