StoryWeaver Games
StoryWeaver Games
  • It's time to break the rules...

Home // Privacy //

We care about privacy... here's how!


StoryWeaver Games is an indie games company run by a collection of gamers just like you! We don’t like spam. We don’t want to be digitally stalked. We value our freedom. We value our right to choose who we share information with and the right to withdraw that permission.

For this reason, we take privacy and the protection of your data seriously.

The good news is GDPR has given the world a wake-up call on privacy and we’ve always gone out of our way to adhere to the principles it now legislates.


The information contained within this privacy notice covers all the ways we collect and use customer information. Yes, it’s a long document. Sorry… but there is a lot to cover. 

Here's the short version:

  • We use cookies and tracking codes on our website so we can tailor our pages give you a good user experience, to tailor advertisements and content.
  • We capture information on your name, email and what you purchase, both directly on our website and through partners.  This information resides in Zoho One which is GDPR compliance and highly secure.  You ever want your records expunged from our CRM just email with the subject line “Remove Me.”
  • We maintain email lists in several services:
    • Mailchimp
    • Zoho One
    • Viral Loops
    • e-junkie
    • OneBookshelf

All vendors maintain VERY strict no-spam policies and adhere to GDRP principles. You can read their privacy statements on their websites. If you want to be removed from these lists, email with the subject line “Remove Me.”

If we ever discover we are breached, or that one of our information services is breached, we will alert you by email as to the scope of impact of the breach with 48 hours of our being notified. 

StoryWeaver Games Privacy Statement

Who we are?

StoryWeaver games is a small, independent tabletop games publisher.  In reality, we are a few dedicated fans of gaming.  Dr. Joseph Sweeney (Doc’ Joe) ( is the founder and owner.  He is the representative for all data issues and has been tasked as the privacy officer ( 

What information do we collect?

We collect information based on an ‘as needed’ basis:

  • First and Last name
  • Email address
  • What you purchased
  • Date of purchase
  • Shipping address (if needed)

Credit Card Data:
  • StoryWeaver does NOT collect credit card information – all payments are handled through payment gateways, namely PayPal.

Mailing Lists and Competitions
  • First and Last name
  • Email address
  • Details pertinent to the competition

Social Media:
  • StoryWeaver maintains social media pages and groups on FaceBook, Twitter, LinkedIn and Instagram for the purpose of communicating with subscribers to those specific pages and services. 
  • StoryWeaver does not extract information about user details from these social media platforms.
  • StoryWeaver uses the above social media advertising services for promotion, adhering to each vendor’s relevant advertising data protection policies. 

How do we use personal information?

We use data collected on our website for:
  • personalisation of website content and to improve user experiences
  • deliver marketing and events communication
  • carrying out polls and surveys
  • conducting competitions and give-aways
  • providing goods and services
  • legal obligations (as demanded by legislation)
  • meeting internal data privacy audit requirements

What legal basis do we have for processing your personal data?

  • consent: email lists and competitions are opt-in with consent confirmation
  • contract: sales fulfilment, both digital and physical are considered contractual arrangements
  • legitimate interests: promotion of products to those that have purchased similar
  • vital interests: data breach notifications
  • legal obligation: on legally enforceable requests

Individuals may withdraw consent at any time by emailing 

When do we share personal data?

StoryWeaver will treat personal data confidentially. 

Legal Requests
  • StoryWeaver Games may disclose or share it information based on a legitimate legal request. In these cases, where legally permissible, StoryWeaver will inform parties affected by such requests.

Third Party Information Services
  • StoryWeaver does not rent, sell and give away personal data.

Where do we store and process personal data?

StoryWeavers customer data is stored in a variety of secure information services:

  • Zoho One:  Is the primacy repository of customer data, including name, email, products purchased, correspondence, competition entries and website chat.
  • MailChimp:  Mailing list service. Stores names, email addressed.
  • Viral Loops: Used to run online competitions. Stores names, email addresses, and rewards.
  • E-Junky: Online Store . Stores name, email, mailing address, purchase information
  • OneBookShelf: Online Store. Stores name, email, mailing address, purchase information

All of these services operate outside of the European Union. All have GDRP compliant privacy and data protection policies that may be viewed on their respective websites. 

How do we secure personal data?

  • StoryWeaver stores no information directly, but relies upon the high-standards of security of it’s information service providers.   Details of each provider’s security measures can be found on their respective websites.

  • StoryWeaver uses the strongest security measures for access to its information services, including but not limited to two-factor authentication (where available).

  • Storyweaver also monitors the security alerts from its information services providers. 

How long do we keep your personal data for?

  • Credit card data is not held by StoryWeaver Games
  • Sales transaction: name, email, product, stored indefinitely so customers may request replacements, communicating product updates, and related products.

Mailing lists:
  • Subscriptions: name, email address, continues indefinitely, or until member unsubscribes.

  • Entries: name, email address, entry, stored for 6 months after the competition of the competition.

Once data has expired past the above, or upon request (, it will be deleted in all information systems managed by StoryWeaver.

