Our website www.apnakey.com and our mobile apps are operated by ApnaKey Ltd. This is a company registered in England & Wales with number 13405148.

We are subject to the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). When we collect and use certain personal information about you, we are regulated under the UK General Data Protection Regulation. We are responsible as the ‘controller’ of the personal information for the purposes of those laws. When we work with a partner who provides an Activity or Event, we may act as joint controllers. This policy explains how we comply with these data privacy laws and is part of our compliance with these. In this policy, we refer to the General Data Protection Regulation that applies in the EEA as the “EU GDPR” and the UK General Data Protection Regulation as the “UK GDPR”. We refer to all these kinds of laws as “GDPR” in this policy.

Our apps and the website are not intended for use by children under 12. Children between 12 and 18 can use the app and website with parental consent to book Activities or Events which are open to children. This policy is designed to be understood by both children over 12 and adults. However, if you are under 18 we expect you to review this policy with your Parent to assist your understanding of how we use information about you, as Bookings by a child require you to obtain parental consent.

We do not knowingly collect data relating to children under 18 save where required for a Booking by a child between 12 and 18 or involving a child where their personal data is required for the Activity or Event. When information is required about a child we keep this to the minimum that is strictly required to set up the Account and organise the Booking and require the consent of at least one Parent to the provision of that information. Though a child may set up an Account and make Bookings using an alias, where the correct identity of the booker and participants is required for the purpose of the activity or event accurate identifying information must be provided.

We will only collect a child’s personal data if it’s provided by (or with the consent of) a Parent. That includes someone with parental responsibility for the child. Where we collect personal information from children, we will only collect that information which is strictly required and it will only be used for purposes specified when we collect it. If we become aware that we’ve processed the information of a child under 18 years old without the valid consent of a Parent which was not strictly required, we will delete it.

ApnaKey offers online event and activity booking services through our own website and mobile apps, as well as linking to other online platforms such as partners’ websites and social media. This policy applies to any kind of customer information we collect through all of the platforms or by other systems connected to these platforms. In this policy when we refer to these as our “Platform”. Apart from that, this policy supplements the terms of use for our app and website so when we use capitalized terms in this policy, they have been defined in the terms of use and have the same meaning in this policy.

Our cookie policy contains more information about how we use cookies and similar technologies on our Platform to help us recognise you and your device and store some information about your preferences or past actions. By using our Platform, you agree to this privacy policy and our cookie policy.

Our website and app also include links to websites operated by others, including providers of Events and Activities. These may also collect, store, use and share personal information in accordance with their own separate policies. We do not control those, and this policy does not cover those. For information about these third-party operators, please consult their policies.

Personal data is defined in the UK GDPR. When we use that phrase, that means we are referring to any information about an individual from which that person can be identified.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

We may also collect or process personal information about you when we

Here is more detail, with simple information about what that data allows us to do.

Personal data you give to us

When you make a Booking, we collect and use the details you provide. We will always need your name and email address to process a Booking. Depending on the Activity or Event, we may also ask for your home address, telephone number, payment details, date of birth, and the names and age of your companions for the Booking, may ask for a signature and ask you to confirm any preferences you or your companions have for your Booking (such as dietary or accessibility requirements). We may also need proof of identity or age for which we may ask you to share passport information or a driver’s license and signatures. This allows us to process your booking and provide the information required or needed by the provider of the Activity or Event.

If you contact our customer service team or the provider of your Activity or Event through a system that we provide (such as directly by email, social media or through a chatbot) we’ll collect information from you then, too. This allows us to handle your query or act on any feedback.

If you write a review on our Platform about the experiences you and your companions had during an Activity or Event, we’ll collect any information you include, along with your name, account profile and email address. This allows us to connect your reviews to your account.

You may provide information in other instances. For example, if you are browsing with your mobile device, you may set app or browser permissions which allow us to see your current location or grant us access to some contact details. This helps us to give you the best possible service and experience by, for example, showing you nearby Activities or Events or indicating distances to Listings that you view or making other recommendations.

When you create a user account, we store your name and contact details, personal settings, uploaded photos, and reviews of previous bookings there. You allow us, partners, and other Users to identify you. It also allows you to benefit from incentives and other benefits.

Personal data you give us about others

If you give details about and contact information for others as part of a Booking or to refer others to our services, it is your responsibility to ensure that the other person is aware you are doing this and understand how we use their information (as described in this Privacy Statement). We use this data to help you organise group bookings.

Personal data we collect automatically

Whether or not you make a Booking, when you visit our websites or apps, we automatically collect certain info. This can include your IP address, the date and time you accessed our services, the hardware, software, or internet browser you used, and info about your computer’s operating system like application versions and your language settings. We also collect information about clicks and which pages were shown to you. There is more information about this in our Cookie Policy.

If you’re using a mobile device, we collect data that identifies the device, as well as data about your device-specific settings and characteristics, app crashes, and other system activity. Our system registers how you make a Booking and/or from which site you came when you entered our website or app.

Personal data we receive from other sources

We may also receive information about you from partners who offer Activities or Events, especially if you make a Booking and they need to contact us about it. Information we receive from these partners may be combined with information provided by you. For example, you may provide further details to our partner who then forwards this information to us. We use this to help us match the query to your booking and to respond.

We also integrate with third-party payment service providers to facilitate payments between you and providers of Activities and Events. These service providers share payment information so we can administer and handle your Booking.

We also collect info if we receive a complaint about you from a partner. This is so that we can consider and react to the complaint.

Another way we might receive data about you is through the communication services integrated into our platforms. These communication services offer you a way to contact other Users, your companions for an Activity or Event and may permit communication with a provider of the Activity or Event to discuss your Booking. In some cases, we receive metadata about these communication activities (such as who you are, where you called from, and the date and length of the call). This helps us identify how effective the communication services are and any areas for improvement.

We may also receive information about you in order to show you more relevant ads.

When you link your ApnaKey user account to a social media account, you might trigger exchanges of data between ApnaKey and that social media provider. You can always choose not to share that data.

Why do we collect and use your personal data?

We use the info collected about you for various purposes. Your personal data may be used in the following ways:

1. Bookings: The main reason why we use your personal data is to complete and administer your Bookings, an essential part of our services for you. This includes sending you communications that relate to your Booking, such as confirmations (including, where applicable, providing you with a proof of purchase and/or payment), modifications, and reminders. When you make a Booking we will need to connect this to your account and details stored in that. We will record the fact that you are connected to other people named in the Booking, if you provide that information. When you pay for a Booking we will collect and use your transaction details to support the payment for the Booking.

2. Communicating with you: We may contact you by email, by chatbot, by mail, by phone, or by text. Which method we choose depends on the contact information you’ve previously shared. We also process the communications you send to us.

   There could be a number of reasons for these communications, including:

   • Confirmation of a Booking to you and the partner who is running the Activity or Event;
   • Responding to and handling any requests you or your Booking;
   • If you have started but not finished a Booking, we might contact you to invite you to continue with your Booking;
   • We might send you a questionnaire or invite you to provide a review about your experience during an Activity or Event;
   • Even if you don’t have an upcoming Activity or Even, we may still need to send you other administrative messages, including security alerts; and
   • In the case of misconduct, we may send you a notice and/or warning.
3. Customer service: When you contact our customer service team you may share with that team details such as Booking information or about your user account. This allows us to respond appropriately. This includes helping you to contact the right partner and responding to your query or any questions you might have about your Booking or the provider of the Activity or Event. We may use an automated telephone number detection system to match your telephone number to your account and/or Bookings. This helps save time. Our customer service staff may still ask for other personal information to confirm your identity, which helps to keep your details confidential.

4. Customer service: When you contact our customer service team you may share with that team details such as Booking information or about your user account. This allows us to respond appropriately. This includes helping you to contact the right partner and responding to your query or any questions you might have about your Booking or the provider of the Activity or Event. We may use an automated telephone number detection system to match your telephone number to your account and/or Bookings. This helps save time. Our customer service staff may still ask for other personal information to confirm your identity, which helps to keep your details confidential.

   We do not record all calls, but live listening might be carried out during calls with our customer service team or calls might be recorded for quality control and training purposes. This includes the usage of the recordings for the handling of complaints, legal claims, and for fraud detection. If a call is recorded, each recording is kept for a limited amount of time before being automatically deleted unless we determine that it is necessary to keep the recording for fraud investigation or legal purposes.

5. Account facilities: When you register on the Platform you will need to create an account by providing your email address, name and other personal information. This allows us to open your account, verify your identity, enable the supply of the services available on the Platform and administer your account or Bookings. We use the information you give us for your account to manage your Bookings, help you take advantage of special offers, manage your personal settings and photos, view previous searches, and check other information you have provided. You can also use your account to see Bookings and any reviews you’ve written.
6. Setting prices and finding nearby Listings: When you connect to the Platform with your device we use your IP address, country of location, geo-location and TOR/VPN status. When you search for Listings, we process your IP address to confirm whether you’re in the European Economic Area (EEA) or another country and may use location data from your device. We do this to offer you the best price, currency and nearby Listings for where you’re based.
7. Customer reviews: We might invite you to submit a review of a Booking. We can also make it possible for your companions at an Activity or Event to do this. By completing a review, you’re agreeing that it can be shared with others by being displayed on, for example:
   • the relevant Listing and other Listings for the same Activity or Event at different times, dates or locations;
   • on our mobile apps, on our social media accounts and social media apps;
   • the page on our website for the partner who is a provider of the Activity or Event; and/or
   • their webpage, mobile apps, social media accounts and social media apps.
8. Connecting your communications with other Users to your account: When you
   • make any upload any content to our Platform we connect your name and email address to that information;
   • communicate with any other user of the Platform through the Platform we connect your name, email address and message to this communication;
   • change or add a display picture or video, or group chat picture or video on the Platform we use your camera and photo data and connect this to your account; and
   • upload any content to the Platform we connect the content that you upload to your account.

9. Improving our services: We use personal data and cookies on your device including those placed on your device by third parties and third party partners for analytical purposes and product improvement, such as offering a more personalized experience based on how you use our platform for booking your chosen accommodation with us. This might include your unique ID in Google Analytics Processing. We use this information to carry out marketing and promotional activities and to further develop and improve the Platform and Services, to help us recognise you and your device and store some information about your preferences or past actions. When you use the Platform we will use statistics on your usage behaviour.

   We may use your personal data to develop and enhance our artificial intelligence tools. This is part of our commitment to making our services better and enhancing the user experience. In this case, we use data for testing and troubleshooting purposes, as well as generating statistics about our business. The main goal here is to get insights into how our services perform, how they are used, and ultimately to optimize and customize our website and apps, making them easier and more meaningful to use. As much as possible, we strive to use anonymized and de-identified personal data for this analytical work.

10. Marketing activities: We use your information for marketing activities including:
    • Using your contact information to send you regular news about products and services of us and our partners.
    • Showing you individualized or personalised offers and content on our website, on mobile apps, or on third-party websites/apps (including social media sites). These could be on our website or app or other third-party offers or products we think you might find interesting.
    • When you participate in other promotional activities we only use relevant information to administer these promotions.
    We would like to send you information about products and services, competitions and special offers, which may be of interest to you. Where we have your consent, we may do this by post, email, telephone, text message (SMS) or automated call. We will only ask whether you would like us and other businesses to send you marketing messages when you tick the relevant boxes. If you have previously agreed to being contacted in this way, you can unsubscribe at any time by following the instructions within the communication, or you can manage your preferences through your account settings.
11. Market research: We sometimes invite our customers to take part in market research. Review the info that accompanies this kind of invitation to understand what personal data will be collected and how it’s used.
12. Fraud detection, legal purposes and security: We use personal data for risk assessment and security purposes, including when you report a safety concern, or for the authentication of users and Bookings. We use certain personal data to detect and prevent fraud and other illegal or unwanted activities. When we do this, we may have to stop or suspend Bookings or use of the website or apps until we finish our assessment. We may also need to use your information to handle and resolve legal claims and disputes, to enforce our terms of use or to comply with lawful requests from law enforcement. Furthermore, we may process your user ID, which is linked to the email address used to create your account, for the purpose of accounting as required by the Digital Markets Act.
13. Regulatory checks: When we conduct regulatory checks on you in order to comply with our legal obligations, including without limitation to protect against anti-money laundering, fraud, credit risk and any other financial services related regulatory compliance we use your name, and any other information we obtain on you in support of those regulatory checks. We need to use this information to comply with the anti-money laundering, anti-terrorist financing, and any other regulations and laws that apply to the operation of the Platform.
14. Data requests: If you make a request to us relating to your personal information pursuant to a right of yours under GDPR you will need your email address and name, and will use any other information you provide in the request to enable you to make the request or query and allow us to respond as required by the relevant GDPR. If you choose to exercise your data subject rights with one of our partners, we may collaborate and use your data to ensure an adequate response to your request.

Your control of what you disclose and what is made public

Providing your personal data to ApnaKey is voluntary. However, we may only be able to provide you with certain services if we can collect some personal data. For instance, we can’t process your Booking if we don’t collect your name and contact details. When we require you to provide personal information such that we cannot carry out a service without that information, we will make this clear when we collect that information from you.

You can share certain information as part of your user account by creating a public profile under your own first name or a screen name you choose. You may be able to connect and interact with other Users through links to social media, online groups or forums.

Limitations on how we collect and use private information

If we use automation to process personal data that produces legal effects or similarly, significantly affects you, we’ll always implement the necessary measures to safeguard your rights and freedoms. This includes the right to obtain human intervention.

The law and other regulations treat some types of personal information as special:

• Racial or ethnic origin
• Religious, political or philosophical beliefs
• Trade union membership
• Genetic and bio-metric data
• Health data
• Information that could identify aspects of your sex life
• Sexual orientation
• Criminal records of convictions and offences
• Allegations of criminal offences.

In particular, you should be aware that when you provide information for a Booking, you may provide information which is related to or could be used to infer aspects of this special category information. For example, health data (e.g. when you request support for disability or access needs), sex life or sexual orientation (e.g. by reason of your social connections), religious or philosophical beliefs, (e.g. by expressing dietary requirements) or political or philosophical beliefs or trade union membership (e.g. by reason of the nature of the Booking). We will only collect and use these if the law allows us to do so.

When we use your personal information, the law says we must have one or more of these reasons:

• Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
• Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
• Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
• Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

To process your personal data as described above, we rely on the following legal bases in the particular circumstances noted:

When using personal data to serve ApnaKey’s or a third party's legitimate interest, we will always balance your rights and interests in the protection of your personal data against ApnaKey’s rights and interests or those of the third party. For purpose 13, apnakey.com also relies, where applicable, on compliance with legal obligations.

Finally, where needed under applicable law, we will obtain your consent prior to processing your personal data, including for email marketing purposes or as otherwise required by law.

If you wish to object to the processing set out under 5 to 10 and no opt-out mechanism is available to you directly (for example, in your account settings), contact us. [See Contcat Us in Footer]

We routinely share certain personal information with others. Third parties will not be able to access more than is reasonably necessary to achieve the purpose for which we share the information:

Employees and contractors: Employees and contractors: We may disclose your information to our staff. These are subject to obligations of confidentiality with disciplinary consequences in the case of breaches. This is to allow us to provide our services to you.

Payment and refund processors: We share details required for processing payments with our payment provider. This is currently Stripe Payments Europe Ltd  (“Stripe”) so that you can pay for Bookings and link your bank account to your account with us. Stripe’s own privacy policy is currently available at https://stripe.com/en-gb/privacy. This provider deals with processing payments, handling chargebacks, or providing billing collection services. When we are involved in any transaction of this sort whether instigated by you or by the holder of the credit card used to make your Booking, we need to share certain reservation details with the payment service provider and these may be shared with the relevant financial institution. This may also include a copy of your reservation confirmation or the IP address used to make your reservation.

Providers of Activities and Events: We transfer relevant booking details to the partner who provides the Activity or Event in your Booking. Depending on the Activity or Event and its provider, the details we share can include your name, contact and payment details, the names of the people accompanying you, and any other information or preferences you provided when you made the Booking. If you have a question about your Booking, we may contact the provider of the Activity or Event to handle your request. In certain cases, we also provide to the partner information about any misconduct that has been reported about you or companions identified on your Booking, details of those companions, the percentage of bookings you’ve cancelled in the past, profile names for you and those companions and any reviews you or the companions have provided about past bookings. If a claim or dispute arises relating to a Booking, we may provide your contact details to the provider of the Activity or Event together with other information about the booking process, as needed to resolve the situation. This can include, but might not be limited to, your email address, a copy of your reservation confirmation as proof of a Booking or to confirm reasons for cancellation. After we share information with a partner, they may further process your personal data and we will have no control of that. Please read the privacy policy or statement of the partner to understand how they process your personal data. If customer service is provided by the partner, we will share relevant Booking details with them (as and when needed) in order to provide you with appropriate and efficient support.

Google Analytics, Vercel and other website providers or web usage analysis services: We include code within our Platform which is shared with these service providers to help us identify how our services are used. Web usage analysis services may connect your use of the Platform to your other data that they hold about you, for example, if you sign in through your account that you hold with other services that they provide (such by signing in to our Platform with Google). You can see more information about this in our Cookie Policy and the information on social media below.

Other professional third parties: In certain cases (such as when handling disputes, legal claims or insurance claims or as part of auditing activities), we may need to share your personal data with professional advisors. These advisors include parties such as law firms, insurers, claims assessors or handlers or auditors. We only share your personal data to the extent that is necessary and such third parties process this data in line with their own professional obligations.

Advertising partners: We may share personal data collected using cookies with advertising partners, including your browsing history and IP address as part of marketing by or through third parties (to ensure that relevant advertisements are shown to the right audience). For information about our current use of cookies, read our Cookie Policy.

Authorities involved in fraud prevention and law enforcement: We may share information with relevant financial institutions and partners, if we consider it strictly necessary for fraud detection and prevention purposes. We will share personal information with law enforcement or other authorities if this is a legal requirement or obligation or is strictly necessary for the prevention, detection, or prosecution of criminal acts and fraud. We may need to further disclose relevant personal data to competent authorities to comply with a legal obligation, to protect and defend our rights, or the rights and properties of our partners.

We may integrate social media into our services in various ways. These can involve us collecting some of your personal data or the social media provider receiving some of your information. The use of social media features can result in the exchange of personal data between ApnaKey and the social media service provider, as we summarise below. If you do not want this to happen, do not use the social media features of ApnaKey. If you do, the following may take place:

This may mean your social media provider shares information with us. They will generally inform you about which information is shared. It may include your social media profile, your email address, your age and the profile pictures you’ve saved – depending on what you authorise in your social media account.

We will use this information to help provide you with the service or communication you requested. Your social media provider will be able to tell you more about how they use and process your data when you connect to ApnaKey through them.

We do not use social media or third-party platforms to request payments from you for Bookings. If you receive requests of that sort, please report the message to our customer service team.

We use procedures and business systems to safeguard and prevent unauthorised access to, and misuse of, personal data. We also use technical and physical restrictions for accessing and using the personal data on our servers. Only authorised personnel are permitted to access personal data in the course of their work. We recommend that you take advantage of the highest security settings relating to passwords and authentication that we offer to you for logging on to your account.

We keep your personal data only for as long as is necessary to enable you to use our services or to provide our services to you, to comply with applicable laws, resolve any disputes and otherwise to allow us to conduct our business, including to detect and prevent fraud and/or other illegal activities.

We do not currently routinely transfer your data outside of the UK, Isle of Man, Channel Islands and EEA. We will only do that to:

If we do transfer your personal information outside the UK, Isle of Man, Channel Islands and EEA to our suppliers, we will make sure that it is protected to the same extent as in the UK, Isle of Man, Channel Islands and EEA. We’ll use one of these safeguards:

You can ask us to see a copy of any implemented safeguards (where possible) by contacting us.[See Contcat Us in Footer]

Under the UK GDPR, you have several rights related to your personal data. These rights do not apply in all scenarios.

You can also:

For further information on each of those rights and compensation for damage caused by breaches of data protection rules, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please contact us[See Contcat Us in Footer] by email or in writing, providing:

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

For further information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

We hope that we can resolve any query or concern you raise about our use of your information. If you feel we have not, you can contact the Information Commissioner at:

Please contact us if you have any questions about this privacy policy or the information we hold about you. If you wish to contact us, please send an email to info@apnakey.com, or write to us at our registered office address, 71-75 Shelton Street, Covent Garden, London.

We may change this policy from time to time. When we do, we will inform you through a notice on our website or app. By continuing to use the Platform you shall be deemed to have accepted the terms of the updated policy.

This policy was published on 10-01-2025 and was most recently updated on 10-01-2025.