Last updated: May 16, 2019
It covers all the data collection activities (online and offline) of two Wizarding World Digital entities, Wizarding World Digital LLC and Wizarding World Digital Limited (“we”, “us” or “our”). It includes information that we collect through our various Wizarding World digital channels, such as websites, mobile apps, streaming services and third-party social networks, as well as through customer care centres, points of sale and events that link directly to this policy (together, the “sites”).
This policy tells you how you can access and update your personal information and make certain choices about how it is used. It also explains the rights you have to object to processing for direct marketing purposes, to object to processing that is not required by law or necessary for us to provide the sites, and how you can exercise those rights.
For certain offerings on our sites, there may be additional notices about our privacy practices and choices, each of which will be considered to form part of this policy.
In some cases, third parties may act as independent controllers of your personal information, as explained further below.
THE INFORMATION WE COLLECT
Personal data and other personal information. When you interact with our sites, we may collect and combine different types of personal information. We refer to this as “information” for short. The information may include:
We may combine information that we collect from the Wizarding World websites with data collected from the Wizarding World mobile apps and other services.
Non-personal information. In addition, we may collect certain information that is not personal information, such as anonymous analytics data.
If you fail to provide information. Where we need to collect personal information by law, or under the terms of a contract that we have with you, and you fail to provide that information when requested, we may not be able to perform the contract that we have or are trying to enter into with you (for example, to provide you with products).
HOW WE USE THE INFORMATION
We use your personal information for the processing purposes and related lawful bases described below (or disclosed at the time of collection):
(1) Basis: where necessary to perform a contract with you (or to take steps at your request before entering into a contract)
Purposes of processing:
a. To provide you with access to content, products, services and other features on or via the sites.
b. To process your registration for a site, competition, prize draw or contest, and to administer your account or entry in accordance with any related contractual terms.
c. To send you information about changes to our terms or policies.
d. To process your payment and to fulfil your purchase or other transaction, including related communications about those.
(2) Basis: where necessary for purposes of our or third parties’ legitimate interests Purposes of processing (and related legitimate interests):
a. To respond to your enquiries, e.g. to send you information you have requested, and to offer customer/user support services (fulfilling your request and providing you with such assistance).
b. To assist with the security and safety of our sites and users, e.g. by trying to prevent unauthorised or malicious activities (making our sites safe for users).
c. To enforce compliance with our terms and policies and to help other organisations, such as copyright owners, to enforce their rights, including by sharing your information with relevant third parties to assist us or them in pursuing available remedies and/or limiting any loss or damage sustained (protecting our and others’ rights).
d. To detect and prevent fraud (tackling fraudulent activity).
e. To analyse and understand how our sites are used, including by aggregating data about categories of users and by informing surveys, so that we can develop, maintain, personalise, protect and improve our sites (researching site usage and compiling usage statistics with a view to operating our sites more effectively and enhancing them to improve your experience).
f. To process your log-in to our sites using social media or other credentials or to facilitate your interaction within our sites and with social media or other third parties through our sites, where we do not need your consent to do so (authenticating users, facilitating your movement to, through and from our sites and other third parties and otherwise improving your experience of our sites and linked social media).
g. To send direct marketing to you and to tailor content, advertisements, offers and surveys for you, where we do not need consent to do so (promoting content, products and services from us and/or our affiliates, direct or via our or their advertising partners, that we believe may be of interest to you).
(3) Basis: where you give us consent
Purposes of processing:
a. To send direct marketing communications to you at your request, where we need your consent (for example, marketing emails or push notifications).
b. To place cookies and to use similar technologies with your consent.
c. To collect your precise location with your consent.
d. To process your log-in to our sites using social media or other credentials or to facilitate your interaction within our sites and with social media or other third parties through our sites, where we need your consent to do so.
e. On other occasions where we ask you for consent, for a purpose which we explain at that time.
(4) Basis: where necessary for complying with our legal obligations Purposes of processing:
a. In response to requests by government or law enforcement authorities conducting an investigation.
b. To comply with any other legal requirements.
INFORMATION SHARING AND DISCLOSURE
We share and disclose your information in the ways described below or for other purposes that we explain when we collect your personal information. We may share your information with the organisations below, their personnel, or people providing services to them (e.g. professional advisers who are connected with the activity described). When we share personal information with service providers, they usually only process personal data in accordance with our instructions, as data processors. The other third parties listed below are independent controllers of the information, unless otherwise specified.
