PRIVACY POLICY
Effective Date: 07/15/2026
1. Introduction and Scope
This Privacy Policy explains how HOLLERIN HAUNTS HAYRIDE ("we," "us," or "our"), collects, uses, discloses, and protects information in connection with our website located at www.hollerinhauntshayride.com (the "Site"), our ticketing and online store pages, our on-site attraction operations, and any related mobile apps, kiosks, email newsletters, or text messaging programs (collectively, the "Services").
This Policy applies to visitors to our Site, guests who purchase tickets or merchandise from us online or in person, subscribers to our email or SMS lists, job applicants who apply through our Site, and vendors who submit information to us through our Site. By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services.
2. Information We Collect
We collect information in the categories described below. Not every visitor will trigger every category — for example, we only collect payment or waiver information from people who purchase tickets or attend in person.
2.1 Information You Provide Directly
Contact information: name, email address, mailing address, and phone number, such as when you contact us, sign up for our newsletter, or create an account. Ticket and order information: billing name and address, order history, ticket type, timed-entry selection, group size, and related purchase details.
Payment information: our payment processor collects and stores your card or payment details; we do not store full card numbers on our own servers. See Section 7 for third-party payment processors.
Waiver and liability release information: if our attraction requires guests to sign a liability waiver or assumption-of-risk form (on paper or electronically), we collect the information on that form, which may include your name, signature, emergency contact, and health or safety acknowledgments (e.g., epilepsy, pregnancy, heart condition, or mobility warnings you choose to disclose).
Communications: messages you send us through contact forms, email, social media, or customer support chat, including any information you choose to include in those messages.
Reviews and user-generated content: photos, reviews, testimonials, or social media tags you submit or that you allow us to use.
Employment applications: if you apply for a job or seasonal actor/staff position through our Site, we collect your resume, application answers, and related information.
2.2 Information Collected Automatically
Device and usage data: IP address, browser type, device type, operating system, referring/exit pages, pages viewed, and time stamps.
Cookies and similar technologies: as described in Section 4 below.
Approximate location: derived from your IP address or, if you grant permission, more precise device location (for example, to show driving directions or nearby show times).
2.3 Information From Third Parties
Ticketing and event platforms: if you purchase tickets through a third-party platform (for example, Eventbrite, Tixr, Fever, or a similar provider) that is linked from or embedded on our Site, that platform shares order and contact information with us.
Social media: if you interact with us on social media or log in using a social account, we may receive information from that platform consistent with your privacy settings there.
Marketing and analytics partners: aggregated or de-identified audience insights from advertising and analytics partners.
2.4 Biometric Information (Season Pass / Repeat-Entry Scanning Only)
If we offer season passes or repeat-entry wristbands verified by fingerprint, palm, or facial scan, we collect a biometric identifier or biometric information as defined under applicable state law (such as the Illinois Biometric Information Privacy Act). See Section 12 for how we handle this data specifically.
3. Cookies and Tracking Technologies
We and our service providers use cookies, pixels, SDKs, and similar technologies to operate the Site, remember your preferences, measure performance, and deliver relevant advertising.
Categories of technologies we use include:
- Strictly necessary: required for core site functionality such as completing a ticket purchase or maintaining your session.
- Analytics: help us understand how visitors use the Site (for example, Google Analytics or similar tools).
- Advertising: used to deliver and measure ads on our Site and other sites (for example, Meta Pixel, Google Ads, TikTok Pixel), which may involve sharing identifiers with those platforms.
- Functional: remember choices you've made, such as language or ticket cart contents.
You can control cookies through your browser settings, and where required by law we will present a cookie banner or preference tool allowing you to accept or reject non-essential cookies before they are set.
4. How We Use Your Information
We use the information described above to:
- Process ticket orders, memberships, season passes, and merchandise purchases, and send order confirmations and timed-entry reminders;
- Operate, maintain, and improve the Site and on-site guest experience, including queue and capacity management;
- Verify liability waivers and enforce age, health, or safety restrictions for the attraction;
Respond to customer service inquiries and communicate about schedule changes, weather closures, or cancellations; - Send marketing communications about new seasons, events, discounts, and related offers, where you have opted in or as otherwise permitted by law;
- Personalize content and advertising, and measure the performance of our marketing campaigns;
- Detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or unlawful activity, including on-site incidents involving guest safety;
- Evaluate job applications and communicate with applicants;
- Comply with legal obligations, insurance requirements, and enforce our Terms of Service and liability waivers; and
- With your consent, use photos, video, or testimonials for promotional purposes as described in Section 8.
5. Legal Bases for Processing (EEA / UK Visitors)
If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction requiring a legal basis for processing, we rely on the following legal bases:
Contract: to process an order, issue a ticket, or otherwise perform a contract with you.
Consent: for optional marketing communications, non-essential cookies, and use of your photo/video for promotional purposes, which you may withdraw at any time.
Legitimate interests: to secure the Site, prevent fraud, run core analytics, and improve our Services, balanced against your rights and interests.
Legal obligation: to comply with tax, safety, insurance, or other applicable law.
Vital interests: in rare cases, to protect someone's health or safety, such as during an on-site medical or safety incident.
6. How We Share Your Information
We do not sell your personal information for money. We do share information with the categories of recipients below so that we can operate the Services:
- Service providers: companies that perform services on our behalf, such as ticketing/box-office platforms, payment processors, email/SMS marketing platforms, hosting providers, analytics providers, and customer support tools. These providers are authorized to use your information only as necessary to provide services to us.
- Payment processors: such as Square, Stripe, PayPal, etc. who process payment information under their own privacy policies and applicable PCI-DSS security standards.
Ticketing platforms: which may act as an independent controller of your order data under their own privacy policy. - Marketing and advertising partners: platforms such as Meta, Google, and TikTok that help us deliver and measure advertising, subject to your cookie and ad-preference choices.
Affiliated venues or events: other attractions or events operated by HOLLERIN HAUNTS HAYRIDE, where permitted by law and, where required, with your consent. - Legal and safety disclosures: law enforcement, emergency responders, insurers, or others when we believe disclosure is necessary to comply with law, respond to a claim, protect the rights, property, or safety of our guests, staff, or the public, or investigate an on-site incident.
- Business transfers: in connection with a merger, financing, acquisition, bankruptcy, or sale of some or all of our business or assets, in which case information may be transferred as part of that transaction.
- With your consent: any other third party where you direct us to share your information or otherwise consent to the disclosure.
7. Photo, Video, and Audio Recording
7.1 Security and Safety Cameras
For guest and staff safety, portions of our attraction, parking areas, and box office are monitored by closed-circuit video cameras. This footage is used for safety, security, loss prevention, and incident investigation, and is retained for a limited period consistent with Section 13, unless needed longer for a legal claim or investigation.
7.2 Promotional Photo, Video, and Media Release
Our attraction may include photo opportunities, roaming photographers, or fixed cameras at certain scenes or exits. By entering the attraction (or, where required by law, by separately opting in), you acknowledge that your image, voice, or likeness may be captured and grant us permission to use that footage in marketing materials, our website, and social media, unless you decline as described below.
Opting out: Guests who do not want to appear in promotional photos or video may notify staff at the entrance or contact us at [email protected] in advance of their visit, and we will make commercially reasonable efforts to honor that request.
8. Liability Waivers
If you are required to sign a liability waiver, assumption-of-risk form, or parental consent form to enter the attraction, the information on that form is used to verify your acknowledgment of the attraction's risks, to identify you in the event of an on-site injury or incident, and to support our insurance and legal defense obligations. Signed waivers are retained as described in Section 13 and are treated as confidential business records, accessible only to management, our insurer, and legal counsel unless disclosure is otherwise required by law.
9. Marketing Communications
9.1 Email
If you sign up for our newsletter, create an account, or purchase a ticket, we may send you marketing emails about upcoming seasons, discounts, and events, consistent with applicable law (including the U.S. CAN-SPAM Act). Every marketing email includes an unsubscribe link, and you may also opt out by contacting us at the email address in Section 18.
9.2 SMS / Text Messaging
If you opt in to receive text messages (for example, timed-entry reminders or promotional offers), message and data rates may apply, and message frequency varies. You may opt out at any time by replying STOP, and you may request help by replying HELP. We collect and use mobile numbers for text messaging only as authorized by your consent and applicable law, including the Telephone Consumer Protection Act (TCPA). Consent to receive texts is not a condition of purchase.
10. Children's Privacy
The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13 through the Site in a manner that would trigger the Children's Online Privacy Protection Act (COPPA), except as described below.
Our attraction may be intended for a general or mature audience and may not be suitable for young children; see our posted age and content guidance for details. Where a minor attends with a parent or guardian and a waiver or parental consent form is required for that minor, the parent or guardian provides that information on the minor's behalf, and we use it solely for the safety, waiver, and admission purposes described in Sections 2 and 8. If we learn that a child under 13 has provided us with personal information directly through the Site without verifiable parental consent, we will delete that information. Parents or guardians who believe their child has provided us with personal information may contact us using the details in Section 18.
11. Your Privacy Rights
Depending on where you live, you may have some or all of the rights described below.
