KidsClub is committed to protecting the privacy of all Users of the Platform, and in particular to handling responsibly the personal data of the Children whose information may be shared in connection with Bookings. This Privacy Policy explains how KidsClub collects, uses, stores, transfers, and protects personal data in connection with the operation of the KidsClub marketplace at KidsClub.hk.
This Privacy Policy is issued in compliance with KidsClub’s obligations under the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong) (“PDPO”) and the Data Protection Principles set out in Schedule 1 to the PDPO. It forms part of KidsClub’s Terms and Conditions and should be read alongside them.
1.1 KidsClub is the data user (within the meaning of the PDPO) in respect of personal data collected and held by KidsClub through the Platform at KidsClub.hk.
1.2 [Note to Client: Insert full registered company name, Hong Kong Business Registration number, and registered address prior to launch.]
1.3 If you have any questions about this Privacy Policy, wish to exercise any of your rights under the PDPO, or wish to make a data-related complaint, please contact us at:
Email: info@kidsclub.hk
Website: kidsclub.hk
Unit 1301, 13/F Chung Nam
BLDG 1 Lockhart Road, Wan Chai
Hong Kong
2.1 This Privacy Policy applies to all personal data collected, used, stored, transferred, or otherwise processed by KidsClub in connection with the Platform, including personal data relating to:
2.2 This Privacy Policy does not govern the personal data practices of Activity Providers. Once booking data and Child information are transmitted to a Provider in connection with a Booking, the Provider becomes an independent data user of that information. Parents should review the privacy policy of any Provider before making a Booking.
2.3 This Privacy Policy does not govern the processing of personal data by Stripe, Meta, or any other third-party service integrated with the Platform. Please refer to the relevant third-party privacy policies for information about how your data is handled by those services.
3.1 When a Parent registers an account on the Platform or interacts with KidsClub, we may collect and hold the following categories of personal data:
Full name, email address, telephone number, and account login credentials (encrypted). These are collected at the point of account registration.
Details of Bookings made through the Platform, including Activity selected, Provider booked, date and time of Activity, Total Activity Fee paid, and Booking Confirmation details.
Transaction reference numbers and Booking amounts processed through Stripe. KidsClub does not collect, store, or access payment card numbers, bank account details, or any other payment card data. All payment card data is collected and stored exclusively by Stripe.
Records of correspondence with KidsClub through email, contact forms, or any other channel, including support enquiries, complaints, and feedback.
IP address, browser type and version, device type, operating system, pages visited on the Platform, time and duration of visits, and other technical usage data collected automatically through cookies and similar tracking technologies. See KidsClub’s Cookie Policy for further details.
Where a Parent has provided consent to receive direct marketing from KidsClub, their marketing preference and the date and method of consent are recorded.
4.1 When a Provider registers on the Platform, we may collect and hold the following categories of personal data:
Business name, trading name, contact person name, email address, telephone number, business address, and business category.
Stripe Connect account reference number and related identifiers necessary to facilitate payments and payouts through the Platform. Stripe collects and holds detailed financial and identity verification data independently in accordance with Stripe’s own privacy policy.
Activity descriptions, photographs, pricing, schedules, Provider Terms, and all other Content uploaded by the Provider to the Platform.
Records of Provider self-certification statements made at registration in connection with business registration, insurance, qualifications, safeguarding, and SCRC compliance, as required under the Platform’s Terms and Conditions.
Records of correspondence between the Provider and KidsClub.
5.1 In connection with a Booking, a Parent may provide KidsClub with personal data relating to a Child. This may include:
5.2 KidsClub treats Child-related personal data, particularly health, allergy, and medical data, with a high degree of sensitivity and care. Such data is collected and processed exclusively for the specific purpose of facilitating the Booking and enabling the Provider to deliver the Activity safely and appropriately.
5.3 KidsClub collects Child-related personal data on the basis that the Parent has, in accordance with the Terms and Conditions, confirmed their parental authority or other lawful authority to share that data, and has consented to its use for the purposes described in this Privacy Policy.
5.4 KidsClub does not use Child-related personal data for direct marketing, profiling, or any purpose other than those directly related to the Booking for which the data was provided.
6.1 KidsClub collects personal data through the following means:
7.1 KidsClub is committed to complying with the six Data Protection Principles (“DPPs”) set out in Schedule 1 to the PDPO, as described below:
Personal data is collected only for lawful purposes that are directly related to the operation of the Platform. Data subjects are notified of the purposes for which their data is collected at or before the time of collection. We collect only the data that is necessary and not excessive for those stated purposes.
We take reasonable steps to ensure personal data held by us is accurate. Data is not retained longer than is necessary for the purpose for which it was collected. See Section 17 for our data retention periods.
Personal data is used only for the purposes for which it was collected, or for directly related purposes. Where we wish to use personal data for a new purpose, we will seek the required prescribed consent from the data subject before doing so.
We implement appropriate technical and organisational measures to protect personal data held by us against unauthorised or accidental access, loss, destruction, use, modification, or disclosure. See Section 18 for details of our security measures.
We make this Privacy Policy publicly available on the Platform and will inform Users, upon reasonable request, of the types of personal data held and the principal purposes for which it is used.
Data subjects have the right to request access to and correction of their personal data held by KidsClub, subject to limited statutory exemptions. See Section 19 for details of how to exercise these rights.
8.1 KidsClub uses personal data for the following purposes, each of which is a purpose for which the data was collected or a purpose directly related thereto:
9. Booking Data — Sharing with Activity Providers
9.1 When a Booking is made, KidsClub will transmit the following information to the relevant Provider:
9.2 The transmission of this data to the Provider is a necessary and disclosed purpose of the Platform. By making a Booking, the Parent acknowledges and accepts that their own personal data and the Child’s personal data will be shared with the relevant Provider for the purpose of enabling the Activity to be delivered.
9.3 The purpose and fact of such data sharing is a known and disclosed element of the Booking process. Parents are informed of this at the time of Booking through the checkout consent process and through this Privacy Policy.
9.4 KidsClub does not sell personal data to Providers or to any third party. The sharing of data with Providers is for the sole purpose of facilitating the Booking and enabling the Activity to be delivered safely.
10. Provider Responsibility After Data Transfer
10.1 Upon KidsClub transmitting personal data (including Child data) to a Provider in connection with a Booking, the Provider becomes an independent data user of that information within the meaning of the PDPO. The Provider is independently and solely responsible for:
10.2 KidsClub is not responsible for any act or omission by a Provider in relation to personal data following its transmission to the Provider. Parents who have concerns about a Provider’s handling of their or their Child’s personal data should contact the Provider directly and, if the concern is not resolved, may consider raising a complaint with the Office of the Privacy Commissioner for Personal Data (“PCPD”) at the PCPD’s address or website.
11.1 All payment transactions on the Platform are processed by Stripe. When a Parent makes a payment, their payment card details are collected and processed directly by Stripe and are not transmitted to or stored by KidsClub.
11.2 KidsClub receives from Stripe only the transaction reference number, booking amount, Commission amount, and net payout information necessary for the Platform’s financial and administrative functions.
11.3 Stripe processes personal and payment data in accordance with its own privacy policy and its PCI-DSS compliance obligations. KidsClub is not responsible for Stripe’s data processing practices. Parents and Providers should review Stripe’s privacy policy at stripe.com for full details of how Stripe handles their data.
11.4 Provider financial and identity data collected by Stripe during the onboarding and KYC process is processed and held by Stripe independently and is governed by Stripe’s privacy policy.
12.1 KidsClub may communicate with Users through: (a) email, using the address registered on the User’s account; (b) platform-hosted notification links; and (c) Meta messaging platforms, where the User has engaged with KidsClub through a Meta channel.
12.2 Post-Booking, Parents and Providers may communicate directly with each other using the contact information shared through the Platform. KidsClub is not a party to or intermediary in those communications and is not responsible for their content.
12.3 Personal data processed in connection with Meta messaging is governed by Meta’s privacy policy. KidsClub does not control the data processing practices of Meta and is not responsible for those practices.
12.4 KidsClub uses email primarily for: Booking Confirmations, account registration confirmations, password reset communications, important platform notices, and (where the required consent has been obtained) direct marketing communications.
13.1 KidsClub may, from time to time, wish to send marketing communications to Parents and Providers about new Activities, platform features, promotions, and news relevant to the Platform. The use of personal data for direct marketing is strictly governed by the PDPO’s direct marketing provisions, as amended in 2012.
13.2 KidsClub will not use your personal data for direct marketing purposes unless you have given your prior, express, and voluntary consent to receive such communications. Consent will be sought by means of a clearly labelled opt-in mechanism presented separately from other booking or registration fields. Ticking a general terms acceptance box does not constitute consent to direct marketing.
13.3 When seeking your consent to direct marketing, KidsClub will inform you of:
13.4 You may withdraw your consent to receive direct marketing communications from KidsClub at any time, free of charge and without providing any reason, by:
13.5 Following receipt of an opt-out notice, KidsClub will cease using your personal data for direct marketing purposes as soon as practicable and in any event within a reasonable time. Opting out of direct marketing will not affect the use of your personal data for any other lawful purpose, including for facilitating Bookings or administering your account.
13.6 KidsClub does not share personal data with third parties for their own direct marketing purposes without the explicit consent of the relevant data subject.
14.1 The Platform uses cookies and similar tracking technologies to support Platform functionality, to analyse usage patterns, and to integrate third-party services including Stripe. For full details of the types of cookies used, their purposes, and how you can manage your cookie preferences, please refer to KidsClub’s Cookie Policy, which is published on the Platform.
14.2 Analytics data collected through cookies and similar technologies is used in aggregated or anonymised form where possible to understand how Users interact with the Platform, to identify areas for improvement, and to measure Platform performance. This analytics processing does not involve the identification of individual Users to any greater extent than is necessary for the relevant analytical purpose.
14.3 Where third-party analytics providers (such as Google Analytics or equivalent services) are used, those providers process data in accordance with their own privacy policies. KidsClub takes reasonable steps to ensure that any such providers offer adequate privacy and data security standards.
15.1 KidsClub engages certain third-party service providers to support the operation of the Platform. These may include:
15.2 Third-party service providers who process personal data on behalf of KidsClub are engaged only where KidsClub has taken reasonable steps to satisfy itself that the provider implements appropriate technical and organisational measures to protect the personal data, and that the provider processes personal data only for the specific purposes for which it has been engaged.
15.3 KidsClub does not sell personal data to any third party. Personal data is shared with third-party providers only to the extent necessary for the performance of their contracted services to KidsClub.
16. Cross-Border Data Transfers
16.1 Some of KidsClub’s third-party service providers, including Stripe, may process personal data outside Hong Kong. Where personal data is transferred outside Hong Kong, KidsClub takes reasonable steps to ensure that the recipient provides an appropriate standard of data protection.
16.2 KidsClub is aware that Section 33 of the PDPO, which would impose formal restrictions on cross-border data transfers, has not yet been brought into force as at the date of this Policy. Notwithstanding this, KidsClub adopts the PCPD’s recommended practices in relation to cross-border transfers and seeks to ensure that transferred data is protected to a standard at least equivalent to the PDPO.
16.3 Where Stripe processes personal data outside Hong Kong, that processing is governed by Stripe’s privacy policy and data processing agreements, which incorporate standard contractual protections. Users are encouraged to review Stripe’s privacy policy for details of Stripe’s cross-border data processing practices.
17.1 KidsClub retains personal data only for so long as is necessary for the purposes for which it was collected, or as required by applicable Hong Kong law. The following general retention principles apply:
Parent and Provider account data is retained for the duration of the active account, and for a period of not more than seven (7) years following account closure, to the extent required for legal, audit, tax, and dispute resolution purposes.
Records of Bookings and associated payment transactions are retained for a minimum of seven (7) years from the date of the Booking, in accordance with general commercial record-keeping obligations under Hong Kong law.
Child-related personal data provided in connection with a Booking, including health, allergy, and medical information, is retained by KidsClub only for the period necessary to support the Booking (including any dispute resolution period following the Booking date) and is thereafter deleted or anonymised. Child health and allergy data is not retained for any longer than is strictly necessary for these purposes.
Records of communications with KidsClub are retained for a period of up to three (3) years from the date of the last communication, or longer where the communication is relevant to a dispute, legal claim, or regulatory matter.
Records of consent to and opt-out from direct marketing are retained for the duration of the consent period plus five (5) years, to evidence compliance with PDPO direct marketing requirements.
17.2 Personal data that is no longer required for any permitted purpose will be securely deleted or permanently anonymised.
18.1 KidsClub implements reasonable and appropriate technical and organisational security measures to protect personal data held by KidsClub against unauthorised or accidental access, use, disclosure, loss, alteration, or destruction. These measures include:
18.2 Notwithstanding the measures described above, no method of electronic transmission or storage is entirely secure, and KidsClub cannot guarantee the absolute security of personal data transmitted over the internet or held on electronic systems. KidsClub will notify affected Users of any data breach in accordance with applicable law and PCPD guidance.
18.3 Security of data in transit. KidsClub’s obligations under Data Protection Principle 4 of the PDPO apply to personal data both while it is held by KidsClub and while it is being transmitted. Accordingly, KidsClub transmits personal data — including the transmission of booking data and Child information to Providers in connection with a Booking — using industry-standard SSL/TLS encryption and other appropriate technical measures designed to protect that data against unauthorised or accidental access during transmission. Where Section 18.4 and the Terms and Conditions provide that KidsClub’s responsibility ceases upon transmission of personal data to a Provider, this refers to KidsClub’s responsibility for the Provider’s subsequent handling, storage, and use of that data as an independent data user. It does not diminish KidsClub’s own responsibility, as a data user, to effect the transmission itself by appropriately secure means in accordance with DPP 4.
18.4 Users are responsible for maintaining the security of their own account credentials and for taking appropriate steps to protect any personal data stored on their own devices.
19.1 Under the PDPO, every individual has the right to request access to personal data of which they are the data subject and held by a data user. This right is set out in section 18 of the PDPO.
19.2 Access Requests. You may submit a written data access request to KidsClub at the contact details set out in Section 1.3, requesting access to personal data held by KidsClub that relates to you. KidsClub will respond to a valid access request within forty (40) days of receipt, in accordance with the PDPO. KidsClub may charge a reasonable fee for processing access requests in accordance with the Personal Data (Privacy) (Fees and Time) Regulations.
19.3 Correction Requests. You may submit a written data correction request if you believe that personal data held by KidsClub about you is inaccurate, incomplete, or misleading. KidsClub will respond to a valid correction request within forty (40) days. Where KidsClub is unable to correct the data as requested, it will inform you in writing of the reason.
19.4 Certain personal data may be exempt from access and correction rights under the PDPO, including data subject to legal professional privilege, data held in connection with investigations, and certain other categories specified in Part 8 of the PDPO.
19.5 Direct Marketing Opt-Out. You have the right to require KidsClub to cease using your personal data for direct marketing purposes at any time, free of charge. See Section 13.4 for how to exercise this right.
19.6 KidsClub does not charge for the processing of a data correction request. KidsClub may impose a reasonable fee for a data access request in accordance with the applicable regulations.
20.1 The Platform is not directed at Children. Children do not register accounts on the Platform. Only adults (Parents or Providers) may register accounts and interact directly with the Platform.
20.2 Personal data relating to Children is collected and processed by KidsClub only where the Parent has confirmed, in accordance with the Terms and Conditions, that they hold the requisite parental authority to provide that data on behalf of the Child.
20.3 Where prescribed consent from a data subject is required under DPP 3 of the PDPO in respect of personal data relating to a minor (being a person under the age of eighteen), and where the minor is unable to provide that consent themselves, KidsClub will seek such consent from a person with parental responsibility for the minor, in accordance with the PDPO.
20.4 The collection and use of Child personal data by KidsClub is limited to what is directly necessary for the Booking purpose for which it was provided. Child personal data, and in particular health, allergy, and medical data, is not used by KidsClub for any other purpose.
20.5 KidsClub encourages Parents to discuss with Providers how the Child’s personal data, particularly health and medical information, will be used, stored, and protected prior to the Activity taking place.
21.1 By registering on the Platform, each Provider acknowledges and accepts that they will receive personal data (including Child data) from KidsClub in connection with Bookings, and that they are independently responsible for processing that data in compliance with the PDPO and all other applicable data protection and privacy laws.
21.2 Providers must not use personal data received from KidsClub in connection with Bookings for any purpose other than the delivery of the relevant Activity, unless they have obtained the required prescribed consent from the relevant data subject.
21.3 Providers must implement appropriate technical and organisational security measures to protect personal data received through the Platform.
21.4 Where a Parent or Child makes a data access or correction request to a Provider in relation to data held by the Provider, the Provider must respond in accordance with the PDPO.
22.1 In the event that KidsClub becomes aware of a data breach involving personal data held by KidsClub that is likely to result in risk to the rights and freedoms of affected data subjects, KidsClub will:
22.2 KidsClub is not responsible for data breaches occurring at the Provider level, at the Stripe level, or at any other third-party service provider level. Users who suffer or become aware of a data breach at the Provider level should contact the Provider and, if appropriate, the PCPD.
23.1 KidsClub may update this Privacy Policy from time to time to reflect changes in the law, changes in KidsClub’s data processing practices, or for other operational reasons. Any amendment will be published on the Platform with a revised last updated date.
23.2 Where a change is material, KidsClub will use reasonable efforts to provide advance notice to registered Users by email or through a prominent notice on the Platform. Continued use of the Platform after the effective date of any amendment to this Privacy Policy constitutes acceptance of the revised Policy.
23.3 If you do not accept a material change to this Privacy Policy, you should discontinue your use of the Platform and close your account.
24.1 If you have a concern about the way KidsClub has handled your personal data, please contact KidsClub in the first instance at the contact details set out in Section 1.3. KidsClub will acknowledge your complaint within a reasonable time and will endeavour to resolve it to your satisfaction.
24.2 If you are not satisfied with KidsClub’s response, or if you believe that KidsClub has contravened the PDPO, you may make a complaint to the Office of the Privacy Commissioner for Personal Data, Hong Kong. The PCPD’s contact details and complaint procedures are available at its website: www.pcpd.org.hk.
24.3 You may also have the right under section 66 of the PDPO to bring a civil claim in court for compensation if you have suffered damage through a contravention of the PDPO by KidsClub.
25.1 This Privacy Policy is governed by and shall be construed in accordance with the laws of the Hong Kong Special Administrative Region of the People’s Republic of China. Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Hong Kong.
25.2 For all data privacy enquiries, access requests, correction requests, consent withdrawals, or complaints, please contact KidsClub at:
Email: info@kidsclub.hk
Website: kidsclub.hk
KidsClub Limited : Unit 1301, 13/F Chung Nam
BLDG 1 Lockhart Road, Wan Chai
Hong Kong
This Privacy Policy is issued in compliance with the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong). Last updated May 2026.