Privacy policy

Yellow Days Limited: Privacy Policy

  1. Introduction
    1. Yellow Days (“we” or “us”, “Yellow Days”) provides an online activity marketplace for users to find and book children’s activities (“our services“). This Privacy Policy explains how we collect, use, and share personal data relating to parents, guardians, children and activity providers (“you”) in the course of providing our services and operating our app and website.
    2. We may amend this Privacy Policy from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check this page for the latest version.
  2. About us (as the Data Controller)

    Yellow Days is registered under the Data Protection Act 2018, Registration Reference Number ZB532393, and with Companies House (registered company number 13609838, and registered office address 250 Wharfedale Road, Winnersh Triangle, Wokingham, Berkshire, -United Kingdom, RG41 5TP

  3. Our collection and use of personal data
    1. Whose personal data do we collect?
    2. We process personal data about the following persons:
      1. individuals who use our services in order to book activities for their children, and pay the activity provider via Yellow Days;
      2. the children who participate in the activities, including personal data such as their name, date of birth, activity preferences, and any health concerns, allergies, or consents that might influence participation in activities;
      3. other visitors to our website (https://yellowdays.com/) and our subdomains; and
      4. business partners, including activity providers, whose contact and payment information we process to manage our business relationships.
      5. We collect name, address, phone number so we are able to process payments via Apple Pay.
    3. We collect personal data when you fill in forms on our website – including the sign-up form for users and the sign-up form and Safety Charter Guarantee for activity providers. If you are a user of our Service, we will obtain some personal data including your name, emergency contact details, and email address, when you create an account.
    4. We also collect personal data in the event where you opt to leave a review following an activity. This review may be featured on our website and app with the objective of informing future users.
    5. Our website automatically collects information about all visitors – see clause 11 below for more information.
    6. Unless otherwise indicated, all categories of information on our sign-up forms are mandatory in order to create an account. Should you fail to provide us with the information required, we will be unable to proceed with setting up your account.
    7. In addition to such mandatory information, users have the option to provide further information to enhance their experience and to tailor activities and preferences. For example, users can provide customised information such as their children’s needs, SEN inclusive activities, and also time preferences, for example if users would like extended day options. In terms of optional information for Activity Providers, they can include a Mission Statement, or information regarding how they work.
  4. What do we use personal data for?

    In the table below we have provided a description of the different purposes for which we process personal data. For each purpose, we have indicated the legal basis we rely on under data protection law:

    Purpose Personal Data Legal Basis
    Creating an account to use our services Name; contact information; email address; password Performance of our Terms of Use
    Creating an account for an activity provider to list their activities and use our services Personal or business name; contact information; email address; password Performance of our Terms of Use
    Verifying an activity provider’s professional identity during account creation and onboarding UK passport or photo driving licence; details of professional liability insurance UK passport or photo driving licence; details of professional liability insurance
    Processing an activity booking made by a user Details of activity; user information; payment information Performance of our Terms of Use
    Processing health information in connection with an activity booking Health information relevant to an activity booking (e.g., allergies; conditions that may affect ability to participate in activity) Your explicit consent (given on behalf of your child)
    Paying the activity provider Payment information – bank details (for activity providers who have personal data associated with their bank details) Performance of our Terms of Use
    Submitting information to our regulators and complying with regulatory audits Details of activity types and activities provided Compliance with a legal obligation
    To collect information using cookies and similar technologies IP address; device and browser generated information; information about site activity. We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive whilst a website is viewed. Consent (in relation to non-essential cookies – see below) Legitimate interest in providing a functioning and secure website (in relation to essential cookies –-see below)
    To conduct service analytics Contact information; activity location; information about your use of the services Legitimate interest in understanding how our services are used in order to make improvements to them
    To manage our commercial relationships with our consumers and suppliers Name; business contact information Legitimate interest in conducting our business, including arranging the delivery and receipt of services and payment for those services
    Customer Support If you report a problem or contact us for support, we will collect your name, phone number, email address, and details of your query or complaint. If you need a refund, in some cases we will collect your credit card number, as well as any other content that you send to us, in order for us to prove support. We use your information to perform our contract to provide you with services. If you wish to have the benefit of customer support, you will not be able to opt out of the provision of the data required. We also have a legitimate interest in providing support to our customers and fixing issues that they bring to our attention.
  5. Sharing personal data with third parties
    1. Activities are booked with third party activity providers. Once a booking is completed, we share data required by the activity provider including your name, email address, and telephone number, and your child’s name, date of birth, school, medical conditions and consents. The activity provider’s processing of your personal data will be subject to their own privacy notices.
    2. We share data required by the activity provider to secure and manage your booking. This will include your name and contact information and the name of your child, and may include other information (e.g., child’s date of birth, medical conditions, school etc.), as required by the activity provider.
    3. Sometimes we use business partners to help us provide our services. Specifically, we use third party payment service providers (for example, Stripe), to whom we fully outsource the handling and other processing of your payment card information. We also use technology service providers to host our platform and to store your personal data. These providers are subject to contracts which require them to comply with our instructions and to only process your personal data in order to provide the service we have requested.
    4. As well as disclosures to our service and activity providers, we may disclose your personal data to third parties in the following circumstances:
      1. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
      2. Where you wish to share an activity via social media. In this case, we will use social media plug-ins to support the transfer of information;
      3. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, court or police request, or in order to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of Yellow Days, our customers or others. This includes:
        1. exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and
        2. notifying users where Yellow Days becomes aware of significant issues with an activity provider or activity.

    We may also share statistical or aggregated data relating to your use of the Service with third parties. Such data will not identify you.

  6. International transfers
    1. We are a UK based business, and we store your personal data on AWS servers based in either the UK or the European Economic Area (EEA)
    2. We may engage technology service providers who access your personal data from outside of the UK and EEA, e.g., for support and maintenance purposes. Further, the providers of cookies used on our websites may also process your data overseas . In these cases, we put in place appropriate safeguards to protect your personal data – such as the standard contractual clauses – unless a relevant exemption applies.
  7. Security
    1. We recognise the importance of keeping your data safe and take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal data from unauthorised access and disclosure.
    2. We assume no liability for interception, alteration or misuse of information transmitted over the internet.
  8. Your rights
    1. Subject to certain exemptions, and in some cases dependent upon our legal basis (see section 4, above), you have certain rights in relation to your personal data. These are:
      1. To access personal data
      2. To rectify / erase personal data
      3. To restrict the processing of your personal data
      4. To transfer your personal data to another controller (“data portability”)
      5. To object to the processing of personal data
      6. To object to how we use your personal data for direct marketing purposes
      7. To obtain a copy of personal data safeguards used for transfers outside the UK
      8. To lodge a complaint with your local supervisory authority
    2. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
    3. You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
    4. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
  9. Complaints

    You have the right to lodge a complaint in relation to the processing of your data. This can be done by contacting the ICO (https://ico.org.uk/).

  10. Retention of your personal data
    1. As a basic rule, we will store your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Policy.
    2. We may store your personal data for longer periods of time so that we have an accurate record of activities in which users participated, and in relation to reviews, and so that we maintain your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
  11. Cookies and similar technologies
    1. Like most websites, we use cookies and similar technologies that obtain information from, or store information on, your device. That information may constitute your personal data, for example where it is associated with you as a registered user or a prospective user.
    2. Our cookies are “essential” – meaning that they are necessary to make the website function as intended (e.g., cookies that remember information inputted into a form, or cookies used for load balancing).
  12. Contacting us
    1. Should you have any queries in relation to our use of your personal data, please contact us or our Data Protection Officer directly using the details provided below.
    2. Yellow Days can be contacted in writing at (250 Wharfedale Road, Winnersh Triangle, Wokingham, Berkshire, RG41 5TP ) or by email (hello@yellowdays.com).
    3. Our Data Protection Officer can be contacted in writing at (250 Wharfedale Road, Winnersh Triangle, Wokingham, Berkshire, RG41 5TP ) or by email (hello@yellowdays.com).
  13. Changes to this Privacy Policy

    We may from time to time make changes to this Privacy Policy. We suggest you check back regularly to check to see if there have been any changes to this Privacy Policy.

Date Change
22/07/2025