Search characters, shows and so much more.

Privacy Policy

Last Updated: 18th February 2025

Information relating to how we use your data on RoaldDahl.com

For information on how we work with children under 18 in the United Kingdom (UK), the European Economic Area (EEA) and United States please see our Children's Privacy Policy.

This Privacy Policy (together with our Cookie Policy and any other document referred to in it) describes the way we collect your personal information (whether collected from you or otherwise provided to us), how we use your personal information and why. 

Please read the following information carefully to understand our practices regarding your personal information and how we will treat it.

Your privacy is important to us. We take the security of your personal information seriously and we have strict policies and processes in place to ensure it remains safe. 

Contents:

  • Who we are

  • Information you provide to us

  • Information we collect about you

  • How your information is collected

  • Who we share your information with

  • Star Editions Limited and the shop on our site

  • How we use your information

  • How long we keep your personal information

  • Security

  • Transferring your personal information outside of the UK and EEA

  • Your rights

  • Links

  • Cookies

  • How to contact us about your privacy

Who we are

In this Privacy Policy, "we", "us" and "our" means The Roald Dahl Story Company Limited. We are a company limited by shares and registered in England and Wales under company number 11099347 and have our registered office at 30 Berners Street, London, W1T 3LR.

If you provide us with personal information via or through using our website, www.roalddahl.com ("our site") or by otherwise communicating with us, we are the controller and are responsible for your personal data. We will process your personal information in accordance with this privacy policy and all applicable data protection laws, including in the UK the UK GDPR and Data Protection Act 2018. If you are located in the EEA, we are also subject to the EU GDPR and other local laws in relation products and services we offer to individuals in the EEA.

We may make changes to the policy from time to time so please be sure to check regularly. If we make a material change to this policy and we have your contact details, we will contact you before we make the change. We will also post a notice at the start of the policy.

Information you provide to us when you contact us

When you contact us by email or phone, we may collect and store records of our contact with you, which may include notes on our systems, emails or electronic communications and written correspondence and any email address or telephone number used by you.

Information we collect about you when you visit our website 

When you visit our website, we collect:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type (e.g. Safari or Internet Explorer) and version, time zone setting, browser plug-in types and versions, operating system and platform. We use this information to carry out internal operations such as troubleshooting and resolving technical issues, to improve your experience on our site, and as part of our efforts to keep our site safe and secure;

  • Identity information including first name, last name, country of residence and your user type (e.g. parent or otherwise);

  • Contact information including email address and telephone numbers;

  • Usage information including information about how you interact with and use our website; and

  • Marketing and Communications information including your preferences in receiving marketing from us and your communication preferences.

How your information is collected

You may give us information about you as described above, by filling in forms on our site or by corresponding with us by telephone, e-mail or otherwise communicating with us. This includes information you provide when you:

  • use our site;

  • register for an account on our site;

  • subscribe to receive newsletters and marketing (via email);

  • enter a competition, promotion or survey; and/or

  • when you contact us to report a problem with our site.

We will also receive technical information and usage information about how you use and interact with our website, from Google Analytics.

We also use Vimeo to enable you to watch videos on our website. Vimeo will collect information about you for this purpose, and if you agree it may also collect information about you for its own analytics purposes, or in order to remember your preferences. 

Where (and only where) you have expressly indicated, (e.g. by ticking the relevant box on our site) that you wish to be sent email newsletters, email marketing materials and other information (via email), we will share your email address, name and role with DotDigital EMEA Limited (DotDigital) our third party data processor to create a database of individuals who have subscribed for this content and will then provide this content to you, unless you unsubscribe which you can do at any time. 

If you have subscribed to our email newsletters, DotDigital may also provide us with information about whether or not you have received and read our email newsletters, and will gather information which allows us and other entities in the Roald Dahl Group to measure and understand the effectiveness of the email communications sent to you.

Who we share your information with

We may share your personal information with any member of the Roald Dahl Group, which means our subsidiaries, our ultimate holding company and its subsidiaries.

