Privacy Policy

Information relating to how we use your data on RoaldDahl.com

Effective Date: 6th August 2022

Last Updated Date: 24th August 2023

For information on how we work with children 12 and under in the United States and 15 and under in the United Kingdom and EU please see our Children's Privacy Policy.

This Privacy Policy (together with our Terms and Conditions of Use, Acceptable Use Policy and Cookie Policy and any other document referred to in it) describes the way we collect your personal information (whether collected from you or otherwise provided to us), how we use your personal information and why.

By using our site or otherwise communicating with us your personal information will be used in accordance with this privacy policy.

For information on how we work with children 12 and under in the United States and 15 and under in the United Kingdom and EU please see our Children's Privacy Policy.

In this Privacy Policy, "we", "us" and "our" means The Roald Dahl Story Company Ltd. We are a limited company incorporated in England and Wales with company no 11099347 and our registered address is 30 Berners Street, London, W1T 3LR.

If you provide us with personal information via or through using our website, www.roalddahl.com ("our site") or by otherwise communicating with us, we will process your personal information in accordance with all applicable data protection laws, including the Data Protection Act 2018 or the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) insofar as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (UK GDPR).

This Privacy Policy (together with our Terms and Conditions of Use, Acceptable Use Policy and Cookie Policy and any other document referred to in it) describes the way we collect your personal information (whether collected from you or otherwise provided to us), how we use your personal information and why.

Please read the following information carefully to understand our practices regarding your personal information and how we will treat it.

Your privacy is important to us. We take the security of your personal information seriously and we have strict policies and processes in place to ensure it remains safe. Changes to this policy

We may make changes to the policy from time to time so please be sure to check regularly. If we make a material change to this policy and we have your contact details, we will contact you before we make the change. We will also post a notice at the start of the policy.

Contents:

  1. Information you provide to us
  2. Information we collect about you
  3. Who we share your information with
  4. Users who accessed the website on or prior to 6th August 2022
  5. Security
  6. Transferring your personal information outside of the UK and EEA
  7. Your rights
  8. Links
  9. How to contact us about your privacy

Information you provide to us

When you contact our customer services by email or phone, we may collect and store records of our contact with you, which may include notes on our systems, emails or electronic communications and written correspondence and any email address or telephone number used by you.

Information we collect about you

When you visit our website, we collect technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type (e.g. Safari or Internet Explorer) and version, time zone setting, browser plug-in types and versions, operating system and platform. We use this information to carry out internal operations such as troubleshooting and resolving technical issues, to improve your experience on our site, and as part of our efforts to keep our site safe and secure.

Who we share your information with

We may share your personal information with any member of The Roald Dahl Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may also disclose your personal information:

In the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
If The Roald Dahl Story Company Ltd or substantially all of its assets are acquired by a third party, in which case personal information held by it about its customers and website users will be one of the transferred assets;
If we need to get legal advice or answer a legal request from law enforcement bodies;
If we are under a duty to disclose or share your personal information with law enforcement agencies or regulatory bodies in order to comply with any court order or legal obligation;
Our external auditors and other professional advisors (such as accountants); and/or
In order to enforce or apply our Terms of Website Use, or to protect the rights, property, or safety of The Roald Dahl Story Company Ltd, any entity of the Roald Dahl Group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may also share your information with 16 Interactive Limited, who run our website;

Users who accessed the website on or prior to 6 August 2022

On or prior to 6 August 2022, you may have given us information about you by filling in forms on our site or by corresponding with us by telephone, e-mail or otherwise communicating with us. This includes information you provide when you:

use our site
register to use our site
subscribe to receive newsletters and marketing (via email)
search for products on our site; place an order for products on our site
place an order for tickets to the Roald Dahl Museum and Story Centre via our site; make a donation to Roald Dahl's Marvellous Children's Charity
participate in discussion boards or other social media functions on our site (such as making Contributions (as the term is defined in our Acceptable Use Policy)
enter a competition, promotion or survey; apply for a grant from Roald Dahl's Marvellous Children's Charity
and/or when you contact us to report a problem with our site.

The information you have given us may include your title, first and last names, address, country of residence, e-mail address and contact telephone number, date of birth, your user type (e.g. parent/guardian, teacher, child or other type of user), personal messages you wish to send to recipients of products that you have ordered from Trading via our site and/or details relating to why you are corresponding/contacting us. Depending on whether or not you purchased products from Trading, you may also have given us financial and credit card information.

Where (and only where) you have expressly indicated, on or prior to 6 August 2022 (e.g. by ticking the relevant box on our site) that you wish to be sent email newsletters, email marketing materials and other information (via email), we will share your email address, first name, last name, alias (if any), country of residence and date of birth with Rocket Science Group LLC (Trading as ‘Mailchimp’) to create a database of individuals who have subscribed for these services.

If you have subscribed to our email newsletters, Rocket Science Group LLC (trading as 'Mailchimp') will provide us with information about whether or not you have received and read our email newsletters, and will gather information which allows us an other entities in the Roald Dahl Group to measure and understand the effectiveness of the email communications sent to you.

