White Dwarf Privacy Notice

Games Workshop is committed to protecting your privacy. This notice describes how we collect and use personal information about you. This notice applies to personal information that we collect in connection with our White Dwarf magazine.

The data controller of your personal information is Games Workshop Limited of Willow Road, Nottingham, NG7 2WS, United Kingdom.

Please read this notice carefully to understand how and why we are using your personal information.

1 The kind of information we may hold about you

We may collect, store, and use the following categories of your personal information:

  • Personal contact details such as name, title, address, email address and telephone number.
  • Date of birth.
  • Subscriber number.
  • Bank account and payment information.
  • Information contained within correspondence which you send to us.
  • Photographs which you send to us.
  • Information submitted as part of a competition.
  • Record of correspondence with you whether in writing or by telephone, email, social media or otherwise.

2 How is your personal information collected?

We collect information that you provide voluntarily. This may be in connection with a subscription for White Dwarf, the submission by you of letters, ideas or other material to us, or to submit enquiries to us.  The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

3 Why do we collect your personal information?

The situations in which we will process your personal information are listed below:

  • To use material submitted by you for the purposes of producing content for publication within White Dwarf, and across our websites and social media channels or newsletters.
  • To communicate and interact with our readers.
  • To take subscriptions for White Dwarf, and satisfy our obligations in respect of any magazine subscriptions.
  • To manage our subscription database.
  • To handle any customer service queries in respect of subscriptions.
  • To operate competitions, communicate with entrants, and publish details of winners.
  • To interact with you and handle and respond to communications with you.
  • To handle any disputes which we may have with you.

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it, such as: (i) for the purpose of performing a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or iii) where we have your consent to do so.

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be for our legitimate commercial interest, for maintaining good reader relations, and dispute resolution.  We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us (section 13).

4 What if you fail to provide personal information?

If you fail to provide certain information when requested we may not be able to perform any contract we have entered into with you.

5 What if we want to use your information for a different purpose?

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

6 How secure is your information?

We have put in place appropriate technical and organisational measures to prevent your personal information from being accidentally lost, used, accessed, altered or disclosed. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information and include:

  • Site access controls – only authorised personnel are able to gain access to premises, buildings and rooms where your information is being processed.
  • IT access controls – only authorised personnel are able to gain access to your information stored electronically within our IT systems.
  • IT security controls – use of appropriate technology and security measures to ensure secure storage of your information.
  • Policies & procedures – comprehensive data protection and IT security policies and procedures setting out the way in which your information must be handled by staff.
  • Training – delivery of ongoing data protection and IT security training to all staff handling your information.

7 Who might we share your information with?

We may share your personal information in the situations detailed below:

  • Service providers

    We share your personal information with third parties who provide services to us. The following activities all involve the processing of personal information and are carried out by third party service providers: mailing and distribution services, database and mailing list management services,digital publication and distribution services, hosting and maintenance of social media platforms, document and information collaboration and sharing, IT services, printing services, translation services. Further details in respect of our third party service providers are available on request. Please contact us (section 13) for further information.

    All service providers are required to take appropriate security measures to protect your personal information. We do not allow third party service providers to use your information for their own purposes. We only permit them to process your personal data for specified purposes in accordance with our instructions.

  • Games Workshop group

    We may share your personal information with other entities in our group of companies as part of regular reporting activities on company performance, in the context of business reorganisation or group restructuring, or for system maintenance support.

  • Sale or restructure

    We may share your personal information in the context of the possible sale or restructuring of the business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this notice.

  • Law, legal rights and vital interests

    We may also need to share your information with a law enforcement body, regulator, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any person.

  • Consent

    We may share your personal information where you have specifically consented to such disclosure.

8 Do you transfer my information outside of the European Union?

We may transfer your personal information outside the European Economic Area (EEA). For example, our IT service providers operate around the world. We will only transfer your personal information outside the EEA if adequate protection measures are in place. To ensure that your personal information does receive an adequate level of protection outside the EEA we use the following protection measures:

  • Transferring to countries approved by the European Commission
  • Using model contractual clauses approved by the European Commission
  • Requiring companies we transfer information to in the United States to be signed up to the EU/US Privacy Shield Framework

Further details in respect of protective measures used outside of the EEA are available on request. Please contact us (section 13) for further information.

9 How long do we keep hold of your information?

We only retain your information for as long as necessary for the purposes described above, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which it has been processed, and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

10 What are your rights in connection with your personal information?

Under certain circumstances, by law you have the right to:

  • Request access to a copy of the personal information we hold about you
  • Request correction of any incomplete or inaccurate information we hold about you
  • Request erasure of information where there is no good reason for continued processing
  • Object to processing of your information where we are relying on a legitimate interest to process your information.
  • Where we are processing your information for a particular purpose based on your consent, you have the right to withdraw your consent at any time.
  • Request restriction to suspend our processing of your personal information.
  • Request transfer of your personal information to another party which you have provided to us.
  • Opt out of marketing communications which we send you at any time.

If you want to exercise any of these rights please contact us (section 13).

You will not have to pay a fee to exercise any of your rights, however we may charge a reasonable fee if your request is unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Please note that we may need to request information from you to confirm your identity and establish your entitlement to these rights.

If you are not satisfied with our processing of your personal information, you also have the right to make a complaint to the relevant supervisory authority. Please see here for the relevant contact details.

11 What we ask of you?

It is important that the personal information we hold about you is accurate and current. Please contact us (section 13) immediately and inform us of any changes to the personal information which we hold about you.

If you provide us with information about another person, you confirm that you have informed them of our identity, the purposes for which their personal data will be processed, and that you have obtained their permission to such processing by us.

12 Change to this privacy notice

We may update this notice from time to time. When we update this notice, we will take appropriate measures to inform you, consistent with the significance of the changes. We will obtain your consent to any material changes if and where this is required by law.

You can see when this notice was last updated by checking the date displayed at the top of this notice.

13 Contact us

This notice is overseen by the Data Protection Manager of the Games Workshop group.If you have any questions, complaints or requests please make contact with our Data Protection Manager by email: dpm@gwplc.com.