Privacy Policy & Cookies

Last updated: March 2026

  1. Introduction

Secret Group Limited trading as Secret Cinema (“Secret Cinema”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. Secret Cinema is part of the MARI Group corporate group (the “Group”). In this policy, references to the “Group” mean Secret Group Limited and its subsidiaries and affiliates from time to time.

We are a limited company registered in England and Wales (registered no. 05071764) with registered offices at 5 New Street Square, London, EC4A 3TW United Kingdom. 

This policy explains how we collect, use, store and protect your personal data when you:

  • Visit our website
  • Purchase tickets
  • Attend our events
  • Engage with our immersive experiences
  • Interact with our marketing and advertising

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.  By engaging with Our Site and Applications, you acknowledge you have read and understood this Privacy Policy.

  1. Data Controller

Secret Group Limited is the Data Controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Depending on how you interact with us, another Group company may also determine the purposes and means of processing your personal data (for example, where we use shared Group systems for customer support, marketing preference management, analytics, finance, IT or event operations). In those cases, we and that Group company may act as joint controllers. Where we act as joint controllers, you can contact us using the details below and we will direct your request to the appropriate party; a summary of the joint-controller arrangement is available on request.

Contact: help@secretcinema.com

  1. Personal Data We Collect About You

We may collect and process the following categories of personal data:

  1. Identity & Contact Data which you give us:
  • Name
  • Email Address
  • Phone Number
  • Billing Address 

  1. Transaction Data:
  • Ticket purchases
  • Payment confirmations
  • Attendance history

  1. Communications and surveys:
  • Communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding our site or any of our events 
  • Information from surveys that we may, from time to time, run on our site for research purposes, if you choose to respond to or participate in, them

  1. Technical Data
  • Geographical / location data (derived from IP address, browser locale, or user selection)
  • Browser type
  • Device identifiers 
  • Behavioural / interaction data (via Hotjar, Segment, Google Analytics - clicks, time on site, feature usage)
  • Advertising interaction data (via Facebook Custom Audiences, TikTok, Reddit, Bing, Axon Pixel)

You cannot be personally identified from this information and it is only used to assist us in providing an effective service on our site and to collect broad demographic information for aggregate use or provide services accurate to your location.

  1. Marketing & Communications Data
  • Preferences 
  • Campaign engagement
  • Survey responses 

  1. Experience & Event Data
  • Costume or participation information voluntarily provided
  • Accessibility requirements
  • Dietary requirements
  • Mobility or medical disclosures relevant to event safely 

  1. Filming & Photography Data
  • CCTV footage
  • Event photography
  • Audience filming
  • Livestream capture
  • Behind-the-scenes recording

  1. Where special category data is collected (e.g. health or accessibility information), we process this only where necessary for safety, accessibility or legal obligations.

  1. How We Collect Data

We collect data via:

  • Ticket purchases and registrations
  • Website forms
  • Marketing sign-ups
  • Onsite event interactions
  • Accessibility or safety disclosures
  • Cookies and tracking technologies 
  • Third parties (for example ticketing partners, payment providers, and advertising/analytics partners) and, where applicable, other Group companies

  1. How We Use Your Data (Lawful Bases)

We only use your personal data where the law allows us to. Under UK GDPR we must have a lawful basis, and where we process special category data (such as certain health, accessibility or dietary information) we must also meet an additional condition. The main lawful bases we rely on are: (a) performance of a contract, (b) legal obligation, (c) legitimate interests, and (d) consent. For electronic marketing (such as email/SMS), we also comply with the Privacy and Electronic Communications Regulations (PECR).

We rely on the following lawful bases to use your data:

  1. We need your personal data to comply with the following contractual obligations.
  • Ticket fulfilment
  • Event delivery
  • Customer service

  1. We may require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests, such as:  
  • Operating, improving and protecting our business 
  • Security monitoring
  • Preventing fraud and misuse of our services and protecting customers, staff and the public (including security monitoring and incident management)

Where we rely on legitimate interests, we conduct Legitimate Interests Assessments (LIAs) to ensure your rights are not overridden.  

  1. If the law requires us to, we may need to collect and process your data for for reasons such as:
  • Financial record keeping
  • Health & Safety compliance

  1. We can collect and process your data with your consent for the following purposes:
  • Email marketing
  • SMS marketing
  • Social media custom audiences
  • Non-essential cookies
  • Marketing personalisation
  • Experience improvement
  • Audience analytics

We will not send you any marketing material unless you have given your consent. Once consent has been given, you can change your mind at any time by contacting us. The easiest way to do so is by selecting the unsubscribe option in the emails you receive or emailing help@secretcinema.com 

  1. Filming, Photography & CCTV

Our events and immersive experiences are filmed and photographed for:

  • Marketing and promotion
  • Social media content
  • Press coverage
  • Archival documentation
  • Livestream or broadcast partnerships

Lawful basis: Legitimate Interests and/or Consent.

You will be notified via:

  • Event signage
  • Ticket terms
  • Pre-event communications

You can exercise your right to object to filming by: 

  • Speaking to staff onsite
  • Avoiding marked filming zones
  • Post-event removal requests (where feasible)

Upon your notification, we will take reasonable steps to exclude you from promotional captures where feasible.

CCTV is used for safety and crime prevention.  Where CCTV footage is collected by our venue partners this is subject to their own privacy policy and not that of Secret Cinema.

  1. Marketing & Advertising

If you have opted in (or where otherwise permitted by law), we may use your data to:

  • Send newsletters
  • Promote events
  • Share partner offers

You can opt out of marketing at any time by using the unsubscribe link in any email, by adjusting your cookie preferences (for cookie-based advertising), or by contacting our privacy contact details above. Opting out will not affect service messages such as ticket confirmations or important operational updates.

We may use platforms including:

  • Meta (including Facebook and Instagram)
  • Google 
  • TikTok
  • LinkedIn

This may include:

  • Custom audience matching
  • Lookalike audience modelling
  • Pixel-based retargeting 

These platforms’ uses of cookies are subject to their own privacy policies and not that of Secret Cinema.  Please note we neither control nor have access to those cookies, and these advertisers’ uses of cookies are subject to their own privacy policies and not that of Secret Group Ltd.

If you follow links from our site to theirs, you should be aware that these other sites have their own privacy and data processing practices. We have no responsibility or liability for these independent policies. For more information regarding a site and its privacy policies including its use of cookies, check that site.

  1. Cookies

We use cookies and similar technologies including:

  • Essential cookies
  • Analytics cookies
  • Functionality cookies
  • Advertising cookies

These typically involve pieces of information or code that a website transfers to or accesses from your computer hard drive or mobile device to store and sometimes track information about you. Cookies and similar technologies enable you to be remembered when using that computer or device to interact with websites and online services and can be used to manage a range of features and content as well as storing searches and presenting personalised content. 

Non-essential cookies are deployed only after consent via our Consent Management Platform.

You can withdraw consent at any time via our cookie banner or settings.

For more information about cookies including removing any or all of your cookies, please visit All About Computer Cookies.

  1. Data Sharing & Processors

We do not give, rent, lend or sell individual information to any third party. However, we may share your personal data (i) within the Group where necessary for the purposes described in this policy (such as operating our business, providing customer support, safety and security, analytics and reporting, and (where you have opted in) marketing), and (ii) with third party partners and processors to collect, export, process and store personal data on our behalf, including:

  • Ticketing platforms e.g. TodayTix
  • Payment processors e.g. Stripe, Adyen
  • Email platforms e.g. Iterable
  • Cloud storage providers
  • Marketing and media agencies

All processors are bound by GDPR-compliant contracts and, where applicable, their own Privacy Policies.  Information which you supply to any third parties is not within our control and is subject to the applicable party’s privacy policy and terms and conditions. Where we share data with Group companies for their own purposes, those Group companies will generally act as independent controllers (or joint controllers with us) as explained above.

In the event that we undergo re-organisation or are sold to a third party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third party. Where required, we will provide you with notice of the change and any choices you may have.

We may disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect our site or the rights, property or personal safety of any person.

  1. Data Storage and International Data Transfers

Your data may be transferred outside of the UK for the following reasons:

  • In order to store it.
  • In order to enable us to provide goods or services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services.
  • Where data is accessed by Group companies or staff located outside of the UK
  • Where we are legally required to do so.
  • In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

Where we transfer your data internationally, we ensure appropriate safeguards are in place and, where required, we carry out a transfer risk assessment.

Safeguards include:

  • UK International Data Transfer Agreement (DTA)
  • UK Addendum to EU Standard Contractual Clauses
  • UK-US Data bridge certification (where applicable)

  1. Data Retention

We retain personal data for as long as is necessary to fulfil the transactions you have requested, for key business requirements such as marketing or for essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. The criteria we use for determining retention periods for different categories of data will vary but may include:  

  • How long we need to keep personal data to provide our services and operate our business, for example improving the performance of our Sites and Applications or maintaining appropriate financial or business records;
  • The expectations of our customers, for example our customers may expect that their registration details will be retained for a certain period should they choose to return to our Site or Applications;
  • Whether we are subject to legal, regulatory or contractual obligations to retain the personal data, for example mandatory retention requirements for tax reporting purposes; and
  • The sensitivity of the personal data we are handling, for example were we to collect more sensitive personal data we would expect to hold it for shorter periods.

  1. Children’s Data

Protecting the safety of children when they use the internet is important to us.  

We do not knowingly market to children and in accordance with our Terms and Conditions all ticket purchasers must be 18+ years of age.  We do this to ensure that we do not collect Personal Data of children and so that under-18s are not contacted with marketing messages, surveys and feedback requests.

Where minors attend events, data is processed via the purchasing adult and it is the responsibility of the purchasing adult to ensure that any attendees who are under 18 years of age are aware of this policy and of their rights to withdraw consent for any onsite data capture.

Filming of minors is managed via:

  • Guardian consent where required
  • Controlled filming zones
  • Safeguarding procedures

  1. Automated Decision-Making

We do not make decisions about you based solely on automated processing (including profiling) that produce legal effects or similarly significant effects. We may use limited profiling for marketing measurement and audience analytics (for example, creating segments based on engagement), but you can object to this processing where it is based on legitimate interests.

  1. Your Rights

You have the right to:

  • Access the data held by us
  • Rectify inaccuracies of your personal data held by us
  • Request erasure of your personal data held by us
  • Restrict processing of your personal data held by us
  • Object to processing of your personal data held by us
  • Request that your provided personal data be moved to a third party
  • Withdraw consent

Please send any requests to: help@secretcinema.com

  1. Complaints

You may complain to the UK information commissioner’s office (ICO):

https://ico.org.uk/make-a-complaint/ 

  1. Security

We keep your Personal Data safe. We do this by maintaining technical and physical safeguards that are designed to protect the security and integrity of your Personal Data, and to guard it against accidental or unauthorised access, use, alteration or disclosure to anyone who shouldn’t have it.

These measures include:

  • Encryption
  • Access controls
  • Processor due diligence
  • Secure cloud infrastructure

You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our site whilst it is in transit over the internet and any such submission is at your own risk.

Our site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

  1. Policy Updates

We may change this policy from time to time by updating this page. You should check this page regularly to ensure that you are happy with any changes. 

Material changes will be notified via email notification where appropriate.

  1. Contact

Email: help@secretcinema.com

Address: Secret Group Limited, 180 Strand, London WC2R 1EA