Privacy Policy

Effective date: 6th August 2022

Last updated: 31st October 2024

For information on how we work with children under 18 in the United Kingdom (UK), the European Economic Area (EEA) and United States please see our Children's Privacy Policy.

This Privacy Policy (together with our Cookie Policy and any other document referred to in it) describes the way we collect your personal information (whether collected from you or otherwise provided to us), how we use your personal information and why. 

Please read the following information carefully to understand our practices regarding your personal information and how we will treat it.

Your privacy is important to us. We take the security of your personal information seriously and we have strict policies and processes in place to ensure it remains safe. 

Contents:

  • Who we are
  • When you visit our site 
  • Star Editions Ltd and the shop on our site
  • Information we collect about you when you contact us
  • How your information is collected
  • Who we share your information with
  • How we use your information
  • How long we keep your personal information
  • Security
  • Transferring your personal information outside of the UK and EEA
  • Your rights
  • Links
  • Cookies
  • How to contact us about your privacy

Who we are

In this Privacy Policy:

  • "we", "us" and "our" means The Roald Dahl Story Company Ltd. We are a limited company incorporated in England and Wales with company no 11099347 and our registered address is 30 Berners Street, London, W1T 3LR; and
  • "our site" means our website, www.roalddahl.com.

If you provide us with personal information by communicating with us, we are the controller and are responsible for your personal data. We will process your personal information in accordance with this privacy policy and all applicable data protection laws, including in the UK the UK GDPR and Data Protection Act 2018. If you are located in the EEA, we are also subject to the EU GDPR and other local laws in relation products and services we offer to individuals in the EEA.

We may make changes to the policy from time to time so please be sure to check regularly. We will post a notice at the start of the policy to confirm the date that the policy was last updated.

When you visit our site 

When you visit our site we do not collect any personal information about you. This is because we do not have any log-in functionality or a contact form on our site. 

Additionally we only use one strictly necessary cookie on our site, which does not collect any personal information about you. This cookie simply stores information on your device which tells our site not to show you our cookie banner again once you have clicked the 'Got it!' button. For more information please see our Cookie Policy.

You can find our contact information on our site. If you then choose to contact us, we will collect information about you (see the ‘Information we collect about you when you contact us’ section below).

Star Editions Ltd and the shop on our site

All products sold on our site are manufactured and fulfilled by Star Editions Ltd, under licence from us. All purchases made through the shop on our site are purchases directly with Star Editions Ltd and are subject to their terms of sale. 

Any personal data provided in connection with a purchase, will be collected and processed solely by Star Editions Ltd in accordance with their privacy policy. We do not have access to this personal data.

For more information, you should also read Star Edition’s terms of sale and privacy policy.

Information we collect about you when you contact us

When you contact us by email or phone, we may collect and store records of our contact with you, which may include notes on our systems, emails or electronic communications and written correspondence (usage information), as well as your name (identity information) and any email address or telephone number used by you (contact information).

How your information is collected

You may give us information about you as described above by corresponding with us by telephone, e-mail or otherwise communicating with us, including when you contact us to report a problem with our site.

You may also provide us with information when you enter a competition, promotion or survey from time to time. 

Who we share your information with

We may share your personal information with any member of The Roald Dahl Group, which means our subsidiaries, our ultimate holding company and its subsidiaries.

We may also disclose your personal information:

  • to our services providers that we use to run our business, for example our IT infrastructure;
  • in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
  • if The Roald Dahl Story Company Ltd or substantially all of its assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
  • if we need to get legal advice or answer a legal request from law enforcement bodies;
  • if we are under a duty to disclose or share your personal information with law enforcement agencies or regulatory bodies in order to comply with any court order or legal obligation;
  • our external auditors and other professional advisors (such as accountants); and/or
  • in order to enforce or apply our Terms of Website Use, or to protect the rights, property, or safety of The Roald Dahl Story Company Ltd or any entity in the Roald Dahl Group. 

How we use your information

Under data protection law, we can only use your personal information if we have a lawful basis to do so. Our lawful basis will depend on the reasons for which your personal information was collected, and these include:

  • for the performance of a contract with you (or to take steps at your request before entering into a contract); or
  • for our legitimate interests of those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. 

We have also identified what our legitimate interests are where appropriate.

Purpose/Use

Type of data

Legal basis 

To respond to enquiries that you raise and keep a record of our communications

Identity, Contact, 

Necessary for our legitimate interests and your legitimate interests, to manage our relationship with you 

To manage our relationship with you, including to notify you about changes to our site, terms and policies 

Identity, Contact

Necessary for performance of a contract with you

Necessary for our legitimate interests to keep our records updated

To contact you for feedback, including in relation to events, content and donations (if applicable)

Identity, Contact, Usage

Necessary for our legitimate interests to study how users use our events and content and to grow our business

To administer our internal operations.

Identity, Contact

Necessary for our legitimate interests for running our business 

To enable you to partake in a prize draw, competition or complete a survey

Identity, Contact, Usage 

Performance of a contract with you

Necessary for our legitimate interests to study how users use our site or engaged with our business and to develop it and grow our business

 

How long we keep your personal information 

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation regarding our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by emailing us at contact@roalddahl.com.

Security

Subject to the paragraph below, the information you provide to us and which we collect is stored on secure servers of our IT services providers. This information will be stored at a destination within the UK or EEA.

Staff members operating within the UK or EEA who work for or on behalf of us and/or any of the entities in the Roald Dahl Group may process the information that you give to us and which we collect. We will ensure at all times to take all reasonable steps necessary to maintain the security of your personal information in accordance with this Privacy Policy and data protection laws.

Unfortunately, the transmission of information via the internet is not completely secure.

Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Transferring your personal information outside of the UK and EEA

It is sometimes necessary for us to share your personal data outside of the UK and EEA, including:

  • with our service providers based outside of the UK and EEA; or
  • if you are based outside of the UK/EEA.

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

  • the UK government has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law.

Adequacy Decision: We may transfer your personal data to certain countries, on the basis of an adequacy decision granted by the UK or European Commission, as applicable. 

These adequacy decisions granted by the UK include: all EEA countries, Gibraltar, Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay. 

There is also a partial adequacy decision for US companies that have certified with the EU-US Data Privacy Framework and the UK extension to this. 

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

There are some other countries or international organisations that we may transfer personal data to that do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Appropriate Safeguards: Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses (also known as ‘standard contractual clauses’). To obtain a copy of the standard contractual clauses and further information about relevant safeguards, please contact us (see the ‘Contact’ section below).

Specific Exceptions: In very limited circumstances, in the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.: you have explicitly consented to the proposed transfer after having been informed of the possible risks; the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request; the transfer is necessary for important reasons of public interest or to protect someone’s vital interests; or the transfer is necessary to establish, exercise or defend legal claims.

Your Rights:

If you are a UK/EEA citizen you have rights over your personal data that we need to make you aware of. These rights are as follows:

  • Access: You have the right to access the personal information we hold about you. This is called a Subject Access Request.
  • Rectification: You have the right to contact us to correct any inaccuracies in your personal data.
  • Erasure: Under certain circumstances you may have the right to instruct us to erase your personal data.
  • Restriction: In some cases, you may ask us to restrict how we use your personal information.  This is an alternative to requesting the erasure of your data, for example if there are issues with the data we hold.
  • To data portability:  You have the right to receive personal information you provided to us in a structured, commonly used and machine readable format and to request that we provide the data directly to a third party. 
  • Object: You have the right to ask us not to process your personal information for marketing purposes and to object to our processing of your personal data in other circumstances too, for example if we are processing based on legitimate interests. 
  • Automated decision making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

If you wish to action any of these rights, you can do so by writing to us at The Roald Dahl Story Company Ltd, 5 Berkeley Mews, London, W1H 7PB or contact@roalddahl.com.

Links  

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates and other independent third parties, including the third party sites where you are redirected to purchase tickets and products. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not and none of the Roald Dahl Group accept any responsibility or liability for such policies or their collection or processing of your personal information. Please check these policies and terms before you submit any personal information to these websites.

Please also see the ‘Star Editions Ltd and the shop on our site’ section above, for information about purchases made through the shop on our site. These are purchases directly with Star Editions Ltd and are subject to their terms of sale and privacy policy. 

Cookies

For more information about the cookie we use and how to change your cookie preferences, please see our Cookie Policy.

How to contact us about your privacy

Individuals outside the EEA, other than Switzerland

If you have any questions about the way in which we collect or process your information, please contact us.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to The Roald Dahl Story Company Ltd, 5 Berkeley Mews, London, W1H 7PB, United Kingdom or emailed to contact@roalddahl.com. Alternatively, you can contact us by phone on +44 (0)20 3696 6450.

If you are in the UK, you can also find out more about your rights under applicable data protection laws, including the GDPR, by visiting the Information Commissioner's Office (ICO) website at www.ico.org.uk or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. If you believe that your rights have not been respected at any time then you also have a right to contact the ICO to ask them for a resolution.

Individuals in Switzerland

We have appointed Data Protection Representative Limited to be our data protection representative within Switzerland.

Their contact details are, in terms of email correspondence, datarequest@datarep.com, and as regards addresses for post, please ensure that any request is addressed to ‘Data Rep’ (as opposed to The Roald Dahl Story Company Limited), at Leutschenbachstrasse 95, ZURICH, 8050, Switzerland.

Individuals in the EEA

We have appointed Data Protection Representative Limited to be our data protection representative within the EEA.

Their contact details are, in terms of email correspondence, datarequest@datarep.com, and as regards addresses for post, then depending on your EEA location, their address is as set out below (and please ensure that any request is addressed to ‘Data Rep’ as opposed to The Roald Dahl Story Company Limited):

Country

Address

Austria

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium

DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria

DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia

DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus

DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic

Denmark

DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia

DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland

DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France

DataRep, 72 rue de Lessard, Rouen, 76100, France

Germany

DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece

DataRep, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary

DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

Iceland

DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland

Ireland

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy

DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

Latvia

DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Liechtenstein

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Lithuania

DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

Luxembourg

DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta

DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands

DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Norway

DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

Poland

DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal

DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania

DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857,

Romania

Slovakia

DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia

DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain

DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

Sweden

DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden