2 Changes to this Privacy & Cookies Policy
3 The information we collect and how and why we use it
4 How else may we use the information we collect?
5 Information sharing and disclosure
6 Your payment details
7 Other types of information we collect and use
8 Cookies and similar technologies
10 How do we protect personal information?
11 Accessing and updating your personal information
12 Ending your access and retention of data
13 Transfer of information outside the EEA
14 Your legal rights
16 About us and how to contact us
1.1 Welcome to the Pottermore Shop (the “Shop”), the online digital content store of Wizarding World books, artwork and other digital content . The Shop is described in more detail in the Pottermore Shop Terms & Conditions. The Shop is owned and operated by Pottermore Limited (referred to as “Pottermore”, “we”, “us” or “our” as appropriate), a company established in England and Wales. The Shop is currently available at https://uk.shop.pottermore.com, https://gbp.shop.pottermore.com, https://eur.shop.pottermore.com or https://usd.shop.pottermore.com (depending on your location). We may also make the Shop, parts of it or other versions of it available through further digital channels or devices.
1.3 We strive to protect the privacy of Shop users. We encourage all users to act responsibly and with care when it comes to their personal information and that of others. Please read this Privacy & Cookies Policy to understand how the information you provide to us is used.
1.4 We have also appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy & Cookies Policy. Our current DPO is Ms Louise Hughes. If you have any queries or concerns about this Privacy & Cookies Policy or wish to exercise any legal rights in relation to your personal data, please contact the DPO using the details set out in the contact information at the end of this Privacy & Cookies Policy.
1.5 You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
2. Changes to this Privacy & Cookies Policy
2.1 Subject to applicable law, we may make changes to this Privacy & Cookies Policy at any time. See the end of this Privacy & Cookies Policy for details of the date when it was last updated. We may notify you of any such changes by sending you notice in writing, by posting a copy of the revised Privacy & Cookies Policy on the Shop and/or by emailing you at the email address that you have provided to us.
2.2 We ask that users of the Shop keep their account information up-to-date, including your email address, so that any notice that we send you by email under this section reaches you.
2.3 If we make any material changes in the way we collect, use and/or share personal information, we will give you prominent notice of those changes. We will not, without your consent or another lawful basis for doing so, apply those changes to any personal information that we previously collected from you.
3. The information we collect and how and why we use it
3.1 Personal data
We collect personal information about you on or via the Shop, in limited circumstances described below, including when: (a) you choose to provide it to us when contacting us; or (b) the technical data that we collect (such as an IP address) are treated as personal data under applicable laws; or (c) you provide this information to us when making a purchase from the Shop. In this Privacy & Cookies Policy the term “personal data”, or “personal information”, means any information about an individual from which that person can be identified, excluding data where the identity has been removed (i.e. anonymous data).
If you wish to buy content from the Pottermore Shop, you will need to provide us with a valid email address at the time of purchase.
Lawful bases for processing
We shall only use your personal data when the law allows us to do so. Most commonly, we shall use your personal data in the following circumstances:
where we need to perform any contract that we are about to enter into or have entered into with you (such as a contract for the sale of products or digital content via the Shop);
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights and freedoms do not override our (or such third party’s) interests; and/or
where we need to comply with a legal or regulatory obligation.
Please refer to the Glossary to find out more about the types of lawful basis that we shall rely on to process your personal data.
We do not generally rely on consent as a lawful basis for processing your personal data – other than in relation to the sending of third-party direct marketing communications to you via email, if you agree to receive such communications. You have the right to withdraw consent to such marketing at any time by contacting us.
Purposes for using your personal data
We have set out below a description of all the ways that we may use your personal data, and which of the lawful bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact if you would like further details about the specific lawful basis that we are relying on to process your personal data where more than one basis has been set out below.
(1) Basis: where necessary to perform a contract with you (or to take steps at your request before entering into a contract)
Purposes of processing:
a. To provide you with access to content, products, services and other features on or via the Shop.
b. To send you information about changes to our terms or policies.
c. To process your payment and to fulfil your purchase or other transaction, including related communications about those.
d. To personalise your purchase.
e. To identify you in our internal records as the purchaser of the product that you order.
f. To contact you by postal mail if we cannot contact you by other methods.
g. To determine which versions of the product (for example, which edition of an ebook) are available in your country.
(2) Basis: where necessary for purposes of our or third parties’ legitimate interests
Purposes of processing (and related legitimate interests):
a. To respond to your enquiries, e.g. to send you information you have requested, and to offer customer/user support services (fulfilling your request and providing you with such assistance).
b. To assist with the security and safety of our sites and users, e.g. by trying to prevent unauthorised or malicious activities (making our sites safe for users).
c. To enforce compliance with our terms and policies and to help other organisations, such as copyright owners, to enforce their rights, including by sharing your information with relevant third parties to assist us or them in pursuing available remedies and/or limiting any loss or damage sustained (protecting our and others’ rights).
d. To detect and prevent fraud (tackling fraudulent activity).
e. To analyse and understand how our sites are used, including by aggregating data about categories of users and by informing surveys, so that we can develop, maintain, personalise, protect and improve our sites (researching site usage and compiling usage statistics with a view to operating our sites more effectively and enhancing them to improve your experience).
f. To send you site-generated emails.
g. For other business and operational purposes related to the Shop.
(3) Basis: where necessary for complying with our legal obligations
Purposes of processing:
a. In response to requests by government or law enforcement authorities conducting an investigation.
b. To comply with any other legal requirements.
3.2 Types of non-personal information we collect and use
In addition we may collect information that does not represent personal data for a variety of purposes as set out below:
Anonymous analytics data
Like many companies who operate websites, we collect basic information about your use of our Shop, such as the number and duration of visits to the Shop, your user type or category, any search queries entered on our Shop, and details of which particular pages have been visited. We do not combine this information with any other information that could identify you personally. We use this information to analyse how the Shop is functioning and how it is used by our users, to help us maintain and improve the Shop on an ongoing basis.
While using the Shop, certain information is automatically logged about how you are using the Shop to analyse performance and usage of the Shop. This information may include the URL of the website that linked you to the Shop, your IP address and the pages you visit while on the Shop. The IP address indicates the location of your computer on the internet. We use this information to analyse how the Shop is functioning and how it is used by our users, to help us maintain and improve the Shop on an ongoing basis.
Third-party analytics data
Like many companies that operate websites, we allow carefully selected third parties to set cookies in order to capture analytics information, where permitted. When you use social-media functionality on the Shop, analytics cookies may be set to measure usage. This information may be linked to your device, but otherwise is collected in a way that does not identify you personally.
3.3 Children’s privacy. In various countries, local data protection laws treat individuals under a certain age (“Relevant Age”) as children whose personal data require additional protection under such laws. In the UK, for example, the Relevant Age is 13 for the purposes of obtaining valid consent from individuals by online means. For any given country in which Shop users are based: (a) we do not knowingly collect personal information from children under the Relevant Age; and (b) if we become aware that we have inadvertently collected personal information from a Shop user under the Relevant Age, we will delete such information from our records. If you believe your child has provided us with personal information and you would like to have the personal information deleted, please contact us using the contact information below.
3.4 Minors’ privacy in the context of the Pottermore Shop. In the context of purchasers from the Pottermore Shop, we do not knowingly use personal information from persons under the age of majority in the relevant country. If we become aware that a person under the age of majority in the relevant country is attempting to access the Pottermore Shop, we may use technical measures to prevent such person from entering into transactions on the Pottermore Shop. If you believe your child has provided us with personal information and you would like to have the personal information deleted in such context, please contact us using the contact information below.
3.5 Special data. We do not seek to collect any special categories of personal data about you: those would include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we seek to collect any information about criminal convictions and offences. If, however, when using any interactive feature of the Shop (such as an online contact form or questionnaire), you in fact provide us with any such special data or information about criminal convictions and offences, then by submitting such data/information, we’ll assume that you are fine with our use of such data/information for (a) the purpose for which you have voluntarily provided such data/information and (b) any purpose that is reasonably compatible with such purpose. You may withdraw that permission at any time by contacting us.
3.6 If you fail to provide data. Where we need to collect personal data by law, or under the terms of a contract that we have with you and you fail to provide those data when requested, we may not be able to perform the contract that we have or are trying to enter into with you (for example, to provide you with products or digital content). If so, we shall notify you if this is the case at the time.
4. How else may we use the information we collect?
4.1 Legal action. We may use the information we collect to comply with law, to investigate a complaint made by another user or a potential breach of the Pottermore Shop Terms & Conditions or to prevent and detect unlawful or criminal activity, fraud and misuse of, or damage to, the Shop or the content made available through it, and to take appropriate legal action against those responsible. Such use will be necessary to comply with a legal obligation or necessary for our and/or others’ legitimate interests (in being protected from such potentially harmful/unlawful acts or omissions).
4.2 Linking data. We may on occasion link or combine the information that we collect about you with information that we receive from other sources. We may combine this information with information you give to us and information we collect about you. (For example, we may decide to combine two or more databases into a single database of user information.) We may use this information and the combined information for your and/or our benefit (for example, to allow us to provide a more seamless support whenever you contact us or to provide you with better, personalised services and content and/or, if you have opted to receive such communications, recommendations about trusted partners’ products, content or services that might interest you). Such use will be necessary for our legitimate interests (in improving our operation and your experience of the Shop).
4.3 Change of purpose. We shall only use your personal data for the purposes for which we collected the data, unless we reasonably consider that we need to use such data for another reason and that reason is compatible with the original purpose. If you would like to get an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we shall notify you and explain the legal basis on which we intend to rely.
4.4 Legal use. Please note that we may also process your personal data without your knowledge or consent, in compliance with the above rules, if and to the extent that this is required or permitted by law.
5. Information sharing and disclosure
We share your personal information in certain limited ways as described below. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We refer below to “Internal Third Parties” and “External Third Parties”, which are defined in section 15.2 below.
5.1 If you disclose personal information to us when contacting us with a query or placing an order, we may share that personal information with relevant Internal Third Parties and/or External Third Parties for the purpose of handling your query or order, for fraud prevention and for the purposes of operating, managing and administering (including, without limitation, transaction processing on) the Shop.
5.2 We may share your information with other External Third Parties for the performance of any contract we enter into with them in connection with the Shop.
5.3 We may further share and disclose your personal information with other External Third Parties for the purpose of better integrating their services with the Pottermore Shop. Before we share or disclose any of your personal information with any Internal Third Parties and/or External Third Parties for marketing purposes, we will ask you for your permission to do so.
5.4 In addition, we may share information about visitors to the Shop in an anonymous and aggregate form with relevant Internal Third Parties and/or External Third Parties to understand user trends and patterns and to manage and improve our business relationships.
5.5 We do not send any information that we collect on the Shop to any social networking sites, nor do we share that information with such sites. We do not collect any personal information about you from those sites.
5.6 We may disclose information we collect, including personal information, as set out below:
(a) to Internal Third Parties and/or External Third Parties for them to administer any accounts or services provided to you through the Shop as described above;
(b) if you consent to receiving marketing communications from Internal Third Parties and/or External Third Parties, to those third parties, for them to send you marketing communications regarding products, content and services they offer;
(c) if there is a change (whether in whole or in part) in the ownership, operation or control of Pottermore Limited, our business or any of our assets, including a change as a result of insolvency or bankruptcy, we may disclose information to the new owner, operator or controller and, if we do so, we will require such person to use it only (i) in accordance with the provisions of our Pottermore Shop Privacy & Cookies Policy (or provisions that are compatible with those) and/or (ii) as may be required or permitted by law;
(d) apart from the use and sharing of your personal information in the circumstances already described, we may share information we collect (including personal information) as required or allowed by law (for example, as needed to protect our and our licensors’ rights and property or to comply with any applicable law or valid legal process);
(e) to affiliated companies and/or joint venture partners in connection with the Shop; and/or
(f) with your permission.
6. Your payment details
We will never send you an email containing your full payment details, and we will never publicly disclose your payment details, whether on the Pottermore Shop or elsewhere. If you appear to have received an email from us, or seen a Pottermore Shop page, that displays your full payment details, this is not genuine – a third party may be attempting to steal your information. Please see section 10 for further information on how we protect the payment information held for you for the Pottermore Shop.
7. Other types of information we collect and use
7.1 We aim to provide a number of features that help provide a more personalised and enhanced experience to our users. To achieve this, we may collect and use a limited amount of information from you that does not (in itself) identify you personally. In addition, we may ask you about which books and films in the Harry Potter series you have enjoyed. We will never publicly disclose any such information on the Shop without obtaining your permission.
7.3 We also use watermarking technology to help us combat hacking, piracy and the unauthorised use of digital content sold through the Pottermore Shop. This involves the use of code numbers to help us to identify individual copies of such content. We may use such watermarking technology to identify items purchased by you to help us investigate and protect against hacking, piracy, unauthorised use and any other behaviour that may be in breach of the Pottermore Shop Terms & Conditions or applicable laws.
7.4 We may disclose fully anonymised information, including aggregated or de-identified anonymous data, in our discretion.
8. Cookies and similar technologies
8.1 While you are using the Shop, certain information is logged about how you are using the Shop to analyse performance and usage of the Shop. This information may include, for example, the URL of the website that linked you to the Shop, your IP address and the pages you visit while on the Shop. The IP address indicates the location of your computer on the internet.
8.2 A “cookie” is a small data file that is sent to your browser from a web server and stored on your device’s hard drive. References below to “cookies” also include other means of automatically accessing or storing information on your device. Many browsers are set to accept cookies by default. You have the ability to accept or decline cookies as you prefer: please see section 8.4 below for further details.
8.3 We use various different types of cookie via the Shop.
We also use “persistent cookies” (which are longer-term) (and other automatically tracked information) to help you move around and enjoy the features on the Pottermore Shop more easily and to remember settings to improve your visit, such as, for example, your site language preferences or whether you want to be signed in automatically next time you visit.
So cookies allow you to take advantage of some of the Shop's key features. If you choose to decline cookies, you may not be able to sign in or to use other interactive features of the Shop and its services that depend on cookies.
Analytics (e.g. Google Analytics; Webengage)
These cookies are used to compile various (anonymised) metrics for our users to get a better understanding of how the Shop is used (pages visited and time spent on the Shop, for example), so that we can deliver more of the content you want, and less of the content you don’t. This information also helps us to make better decisions for our future initiatives. We use partners like Webengage and Google Analytics. These analytics cookies may be set by those partners, and set in accordance with the relevant partner’s own privacy and cookies policies. Please see section 8.4 below for information on opting out of Google Analytics.
E-commerce cookies may be used via the Pottermore Shop to manage your shopping basket and user experience. We use Shopify. Certain e-commerce cookies may be set by Shopify in accordance with its own privacy and cookies policies.
Customer Service (ZenDesk)
Our customer services partner ZenDesk may set cookies if you visit the ZenDesk Help Center to improve your experience and understand your user preferences. Those website cookies would be set by ZenDesk in accordance with its own privacy and cookies policies.
This type of cookie lets us track how long it takes users to load each page, what pages we can cache and whether we need you to log in again. We don’t use any third parties for this.
Websites often collect information about how users interact with a website. This may include the pages that users visit most often, and whether users get error messages from certain pages. We may use these so-called “session state cookies” to help us improve our services, in order to improve our users’ browsing experience. Blocking or deleting these cookies will not render the Shop unusable.
The cookies outlined above expire after varying periods from around 30 minutes up to 2 years or more. The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted.
8.4 You may refuse to accept cookies by activating the setting on your web browser that allows you to refuse the setting of cookies, or you can modify your browser so that it notifies you when cookies are sent to it. The Help portion of your browser, most likely found on the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. You can check whether these settings are currently enabled on your computer – or find out how to change your current settings – here (but note that Pottermore does not control these third-party resources):
Unless you do this, cookies will be issued when you use the Shop, but you can disable them via your browser at any time. If you do not accept cookies or decide to disable them, you will still be able to access and use the Shop, but you may lose some features and functionality. For example, you cannot remain signed in to the Shop if you disable cookies.
If you wish to restrict or block web browser cookies which are set on your device, then you can do this by going to the help menu within your internet browser. Alternatively, you may wish to visit the “manage cookies” section on www.allaboutcookies.org, which contains information on how to prevent cookies from being stored on your device.
To opt out of being tracked by Google Analytics across websites visit: http://tools.google.com/dlpage/gaoptout/
10. How do we protect personal information?
10.1 As required by applicable data-protection and privacy laws, we follow appropriate security procedures in relation to the storage and disclosure of information that you have given to us in order to protect against unauthorised access. In particular, we take steps to protect the security of your information, including your payment information and passwords, with appropriate physical, technological and administrative measures. Please note the inherent risks of providing information and dealing online, and we will not accept responsibility for any breach of security that is due to circumstances beyond our reasonable control.
10.2 We have put in place procedures to deal with any suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
10.3 If you have any concerns about data security, please see the end of this Privacy & Cookies Policy for details of how to contact us.
11. Accessing and updating your personal information
11.1 Please also see section 14 below for details of your legal rights of access and other legal rights in relation to your personal data.
12. Ending your access and retention of data
12.1 Ending your access.
We reserve the right to suspend or terminate access to your purchases on the Shop for any reason.
You can delete your purchases from the Shop by sending us a written request. To find out how to do so, please refer to our FAQ pages in the first instance. We will endeavour to comply with any such request promptly and in any event within thirty (30) days of receiving your request.
12.2 Retention of data.
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected such data, including for the purposes of satisfying any legal, accounting or reporting requirements.
When we terminate your access to the Shop, we will delete all the personal information, including your activity history, associated with your email address (except for any basic information about our customers that we are required by law to retain for six years after ceasing to be customers for tax purposes). Once your access has been terminated, you will not be able to access your purchases without contacting us.
In other respects, elements of your personal information and activity history on the Shop may be retained as long as necessary as required by law. After such time, those data may be retained in fully anonymised form, and then used in order to improve our services.
Nothing in this section 12 affects your legal rights in relation to your personal data: please see section 14 below for details of those.
13. Transfer of information outside the EEA
13.1 We may sometimes share the information we collect with Internal Third Parties and/or External Third Parties in the limited circumstances described in section 5 above. Some of those third parties may be based in locations outside the European Economic Area (“EEA”).
13.2 Also, while many of our services are hosted and managed within the EEA, we may transfer, store, or process information at locations outside the EEA. It may be processed by staff operating outside the EEA who work for us or for one of the Internal Third Parties and/or External Third Parties. Such staff may be engaged in, among other things, the provision of support services.
13.3 In connection with such transfer, storing and processing, we will take all steps necessary to ensure that your data are processed securely, lawfully and in accordance with this Privacy & Cookies Policy. These steps may include our use of model clauses issued by the European Commission or such other schemes or arrangements as may be appropriate from time to time to cover transfers of personal data outside of the EEA (i.e. which, in effect, give personal data the same protection that the data have within Europe), including, in the case of the USA, by using third parties that have signed up to the EU-US Privacy Shield framework. For further details of such safeguards, please see the European Commission’s website.
13.4 Please note that the governments, courts or law-enforcement or regulatory authorities of countries outside the EEA, in addition to those within the EEA, may be able to obtain access to or disclosure of any personal information processed in those locations through the laws of their respective countries.
13.5 If you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us.
14.1 Rights. Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
right of access to your personal data;
right to rectification of your personal data;
right to erasure of your personal data;
right to restriction of processing of your personal data;
right to portability of your personal data;
right to object to processing of your personal data;
right not to be subject to automated decision-making (including profiling); and
right to withdraw consent to processing of your personal data.
To find out more about these rights, please see section 15 below and the ICO’s website (www.ico.org.uk).
14.2 Exercising your rights. If you wish to exercise any of those rights, please contact us.
14.3 No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
14.4 What we may need from you. We may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data are not disclosed to any person that has no right to receive such data. We may also contact you to ask you for further information in relation to your request to speed up our response.
14.5 Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we shall notify you and keep you updated.
15.1 Lawful basis.
“Legitimate interest” means the interest of our business in conducting and managing our business to enable us to give you the best services/products/content and the best and most secure experience. We make sure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
“Performance of a contract” means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
“Comply with a legal or regulatory obligation” means processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject.
“Internal Third Parties” means other entities that are direct or indirect subsidiaries of Pottermore and/or owned and/or controlled (directly or indirectly) by J.K. Rowling from time to time (acting as co-controllers or as processors), which are based in the EU or USA and provide certain operational and/or administrative services to us and/or otherwise in relation to the Wizarding World, and includes the officers, employees and agents of such entities who are involved in such services. Such agents include The Blair Partnership and J.K. Rowling’s private family office, each based in the UK.
“External Third Parties” means:
Service providers and other commercial partners (acting as processors) based in the UK, EU or USA that support us in fulfilling our contractual obligations and in operating our business, including those providing us with certain account-registration, marketing, public-relations and data-processing services, order fulfilment services, payment processors, customer services and IT and communication services (such as server-hosting, CRM-platform, email and telephony providers), and includes the officers, employees and agents of such entities who are involved in such support role. Such public-relations service providers include JKR PR (a partnership between Stonehillsalt PR Ltd and Mark Hutchinson Management Limited), based in the UK.
Professional advisers (acting as co-controllers or as processors), including lawyers, bankers, accountants and insurers, who are based in the UK, EU or USA and provide their respective professional services to us.
HM Revenue & Customs, regulators and other authorities (acting as co-controllers or as processors), which are based in the UK and may require reporting of processing activities in certain circumstances, and includes their relevant personnel.
15.3 Your legal rights.
In certain circumstances, you have the following legal rights in relation to your personal data:
Right of access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing such data.
Right of rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data that you provide to us.
Right to erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for our continuing to process such data. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Right to restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you would like us to establish the accuracy of such data; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Right to portability of your personal data to you or to a third party. If you so request, we shall provide you, or a third party that you have chosen, with a copy of your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you believe that it affects your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Right not to be subject to automated decision-making (including profiling) where that would have a significant effect on you. We do not in fact engage in such activities, so this right will not, in practice, be relevant in the context of your use of the Shop.
Right to withdraw consent at any time where we are relying on consent to process your personal data. This will not, however, affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products, content or services to you. We shall inform you if that is the case at the time when you withdraw your consent.
16.1 The Shop is owned by Pottermore Limited, a company incorporated in England and Wales, whose company details are as follows:
Devonshire House, 1 Devonshire Street, London W1W 5DR, UK
Company Registration Number:
VAT Registration Number:
ICO Registration Number:
16.2 If you would like to contact us about the information that we hold about you or to exercise any of your legal rights in relation to such information, please write to our Data Protection Officer at Pottermore Limited, PO Box 7828, London W1A 4GE, UK or email our Data Protection Officer at email@example.com, marking it clearly as a “Data subject request”.
If you have any other queries about privacy or cookies on the Shop, please feel free to contact us:
By online form: Contact us
By post: Pottermore Limited, PO Box 7828, London W1A 4GE, UK
By email: firstname.lastname@example.org
16.3 In Delaware and California, online booksellers may be legally required to prepare an annual report providing information about disclosures of personal information made to comply with legal process. Pottermore is currently exempt from this requirement, so no report has been prepared.
Last updated: 16 May 2019