Your rights in relation to personal data

  • Access to personal information.  To know what data we have stored on you, please email We will (a) validate you are who you say you are, (b) review your request and collect information, (c) report back to you what information we have and on what information system it is stored, within 5 working days.
  • To correct or request deletion of your personal information held by StoryWeaver, please email We will (a) validate you are who you say you are, (b) review your request and process the information change, (c) confirm the changes within 5 working days.
  • Withdrawal of consent.  You may unsubscribe from StoryWeaver email and competition alerts at any time by clicking on the unsubscribe button in emails. You may also email with a request to be removed from our systems entirely.
  • Data portability. Since StoryWeaver does not directly hold personal information, we cannot guarantee easy portability of your information. However, we can provide your all information held in an open text format, as per ‘access to personal information,’ above.
  • Restriction of processing and objection:  If you do not wish to be included in StoryWeaver’s information process, please send a request to and we will remove your personal data from all out systems. 
  • Lodging a complaint with the Information Commissioner’s Office. If we are not living up to your expectations with regards to information privacy, please reach out to us first. We take this seriously – not just from a legal perspective, but from an ethical stand.  We will work with you to sort out any concerns you may have. If we still can’t work with you, then we will remove your data from our systems. If that fails, then we do deserve to be reported to the Information Commissioner’s Office.

Use of automated decision-making and profiling

  • The StoryWeaver website(s) may use automatic personalisation of pages based on personal data based on referrals and online advertising. 

How to contact us?

If you wish to contact us with questions or complaints regarding the use of your personal data, please:

  • Email:
  • Post: Dr Joseph Sweeney, StoryWeaver Games, PO Box 634, Hornsby NSW, 1630, Australia

Use of cookies and other technologies

StoryWeaver uses cookies and tracking codes store and manage user preferences and personalise the user experience on your website, to advertise analyse user and usage data. 

Detailed privacy and cookie use statement


Last updated: 8 August 2019


1.1  The website (the Site) is operated by StoryWeaver Games ( “we”, “us”, “our”), a company registered in  Australia under company number ABN 21516346332 . Our registered office is at PO Box 634, Hornsby, Australia, 1630.

1.2  We are committed to protecting yourprivacy and complying with our data protection obligations under Australian law.  

We have based our privacy stance on the General Data Protection Regulation 2016/679 (the GDPR), which provides an even higher level of privacy regulation.

1.3  When you interact with us or use the Site, we act as the data controller of your personal data. This means that we are responsible for processing your personal data and deciding how to use it. This privacy and cookies notice explains the personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over that data. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.

1.4  This notice was last updated on the date shown at the top. We may change this notice at any time by posting an updated version on the Site and will make reasonable efforts to bring any material changes to your attention. You may wish to check it before using the Site as any changes will be effective from the date that they are made.


2.1  If you have any concerns or would like further information about our use of data or this notice in general, you can contact at PO Box 634, Hornsby, Australia, 1630.


3.1  We collect, store and use the types of personal data set out in the table at the end of this notice.


4.1  We will use your personal data for the purposes set out in the table at the end of this notice.

4.2  We profile our customers so that we can find out more information about their preferences and market the most relevant products to them. To do this, we compile a profile of information on you which includes your age, gender, purchase history, pages you visit and how you respond to direct marketing communications.

4.3  Subject to paragraph 8.5, you have the right to object to profiling activities where these are carried out for the purposes of direct marketing, for our legitimate interests or for a task which is in the public interest.


5.1  When we share personal data, we do so in accordance with Data Protection law. We may share certain personal data:

5.1.1  with parties who provide products or services to us, such as, user analytics, email services, payment processing, advertising, user notification and feedback functionality, delivery couriers etc;

5.1.2  with government or quasi-governmental organisations, law enforcement and other regulatory authorities or third parties when required or permitted by law, including but not limited to in response to court orders, for the prevention and detection of crime and to protect intellectual property and any other legal rights;

5.2  We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before we do so we will make sure that it does not identify you.

5.3  In some cases, when we share personal data, it will involve the transfer of that personal data to countries outside the EEA which have different data protection standards to those which apply in the EEA.

5.4  Where we transfer personal data outside the EEA we will ensure that there are adequate safeguards to protect your privacy rights under Data Protection Law.


6.1  We and our third-party service providers use cookies and similar technologies to collect information about, and relevant to, your usage of the Site. Cookies are small text files that are stored on your computer when you visit the Site. It is standard practice to use cookies to improve your experience when using a website.

6.2  We use the following categories of cookies and similar technologies on this Site:

6.2.1  Strictly necessary cookies: These cookies are essential to enable you to move around the Site and use its features. Without these cookies, services you have asked for (such as remembering your login details or the items you placed in your basket) cannot be provided.

6.2.2  Analytics cookies: These cookies collect information about how you use the Site, for instance which pages you go to most often, what searches you perform and if you get error messages from web pages. Information these cookies collect can be used to improve how the Site works.

6.2.3  Customization cookies: These cookies allow the Site to remember choices you make (such as your user name) and provide enhanced, more personal features. These cookies cannot track your browsing activity on other Sites.

6.2.4  Security cookies: These cookies form part of our security features, for example, by helping us detect malicious activity or violations of our terms of use.

6.2.5  Social media cookies: These cookies allow you to share your activity on the Site on social media such as Facebook and Twitter. These cookies are not within our control. Please refer to the privacy policies of the social networks in question for information regarding how their cookies work.

6.2.6  Targeting or advertising cookies: These cookies record your visit to the Site, the pages you have visited and the links you have followed. We use this information to make our Site and the advertising displayed on it more relevant to your interests. [We may also share this information with third parties for this purpose.

6.3  When you visit the Site for the first time (and periodically after that), we will request your consent to the setting of all cookies other than strictly necessary cookies.

6.4  You can delete existing cookies and disable some or all types of cookies in future if you wish. To disable some or all types of cookies, you will have to change the settings on your browser. If you change your mind, you can enable cookies again at any time. Disabling cookies on your browser may stop the Site from working properly.

6.5  To find out more about cookies please visit 


7.1  This Site contains links to other websites over which we have no control. We are not responsible for and do not review or endorse the privacy policies or practices of other Sites which you choose to access from this Site. We encourage you to review the privacy policies of those other Sites, so you can understand how they collect, use and share your personal information.


8.1  We respect your rights to privacy and will respond to requests for access or control over information about you in accordance with Data Protection Law. We may require you to verify your identity before we take any action.

8.2  Depending on the reason we have your personal data, you have a right to:

8.2.1  access the personal information we hold about you (commonly known as subject access);

8.2.2  request that we correct or complete personal information we hold about you that is inaccurate or incomplete;

8.2.3  request that we erase your personal information in some circumstances, or object to our processing it as detailed at paragraph 8.5;

8.2.4  restrict how we use your personal information, in certain circumstances;

8.2.5  request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services; and

8.2.6  where we have asked for your consent to process your data, to withdraw this consent.

8.3  These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.

8.4  If you wish to exercise any of these rights, please contact us using the details in paragraph 2 above.

8.5  Your right to object

You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data or direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.

If our processing of your personal data is in the public interest or pursuant to our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests, or our use of your personal data is for the establishment, exercise or defence of legal claims.

8.6  We hope that we can satisfy any queries you may have about the way we process your data. However, if you have unresolved concerns you also have the right to complain to data protection authorities (in the UK, the Information Commissioner’s Office). You can call the ICO on 0303 123 1113 or go to their website:


9.1  Your personal data will only be kept for as long as necessary for our purposes. Specific periods are set out in the table at the end of this notice.


10.1  We process your personal data in accordance with the following principles:

10.1.1  we process your personal data lawfully, fairly and in a transparent way;

10.1.2  we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which for which we collected it;

10.1.3  we only process personal data which is adequate, relevant and limited to what is necessary to achieve the purpose for which it is processed;

10.1.4  we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;

10.1.5  we do not store personal data in a form which identifies you for any longer than is necessary for the purposes of processing; and

10.1.6  we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.

10.2  When we ask for your personal data we will tell you whether you are required by law or contract to provide it, and what will happen if you do not provide the data. 

10.3  Any request for consent to the processing of your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.


11.1  We will only process personal data when we have a lawful basis for doing that processing. The table at the end of this notice sets out the lawful basis we rely on for each type of data we process.

11.2  We will choose one of the lawful bases in the GDPR to justify how we use your personal data. These are:

11.2.1  Consent: You have given consent to the processing of your personal data for one or more specific purposes.

11.2.2  Contract: The processing is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract.

11.2.3  Legal obligation: We need to process your personal data to comply with a legal obligation.

11.2.4  Vital interests: The processing is necessary to protect the vital interests of you or another person.

11.2.5  Public interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of some official authority.

11.2.6  Legitimate interests: Processing is necessary for the purposes of legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.




The table below sets out detailed information about our purposes for processing, the basis for processing and the retention period for the personal data.


Category of personal data


Purpose of processing


Lawful basis for processing


Retention period


Name and contact details


To deliver your purchases to you; To send you order updates; To send you product news and offers.


Provision of sales and marketing


For three years since your last purchase or interaction with StoryWeaver Games

Payment information


To take payment and give refunds

Performance of contract

For three years since your last purchase or interaction with StoryWeaver Games

Contact history

To provide customer services and replacement digital products.

Provide product updates and replacements.


For six years since your last purchase or interaction with StoryWeaver Games

Saved items in online shopping basket

To sell products and services to you.



Performance of contract

For three years since your last purchase or interaction with StoryWeaver Games



Purchase history


To provide customer service and support and handle returns.


Performance of contract

For six years since your last purchase or interaction with StoryWeaver Games

Browser, device and Site usage information


To improve the Site.


Legitimate interest in maintaining our Site.


For six months since you last logged on to the Site

Responses to surveys, competitions and promotions


To run the survey, competition or promotion.


For three years.

Customer comments and product reviews


To improve our products and services


For six years

Information generated in the course of the use of our products and services


To improve and test the features and functions of our Site

The business needs to maintain and update its webset.


For six months.

Information collected through cookies and similar technologies

To conduct and store site usage analytics, statistical and trend analysis and market research.


To market products accurately and effectively.


For three months.