Privacy Policy

At Mystery Cube HQ we take your privacy very seriously. It is a clear and concise summary of what we do – and don’t do! – with your data. Please read it carefully before you give your details to us or the third parties we specify below as being part of the booking process. When you make a booking with us, you must accept this Privacy Policy.

Who we are?

Mystery Cube is a business owned and managed as a business partnership. We can be contacted in the following ways:


phone: 07942 502 026 or 07876 684 269

post: 19 Deer Park road, Wimbledon, London SW19 3UX

What information do we collect?

We use a third-party website called JRNI (formerly Booking Bug) to manage our bookings. We chose this company because of their excellent reputation and secure data handling. When you start to make a booking on our website you will be directed to the JRNI website. You can check out their Privacy Policy here:


When you reach the point of paying for your booking, we use a merchant service called WorldPay. Again, we have chosen this company because of their excellent security. You can check out their Privacy Policy here:


We do not collect – but are able to access and download – the following data that these two companies ask you for during the booking process:


  1. Booking Bug:
  • Your name
  • Your contact number
  • Your email address
  • What kind of team you are, e.g. family, friends, colleagues.
  • Age of youngest team-member, e.g. 11 or above, or 9 to 11.


  1. WorldPay:
  • name
  • phone
  • email
  • address
  • first and last 4 digit on your card
  • card’s expire date
  • IP address
How do we use personal information? website (the Site) and link

Put simply, after the booking process has been completed we will only use your data as follows:


  • To contact you about your booking, e.g. for rescheduling, technical issues, or if you are running late
  • To send you booking confirmation/cancellation/amendment emails
  • We will also email you after your visit to let you know that your Mission Report has been posted on social media – typically Facebook, Instagram, Tripadvisor and/or Twitter – and to ask you for a review, e.g. on TripAdvisor
  • For our internal accounting processes, we only download from the third-party websites anonymised data such as your booking reference number, date and time of booking, first name and the answers you gave during your booking (where did you find the MysteryCube, what group type you are, is one over 18 in the group, is everybody over 11 (or between 9-11) in the group.

Please note we do not send “bulk” emails to customers. There will only ever be one exception to this – one day we hope to open a second Mystery Cube experience, and we’d love to contact you about that.

ed domain names e.g. and

Mystery Cube will do its best to provide a good service with the most up-to-date and accurate information on the Site. By using the internet to visit the website you accept that the Internet is not fully secure. Mystery Cube will take all appropriate/reasonable measures to protect information you submit and secure any payment card information. Mystery Cube shall not be liable for any damage that you may suffer as a result of the loss of confidentiality of any such information.

The website is for personal and non-commercial use. You are not permitted to copy, reproduce, publish, display, distribute, transmit, modify, license, transfer, sell or use as source material any information obtained from this website without obtaining written consent from Mystery Cube. You are not allowed to link to, or use, all or any part of the the Mystery Cube website for any purpose which is fraudulent, unlawful, defamatory, harmful, obscene or objectionable.

If you wish to use any of the logos or trade marks found on the Mystery Cube website or any in other media or material you must obtain written permission from Mystery Cube. You accept that failure to obtain permission may be a breach of UK copyright law or the rights of Mystery Cube as a proprietor. Any external hyperlinks on the Mystery Cube website are out of Mystery Cube’s control. You agree to use them at your own risk. Mystery Cube accepts no liability for any damage arising from any use of those websites. Mystery Cube owns and operates this website. Terms and conditions or the content of the website can be modified or varied any time without prior notice.

What legal basis do we have for processing your personal data?

The data-handling we do as described above is all done with the sole “legitimate interest” of managing your Mystery Cube experience, from the start of the booking process to when we send you the follow-up email about your Mission Report and review request. That’s it!

When do we share personal data?

We take a photo after your Mission and ask your permission straight away. We normally share your Mission photo on Facebook, Instagram, Tripadvisor and/or Twitter. We only do it after obtaining your verbal agreement.

You have the right to refuse. In this case the photo is either not taken or we can email it to you direct rather than putting it on social media.

Where do we store and process personal data?

The anonymised data from your booking is held on one encrypted computer and an encrypted hard drive. Your personal data is kept by the third-party companies detailed above.

Other third parties such as social media sites might collect data from you and they have their own Privacy Policy. Please read those policies if you require further information.

Please note, we are not responsible for how third parties collect

How do we secure personal data?

We ensure that the third-party companies used for the booking process are up-to-date with current legislation and have the appropriate security certification.

How long do we keep your personal data for?

We only retain anonymised data. The third-party companies may retain your data. Please check their policy documents for further detail.

Photos made of you after your Mission are deleted from your host’s/gamesmaster’s phone are deleted after one month.

Your rights in relation to personal data

At any point, you have the right under the GDPR to find out what information we hold on you, ask for it to be corrected or deleted, or any other requirement – it is your data. You also have the same rights with the third-party companies we use. If you have any queries for them we will assist you in any way we can. And if you feel your data rights have not been correctly followed you can complain to the Information Commissioner’s Office –

If at any point in the future you would like your photo to be removed from our social media listings, you can ask us to delete it. You will need to send us the link to the relevant photo and we will then delete it as soon as possible and confirm with you when it has been done.

Use of cookies and other technologies

Cookies (and similar technologies) are widely used on the internet and allow a website/portal to recognize a user’s device, without uniquely identifying the individual person using the computer.


We do not make use of cookie data on our website. However, the third party websites to which you are directed may do so. For example, Worldpay’s websites use cookies and other technologies, which store small amounts of information on your computer or device to allow certain information from your web browser to be collected.


For more information about cookies, including how to see what cookies have been set and how to manage, block and delete them, see and Worldpay’s Cookies Policy. You may also be able to configure your browser not to accept cookies, although please note this may affect your ability to use the services Worldpay provides.

Linking to other websites / third party content

We only link to the two third-party websites previously mentioned and our dedicated social media pages (Instagram, Facebook, Twitter and Tripadvisor). These sites all have their own Privacy Policies which they advise users to read. We will never direct you anywhere else.