CHAPTERS AND QUEST – PRIVACY POLICY
Website: www.chaptersandquest.com
Last updated: 14 February 2026
WHO WE ARE
Chapters and Quest is a trading name of Chapters and Chai Ltd, a company registered in England and Wales (company number 16590368. We operate an immersive escape room experience, “The Prison of the Lunatic Sage,” in Stockton-on-Tees.
Chapters and Chai Ltd also operates Chapters and Chai Tea Rooms (www.chaptersandchai.co.uk). Each website has its own privacy policy. This policy covers only www.chaptersandquest.com.
Website: www.chaptersandquest.com
Email: ralph@thebookdragon.co.uk
Registered address: 42 High Street, Stockton on Tees, TS18 1SB
Trading address: 42 High Street, Stockton on Tees, TS18 1SB
For the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025, the data controller is Chapters and Chai Ltd.
2. WHAT THIS POLICY COVERS
This policy explains how we collect, use, store, and protect your personal data when you:
— Visit our website
— Make a booking enquiry for our escape room
— Contact us through our website contact form
— Attend one of our events or experiences
3. WHAT DATA WE COLLECT
We collect personal data through two forms on our website and through standard website technology.
(a) Escape Room Booking Form
When you submit a booking request, we collect:
— Full name
— Email address
— Phone number
— Preferred date
— Preferred time
— Group size
(b) Contact Form
When you send us a message through the contact form, we collect:
— Full name
— Email address
— Subject of your message
— Message content
(c) Technical Data (Collected Automatically)
When you visit our website, our web server and WordPress platform may automatically collect:
— IP address
— Browser type and version
— Operating system
— Pages visited and time spent on each page
— Referring website (how you found us)
— Cookie data (see our Cookie Policy for details)
4. HOW WE USE YOUR DATA
We use your data for the following purposes:
(a) Booking Enquiries
— To process and respond to your escape room booking request
— To confirm your booking by email or phone
— To contact you if we need to change or cancel a booking
— To send you pre-visit information (e.g. what to expect, directions)
Lawful basis: Contract — processing is necessary to take steps at your request prior to entering into a contract (Article 6(1)(b) UK GDPR).
(b) Contact Form Enquiries
— To respond to your question, comment, or enquiry
— To follow up if further information is needed
Lawful basis: Legitimate interests — it is in our legitimate interest to respond to enquiries from potential and existing customers (Article 6(1)(f) UK GDPR). You have the right to object to this processing.
(c) Website Administration and Security
— To keep our website secure and functioning correctly
— To monitor and prevent misuse or attacks
— To understand how visitors use our website so we can improve it
Lawful basis: Legitimate interests — it is in our legitimate interest to maintain the security and performance of our website (Article 6(1)(f) UK GDPR).
5. WHO WE SHARE YOUR DATA WITH
We may share your data with the following categories of service provider, who act as our data processors and process data only on our instructions:
— Our website is hosted by IONOS, a web hosting provider operating secure data centres in the United Kingdom and other European locations. Personal data collected via this website is stored on servers located in the UK and/or EU and is processed in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU GDPR. IONOS acts as a data processor for the purpose of providing hosting services and implements appropriate technical and organisational measures to protect your data. You can find IONOS’ privacy policy here: https://www.ionos.co.uk/terms-gtc/privacy-policy/
— Email service provider — if we use a third-party email service to manage communications
— WordPress and form plugin providers — our website runs on WordPress, and form submissions are processed by Contact Form 7
If we are required to share your data by law (for example, in response to a court order or regulatory request), we will do so.
6. HOW LONG WE KEEP YOUR DATA
We retain your data only for as long as necessary for the purpose it was collected:
— Booking enquiry data: 12 months from the date of your visit (or from the date of your enquiry if the booking did not proceed), after which it is securely deleted
— Contact form enquiries: 12 months from the date of your message, after which it is securely deleted
— Website server logs: Up to 90 days, after which they are automatically purged
If a booking leads to a dispute, complaint, or insurance claim, we may retain the relevant data for up to 6 years to comply with the Limitation Act 1980.
7. INTERNATIONAL TRANSFERS
We aim to keep all personal data within the United Kingdom. If any of our service providers (such as our hosting or email provider) transfer data outside the UK, we will ensure that appropriate safeguards are in place, including:
— Transfers to countries or territories subject to adequacy regulations made under section 17A of the Data Protection Act 2018, where the Secretary of State has determined that the country provides a standard of data protection that is not materially lower than under UK law
— Standard contractual clauses or the UK International Data Transfer Agreement (IDTA) approved by the ICO under Article 46 UK GDPR
— In limited circumstances, reliance on exceptions under Article 49 UK GDPR, such as where the transfer is necessary for the performance of a contract.
8. YOUR RIGHTS
Under the UK GDPR and the Data (Use and Access) Act 2025, you have the following rights:
— Right of access: You can request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one month.
— Right to rectification: You can ask us to correct any inaccurate or incomplete personal data.
— Right to erasure: You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
— Right to restrict processing: You can ask us to temporarily stop processing your data in certain circumstances.
— Right to data portability: Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format.
— Right to object: You can object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.
— Right to complain to us: Under the Data (Use and Access) Act 2025, you have the right to lodge a complaint directly with us about how we handle your personal data. We will acknowledge your complaint and respond within one month.
— Right to complain to the ICO: You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
To exercise any of these rights, please contact us at ralph@thebookdragon.co.uk.
9. CHILDREN’S DATA
Our escape room is designed to be enjoyed by people of all ages, including families with children. We do not knowingly collect personal data from children under 13. Booking requests for groups that include children should be submitted by a parent or guardian.
If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that data promptly.
10. DATA SECURITY
We take appropriate technical and organisational measures to protect your personal data, including:
— SSL/TLS encryption on our website (HTTPS)
— Password-protected access to our website administration area
— Limiting access to personal data to authorised individuals only
— Regular software and security updates
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
11. CHANGES TO THIS POLICY
We may update this policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.
12. COOKIES
Our website uses cookies. For full details of the cookies we use and how to manage them, please see our Cookie Policy: Cookie Policy (UK)
13. CONTACT US
If you have any questions about this privacy policy or how we handle your personal data, please contact us:
Email: ralph@thebookdragon.co.uk
Registered address: 42 High Street, Stockton on Tees, TS18 1SB
Trading address: 42 High Street, Stockton on Tees, TS18 1SB