We may keep a record of personal data so that we can contact you and people in your teams about your experience, for example if there is a problem, or for feedback. The basis for processing this data, as defined by the General Data Protection Regulation (GDPR) under Article 6 is ‘legitimate interests’.


 What type of information do we collect? 

We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

Our technology partners and our customer support staff have access to personal data so that they can make sure our systems run properly, and can serve you as a customer. They have access to name, email and mobile number. Data for our internal systems is held on a server by Digital Ocean LLC, based in the United States. Zendesk, based in the UK store data for customer support, and Stripe, based in the United States, stores payment data.

We have agreements in place with the organisations above to ensure they safeguard data.

 How do we collect information? 

When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, email address and mobile number. 

 Why do we collect such personal information? 

We collect such Non-personal and Personal Information for the following purposes:

  • To provide and operate our Services and serve you as a customer.

  • To provide our Users with ongoing customer assistance and support;

  • To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;

  • To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services; 

  • To comply with any applicable laws and regulations.

 How do we store, use, share and disclose your information? 

Questventure is hosted on the platform. provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. All direct payment gateways offered by and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

We also share your data with Google, Zapier and Twilio to provide an automated SMS software as part of the service you purchase and agree to. Each of these services ensure your data is safeguarded. After you have played a game we will keep your data, unless you tell us you would like us to remove it. If you contact us we can look up your details so we can tell you which games you have done in the past, so we can recommend other games to you, and importantly make sure you don’t do the same game again. This is because the games do not usually change enough to make them suitably different to be a challenge to do again.

We may provide data to Facebook, based in the United States, so that the Facebook and Instagram sites, both owned by Facebook, so that customers can find out about new HiddenCity experiences in adverts on the Facebook or Instagram sites. The information we send is for Questventure advertising purposes only; Facebook do not have access to the data for their purposes. If you see an advert from HiddenCity on Facebook and do not want to see further adverts from HiddenCity click the ‘…’ menu on the top-right hand corner of the ad and navigate to ‘Hide all ads from this advertiser’. Read more about hiding adverts. The basis for processing this data under the General Data Protection Regulation (GDPR) is ‘legitimate interests’. Customer data sent to Facebook is hashed (encrypted in a way that it cannot be easily reversed) locally on the browser before it goes to the Facebook for matching. Facebook typically deletes all matched and unmatched hashes within 48 hours after the matching process ends. Facebook has agreements in place to ensure they safeguard data.

 How do we communicate with you? 

We may contact you to notify you regarding your purchase, to troubleshoot problems with your purchase, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email and text message. This basis for holding your data for electronic marketing is ‘consent’ under GDPR.

 Access to your information 

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, then contact us. We may make a small charge for this service. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.


Alternatively, you may want us to not process your data anymore. You have the right to ask us to do this under GDPR. We won’t be offended. please contact us.


Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

 Changes to this policy 

This privacy policy was last updated on 23 April 2020. We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon posting on this website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

 Get in touch 

If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at