11.1 California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), gives you the right to:
- Know what personal information we have collected, used, disclosed, and (if applicable) sold or shared about you, and the categories of sources, purposes, and third parties involved;
- Delete personal information we have collected from you, subject to certain exceptions;
- Correct inaccurate personal information;
- Opt out of the "sale" or "sharing" of your personal information, including for cross-context behavioral advertising;
- Limit the use and disclosure of sensitive personal information, where applicable; and not receive discriminatory treatment for exercising these rights.
- We do not sell personal information for money. If our advertising cookies constitute a "sale" or "sharing" under CCPA/CPRA's broad definitions, you may opt out using the link below or through your browser's Global Privacy Control (GPC) signal, which we honor as an opt-out preference signal.
Opt-out link: [email protected]
To exercise your CCPA/CPRA rights, submit a request using the contact details in Section 18. We will verify your request using information reasonably available to us before responding, and we will not discriminate against you for exercising your rights.
11.2 Other U.S. State Residents
If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another state with a comprehensive consumer privacy law, you may have similar rights to access, correct, delete, and port your personal information, and to opt out of targeted advertising, the sale of personal information, and (where applicable) profiling in furtherance of decisions that produce legal or similarly significant effects. You may exercise these rights by contacting us using the details in Section 18. If we deny your request, you may have the right to appeal that decision; instructions will be included in our response.
11.3 European Economic Area and United Kingdom Residents (GDPR / UK GDPR)
If you are located in the EEA or UK, you have the right to:
- Access the personal data we hold about you and receive a copy of it;
- Rectify inaccurate or incomplete personal data;
- Erase your personal data ("right to be forgotten"), subject to certain exceptions;
- Restrict or object to our processing of your personal data, including for direct marketing or profiling;
- Receive your personal data in a portable, machine-readable format; and
Lodge a complaint with your local data protection authority.
Data controller: HOLLERIN HAUNTS HAYRIDE
Where we transfer personal data outside the EEA or UK (for example, to service providers located in the United States), we rely on appropriate safeguards such as Standard Contractual Clauses, an adequacy decision, or another lawful transfer mechanism recognized under GDPR or UK GDPR.
11.4 Do Not Track
Some browsers offer a "Do Not Track" signal. Because there is no common industry standard for responding to these signals, our Site does not currently respond to Do Not Track browser signals, though we do honor the Global Privacy Control (GPC) as described in Section 11.1.
12. Biometric Information
If we collect biometric identifiers or biometric information (such as a fingerprint, palm print, or facial geometry scan) to verify season pass or repeat-entry access, we will, before collection:
- Inform you in writing of the specific biometric data being collected and the purpose and length of time it will be collected, stored, and used;
- Obtain your written consent prior to collection;
- Never sell, lease, trade, or otherwise profit from your biometric information;
- Store, transmit, and protect biometric information using reasonable security measures that meet or exceed our protection of other confidential information; and
- Permanently destroy biometric identifiers within the earlier of the timeframe specified at collection or the point at which the purpose for collection has been satisfied (for example, at the end of the season or upon your request), consistent with applicable law such as the Illinois Biometric Information Privacy Act (BIPA), Texas CUBI, and Washington's biometric privacy law.
13. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including:
- Order and ticketing records: generally retained for seven (7) years to satisfy accounting and tax requirements.
- Liability waivers: generally retained for the duration of the applicable statute of limitations in the state of California to support insurance and legal defense needs.
- Marketing/email list data: retained until you unsubscribe or for seven (7) years, whichever is earlier.
- Security camera footage: generally retained for 30 days unless preserved longer for an active investigation or claim.
- When personal information is no longer needed for these purposes, we securely delete, destroy, or anonymize it, except where longer retention is required by law.
14. Data Security
We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction, including encryption of payment data in transit, restricted employee access to waiver and payment records, and secured storage of physical waiver forms. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
15. Third-Party Links
Our Site may contain links to third-party websites, ticketing platforms, or social media pages that we do not control. This Policy does not apply to those third-party sites, and we encourage you to review their privacy policies before providing information to them.
16. International Data Transfers
We are based in the United States, and information we collect is generally processed and stored in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States or other countries, where privacy laws may differ from those in your jurisdiction, consistent with Section 11.3 above.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated Policy on this page with a revised effective date, and, where required by law, provide additional notice of material changes. Your continued use of the Services after an update constitutes acceptance of the revised Policy.
18. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, or wish to exercise any of the rights described above, please contact us at:
HOLLERIN HAUNTS HAYRIDE
Email: [email protected]
We will respond to legitimate requests within the timeframe required by applicable law (generally within 45 days for California requests, extendable once by an additional 45 days where permitted).
JOIN THE SCARE SQUAD
Join our email newsletter to get the latest news, updates,
and exclusive ticket offers direct to your inbox.
