Privacy policy

How we use personal data

After signing up for a trail

The personal data that we keep a record of is name, email and phone number.

The reasons why we hold and process personal data are:

1. To help you as a customer

We may keep a record of personal data so that we can contact you and people in your teams about your experience, for example if there is a problem, or for feedback. The basis for processing this data, as defined by the General Data Protection Regulation (GDPR) under Article 6 is ‘legitimate interests’.

If you have signed up multiple teams this data will also be shared by email with all other team captains and organizers on your booked game. If you would like to avoid this, you can do so by selecting the “secret” option when booking. This will mean that no communications are sent to anyone other than the Team 1 captain until that person begins the game, at which point only text messages will be sent, not emails. 

After you have played a trail we will keep your data, unless you tell us you would like us to remove it. If you contact us we can look up your details so we can tell you which trails you have done in the past, so we can recommend other trails to you, and importantly make sure you don’t do the same trail again. This is because the trails do not usually change enough to make them suitably different to be a challenge to do again.

Our technology partners and our customer support staff have access to personal data so that they can make sure our systems run properly, and can serve you as a customer. They have access to name, email and mobile number. Data for our internal systems is held on a server by Digital Ocean LLC, based in the United States. Zendesk, based in the UK store data for customer support, and Stripe, based in the United States, stores payment data.

We have agreements in place with the organisations above to ensure they safeguard data.

2. So that we can work out which experiences people like most

We do broad analysis of data so that we can understand how to market our products to help us work out which experiences we should create next. For example, to work out whether people who sign up to The Hunt for the Cheshire Cat then choose to play Moriarty’s Game.

Our retention policy is to keep to retain data indefinitely, unless you ask us to remove it, to enable us to do reasonable analysis of which products people continue to buy, and so that we can recognise our most loyal customers.

3. So that we can tell you about HiddenCity experiences

If you tell us you would like to be kept updated about HiddenCity experiences we will provide your name and email to The Rocket Science Group, based in the United States, to send emails using the Mailchimp email sending tool. You can unsubscribe at any time – click the unsubscribe link in the email. Or unsubscribe here. This basis for holding your data for electronic marketing is ‘consent’ under GDPR.

We may provide data to Facebook, based in the United States, so that the Facebook and Instagram sites, both owned by Facebook, so that customers can find out about new HiddenCity experiences in adverts on the Facebook or Instagram sites. The information we send is for HiddenCity advertising purposes only; Facebook do not have access to the data for their purposes. The data sent is name, email and phone number. If you see an advert from HiddenCity on Facebook and do not want to see further adverts from HiddenCity click the ‘…’ menu on the top-right hand corner of the ad and navigate to ‘Hide all ads from this advertiser’. Read more about hiding adverts. The basis for processing this data under the General Data Protection Regulation (GDPR) is ‘legitimate interests’. Customer data sent to Facebook is hashed (encrypted in a way that it cannot be easily reversed) locally on the browser before it goes to the Facebook for matching. Facebook typically deletes all matched and unmatched hashes within 48 hours after the matching process ends.

We have agreements in place with the organisations above to ensure they safeguard data.

If you apply for a job

We keep a record of your data so we can look for applicants who may be suitable for current and future roles, unless you tell us to remove your data. When you apply for jobs your data is sent to a company called Recruitee, based in The Netherlands. They provide an online form for you to apply, and store your data for our team to access.

Access to your information

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, then contact us. We may make a small charge for this service. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

Right to forget

If you would like us to correct or remove your data after you have played an experience with us, or you would like us to stop processing it for any reason, then let us know. You have the right to ask us to do this under GDPR. We won’t be offended.

If we remove your data we may retain a small amount of information about your request, including your name and email address and your communication to us related to GDPR so that we can (1) monitor the effectiveness of handling GDPR-related enquiries and (2) monitor systems to protect ourself from repetitive spurious enquires, cyber-attack or fraud.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Changes to this policy

This privacy policy was last updated on 11 August 2018. You can find updates on this web page.

If you want to contact us

Get in touch.

If you have a complaint

Contact us if you have a problem.

If you cannot get your issue resolved with us, or if you have a concern, then contact the Information Commissioner’s Office (ICO).