Privacy Policy
Ferventdrift RPG & Fantasy Ltd
Effective date: 08/04/2026
Last updated: 08/04/2026
Ferventdrift RPG & Fantasy Ltd ("we", "us", "our") respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you:
- visit our website;
- contact us by email, forms, social media, or other channels;
- book or enquire about our services;
- buy products or digital goods from us;
- join our mailing list, community spaces, or events;
- apply to work with us, collaborate with us, or provide services to us.
It also explains your rights under UK data protection law.
1. Who we are
Ferventdrift RPG & Fantasy Ltd is the data controller for the personal data covered by this Privacy Policy. This means we decide how and why your personal data is used. UK GDPR requires organisations to tell people who is controlling their data and how to contact them.
Company name: Ferventdrift RPG & Fantasy Ltd
Registered address: 61 Bridge Street, Kinton, Herefordshire, United Kingdom HR5 3DJ
Email: contactus@ferventdriftrpg.com
Website: https://ferventdriftrpg.com
If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us using the details above.
2. The personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
A. Identity and contact data
- name
- email address
- telephone number
- billing address
- delivery address
- social media handle or username
B. Account and booking data
- account login details
- booking details
- appointment or event attendance information
- campaign, session, table, or service preferences
- communications relating to your booking or enquiry
C. Payment and transaction data
- payment status
- order history
- billing records
- transaction identifiers
We do not normally store full card details ourselves where payments are processed by third-party payment providers.
D. Technical and usage data
- IP address
- browser type and version
- device information
- time zone and location data derived from your device or IP
- pages visited
- referral source
- cookies and similar technologies
- website usage analytics
E. Marketing and communications data
- your preferences in receiving marketing from us
- whether you opened or clicked emails
- communications you send to us
F. Community, event, and customer support data
- support requests
- reports, complaints, moderation concerns, or safety issues
- accessibility requirements you choose to share with us
- event registration details
G. Recruitment, contractor, and collaborator data
If you apply to work with us or provide services to us, we may collect:
- CVs, portfolios, application materials, and references
- professional background and experience
- business contact details
- right-to-work or identity verification information where required
3. Special category data
In limited situations, we may collect more sensitive information, such as accessibility, health, safeguarding, or inclusion-related information, but only where genuinely necessary and lawful to do so.
Under UK GDPR, this type of data needs extra protection, and organisations must identify both a lawful basis under Article 6 and an additional condition under Article 9 before processing it.
We will only process special category data where:
- you have given explicit consent;
- it is necessary to protect someone’s vital interests;
- it is necessary for legal claims;
- it is otherwise permitted by applicable law.
4. How we collect your personal data
We may collect personal data:
Directly from you
When you:
- fill in forms on our website;
- contact us by email, social media, live chat, or phone;
- book services or buy products;
- join a mailing list or community space;
- attend an event;
- apply to work with us or collaborate with us.
Automatically
When you use our website, we may automatically collect technical and usage data through cookies, server logs, analytics tools, and similar technologies.
From third parties
We may receive data from:
- payment providers;
- booking platforms;
- e-commerce platforms;
- event platforms;
- social media platforms;
- analytics providers;
- delivery partners;
- professional advisers or referees;
- fraud prevention or identity verification services.
5. Why we use your personal data and our lawful bases
UK GDPR requires organisations to explain the purposes for which they process personal data and the lawful basis they rely on.
We may use your personal data for the following purposes:
A. To respond to enquiries
We use your data to answer messages, questions, quotes, and support requests.
Lawful basis: Legitimate interests, or steps taken at your request before entering into a contract.
B. To provide our services
We use your data to manage bookings, deliver sessions, events, products, memberships, digital services, or other services you request.
Lawful basis: Contract. The ICO states contract can apply where processing is necessary to deliver a service or take requested pre-contract steps.
C. To process payments, orders, and refunds
We use your data to take payment, maintain records, and manage financial administration.
Lawful basis: Contract and legal obligation.
D. To manage customer relationships
We use your data to communicate about bookings, changes, issues, service updates, and customer support.
Lawful basis: Contract and legitimate interests.
E. To send marketing communications
We may send newsletters, updates, offers, or promotional content where permitted by law.
Lawful basis: Consent where required, or legitimate interests where lawful and appropriate.
You can unsubscribe from marketing emails at any time.
F. To improve our website, services, and customer experience
We use analytics and feedback to understand how people use our website and services and to improve them.
Lawful basis: Legitimate interests and, where required, consent for non-essential cookies or similar technologies.
G. To maintain safety, standards, moderation, and community wellbeing
We may process reports, complaints, moderation issues, access needs, conduct concerns, or safeguarding-related matters where relevant to our services, events, or community spaces.
Lawful basis: Legitimate interests, legal obligation, vital interests, and where relevant explicit consent or another lawful condition for special category data.
H. To recruit staff, contractors, or collaborators
We may use personal data to assess applications, communicate with candidates, verify suitability, and maintain recruitment records.
Lawful basis: Legitimate interests, contract, legal obligation, and in some cases consent.
I. To comply with legal and regulatory obligations
We may process data to comply with tax, accounting, fraud prevention, law enforcement, safeguarding, consumer protection, or court-related obligations.
Lawful basis: Legal obligation.
J. To establish, exercise, or defend legal claims
We may use personal data where necessary in connection with disputes or legal proceedings.
Lawful basis: Legitimate interests, legal obligation, or another lawful basis depending on context.
6. Our legitimate interests
Where we rely on legitimate interests, these may include:
- running and growing our business;
- responding to customer enquiries efficiently;
- administering bookings and services;
- maintaining security and preventing misuse;
- improving our offerings, website, and operations;
- keeping appropriate internal records;
- managing complaints, disputes, and quality standards.
Where we rely on legitimate interests, we consider your rights and interests and do not use your personal data in ways that are unfair, unexpected, or unduly intrusive. The ICO’s transparency guidance stresses that processing must be lawful, fair, and clear to individuals.
7. Who we share your personal data with
We may share personal data where necessary with:
- payment processors;
- website hosts and IT service providers;
- analytics and email marketing providers;
- booking, scheduling, or e-commerce platforms;
- delivery and logistics providers;
- professional advisers such as accountants, lawyers, and insurers;
- event, moderation, or community platform providers;
- fraud prevention, compliance, or identity verification providers;
- regulators, courts, law enforcement, or public authorities where required.
We only share personal data where there is a lawful basis to do so. The ICO states that organisations must identify a lawful basis before sharing personal data.
We require service providers acting on our behalf to process personal data only on our instructions and to keep it secure.
We do not sell your personal data.
8. International transfers
Some of our service providers may process personal data outside the UK.
Where personal data is transferred internationally, we will take steps to ensure it remains protected, such as:
- using providers in countries recognised as providing adequate protection; or
- putting approved contractual safeguards in place.
9. Data retention
UK GDPR requires privacy information to explain retention periods or the criteria used to determine them.
We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including for legal, regulatory, tax, accounting, dispute resolution, safeguarding, and record-keeping purposes.
Typical retention periods may include:
- General enquiries: up to 12 to 24 months after last contact
- Customer bookings and service records: up to 6 years after the end of the relationship
- Financial and transaction records: up to 6 years, or longer where legally required
- Marketing consent and suppression records: until you unsubscribe, plus a limited period afterward to maintain opt-out records
- Recruitment records: up to 12 months after a recruitment decision, unless a longer period is justified
- Incident, complaint, moderation, or safeguarding records: as long as reasonably necessary based on legal risk, safety needs, and compliance obligations
We may retain data for longer where required by law or where necessary to establish, exercise, or defend legal claims.
10. Cookies and similar technologies
Our website may use cookies and similar technologies to:
- make the website function properly;
- remember your preferences;
- understand website traffic and usage;
- improve performance and user experience;
- support security and fraud prevention.
Where required by law, we will ask for your consent before placing non-essential cookies on your device.
You can usually control cookies through your browser settings and any cookie preference tool we make available.
11. Your data protection rights
Individuals have rights under data protection law, and privacy notices should explain those rights.
Depending on the circumstances and the lawful basis we rely on, you may have the right to:
- be informed about how your personal data is used;
- request access to your personal data;
- request correction of inaccurate or incomplete data;
- request erasure of your personal data;
- request restriction of processing;
- object to processing based on legitimate interests or direct marketing;
- request data portability in certain circumstances;
- withdraw consent at any time where we rely on consent;
- challenge decisions made solely by automated means, if applicable.
The ICO notes that some rights depend on the lawful basis being used.
To exercise your rights, contact us using the details in section 1.
We may need to verify your identity before responding.
12. Complaints
If you have concerns about how we use your personal data, please contact us first so we can try to resolve the issue.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection matters. The ICO says people should be told how they can complain if they have concerns about data use.
13. Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.
These measures may include:
- access controls;
- password protection;
- secure payment providers;
- encryption where appropriate;
- staff confidentiality obligations;
- limited access to personal data;
- monitoring and security updates.
No internet-based system is completely immune to risk, but we work to use proportionate safeguards.
14. Children’s data
Our services may at times involve family-friendly, educational, or community-facing activities. Where a service is directed at or involves children, we will take additional care with personal data and, where appropriate, seek consent from a parent or guardian.
If you believe a child has provided us with personal data inappropriately, please contact us.
15. Third-party links
Our website or communications may contain links to third-party websites, platforms, or services. We are not responsible for their privacy practices. You should read their privacy notices separately.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or business operations.
The latest version will always be posted on our website with the updated date shown at the top.
17. Contact us
If you have questions about this Privacy Policy or wish to exercise your rights, contact:
Ferventdrift RPG & Fantasy Ltd
contactus@ferventdriftrpg.com
What you should customise before publishing
This draft is strong, but do not paste it live untouched. Add:
- your registered office address
- a privacy email address
- your website URL
- the exact services you offer
- the actual tools/platforms you use, such as Stripe, Mailchimp, Shopify, Discord, booking software, or event platforms
- your real retention periods
- your cookie setup
- whether you process children’s data at all
- whether you collect any accessibility, safeguarding, or sensitive information