This Privacy & Cookies Policy explains how we collect, process and look after your personal information, and how we use cookies. It contains 17 sections. You can view each section by selecting the relevant link below:
1.1 Welcome to our website (the “Site”), dedicated to unlocking the power of imagination. The Site is described in more detail in our Terms & Conditions. The Site is owned by Pottermore Limited (referred to as “Pottermore”, “we”, “us” or “our” as appropriate), a company established in England and Wales. The main part of the Site is currently available at www.pottermorepublishing.com. We may also make the Site, parts of it or other versions of it available through further digital channels or devices.
1.2 This Privacy & Cookies Policy describes our practices with regard to the information that we collect when you use the Site, what we do with such information and how we protect it. It also describes our practices on the use of cookies. For the purpose of relevant data-protection and privacy laws, the data controller is Pottermore Limited. Please see our Terms & Conditions for more information about Pottermore Limited and the basis on which we provide the Site. Some of the capitalised words used in this Privacy & Cookies Policy are defined in our Terms & Conditions.
1.3 We strive to protect the privacy of Site users. We encourage all users to act responsibly and with care when it comes to their personal information and that of others. Please read this Privacy & Cookies Policy to understand how the information you provide to us is used.
1.4 We have also appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy & Cookies Policy. Our current DPO is Ms Louise Hughes. If you have any queries or concerns about this Privacy & Cookies Policy or wish to exercise any legal rights in relation to your personal data, please contact the DPO using the details set out in the contact information at the end of this Privacy & Cookies Policy.
1.5 You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
1.6 Please note that by visiting and using the Site, you acknowledge the use of your information and the use of cookies, as described in this Privacy & Cookies Policy.
2.1 Subject to applicable law, we may make changes to this Privacy & Cookies Policy at any time. See the end of this Privacy & Cookies Policy for details of the date when it was last updated. We may notify you of any such changes by sending you notice in writing and/or by posting a copy of the revised Privacy & Cookies Policy on the Site.
2.3 If we make any material changes in the way we collect, use and/or share personal information, we will give you prominent notice of those changes. We will not, without your consent or another legal basis for doing so, apply those changes to any personal information that we previously collected from you.
3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). In this Privacy & Cookies Policy the term “personal data”, or “personal information”, means any information about an individual from which that person can be identified, excluding data where the identity has been removed (i.e. anonymous data).
3.2 We may collect, use, store and transfer different kinds of personal data about you which you have chosen to provide us with when you contact us. We have categorised this personal data together as follows:
3.3 We do not seek to collect any special categories of personal data about you: those would include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we seek to collect any information about criminal convictions and offences. If, however, you in fact provide us with any such special data or information about criminal convictions and offences, then by submitting such data/information, we’ll assume that you are fine with our use of such data/information for (a) the purpose for which you have voluntarily provided such data/information and (b) any purpose that is reasonably compatible with the Purpose. You may withdraw that permission at any time by contacting us.
4.1 We use different methods to collect data from and about you including through:
5.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We may also process your information:
5.2 Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
| Purpose / Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To respond to and store your general requests and communications | (a) Identity (b) Contact |
Necessary for our legitimate interests |
| To use data analytics to improve our website. | (a) Technical (b) Usage |
Necessary for our legitimate interests |
5.3 Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
In addition we may collect information that does not represent personal data for a variety of purposes as set out below:
6.1 Anonymous analytics data
Like many companies who operate websites, we collect basic information about your use of our Site, such as the number and duration of visits to the Site, your user type or category and details of which particular pages have been visited. We do not combine this information with any other information that could identify you personally. We use this information to analyse how the Site is functioning and how it is used by our users, to help us maintain and improve the Site on an ongoing basis.
6.2 Performance data
While using the Site, certain information is automatically logged about how you are using the Site to analyse performance and usage of the Site. This information may include the URL of the website that linked you to the Site, your IP address and the pages you visit while on the Site. The IP address indicates the location of your computer on the internet. We use this information to analyse how the Site is functioning and how it is used by our users, to help us maintain and improve the Site on an ongoing basis.
6.3 Third-party analytics data
Like many companies that operate websites, we allow carefully selected third parties to set cookies in order to capture analytics information, where permitted. When you use social-media functionality on the Site, analytics cookies may be set to measure usage. This information may be linked to your device, but otherwise is collected in a way that does not identify you personally.
7.1 Legal action. We may use the information we collect to comply with law, to investigate a complaint made by another user or a potential breach of the Site’s Terms & Conditions or to prevent and detect unlawful or criminal activity, fraud and misuse of, or damage to, the Site or the products, content and services made available through it, and to take appropriate legal action against those responsible. Such use will be necessary to comply with a legal obligation or necessary for our and/or others’ legitimate interests (in being protected from such potentially harmful/unlawful acts or omissions).
7.2 Legal use. Please note that we may also process your personal data without your knowledge or consent, in compliance with the above rules, if and to the extent that this is required or permitted by law.
We share your personal information in certain limited ways as described below. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We refer below to “Internal Third Parties” and “External Third Parties”, which are defined in section 16.2 below.
8.1 If you disclose personal information to us when contacting us with a query, we may share that personal information with relevant Internal Third Parties and/or External Third Parties for the purpose of handling your query, for fraud prevention and for the purposes of operating, managing and administering the Site.
8.2 We may further share and disclose your personal information with other External Third Parties for the purpose of better integrating their services with the Site. Before we share or disclose any of your personal information with any Internal Third Parties and/or External Third Parties for marketing purposes, we will ask you for your permission to do so.
8.3 In addition, we may share information about visitors to the Site in an anonymous and aggregate form with relevant Internal Third Parties and/or External Third Parties to understand user trends and patterns and to manage and improve our business relationships.
8.4 We do not send any information that we collect on the Site to any social networking sites, nor do we share that information with such sites. We do not collect any personal information about you from those sites.
8.5 We may disclose information we collect, including personal information, as set out below:
(a) to Internal Third Parties and/or External Third Parties for them to administer any services provided to you through the Site as described above;
(c) if there is a change (whether in whole or in part) in the ownership, operation or control of Pottermore Limited, our business or any of our assets, including a change as a result of insolvency or bankruptcy, we may disclose information to the new owner, operator or controller and, if we do so, we will require such person to use it only (i) in accordance with the terms of our Privacy & Cookies Policy (or terms that compatible with those) and/or (ii) as may be required or permitted by law;
(d) apart from the use and sharing of your personal information in the circumstances already described, we may share information we collect (including personal information) as required or allowed by law (for example, as needed to protect our and our licensors’ rights and property or to comply with any applicable law or valid legal process);
(e) to affiliated companies and/or joint venture partners in connection with the Site; and/or
(f) with your permission.
9.1 We aim to provide a number of features that help provide a more personalised and enhanced experience to our users. To achieve this, we may collect and use a limited amount of information from you that does not (in itself) identify you personally.
9.2 We also collect non-personal data, including aggregated, statistical data about visitors to the Site and traffic patterns (and share it with third parties). This information does not identify you in any capacity; it simply gives generalised information about the users of the Site. Please see below for more information on our use of cookies and similar technologies.
9.3 We may disclose fully anonymised information, including aggregated or de-identified anonymous data, in our discretion.
10.1 While you are using the Site, certain information is logged about how you are using the Site to analyse performance and usage of the Site. This information may include, for example, the URL of the website that linked you to the Site, your IP address and the pages you visit while on the Site. The IP address indicates the location of your computer on the internet.
10.2 A “cookie” is a small data file that is sent to your browser from a web server and stored on your device’s hard drive. References below to “cookies” also include other means of automatically accessing or storing information on your device. Many browsers are set to accept cookies by default. You have the ability to accept or decline cookies as you prefer: please see section 8.4 below for further details.
10.3 We use various different types of cookie via the Site.
Third parties on this Site may use cookies to collect information about online activities over time and across this and other websites on the internet. In further detail, Pottermore cookies fall into the following categories, which we have documented to help you understand the types of cookies that are used to improve your browsing experience on the Site:
Analytics (e.g. Google Analytics; Webengage)
These cookies are used to compile various (anonymised) metrics for our users to get a better understanding of how the Site is used (pages visited and time spent on the Site, for example), so that we can deliver more of the content you want, and less of the content you don’t. This information also helps us to make better decisions for our future initiatives. We use partners like Webengage and Google Analytics. These analytics cookies may be set by those partners, and set in accordance with the relevant partner’s own privacy and cookies policies. Please see below for information on opting out of Google Analytics.
Performance data
This type of cookie lets us track how long it takes users to load each page, what pages we can cache and whether we need you to log in again. We don’t use any third parties for this.
Embedded video (YouTube)
We may make use of clips on YouTube. YouTube may set its own cookies, and the YouTube cookies policy can be found here.
Social media (Twitter & Facebook)
Twitter and Facebook may set its own cookies. Twitter’s cookies policy can be found here and Facebook’s cookies policy can be found here [please insert https://www.facebook.com/policies/cookies/].
Preferences
We use this type of cookie to ensure that we don’t show you things you’ve already seen before, like the cookie policy acknowledgement and the intro page. This means you get to spend more time with the content you love, and less time with the content you don’t.
Session state
Websites often collect information about how users interact with a website. This may include the pages that users visit most often, and whether users get error messages from certain pages. We may use these so-called “session state cookies” to help us improve our services, in order to improve our users’ browsing experience. Blocking or deleting these cookies will not render the Site unusable.
The cookies outlined above expire after varying periods from around 30 minutes up to 2 years or more. The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted.
If you carry on using the Site, we’ll assume that you are fine with our use of cookies in these ways, but you can disable any of these cookies at any time if you wish (as set out below).
10.4 You may refuse to accept cookies by activating the setting on your web browser that allows you to refuse the setting of cookies, or you can modify your browser so that it notifies you when cookies are sent to it. The Help portion of your browser, most likely found on the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. You can check whether these settings are currently enabled on your computer – or find out how to change your current settings – here (but note that Pottermore does not control these third-party resources):
Javascript: www.enable-javascript.com
Cookies: www.whatarecookies.com
Unless you do this, cookies will be issued when you use the Site, but you can disable them via your browser at any time. If you do not accept cookies or decide to disable them, you will still be able to access and use the Site, but you may lose some features and functionality.
If you wish to restrict or block web browser cookies which are set on your device, then you can do this by going to the help menu within your internet browser. Alternatively, you may wish to visit the “manage cookies” section on www.allaboutcookies.org, which contains information on how to prevent cookies from being stored on your device.
To opt out of being tracked by Google Analytics across websites visit: http://tools.google.com/dlpage/gaoptout/
You can find out more about cookies at www.allaboutcookies.org and www.youronlinechoices.eu.
The Site contains links posted by us to third-party websites (including social networking platforms) that we do not operate or control and that are not subject to this Privacy & Cookies Policy. Please note that we are not responsible for the content or privacy practices of external sites. Please read our Terms & Conditions for further information on these links. We strongly recommend that you read the privacy policy and cookies policy of any such website that you visit before disclosing any information via such website.
12.1 As required by applicable data-protection and privacy laws, we follow appropriate security procedures in relation to the storage and disclosure of information that you have given to us in order to protect against unauthorised access. In particular, we take steps to protect the security of your information with appropriate physical, technological and administrative measures. Please note the inherent risks of providing information and dealing online, and we will not accept responsibility for any breach of security that is due to circumstances beyond our reasonable control.
12.2 We have put in place procedures to deal with any suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
12.3 If you have any concerns about data security, please see the end of this Privacy & Cookies Policy for details of how to contact us.
13.1 We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected such data, including for the purposes of satisfying any legal, accounting or reporting requirements. After such time, those data may be retained in fully anonymised form, and then used in order to improve our services.
13.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
13.3 If you’d like to know how long we will store your data for/if we still store your data please contact us.
13.4 Nothing in this section 13 affects your legal rights in relation to your personal data: please see section 15 below for detail of those.
14.1 We may sometimes share the information we collect with third parties in the limited circumstances described above. Some of those third parties may be based in locations outside the UK.
14.2 Also, while many of our services are hosted and managed within the UK, we may transfer, store, or process information at locations outside the UK. It may be processed by staff operating outside the UK who work for us or for one of the third parties. Such staff may be engaged in, among other things, the provision of support services.
14.3 In connection with such transfer, storing and processing, we will take all steps necessary to ensure that your data are processed securely, lawfully and in accordance with this Privacy & Cookies Policy. These steps may include our use of specific contracts approved for use in the UK or such other schemes or arrangements as may be appropriate from time to time to cover transfers of personal data outside of the UK (i.e. which, in effect, give personal data the same protection that the data have within the UK).
14.4 Please note that the governments, courts or law-enforcement or regulatory authorities of countries outside the UK, in addition to those within the UK, may be able to obtain access to or disclosure of any personal information processed in those locations through the laws of their respective countries.
14.5 If you would like further information on the specific mechanism used by us when transferring your personal data out of the UK, please contact us.
15.1 Rights. Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
• right of access to your personal data;
• right to rectification of your personal data;
• right to erasure of your personal data;
• right to restriction of processing of your personal data;
• right to portability of your personal data;
• right to object to processing of your personal data;
• right not to be subject to automated decision-making (including profiling); and
• right to withdraw consent to processing of your personal data.
To find out more about these rights, please see section 16 below and the ICO’s website (www.ico.org.uk).
15.2 Exercising your rights. If you wish to exercise any of those rights, please contact us.
15.3 No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
15.4 What we may need from you. We may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data are not disclosed to any person that has no right to receive such data. We may also contact you to ask you for further information in relation to your request to speed up our response.
15.5 Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we shall notify you and keep you updated.
16.1 Lawful basis.
“Legitimate interest” means the interest of our business in conducting and managing our business to enable us to give you the best services/products/content and the best and most secure experience. We make sure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
“Comply with a legal or regulatory obligation” means processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject.
16.2 Third parties.
“Internal Third Parties” means other entities that are direct or indirect subsidiaries of Pottermore and/or owned and/or controlled (directly or indirectly) by J.K. Rowling from time to time (acting as co-controllers or as processors), which are based in the EU or USA and provide certain operational and/or administrative services to us and/or otherwise in relation to Harry Potter, and includes the officers, employees and agents of such entities who are involved in such services. Such agents include The Blair Partnership and J.K. Rowling’s private family office, each based in the UK.
“External Third Parties” means:
• Service providers and other commercial partners (acting as processors) based in the UK, EU or USA that support us in fulfilling our contractual obligations and in operating our business, including those providing us with certain marketing, public-relations and data-processing services, customer services and IT and communication services (such as server-hosting, CRM-platform and telephony providers), and includes the officers, employees and agents of such entities who are involved in such support role.
• Members of the Warner Bros. group of companies from time to time (acting as co-controllers or as processors) principally based in the USA or the UK that have produced and/or are producing audio-visual content, merchandise and/or other products or digital content based on Harry Potter, and includes the officers, employees and agents of such entities who are connected with any such activity.
• Professional advisers (acting as co-controllers or as processors), including lawyers, bankers, accountants and insurers, who are based in the UK, EU or USA and provide their respective professional services to us.
• HM Revenue & Customs, regulators and other authorities (acting as co-controllers or as processors), which are based in the UK and may require reporting of processing activities in certain circumstances, and includes their relevant personnel.
16.3 Your legal rights.
In certain circumstances, you have the following legal rights in relation to your personal data:
Right of access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing such data.
Right of rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data that you provide to us.
Right to erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for our continuing to process such data. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Right to restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you would like us to establish the accuracy of such data; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Right to portability of your personal data to you or to a third party. If you so request, we shall provide you, or a third party that you have chosen, with a copy of your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you believe that it affects your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Right not to be subject to automated decision-making (including profiling) where that would have a significant effect on you. We do not in fact engage in such activities, so this right will not, in practice, be relevant in the context of your use of the Site.
Right to withdraw consent at any time where we are relying on consent to process your personal data. This will not, however, affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products, content or services to you. We shall inform you if that is the case at the time when you withdraw your consent.
17.1 The Site is owned by Pottermore Limited, a company incorporated in England and Wales, whose company details are as follows:
Company Name:
Pottermore Limited
Registered Office:
Devonshire House, 1 Devonshire Street, London W1W 5DR, UK
Company Registration Number:
06979090
VAT Registration Number:
980826881
ICO Registration Number:
Z2535777
17.2 If you would like to contact us about the information that we hold about you or to exercise any of your legal rights in relation to such information, please write to our Data Protection Officer at Pottermore Limited, PO Box 7828, London W1A 4GE, UK or email our Data Protection Officer at [email protected], marking it clearly as a “Data subject request”.
If you have any other queries about privacy or cookies on the Site, please feel free to contact us:
By online form: Contact us
By post: Pottermore Limited, PO Box 7828, London W1A 4GE, UK
By email: [email protected]
Last updated: October 2021