Privacy Policy

Cloud Nine Play Cafe ("we", "us", "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, book a session, or use our services.

Last Updated: November 6, 2025

By using our website and services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

We collect several types of information from and about users of our services:

2. How We Use Your Information

We use the information we collect for the following purposes:

• To process and manage your bookings: We use your information to confirm bookings, process payments, and manage session capacity
• To communicate with you: We send booking confirmations, reminders, and important updates about your sessions
• To provide customer support: We use your information to respond to your inquiries and provide assistance
• To improve our services: We analyze usage patterns to improve our website and services
• To ensure safety and security: We may use information to maintain a safe environment for all guests
• To comply with legal obligations: We may be required to retain certain information for legal or regulatory purposes
• For marketing purposes: With your consent, we may send you promotional communications about events, special offers, and news

3. Legal Basis for Processing

Under the UK General Data Protection Regulation (GDPR), we process your personal data based on:

• Contractual necessity: To fulfill our contract with you (processing bookings and payments)
• Legitimate interests: To operate and improve our business, ensure safety, and prevent fraud
• Consent: Where you have given explicit consent, such as for marketing communications
• Legal obligations: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS
• Secure storage of data with access controls
• Regular security assessments and updates
• Limiting access to personal data to authorized personnel only
• Using PCI DSS compliant payment processing (Stripe)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account information: Retained while your account is active and for a reasonable period after account closure
• Booking records: Retained for at least 7 years for accounting and legal purposes
• Marketing preferences: Retained until you withdraw consent or opt out
• Children's information: Retained in accordance with legal requirements for safeguarding records

7. Your Rights Under GDPR

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you
• Right to rectification: You can request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten"): You can request deletion of your personal data in certain circumstances
• Right to restrict processing: You can request that we limit how we use your data
• Right to data portability: You can request a copy of your data in a machine-readable format
• Right to object: You can object to processing of your data for certain purposes, including marketing
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within one month.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand user preferences. Cookies are small text files stored on your device.

We use cookies for:

• Maintaining your session and login status
• Remembering your preferences and settings
• Analyzing website usage and performance
• Improving website functionality

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our website.

9. Children's Privacy

Our services are designed for parents and guardians to book sessions for their children. We collect limited information about children (such as names and ages) only when provided by their parent or guardian as part of the booking process.

We take the privacy of children seriously and:

• Only collect information about children from their parents or guardians
• Use children's information solely for booking and safety purposes
• Do not knowingly collect information directly from children under 13 without parental consent
• Maintain appropriate safeguards to protect children's information

Parents or guardians can request access to, correction of, or deletion of their child's information at any time.

10. International Data Transfers

Some of our service providers may be located outside the UK or European Economic Area (EEA). When we transfer your data to these providers, we ensure appropriate safeguards are in place, such as:

• Using providers certified under international data protection frameworks
• Implementing standard contractual clauses approved by data protection authorities
• Ensuring providers maintain adequate security measures

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Supervisory Authority

If you are not satisfied with how we have handled your personal data or responded to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: