Privacy Policy

Little Dreams is a children's themed party venue operating from 244 Denton Lane, Chadderton, OL9 8PE in Greater Manchester. We are the “data controller” for the personal information described in this policy under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

You can reach us at:

• Email: hello@littledreamsclub.co.uk
• Phone / WhatsApp: 07838 747603
• Post: Little Dreams, 244 Denton Lane, Chadderton, OL9 8PE

We only collect information we actually need to host your party.

When you book a party

• Booking parent details: first name, last name, email address, mobile phone number.
• Party details: birthday child's first name, age, guest count, any allergy or dietary notes, special requests.
• Date, time slot, theme, package, and chosen add-ons.
• Payment information: we do not store your card details. Payments are processed by Stripe, who hold the card data securely on their PCI-compliant servers. We receive only a payment confirmation token and the amount charged.

When you visit the website

• Basic technical data (IP address, browser type, pages visited) used for security, fraud prevention and to keep the site running.
• Strictly-necessary cookies that keep the site functional. We do not use advertising or third-party tracking cookies.

At the party itself

• Photographs of the party, taken by our staff. These are uploaded to a private gallery for the booking parent. Photos of children only appear in public marketing material (e.g. social media) where the booking parent has given explicit written consent via the photo consent form (see Section 6).

Under UK GDPR we rely on the following lawful bases:

• Contract (Art. 6(1)(b)): for booking, payment, and delivering the party itself.
• Legitimate interests (Art. 6(1)(f)): for site security, fraud prevention, internal record keeping and replying to enquiries.
• Consent (Art. 6(1)(a)): for marketing photos of children and any optional emails (such as future event invitations).
• Legal obligation (Art. 6(1)(c)): for accounting and tax records we're required to keep by HMRC.

We never sell your information. We share it only with the small number of service providers we need to run the business, and only what they need:

• Stripe — payment processing. Privacy policy: stripe.com/privacy.
• Resend — transactional email delivery (booking confirmations and the party photo gallery email).
• Vercel — website hosting and serverless function execution.
• Neon — encrypted database hosting (your booking record).
• Cloudflare — bot protection and content delivery in front of the website.
• HMRC and other regulatory bodies where we have a legal duty to do so.

All providers are bound by data-processing agreements with appropriate safeguards. Where any provider sits outside the UK/EEA, transfers are protected by Standard Contractual Clauses or an equivalent UK Adequacy Regulation.

• Booking records and the child's name/age: 7 years from the party date, to satisfy HMRC's requirement to retain financial records.
• Party photographs in the private parent gallery: 12 months from the party date, after which they are deleted unless you ask us to remove them sooner.
• Email correspondence: 3 years from the last interaction.
• Web server logs: 30 days.

We take the protection of children's personal information seriously. Bookings are made by a parent or legal guardian aged 18 or over, who acts on behalf of the child. The only child-specific information we hold is the first name, age, any allergy or dietary notes the parent provides, and the party photographs themselves.

Photographs: we ask every booking parent to complete a photo consent form. If consent is not given, that child will be excluded from all group shots, the private gallery, and any social-media use; any individual shots are stored only in the booking's private gallery and never used publicly. Consent can be withdrawn at any time by emailing hello@littledreamsclub.co.uk.

Under UK GDPR you have the right to: access your data, correct inaccurate data, ask us to delete your data, restrict or object to processing, request data portability, and withdraw consent at any time where consent is our lawful basis. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

To exercise any of these rights, email hello@littledreamsclub.co.uk — we'll respond within one calendar month.

We protect your data with industry-standard measures: HTTPS encryption on every page, encrypted database storage, restricted access controls on the admin panel, two-factor authentication on the accounts we use to operate the business, and regular software updates. No system is perfectly secure, but we work hard to keep yours safe.

We use only the cookies strictly necessary to make the site work (for example: keeping you signed in to your booking, anti-CSRF tokens, and Cloudflare's bot-protection token). We do not use advertising, profiling, or third-party tracking cookies. Because we do not use non-essential cookies, we are not required to display a cookie consent banner under UK PECR.

If we update this policy, we'll change the “Last updated” date at the top and post the new version here. Material changes (anything that affects how we use your data) will be notified by email to anyone who has made a booking in the previous 12 months.

We'd rather hear from you directly first — please email hello@littledreamsclub.co.uk and we'll do our best to resolve any concern within five working days.