Privacy Policy

Last updated: 19th November 2021 


This privacy policy applies between you and Epic Tales. We respect your privacy and are committed to protecting your personal data. This document will let you know how we look after your personal data, regardless of how it’s ended up with us – and we’ll also explain your privacy rights and how the law protects you. 

Important information 

This privacy notice aims to inform you how Epic Tales collects and processes your personal data through your use of our websites, your use of our mailing list, when you purchase a product or service, or when you take part in our competitions. 

Our website and mailing list are not intended for unsupervised children under 16 years of age and we do not knowingly collect contact data relating to children. We do occasionally receive the names of children when they (or adults responsible for them) submit messages to us, either through our website, by email, or in person. If any personal contact information for a child is included within these messages, that information is destroyed immediately and the child’s responsible adult is informed. 

About us 

Epic Tales is the trading name of Epic Storytelling Ltd. We run performances and workshops for schools, theatres, and events, in collaboration with a number of freelance creatives including storytellers, designers, writers, and illustrators. Our business is operated out of 43 Norfolk Road, Huntingdon, Cambridgeshire, PE28 2EF. 

Epic Tales may be referred to as “Epic Tales”, “we”, “us” or “our” in this document. 

We are the controller and responsible for your personal data after you have submitted it to us. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below. 

Postal address: 43 Norfolk Road, Huntingdon, Cambridgeshire, PE28 2EF 

Telephone number: 020 328 76245 

Email address: [email protected] 

You have the right to make a complaint at any time to the Information 

Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO – so please let us know your concerns first. 

Your duty to inform us of changes 

It is important that the personal data we hold about you is accurate and current. If you need to change any details we hold about you, please visit, ensure you are logged in, and choose “My Epic” from the menu in the top right. Then navigate to the “My Details” tab to make your changes.

Alternatively, please feel free to contact us using the details above to inform us of your new contact details.

Third-party links 

Our website and emails may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements, so please read their privacy notices when you visit them. 

What we collect about you 

“Personal Data” or “Personal Information” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). 

We may collect, use, store and transfer different kinds of Personal Data about you, which we fall into one of the following categories... 

Identity Datai.e. first name, last name, job title, place of work, date of birth, photograph, gender identification. 

Contact Datai.e. billing address, performance address, email address and telephone numbers. 

Transaction Datai.e. details about payments to and from you and other details of products and services you have purchased from us. 

Technical DataThis is information automatically collected by cookies on our website that we rarely (if ever) see, but which enables our website to provide you with the best possible browsing experience. Information collected includes your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. 

Usage Datai.e. information about how you use and interact with our website, our newsletters, and our products and services, and the frequency with which you use and interact with these services. 

Marketing and Communications Datai.e. your preferences in receiving marketing from us. Please note: we never offer to share your data with third parties without contacting you directly and personally for your interest and consent. 

Financial DataIn the event you have used our online payment services, this will be your bank card details, and will be encrypted and stored securely by our payment partner Stripe. In the event you have sent us an invoice for payment of a product or service, this will include all the Financial Data you choose to share with us to enable our payment.

Special Categories of Personal DataIf you are working with us, we will seek evidence that you have had a recent Enhanced DBS reference check to disclose any relevant criminal convictions and offences, or else we will make this check ourselves. If you are not working with us, this information will not be sought. 

We do not collect any other Special Categories of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, nor genetic and biometric data. 

If you fail to provide personal data

Where we need to collect Personal Data – either by law or under the terms of a contract we have with you – and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you sought from us – but we will always attempt to contact you first to try and prevent this happening. 

How your Personal Data is collected 

We use different methods to collect data from and about you... 

Direct Interaction You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, our websites, or otherwise – for example, when you... 

  • make an enquiry about our products or services;
  • join one of our mailing lists;
  • enter a competition, promotion or survey; or
  • give us some feedback. 

Automated Technologies/Interactions As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data using cookies and other similar tracking technologies (e.g. pixels and web beacons) to analyse trends, administer our website, track your movements around our website, and gather demographic information about you. 

No other websites employ cookies on our behalf.  

Examples of the cookies we use are... 

  • Security cookies – for security purposes 
  • Functional cookies – to provide enhanced functionality and personalisation 
  • Social Media cookies – to enable you to share our content with your friends and networks
  • Preference cookies – to tailor your experience of our website
  • Advertising and Targeting cookies – to track your actions on our website if you arrive there via one of our promotional campaigns, to help us judge the success of those campaigns 

Web Beacons 

We use web beacons in our newsletters to people that have opted-in to receive them, so we may track who opened the emails and/or who clicked on links contained within those emails. This system uses single pixel gifs to collect the following information when you open the newsletter: 

  • your IP address; 
  • your browser; 
  • your email client type e.g. Outlook or Hotmail 

This information allows us to improve future newsletters. 

Third parties or publicly available sources 

We never receive Personal Data about you from third parties, public databases, social media platforms, or third party data providers. While we do make use of services such as Facebook Ads and Google AdSense, they never send us any Personal Data, and nor do we ask this of them. 

How we use your Personal Data 

We will only use your Personal Data when the law allows us to. Reasons for us to use your Personal Data may be one of more of the following: 

  • completing orders placed by you – e.g. sending you emails, invoices, and alerting you of any issues with the order; 
  • sending you messages about our services, including temporary or permanent changes to our services such as new programmes & releases and changes to this policy; 
  • promoting our services to you in accordance with your marketing preferences; 
  • protecting the rights and safety of our users as well as our own; 
  • performing any contract we are about to enter or have entered into with you; 
  • where necessary to comply with a legal, professional, security or regulatory obligation; or 
  • where necessary to protect against legal liability and/or protect and defend our rights or property. 

Storing your Personal Data 

All Identity, Contact and Transaction Data is stored in secure, encrypted files on our password-protected office equipment. These files are backed-up to Microsoft OneDrive, which is also secure, encrypted, and password-protected. You can also read Microsoft’s privacy policy to better understand how they keep safe the data held by them. 

All Usage, Marketing, Communications and Financial Data remains with the services we use for collecting that data (e.g. Stripe), who are themselves secure, encrypted, and password-protected. You can also read their privacy policies to better understand how they keep safe the data held by them. 

If you have supplied us your Financial Data by sending us an invoice, we will keep that invoice for a maximum of 7 years for tax and legal recording purposes. All invoices are stored in our office. If your invoice is purely digital, it will be in secure, encrypted files on our password-protected office equipment. These files are backed up to Microsoft OneDrive, which is also secure, encrypted, and password-protected. You can also read Microsoft’s privacy policy to better understand how they keep safe the data held by them. 

If you have supplied us with a copy of your Enhanced DBS check, or we have made this check on your behalf, we will keep this copy for a maximum of 3 years after your work with us has concluded. All copies of DBS checks are stored in our office. If your check was sent to us purely digitally, it will be in secure, encrypted files on our password-protected office equipment. These files are backed-up to Dropbox, which is also secure, encrypted, and password-protected. You can also read the Dropbox privacy policy to better understand how they keep safe the data held by them. 

Promotional offers from us 

We may use your Identity, Contact, Technical and/or Usage Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you, and is extremely common marketing practice – in fact, it’s essential to the success of any business! 

You will receive emails from us if any of the following apply to you: 

a) you have requested information from us; 

b) you purchased goods or services from us; 

c) you provided us with your details when you entered a competition or registered for a promotion; or 

d) you chose to subscribe to one of our newsletters. 

However, in each case, you will not receive any promotional offers from us if you tell us you don’t want them (often described as “opting out”). Our emails always include a link to make it extra easy for you to opt out by following a single click. 

Please see below for more information on opting out. 


We never share your Personal Data with any third party companies for marketing purposes. 

However, from time to time we may encounter a networking opportunity that we feel you would be interested in. Before we share your details with any third party, we will always contact you first to confirm your interest and consent in making a connection with this third party. 

Opting out 

You can opt out of receiving emails, other information and promotional content by following the unsubscribe link or instructions provided in any email or communication we send. 

Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, feedback on your product/service experience, or other transactions. 


You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. 

Change of purpose 

We will only use your Personal Data for the original purposes for which we collected it, unless we reasonably consider that we need to use it for another reason – and that reason is compatible with the original purpose. If you wish to get an explanation as to how the new purpose is compatible with the original purpose, please contact us. 

If we ever need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. 

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where required or permitted by law.  

Disclosures of your Personal Data 

We pledge never to sell your Personal Data. We also pledge never to share your Personal Data to a third party without your express interest and consent, for which we will contact you personally and directly. 

However, if we sell, transfer, or merge parts of our business or our assets to another business, or if we seek to acquire other businesses or merge with them, then the new business(es) may use your Personal Data in the same way as set out in this privacy notice. 

If such a sale, transfer or merger is likely to result in a change to this privacy policy, you will be notified before it takes place and given the chance to have your Personal Data struck from our records. 

Please note also that, if we are ever required by law to disclose your Personal Data to a legal or legally appointed authority, we will have to do so without your consent. 

However, we will always seek to inform you if this has been required of us. 

International transfers 

Some of the external third parties we use to store your Personal Data (e.g. Microsoft OneDrive, Dropbox) are based outside the European Economic Area (EEA) – so this involves transferring your Personal Data outside the EEA. 

Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is given to it... 

  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. 
  • Service providers we use outside the EEA adopt specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. 
  • Providers we use who are based in the US are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the Europe and the US. 

Please contact us for further details on the specific processes and agreements used by us when transferring your Personal Data out of the EEA. 

Data security 

We have in place appropriate security measures to prevent your Personal Data being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. Only those who work with us and who have a business need to do so are given access to your Personal Data. They will only process your Personal Data on our instructions and in accordance with this document, and they are subject to a duty of confidentiality. 

We have in place procedures to deal with any suspected Personal Data breach, which always begins with informing you of any such breach at the earliest possible opportunity after it comes to our attention. 

Data retention 

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

We determine the appropriate retention period for your Personal Data by considering... 

  • the amount, nature, and sensitivity of the data; 
  • the potential risk of harm from unauthorised use or disclosure of the data; 
  • the purposes for which we processed your data; 
  • whether we can achieve these purposes through other means; and
  • any applicable legal requirements. 

Please contact us for further information on the retention periods for different aspects of your Personal Data. 

Your legal rights 

Data protection laws in our country give you the rights to... 

Request access to your Personal Data This enables you to compel us to send you a copy of the Personal Data we hold about you, e.g. to check that we are lawfully processing it. 

Request correction of your Personal Data This enables you to compel us to correct any incomplete or inaccurate data we hold about you (though please note we may need to verify the accuracy of any new data you provide to us). 

Request erasure of your Personal Data This enables you to compel us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to compel us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your Personal Data to comply with local law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons – where this is the case, we will notify you. 

Object to processing of your Personal DataIf there is something about your particular situation which makes you feel our processing of your Personal Data has impacted upon your fundamental rights and freedoms, you have the right to object. This can include our processing of your Personal Data for direct marketing purposes. Please note, though, that if we can demonstrate that we have compelling legitimate grounds to process your data, these can override your rights and freedoms. 

Request restricted processing of your Personal DataThis enables you to compel us to suspend the processing of your Personal Data in the following scenarios: (a) to establish the data’s accuracy; 

(b) where our use of the data is unlawful but you do not want us to erase it;

(c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or 

(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. 

Request the transfer of your Personal Data to you or to a third party This enables you to compel us to provide you, or a third party you have chosen, with a copy of your Personal Data in a structured, commonly used, machinereadable format. Please note that this right only applies to automated information which you initially provided consent for us to use, or data we used to perform a contract with you. 

Withdraw consent at any time where we are relying on consent to process your Personal Data Please note that your exercising of this right will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

If you wish to exercise any of the rights set out above, please contact us. 

No fee usually required 

In almost all cases, you will not have to pay a fee to access the Personal Data we hold for you, nor to exercise any of your other rights. 

However, please note that we may need to charge a reasonable fee if your request is unfounded, repetitive or excessive. 

What we may need from you 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. 

Time limit to respond 

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a large number of requests. In this case, we will notify you and keep you updated. 


“lawful basis” or “legitimate interest” 

These are the interests of conducting and managing our business to enable us to give you the best service/product, including the best and most secure experience of our products/services. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. 

“performance of contract” 

Processing your Personal Data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract. 

“comply with a legal or regulatory obligation” 

Processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to. 

“third parties” 

External service providers who provide us with services, such as... 

  • IT and system administration; 
  • lawyers; 
  • bankers; 
  • accountants;
  • auditors; and/or
  • insurers. 

Changes to this policy 

We may update this policy from time to time. We will notify you of any changes via email and/or a prominent notice on our website and social media, prior to the change becoming effective. The date of the latest change will also update the date at the top of this document. 

Please review this policy periodically for any changes. 

Login Join My Path Stories Podcasts Contact