We may also disclose your personal information:

  • to our services providers that we use to run our business, for example our IT infrastructure, website hosting providers and marketing tools such as DotDigital

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;

  • if The Roald Dahl Story Company Limited or substantially all of its assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;

  • if we need to get legal advice or answer a legal request from law enforcement bodies;

  • if we are under a duty to disclose or share your personal information with law enforcement agencies or regulatory bodies in order to comply with any court order or legal obligation;

  • our external auditors and other professional advisors (such as accountants); and/or

  • in order to enforce or apply our Terms and Conditions of Use, or to protect the rights, property, or safety of The Roald Dahl Story Company Limited or any entity in the Roald Dahl Group. 

Star Editions Limited and the shop on our site

All products sold on our site are manufactured and fulfilled by Star Editions Limited, under licence from us. All purchases made through the shop on our site are purchases directly with Star Editions Limited and are subject to their terms of sale. 

Any personal data provided in connection with a purchase, will be collected and processed solely by Star Editions Limited in accordance with their privacy policy. We do not have access to this personal data.

For more information, you should read Star Editions' terms of sale and privacy policy.

How we use your information

Under data protection law, we can only use your personal information if we have a lawful basis to do so. Our lawful basis will depend on the reasons for which your personal information was collected, and these include:

  • to comply with our legal and regulatory obligations;

  • for the performance of a contract with you (or to take steps at your request before entering into a contract); 

  • for our legitimate interests of those of a third party; or 

  • where you have given your consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

We have set out below a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. 

We have also identified what our legitimate interests are where appropriate.

To respond to enquiries that you raise and keep a record of our communications

Type of data: Identity, Contact; Legal basis: Necessary for our legitimate interests and your legitimate interests, to manage our relationship with you.

To keep you up to date with news and information about Roald Dahl events, discounts and offers, etc.

Type of data: Identity, Contact, Marketing and Communications; Legal basis: Consent.

To allow you to participate in interactive features on the site

Type of data: Identity, Contact; Legal basis: Necessary for our legitimate interests to operate our business and website.

To manage our relationship with you, including to notify you about changes to our site, terms and policies 

Type of data: Identity, Contact; Legal basis: Necessary for performance of a contract with you, necessary for our legitimate interests to keep our records updated.

To use data analytics to improve our website, services, marketing and user relationships and experiences

Type of data: Technical, Usage; Legal basis: Necessary for our legitimate interests to keep our website updated and relevant and to develop our business or consent, where such analytics data is obtained via a non-essential website cookie.

To contact you for feedback, including in relation to events, content and donations

Type of data: Identity, Contact, Usage; Legal basis: Necessary for our legitimate interests to study how users use our events and content and to grow our business.

To administer our site and internal operations, including troubleshooting, testing, etc.

Type of data: Identity, Contact, Technical; Legal basis: Necessary for our legitimate interests for running our business and the provision of administration and IT services and network security, necessary to comply with a legal obligation.

To enable you to partake in a prize draw, competition or complete a survey

Type of data: Identity, Contact, Usage, Marketing and Communication; Legal basis: Performance of a contract with you, necessary for our legitimate interests to study how users use our site and to develop it and grow our business.

How long we keep your personal information 

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation regarding our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by emailing us at contact@roalddahl.com.

Security

Subject to the paragraph below, the information you provide to us and which we collect is stored on secure servers of our website hosting and IT services providers. This information will be stored at a destination within the UK or EEA.

Staff members operating within the UK or EEA who work for or on behalf of us and/or any of the entities in the Roald Dahl Group may process the information that you give to us and which we collect. Such staff members may, among other things, be involved in the provision of support services in relation to our site. We will ensure at all times to take all reasonable steps necessary to maintain the security of your personal information in accordance with this Privacy Policy and data protection laws.

Unfortunately, the transmission of information via the internet is not completely secure.

Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Transferring your personal information outside of the UK and EEA

It is sometimes necessary for us to share your personal data outside of the UK and EEA, including:

  • with our service providers based outside of the UK and EEA;

  • if you are based outside of the UK/EEA; or

  • where there is an international dimension to the services we are providing to you.

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

  • the UK government has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);

  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or

  • a specific exception applies under data protection law.

Adequacy decision: We may transfer your personal data to certain countries, on the basis of an adequacy decision granted by the UK or European Commission, as applicable. 

These adequacy decisions granted by the UK include: all EEA countries, Gibraltar, the Republic of Korea, Andorra, Argentina, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay. Canada and Japan also have partial adequacy findings.

There is also a partial adequacy decision for US companies that have certified with the EU-US Data Privacy Framework and the UK extension to this. 

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

There are some other countries or international organisations that we may transfer personal data to that do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Appropriate safeguards: Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses (also known as ‘standard contractual clauses’). To obtain a copy of the standard contractual clauses and further information about relevant safeguards, please contact us (see the ‘Contact Us’ section below).

Specific exceptions: In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.: you have explicitly consented to the proposed transfer after having been informed of the possible risks; the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request; the transfer is necessary for important reasons of public interest or to protect someone’s vital interests; or the transfer is necessary to establish, exercise or defend legal claims.

Your rights:

If you are a UK/EEA citizen you have rights over your personal data that we need to make you aware of. These rights are as follows:

  • Access: You have the right to access the personal information we hold about you. This is called a Subject Access Request.

  • Rectification: You have the right to contact us to correct any inaccuracies in your personal data.

  • Erasure: Under certain circumstances you may have the right to instruct us to erase your personal data.

  • Restriction: In some cases, you may ask us to restrict how we use your personal information.  This is an alternative to requesting the erasure of your data, for example if there are issues with the data we hold.

  • To data portability:  You have the right to receive personal information you provided to us in a structured, commonly used and machine readable format and to request that we provide the data directly to a third party. 

  • Object: You have the right to ask us not to process your personal information for marketing purposes and to object to our processing of your personal data in other circumstances too, for example if we are processing based on legitimate interests. 

  • Automated decision making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

If you wish to action any of these rights, you can do so by writing to us at The Roald Dahl Story Company Limited, 5 Berkeley Mews, London, W1H 7PB or contact@roalddahl.com.

Links  

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates and other independent third parties, including the third party sites where you are redirected to purchase tickets and products. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not and none of the Roald Dahl Group accept any responsibility or liability for such policies or their collection or processing of your personal information. Please check these policies and terms before you submit any personal information to these websites.

Cookies

For more information about the cookies we use and how to change your cookie preferences, please see our Cookie Policy.

How to contact us about your privacy

Individuals outside the EEA, other than Switzerland

If you have any questions about the way in which we collect or process your information, please contact us.

If you are in the UK, you can also find out more about your rights under applicable data protection laws, including the GDPR, by visiting the Information Commissioner's Office (ICO) website at www.ico.org.uk or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. If you believe that your rights have not been respected at any time then you also have a right to contact the ICO to ask them for a resolution.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to The Roald Dahl Story Company, 5 Berkeley Mews, London, W1H 7PB, United Kingdom or emailed to contact@roalddahl.com. Alternatively, you can contact us by phone on +44 (0)20 3696 6450.

Individuals in Switzerland

We have appointed Data Protection Representative Limited to be our data protection representative within Switzerland.

Their contact details are, in terms of email correspondence, datarequest@datarep.com, and as regards addresses for post, please ensure that any request is addressed to ‘Data Rep’ (as opposed to The Roald Dahl Story Company Limited), at Leutschenbachstrasse 95, ZURICH, 8050, Switzerland.

Individuals in the EEA

We have appointed Data Protection Representative Limited to be our data protection representative within the EEA.

Their contact details are, in terms of email correspondence, datarequest@datarep.com, and as regards addresses for post, then depending on your EEA location, their address is as set out below (and please ensure that any request is addressed to ‘Data Rep’ as opposed to The Roald Dahl Story Company Limited):

For Austria: DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

For Belgium: DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

For Bulgaria: DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

For Croatia: DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

For Cyprus: DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

For Czech Republic: DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic

For Denmark: DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

For Estonia: DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

For Finland: DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

For France: DataRep, 72 rue de Lessard, Rouen, 76100, France

For Germany: DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

For Greece: DataRep, 24 Lagoumitzi str, Athens, 17671, Greece

For Hungary: DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

For Iceland: DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland

For Ireland: DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

For Italy: DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

For Latvia: DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

For Liechtenstein: DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

For Lithuania: DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

For Luxembourg: DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

For Malta: DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

For Netherlands: DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

For Norway: DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

For Poland: DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

For Portugal: DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

For Romania: DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania

For Slovakia: DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

For Slovenia: DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

For Spain: DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

For Sweden: DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden