GDPR Compliance

Last updated: March 2026

Our Commitment

Social Tale is committed to ensuring compliance with the General Data Protection Regulation (GDPR). We take the protection of personal data seriously and have implemented measures to ensure your rights are upheld.

Data Controller

Social Tale acts as the data controller for personal data collected through our website and direct communications. For client engagements, we may also act as a data processor where we handle data on behalf of our clients.

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent: Where you have given clear consent for us to process your data for a specific purpose (e.g., newsletter subscriptions)
• Contract: Where processing is necessary for the performance of a contract (e.g., service delivery)
• Legitimate Interest: Where processing is necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: Where processing is necessary to comply with legal requirements

Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right Not to Be Subject to Automated Decision-Making: Right not to be subject to decisions based solely on automated processing

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Data processing agreements with third-party providers

International Data Transfers

Where we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at hello@socialtale.co. We will respond to your request within 30 days.

Supervisory Authority

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.