We use or disclose your information in anonymised form at our discretion, such as to help us improve our sites and products.
YOUR MARKETING AND ADVERTISING CHOICES
Marketing communications and sharing with third parties. You can tell us if and how you would like to receive direct marketing from us, our affiliates and our or their advertising partners. To do this, or to find out more about this (i) log into an account you have created with us to adjust your settings or (ii) send us an email at email@example.com. To opt out of receiving direct marketing communications via email, you can also follow the "unsubscribe" instructions provided in any marketing email you receive from us. If you previously chose to receive alerts in the form of push notifications on your mobile device from us, but no longer wish to receive them, you can manage your preferences through your device settings, depending on the type of device.
For more information about interest-based advertising on your desktop or mobile browser, and your ability to opt out of this type of advertising on your browser by third parties that participate in self-regulatory programs, please visit:
To learn more about interest-based advertising in mobile apps and to opt out of this type of advertising by third parties that participate in the DAA’s AppChoices tool, please download the version of AppChoices for your device here.
To opt out of interest-based advertising in your apps, you may have more options depending on your mobile device and operating system. For example, most device operating systems (e.g. iOS for Apple phones, Android for Android devices, and Windows for Microsoft devices) provide their own instructions on how to limit or prevent the delivery of tailored in-app advertisements. You can review the support materials and/or the privacy settings for the respective operating systems to learn more about those features and how they apply to tailored in-app advertisements.
Please note if you opt out through the self-regulatory programs above, this will only apply to interest-based advertising by the third parties you select. You will continue to receive advertising, but that advertising may be less relevant to your interests. If you use a different device or browser or delete your cookies, you may need to renew your opt-out choice or, where consent is required for cookies, to opt in.
Precise location information. To disable the collection of precise location information from your mobile device through our mobile apps, you can access your mobile device settings and choose to limit that collection.
Please also see the next section, Cookies and other technologies, for more choices about managing other technical and usage information.
COOKIES AND OTHER TECHNOLOGIES
Cookies are small text files placed in your browser. Web beacons are small strings of code that provide a method for delivering a graphic image on a webpage for the purpose of transferring data, such as the IP address of the device that downloaded the page on which the web beacon appears, the URL of the page on which the web beacon appears, the time the page containing the web beacon was viewed, the type of browser that fetched the web beacon, and the identification number of any cookie on the device previously placed by that server.
We also use “Software Development Kits” (“SDKs”), java script and portions of code in our mobile apps to perform similar functions to cookies and web beacons. For example, SDKs collect technical and usage information such as mobile device identifiers and your interactions with our mobile app. Some of our sites use locally stored objects (“LSOs”) to provide content, such as video on demand, video clips or animation, and a better user experience.
Types of cookies and other technologies. We use the following types of cookies and similar technologies via our sites for the following purposes:
Analytics cookies or similar technologies collect information about how you use our sites or apps, so that we can analyse traffic and understand users' interactions to perform analytics, including to analyse, measure and report on usage and performance of our sites and marketing materials. For this purpose, we may use third-party service providers such as Google Analytics, who may use their own cookies or similar technologies. The information is used to improve our sites or products.
You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
To opt out of Google Analytics relating to your use of our sites, you can download and install the Google Analytics Opt-out Browser Add-on available via this link: https://tools.google.com/dlpage/gaoptout?hl=en.
Functional cookies or similar technologies allow our sites or apps to remember choices you make (such as your user name, or the region you are in) and to provide enhanced, more personal features. They can also be used to remember changes you have made to text size, fonts and other parts of webpages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
Advertising cookies or similar technologies allow us and our affiliates and our and their advertising partners to target, offer, market or advertise products. These cookies and other technologies also facilitate, manage and measure the performance of advertisements displayed on or delivered by or through our sites. These advertising partners may also have the capability to track your browsing across sites, apps and social media sites. See the Advertising choices section above for more information.
Social media cookies or similar technologies are used when you share content using a social media sharing button or “like” button on our sites or apps, or when you link your account or engage with our content on or through a social media site such as Facebook, Twitter or Instagram. The social network will record that you have done that. The information may be linked to targeting/advertising activities.
Managing cookies and other technologies
On a mobile app, please go to “Privacy settings” or your device settings. You can adjust your browser to reject cookies from us or from any other site operator. Controlling cookies via browser controls may not limit our use of other technologies. Please consult your browser’s settings for more information. Blocking cookies or similar technology might, however, prevent you from accessing some of our content or site features. You can also check your browser settings to learn how to delete cookies.
Adobe's Flash player and similar applications use Local Shared Object (“LSO”) technology to remember settings, preferences and usage similar to browser cookies. Flash cookies are not managed through your web browser, but you can access your Flash management tools from Adobe's website. Your browser may also offer other tools to delete or reject other LSOs; please check your browser’s settings or help menu for more information.
We do not currently respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.
Please see the Your marketing and advertising choices section above to learn about other ways to control data collection for advertising purposes.
DATA RETENTION AND SECURITY
In broad terms, we will only retain your personal information for as long as necessary for the purposes described in this policy. This means that the retention periods will vary according to the type of personal information and the reason that we have the personal information in the first place. For example, some personal information related to the provision of services to you or by you will be kept for a number of years in order to comply with various finance and tax-related legal obligations. Other service-related personal information may be kept for a different period because it is in our legitimate interests to do so in order to provide or receive an appropriate follow-up service.
After a retention period has elapsed, the personal information is securely deleted. We may, however, retain copies of your information in anonymised form, which we may use or disclose at our discretion, such as to help us improve our sites and products.
We have put in place reasonable controls (including physical, technological and administrative measures) designed to help safeguard the personal information that we collect via the sites. No security measures are perfect, however, and so we cannot assure you that personal information that we collect will never be accessed or used in an unauthorised way, which may happen due to circumstances beyond our reasonable control. We have put in place procedures to deal with a suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
YOUR PERSONAL DATA RIGHTS
Your legal rights. Under certain circumstances, you may have the following rights under data protection laws in relation to your personal information (which may be limited to personal data):
Some of those rights may only apply to you if you are resident in the EEA or a country with similar data protection laws. To find out more about those specific rights, please see the last paragraph of this section and the ICO’s website (www.ico.org.uk).
Exercising your rights. If you wish to exercise any of those rights, please send an email to firstname.lastname@example.org.
Your legal rights in more detail (for UK and other EEA residents). In certain circumstances, you have the following legal rights in relation to your personal information (to the extent consisting of “personal data” in the EEA and countries with similar data protection laws, and so we use that term in the rest of this section). We may ask you for additional information, so that we take reasonable steps to check that – for example – we only provide personal data to the person to whom the data relate.
In various countries, local data protection laws treat individuals under a certain age (“Relevant Age”) as children whose personal information requires additional protection under such laws. For example, the Relevant Age for the purposes of obtaining valid consent from individuals to collect their personal information by online means is 13 in the US and UK.
For any given country in which site users are based: (a) we do not knowingly collect personal information from children under the Relevant Age; and (b) if we become aware that we have inadvertently collected personal information from a site user under the Relevant Age, we will delete such information from our records.
If you believe your child has provided us with personal information without your authorisation and you would like to have the personal information deleted, please contact us as described below.
Wizarding World Digital LLC is a company located in the USA, and therefore when you use our sites and services, Wizarding World Digital LLC collects or receives your data in the USA. This means that personal information we collect will be processed by us or on our behalf in the USA, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the EEA.
If you are located in the UK or elsewhere in the EEA or if Wizarding World Digital Limited has collected your information, then, when we transfer your information to our affiliates outside the EEA, we make use of standard contractual clauses that have been approved by the European Commission for data transfers. We also use those clauses when we transfer your information to third parties outside the EEA, or we may adopt other means to ensure that adequate safeguards are applied to your information (such as the EU-US Privacy Shield or binding corporate rules). You can obtain further information on the methods that we use to protect your information when it is transferred outside the EEA by contacting us by email at email@example.com.
### CHANGES TO THIS POLICY
From time to time, we may make changes to this policy. We will notify you about such changes by placing a notice on our sites and/or sending an email to you. We encourage you to check back and review this policy periodically so that you always know our current privacy practices.
### CONTACT US
Wizarding World Digital LLC, a limited liability company registered in the United States, and Wizarding World Digital Limited, a private company limited by shares registered in England and Wales, jointly control how your information is used. We work together to make decisions about use of information and to respond to queries, or to respond to requests to exercise personal data rights.
In respect of UK or other EEA-located users, Wizarding World Digital Limited has been appointed as the representative in the EEA of Wizarding World Digital LLC.
If you have any questions about this policy, you can contact our data privacy team:
Our affiliates are: