Privacy policy

Who we are

Lapace Services UK Ltd ("Holstime", "we", "us") operates Holstime, an online marketplace that helps parents and carers discover, save, and plan children's and family activities, and helps activity providers create and manage listings. Holstime is a platform; unless we say otherwise, we are not the organiser or operator of third-party activities listed on the site.

Holstime is intended for use by adults (parents, carers, and providers). It is not directed at children, and we do not knowingly offer accounts or interactive features for children.

What personal data we process

Account data

When you register, we process information such as your name, email address, password (stored using secure hashing), account role (e.g. parent or provider), and session data needed to keep you signed in.

Parent and carer usage data

When you use Holstime as a parent or carer, we may process saved activities, planner information, messages you send to organisers through our contact flows (where applicable), and related profile details you choose to provide (for example child age information if you add it).

Provider listing data

When you list activities as a provider, we process your business and listing information (titles, descriptions, images, venue details, pricing, availability, booking links, and similar fields you submit), together with your account details and communications we need to operate approvals and support.

Behavioural analytics

We use first-party event data (for example views, saves, plans, and contact-provider actions tied to activities) to understand how the product is used, improve listings discovery, and keep the marketplace safe. Events may be associated with your user account when you are signed in, or recorded without identity where the feature allows.

Recommendation events

Where we show recommended activities, we may log recommendation impressions and clicks (including which surface was shown and which variant was used) to measure strip performance and improve relevance. These events are tied to activities and, where you are signed in, may be associated with your account.

Purposes and legal bases (UK GDPR)

• Contract — providing the service you sign up for (accounts, listings, planner, messaging rails we operate).
• Legitimate interests — operating and improving the platform, fraud prevention, security, product analytics that do not override your rights, and internal reporting.
• Legal obligation — compliance with law, regulatory requests, and record-keeping where required.
• Consent — where we rely on consent (for example certain optional communications), we will make that clear at the point of collection.

Retention

We keep personal data only for as long as needed for the purposes above, including legal, accounting, and dispute resolution requirements. Account and listing data are typically retained while your account is active and for a reasonable period afterwards unless a longer period is required by law. Analytics and recommendation events may be retained in aggregated or pseudonymous form for longer where appropriate.

Your rights

Under UK data protection law you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability where applicable. You may also have the right to lodge a complaint with the Information Commissioner's Office (ICO). To exercise your rights, contact us using the details below.

Security

We implement appropriate technical and organisational measures to protect personal data. No online service can guarantee absolute security; please use a strong, unique password and keep your credentials safe.

International transfers

If we use processors or infrastructure outside the UK, we will ensure appropriate safeguards (such as the UK International Data Transfer Agreement or Addendum, or adequacy regulations) are in place where required.

Contact

For privacy questions or requests, email office@lapaceshop.co.uk. You can also visit our Contact page.