Privacy Policy

Elderworld Studios Ltd - Privacy Notice

This notice tells you how we look after your personal data when you visit our websites at https://www.elderworld.io/, and other our subdomains (together, the Website), access our Stag Alliance platform (Platform), and use any services we provide to you (Services). It sets out what information we collect about you, what we use it for, whom we share it with, and what to do if you have any concerns about your personal data.


We may sometimes need to update this notice, to reflect any changes to the way the Website, the Platform, or the Services are provided, or to comply with new legal requirements. We will notify you of any important changes before they take effect.

Last updated: 05 February 2024

Who we are and other important information

We are Elderworld Studios Ltd, a company incorporated and registered in England and Wales with registration number 14727949, and with its registered office at 15 Newland, Lincoln, England, LN1 1XG (we/us/our).


For all visitors to the Website and users of the Platform or the Services, we are the controller of your information (which means we decide what data we collect and how it is used). We are registered with the Information Commissioner’s Office (ICO), the England and Wales regulator for data protection matters, under number ZB657167.


If you have any questions about this privacy notice or the way that we use your information, please contact us at:

By email: privacy@elderworld.io

The information we collect about you

Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we may collect from you below:

  • Identity Data – first name, last name;
  • Contact Data – email address
  • Profile Data – username, and preferences;
  • Social Media Data – your Discord, Instagram, Twitter, and other social media usernames;
  • Communication Data – any correspondence between you and us;
  • Financial Data – digital asset wallet addresses, transaction records, or other payment methods;
  • Technical Data - internet protocol address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating systems, and platforms on your devices;
  • Usage Data - information about your visit on the Website, the Platform, or the Services, including the clickstreams, information you viewed, page response times, download errors, or length of visits;
  • Marketing Data – your marketing preferences data; and
  • Feedback – information you provide about the Website, the Platform, or the Services.

We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.


We do not collect any Special Categories of Personal Data about you (this includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health data, genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we collect your information

We use different methods to collect personal data from and about you including through:

  • Direct interactions – you may give us your Identity Data, Contact Data, or Financial Data by corresponding with us by phone, email, through the Website, the Platform, or the Services.
  • Automated technologies or interactions – as you interact with the Website, the Platform, or the Services, we will collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy below.
  • Third parties or publicly available sources – we may receive personal data about you from various third parties and public sources such as analytics providers, advertising networks, and search information providers.

How we use your information

We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:

  • fulfil our contract with you;
  • pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);
  • comply with a legal obligation that we have; and
  • do something for which you have given your consent.

The table below sets out the lawful basis we rely on when we process your personal data. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to suspect your access to or use of to the Website, the Platform, or the Services, but we will notify you if this is the case at the time.

Who we share your information with

We share (or may share) your personal data with:

  • Our personnel: our employees who have contracts containing data protection obligations;
  • Our supply chain: other organisations that help us provide the Website, the Platform, or the Services. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations;
  • Regulatory authorities: such as HMRC;
  • Strategic Partners: such as digital asset wallet providers;
  • Our professional advisers: such as our accountants or legal advisors; and
  • Any actual or potential buyer of our business.

If we were asked to provide personal data in response to a court order or legal request, we would seek legal advice before disclosing any information and carefully consider the impact on your rights.

Where your information is located or transferred to

Some of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA. We will only transfer information outside of the EEA where we have a valid legal mechanism in place (to make sure your personal data is guaranteed a level of protection, regardless of where in the world it is located). If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us at privacy@elderworld.io

Third-party links

The Website, the Platform, or the Services may include links to third-party websites, platform, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Website, the Platform, or the Services, we encourage you to read the privacy policy of every website or platform you visit.

How we keep your information safe

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.


We have also implemented up-front age verification systems, put in place specific protections, and incorporated child friendly design into the relevant elements of the Website, the Platform, and the Services. These measures help us assess and mitigate data protection risks to children when their personal data is being processed. We take appropriate actions to enforce any age restrictions we have set, including collecting parental consent when needed.


If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor (which means we only collect and process information on the instructions of a controller) for the affected personal data, we notify the controller and support them with investigating and responding to the incident.
If you notice any unusual activity on the Website, the Platform, or through accessing the Services, please contact us at privacy@elderworld.io

How long we keep your information

Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.


To decide how long to keep personal data (also known as its retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means, and any applicable legal requirements.


We may keep Identity Data, Contact Data and certain Communications Data for up to six years after the end of our contractual relationship with you. If you visit the Website or use the Platform or the Services, we keep personal data collected through our analytics tools for only for as long as necessary to fulfil the purposes we collected it for. If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you.

Your legal rights

You have specific legal rights in relation to your personal data. It is usually free to you exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens, we will always inform you in writing.

We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.


Your legal rights in respect of your personal data include:

  • Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it;
  • Correction: You can ask us to correct your personal data if it is inaccurate or incomplete;
  • Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it. If we think there is a good reason to keep the information you have asked us to delete, we will let you know and explain our decision;
  • Restriction: You can ask us to restrict how we use your personal data;
  • Objection: You can object to us using your personal data. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision;
  • Portability: You can ask us to send you an electronic copy of your personal data; and
  • Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the relevant supervisory body.

If you wish to make any of the right requests listed above, you can reach us at privacy@elderworld.io

Our cookie policy

We use cookies and similar technologies on the Website, the Platform, and the Services. Cookies are small text files that are downloaded to your device. Cookies contain a uniquely generated references which are used to distinguish you from other users. They allow information gathered on one webpage to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and provide website owners with statistics about how you interact with their websites. Cookies are not harmful to your devices (unlike a virus), but some individuals prefer not to share their information (for example, to avoid targeted advertising).

We use cookies to:

  • implement or change the Website, the Platform, and the Services in real life;
  • track how visitors use the Website, the Platform, and the Services;
  • record whether you have seen specific messages on the Website, the Platform, and the Services;
  • keep you signed into the Website, the Platform, and the Services; and
  • capture and analyse information such as number of your views and shares.

We can only use cookies with your permission (you will be prompted by a message when you first visit the Website, the Platform, or the Services, also known as a cookie banner, where you can choose to accept or decline our cookies). You can update your settings on the Website.

You can choose to decline cookies but if you turn off necessary cookies, some pages and functions on the Website, the Platform, or the Services may not work properly. You can also manage cookies through your browser settings or device settings (your user manual should contain additional information). You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics on their website).

Local storage

Local storage is similar to the use of cookies. We may use local storage and session storage to keep files associated with your use of the Website, the Platform, and the Services, and to encrypt sign in details when use access the Platform and the Services. Session storage is temporary but local storage is persistent. You can remove any local storage by clearing your browser history.