Security

Subject to the paragraph below, the information you provide to us and which we collect is stored on secure servers of our website hosting services provider. This information will be stored at a destination within the United Kingdom (“UK”) or European Economic Area ("EEA").

Staff members operating within the UK or EEA who work for or on behalf of us and/or any of the entities in the Roald Dahl Group may process the information that you give to us and which we collect. Such staff members may, among other things, be involved in the provision of support services in relation to our site. We will ensure at all times to take all reasonable steps necessary to maintain the security of your personal information in accordance with this Privacy Policy and data protection laws.

Unfortunately, the transmission of information via the internet is not completely secure.

Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Transferring your personal information outside of the UK and EEA

It is sometimes necessary for us to share your personal data outside of the UK and EEA, including:

with our service providers based outside of the UK and EEA;
if you are based outside of the UK/EEA;
where there is an international dimension to the services we are providing to you.

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

the UK government has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
a specific exception applies under data protection law.

Adequacy Decision: We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include: all EEA countries, Gibraltar, Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries or international organisations we are likely to transfer personal data to (such as the USA) do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Appropriate Safeguards: Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses (also known as ‘model clauses’). To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards, please contact us (see the ‘Contact’ section below).

Specific Exceptions: In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.: you have explicitly consented to the proposed transfer after having been informed of the possible risks; the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request; the transfer is necessary for a contract in your interests, between us and another person; or the transfer is necessary to establish, exercise or defend legal claims.

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.

Your Rights:

IF you are an EU/UK citizen you have rights over your personal data that we need to make you aware of. Theses rights are as follows:

Access: You have the right to access the personal information we hold about you. This is called a Subject Access Request.
Restriction of processing: If we no longer have a legal basis to process your personal data or if the legal basis that we are relying on is consent and you subsequently withdraw your consent then we will stop processing your personal data. If you inform us that you no longer wish to be contacted by us we will need to maintain a record of that to make sure that we do not contact you again in the future.
Rectification: You have the right to contact us to correct any inaccuracies in your personal data.
Erasure: Under certain circumstances you may have the right to instruct us to erase your personal data or provide the data to another person or organisation.
Object: You have the right to ask us not to process your personal information for marketing purposes. We will inform you (before collecting your personal information) if we intend to use your personal information for such purposes or if we intend to disclose your personal information to any third party for such purposes. You can exercise your right to prevent such processing by not ticking certain boxes on the forms we use to collect your personal information on our site and/or by changing your cookie settings on your internet browser (see our Cookie Policy for further information on how to do this). You also have the right to object in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.

If you wish to action any of these rights, you can do so by writing to us at The Roald Dahl Story Company Ltd, 5 Berkeley Mews, London, W1H 7PB or contact@roalddahl.com.

Links  

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, affiliates and other independent third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not and none of the Roald Dahl Group accept any responsibility or liability for such policies or their collection or processing of your personal information. Please check these policies and terms before you submit any personal information to these websites..

How to contact us about your privacy

Individuals outside the EEA, other than Switzerland

If you have any questions about the way in which we collect or process your information, please contact us.

If you are in the UK, you can also find out more about your rights under applicable data protection laws, including the GDPR, by visiting the Information Commissioner's Office (ICO) website at www.ico.org.uk or by writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. If you believe that your rights have not been respected at any time then you also have a right to contact the ICO to ask them for a resolution.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to The Roald Dahl Story Company Ltd, 5 Berkeley Mews, London, W1H 7PB, United Kingdom or emailed to contact@roalddahl.com. Alternatively, you can contact us by phone on +44 (0)20 3696 6450.

Individuals in Switzerland

We have appointed Data Protection Representative Limited to be our data protection representative within Switzerland.

Their contact details are, in terms of email correspondence, datarequest@datarep.com, and as regards addresses for post, please ensure that any request is addressed to ‘Data Rep’ (as opposed to The Roald Dahl Story Company Limited), at Leutschenbachstrasse 95, ZURICH, 8050, Switzerland.

Individuals in the EEA

We have appointed Data Protection Representative Limited to be our data protection representative within the EEA.

Their contact details are, in terms of email correspondence, datarequest@datarep.com, and as regards addresses for post, then depending on your EEA location, their address is as set out below (and please ensure that any request is addressed to ‘Data Rep’ as opposed to The Roald Dahl Story Company Limited):

Country

Address

Austria

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium

DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria

DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia

DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus

DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic

Denmark

DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia

DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland

DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France

DataRep, 72 rue de Lessard, Rouen, 76100, France

Germany

DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece

DataRep, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary

DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

Iceland

DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland

Ireland

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy

DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

Latvia

DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Liechtenstein

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Lithuania

DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

Luxembourg

DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta

DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands

DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Norway

DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

Poland

DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal

DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania

DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857,

Romania

Slovakia

DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia

DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain

DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

Sweden

DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden