Privacy & Cookies Policy

Last updated: May 16, 2019

This policy explains how we collect and use your data, and how we use cookies.

It covers all the data collection activities (online and offline) of two Wizarding World Digital entities, Wizarding World Digital LLC and Wizarding World Digital Limited (“we”, “us” or “our”). It includes information that we collect through our various Wizarding World digital channels, such as websites, mobile apps, streaming services and third-party social networks, as well as through customer care centres, points of sale and events that link directly to this policy (together, the “sites”).

This policy tells you how you can access and update your personal information and make certain choices about how it is used. It also explains the rights you have to object to processing for direct marketing purposes, to object to processing that is not required by law or necessary for us to provide the sites, and how you can exercise those rights.

For certain offerings on our sites, there may be additional notices about our privacy practices and choices, each of which will be considered to form part of this policy.

DATA CONTROLLERS

This privacy policy is provided by Wizarding World Digital LLC and its subsidiary Wizarding World Digital Limited, which jointly control how your personal information is used. The Contact us section later in this policy explains how you can contact us.

In some cases, third parties may act as independent controllers of your personal information, as explained further below.

THE INFORMATION WE COLLECT

Personal data and other personal information. When you interact with our sites, we may collect and combine different types of personal information. We refer to this as “information” for short. The information may include:

  • Registration, account and sign-up information. We collect information about you in the course of your use of the site(s) or registration with us. For example, when you create or update an account, register for or download an app, or sign up for one of our offerings, you provide us with certain information, which includes your name and email address, and may include your social-media profile. We may also receive information about your interest in and use of various products, services, programs, virtual items, content and activities (which we refer to below as “products” for short) that are available on or through our sites. You may also provide or be allocated certain details, such as a nickname, user name, password, Wizarding World attributes and/or other profile information.
  • Product purchase. If you make a purchase on one of our sites, our payment providers or the entity handling the sale will also collect certain payment information (e.g. payment method, billing information and delivery address).
  • Information about others / inviting friends. In certain situations, we collect information submitted by people you know. For example, a friend might submit information to invite you to take part in an offering, send you a gift, make recommendations or share content. They also may provide your details through an “invite your friends” function or by importing contacts from their address book or from social media sites. By processing those requests, we will receive your information, including details such as your name, email address, social-media profile, postal address and/or telephone number, and/or information about your interests in and use of various products.
  • Information from affiliates and third parties. We combine the information we process about you with information we receive from other organisations. This includes information from Warner Bros. and Pottermore affiliates, organisations sponsoring or co-branding our or our affiliates’ content, as well as demographic and other information from other business partners, advertising companies and research services.
  • Wizarding Passport™. You may choose to register for one or more of our sites through a Wizarding Passport, which refers to both your account and certain of the information you provide or are allocated in connection with your account (such as your Hogwarts house, wand, patronus, pet etc.). Your Wizarding Passport will identify you as a “member” of the Wizarding World sites and services and will serve as your credentials for logging into and using the sites and services and for other purposes. If you use a Wizarding Passport to connect your Wizarding World account to an account maintained by one of our business partners, then we will share certain information from your profile with that partner. We will tell you what information will be shared before you connect with another organisation via the Wizarding Passport. When you do connect with that organisation, we may receive certain information in return (e.g. achievements in a game).
  • Social media. You can engage with some of our content and offerings, such as videos, apps and other offerings on or through third-party communities, forums and other social media sites, services, plug-ins and apps (“social media sites”). When you link to our sites or interact with us or our content through social media sites, you may choose for us to receive certain information from your social media account (e.g. name, user ID, email address, social-media profile, photos and videos, gender, birthday, your list of friends and their contact details, people you follow and/or who follow you, the posts or the “likes” you make). We may also receive information from your interaction with our content (e.g. content viewed and information about advertisements you have been shown or have clicked on).
  • Location information. We may have access to certain information about your general location, such as your country or address, when you provide it or via information (such as an IP address or device settings) relating to your computer, mobile phone or other device. With consent (where required by law), we may also collect information about your device’s precise location (e.g. geolocation via mobile devices).
  • Technical and usage information. We also collect certain technical and usage information such as the type of device, browser and operating system you are using, your internet service provider or mobile carrier, unique device identifier, IDFA or IDFV, MAC address, IP address, device and browser settings, the webpages and apps you use, advertisements you see and interact with, and certain site usage information across our sites and other sites and apps. Please see our Cookies and other technologies section below for more information on how we may use those technologies to collect that information.
  • Customer enquiries. Where you contact us through one of our customer help desks or customer call centres or where you get in touch with us by email or using an online form, we will ask you for some information, including why you are getting in touch. We may have access to any relevant product that you have purchased, your purchase history, your previous correspondence with us and/or your contact details.
  • We may combine information that we collect from the Wizarding World websites with data collected from the Wizarding World mobile apps and other services.

    Non-personal information. In addition, we may collect certain information that is not personal information, such as anonymous analytics data.

    If you fail to provide information. Where we need to collect personal information by law, or under the terms of a contract that we have with you, and you fail to provide that information when requested, we may not be able to perform the contract that we have or are trying to enter into with you (for example, to provide you with products).

    HOW WE USE THE INFORMATION

    We use your personal information for the processing purposes and related lawful bases described below (or disclosed at the time of collection):

    (1) Basis: where necessary to perform a contract with you (or to take steps at your request before entering into a contract)

    Purposes of processing:

    a. To provide you with access to content, products, services and other features on or via the sites.

    b. To process your registration for a site, competition, prize draw or contest, and to administer your account or entry in accordance with any related contractual terms.

    c. To send you information about changes to our terms or policies.

    d. To process your payment and to fulfil your purchase or other transaction, including related communications about those.

    (2) Basis: where necessary for purposes of our or third parties’ legitimate interests Purposes of processing (and related legitimate interests):

    a. To respond to your enquiries, e.g. to send you information you have requested, and to offer customer/user support services (fulfilling your request and providing you with such assistance).

    b. To assist with the security and safety of our sites and users, e.g. by trying to prevent unauthorised or malicious activities (making our sites safe for users).

    c. To enforce compliance with our terms and policies and to help other organisations, such as copyright owners, to enforce their rights, including by sharing your information with relevant third parties to assist us or them in pursuing available remedies and/or limiting any loss or damage sustained (protecting our and others’ rights).

    d. To detect and prevent fraud (tackling fraudulent activity).

    e. To analyse and understand how our sites are used, including by aggregating data about categories of users and by informing surveys, so that we can develop, maintain, personalise, protect and improve our sites (researching site usage and compiling usage statistics with a view to operating our sites more effectively and enhancing them to improve your experience).

    f. To process your log-in to our sites using social media or other credentials or to facilitate your interaction within our sites and with social media or other third parties through our sites, where we do not need your consent to do so (authenticating users, facilitating your movement to, through and from our sites and other third parties and otherwise improving your experience of our sites and linked social media).

    g. To send direct marketing to you and to tailor content, advertisements, offers and surveys for you, where we do not need consent to do so (promoting content, products and services from us and/or our affiliates, direct or via our or their advertising partners, that we believe may be of interest to you).

    (3) Basis: where you give us consent

    Purposes of processing:

    a. To send direct marketing communications to you at your request, where we need your consent (for example, marketing emails or push notifications).

    b. To place cookies and to use similar technologies with your consent.

    c. To collect your precise location with your consent.

    d. To process your log-in to our sites using social media or other credentials or to facilitate your interaction within our sites and with social media or other third parties through our sites, where we need your consent to do so.

    e. On other occasions where we ask you for consent, for a purpose which we explain at that time.

    (4) Basis: where necessary for complying with our legal obligations Purposes of processing:

    a. In response to requests by government or law enforcement authorities conducting an investigation.

    b. To comply with any other legal requirements.

    INFORMATION SHARING AND DISCLOSURE

    We share and disclose your information in the ways described below or for other purposes that we explain when we collect your personal information. We may share your information with the organisations below, their personnel, or people providing services to them (e.g. professional advisers who are connected with the activity described). When we share personal information with service providers, they usually only process personal data in accordance with our instructions, as data processors. The other third parties listed below are independent controllers of the information, unless otherwise specified.

  • Law enforcement bodies and courts. We may disclose your information in response to legal process, for example in response to a court order or a subpoena, or in response to a law enforcement body's request. We may also disclose your information to third parties (including, but not limited to, the police, the courts, governmental departments and/or any other bodies of competent authority): (i) in connection with fraud prevention activities; (ii) where we believe it is necessary to investigate, prevent or take action regarding illegal activities; (iii) in situations that may involve violations of our terms of use or other rules; (iv) to protect our rights and the rights and safety of others; and/or (v) as otherwise required by law.
  • Change of control. We may transfer your information in the event of a business transaction to another person, such as if we or one of our business units or our relevant assets are acquired by, sold to, or merged with another company or as part of a bankruptcy or insolvency proceeding or a business reorganisation.
  • Service providers. Our agents and contractors may have access to your information to help carry out the services they are performing for us (e.g. fulfilment, creation, maintenance, hosting and delivery of our sites and/or products; conduct of marketing; account registration; handling payments; email and order fulfilment; administering competitions; conducting research and analytics; customer service; data processing; IT and communication services; public relations; and/or professional advice).
  • Wizarding World Digital entities and affiliates. If one of us, i.e. Wizarding World Digital LLC or Wizarding World Digital Limited, separately collects any of your information in the first instance, then the collecting entity will share such information with the other (acting as a joint controller). If we establish any subsidiaries, we may share your information with them for use in accordance with this policy (e.g. as processors acting on our instructions). We also share information with our Warner Bros. and Pottermore affiliates to use in accordance with their own privacy policies, including (with permission, where required) to provide, improve, offer, market and otherwise communicate with you about their own products.
  • Linked sites. Some of our sites contain links to other sites, including social media sites, whose privacy practices may be different from ours. You should consult the other sites' privacy policies and terms before submitting any of your information, as we have no control over information that is submitted to, or collected by, those third parties.
  • Sponsors, co-promoters and other third parties relating to the promotion of the Wizarding World. We sometimes offer content or programs (e.g. competitions, promotions, games, apps or social media site integrations) that are sponsored by, co-branded with or otherwise promoted by identified third parties. By virtue of those relationships, the third parties collect or obtain information from you when participating in the activity. The third parties will use the data they collect in accordance with their own privacy policies. We encourage you to look at the privacy policies and terms of any such third party to learn about their privacy practices. If you use Wizarding Passport to connect with other organisations that accept Wizarding Passport, then we may share information with those organisations. We will tell you what information we will share with each organisation at the time you choose to link your accounts.
  • Advertising networks. We may share certain information with reputable third parties to provide advertising to you based on your interests. For more information, please see the next two sections, Your marketing and advertising choices and Cookies and other technologies.
  • Authorities. Our local tax authorities and regulators sometimes require us to report our processing activities.
  • With permission. We may also share certain information with third parties where you give us permission to do this.
  • We use or disclose your information in anonymised form at our discretion, such as to help us improve our sites and products.

    YOUR MARKETING AND ADVERTISING CHOICES

    Marketing communications and sharing with third parties. You can tell us if and how you would like to receive direct marketing from us, our affiliates and our or their advertising partners. To do this, or to find out more about this (i) log into an account you have created with us to adjust your settings or (ii) send us an email at privacy@wizardingworld.com. To opt out of receiving direct marketing communications via email, you can also follow the "unsubscribe" instructions provided in any marketing email you receive from us. If you previously chose to receive alerts in the form of push notifications on your mobile device from us, but no longer wish to receive them, you can manage your preferences through your device settings, depending on the type of device.

    Advertising choices. We work with reputable third parties to present advertisements to you on our sites and on third-party websites and applications. Those third parties collect information in order to confirm if ads have been delivered and viewed. They may also obtain information about applications you use, websites you visit and information about your devices and browsers in order to help serve advertising that is more relevant to your interests. These ads could be served on our sites or on third-party sites and applications. This is known as interest-based advertising. Third parties use cookies, web beacons, pixels and/or similar technologies to perform this activity. They also use information to associate various browsers and devices together for the purpose of interest-based advertising and other purposes like analytics.

    For more information about interest-based advertising on your desktop or mobile browser, and your ability to opt out of this type of advertising on your browser by third parties that participate in self-regulatory programs, please visit:

  • if you are based in the USA, the Network Advertising Initiative and/or the DAA’s consumer choice tool;
  • if you are based in Canada, the DAAC’s
  • consumer opt-out tool
  • if you are based in Europe, the EDAA’s Your Online Choices; or
  • if you are based elsewhere, any equivalent website that might be run by a local body that co-ordinates online advertising choices.
  • To learn more about interest-based advertising in mobile apps and to opt out of this type of advertising by third parties that participate in the DAA’s AppChoices tool, please download the version of AppChoices for your device here.

    To opt out of interest-based advertising in your apps, you may have more options depending on your mobile device and operating system. For example, most device operating systems (e.g. iOS for Apple phones, Android for Android devices, and Windows for Microsoft devices) provide their own instructions on how to limit or prevent the delivery of tailored in-app advertisements. You can review the support materials and/or the privacy settings for the respective operating systems to learn more about those features and how they apply to tailored in-app advertisements.

    Please note if you opt out through the self-regulatory programs above, this will only apply to interest-based advertising by the third parties you select. You will continue to receive advertising, but that advertising may be less relevant to your interests. If you use a different device or browser or delete your cookies, you may need to renew your opt-out choice or, where consent is required for cookies, to opt in.

    Precise location information. To disable the collection of precise location information from your mobile device through our mobile apps, you can access your mobile device settings and choose to limit that collection.

    Please also see the next section, Cookies and other technologies, for more choices about managing other technical and usage information.

    COOKIES AND OTHER TECHNOLOGIES

    How we use cookies and other technologies. We use cookies, web beacons and/or similar technologies to understand and enhance your online experience at our sites and through our advertising and media across the internet, including social media sites and mobile apps as further described below. Our affiliates, as well as our and their advertising partners and other third-party service providers, also use such technologies for this purpose.

    Cookies are small text files placed in your browser. Web beacons are small strings of code that provide a method for delivering a graphic image on a webpage for the purpose of transferring data, such as the IP address of the device that downloaded the page on which the web beacon appears, the URL of the page on which the web beacon appears, the time the page containing the web beacon was viewed, the type of browser that fetched the web beacon, and the identification number of any cookie on the device previously placed by that server.

    We also use “Software Development Kits” (“SDKs”), java script and portions of code in our mobile apps to perform similar functions to cookies and web beacons. For example, SDKs collect technical and usage information such as mobile device identifiers and your interactions with our mobile app. Some of our sites use locally stored objects (“LSOs”) to provide content, such as video on demand, video clips or animation, and a better user experience.

    We use cookies and similar technologies to help recognise your browser or device, maintain your preferences, provide certain site features, synchronise users across devices, collect information about your online interactions with our sites, our content and our communications and protect against, identify and prevent fraud and other unlawful activity.

    Types of cookies and other technologies. We use the following types of cookies and similar technologies via our sites for the following purposes:

  • Necessary: enabling core site functionality. Strictly necessary cookies or similar technologies are essential in order to enable you to move around our sites or apps and use our features, such as accessing secure areas. Without them, services like enabling appropriate content based on your type of device cannot be provided.
  • Analytics: allowing us to analyse site usage.

    Analytics cookies or similar technologies collect information about how you use our sites or apps, so that we can analyse traffic and understand users' interactions to perform analytics, including to analyse, measure and report on usage and performance of our sites and marketing materials. For this purpose, we may use third-party service providers such as Google Analytics, who may use their own cookies or similar technologies. The information is used to improve our sites or products.

    You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

    To opt out of Google Analytics relating to your use of our sites, you can download and install the Google Analytics Opt-out Browser Add-on available via this link: https://tools.google.com/dlpage/gaoptout?hl=en.

  • Functional: allowing us to personalise your experience of our sites.

    Functional cookies or similar technologies allow our sites or apps to remember choices you make (such as your user name, or the region you are in) and to provide enhanced, more personal features. They can also be used to remember changes you have made to text size, fonts and other parts of webpages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.

  • Advertising: enabling advertising partners to serve interest-based advertisements.

    Advertising cookies or similar technologies allow us and our affiliates and our and their advertising partners to target, offer, market or advertise products. These cookies and other technologies also facilitate, manage and measure the performance of advertisements displayed on or delivered by or through our sites. These advertising partners may also have the capability to track your browsing across sites, apps and social media sites. See the Advertising choices section above for more information.

  • Social media: used when you share content with, or link to or from, social media sites.

    Social media cookies or similar technologies are used when you share content using a social media sharing button or “like” button on our sites or apps, or when you link your account or engage with our content on or through a social media site such as Facebook, Twitter or Instagram. The social network will record that you have done that. The information may be linked to targeting/advertising activities.

  • Managing cookies and other technologies

    If you are in the UK or EEA, you can use the cookie consent platform on our site to give or withdraw consent to our use of cookies. In other countries, you may be able to manage your consents for cookies and tracking technologies on our websites through settings.

    On a mobile app, please go to “Privacy settings” or your device settings. You can adjust your browser to reject cookies from us or from any other site operator. Controlling cookies via browser controls may not limit our use of other technologies. Please consult your browser’s settings for more information. Blocking cookies or similar technology might, however, prevent you from accessing some of our content or site features. You can also check your browser settings to learn how to delete cookies.

    Adobe's Flash player and similar applications use Local Shared Object (“LSO”) technology to remember settings, preferences and usage similar to browser cookies. Flash cookies are not managed through your web browser, but you can access your Flash management tools from Adobe's website. Your browser may also offer other tools to delete or reject other LSOs; please check your browser’s settings or help menu for more information.

    We do not currently respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.

    Please see the Your marketing and advertising choices section above to learn about other ways to control data collection for advertising purposes.

    DATA RETENTION AND SECURITY

    In broad terms, we will only retain your personal information for as long as necessary for the purposes described in this policy. This means that the retention periods will vary according to the type of personal information and the reason that we have the personal information in the first place. For example, some personal information related to the provision of services to you or by you will be kept for a number of years in order to comply with various finance and tax-related legal obligations. Other service-related personal information may be kept for a different period because it is in our legitimate interests to do so in order to provide or receive an appropriate follow-up service.

    After a retention period has elapsed, the personal information is securely deleted. We may, however, retain copies of your information in anonymised form, which we may use or disclose at our discretion, such as to help us improve our sites and products.

    We have put in place reasonable controls (including physical, technological and administrative measures) designed to help safeguard the personal information that we collect via the sites. No security measures are perfect, however, and so we cannot assure you that personal information that we collect will never be accessed or used in an unauthorised way, which may happen due to circumstances beyond our reasonable control. We have put in place procedures to deal with a suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so.

    YOUR PERSONAL DATA RIGHTS

    Your legal rights. Under certain circumstances, you may have the following rights under data protection laws in relation to your personal information (which may be limited to personal data):

  • right of access to your personal information;
  • right to rectification of your personal information;
  • right to erasure of your personal information;
  • right to restriction of processing of your personal information;
  • right to portability of your personal information;
  • right to object to processing of your personal information;
  • right not to be subject to significant automated decision-making (including when based on profiling); and/or
  • right to withdraw consent to processing of your personal information.
  • Some of those rights may only apply to you if you are resident in the EEA or a country with similar data protection laws. To find out more about those specific rights, please see the last paragraph of this section and the ICO’s website (www.ico.org.uk).

    Exercising your rights. If you wish to exercise any of those rights, please send an email to privacy@wizardingworld.com.

    Your legal rights in more detail (for UK and other EEA residents). In certain circumstances, you have the following legal rights in relation to your personal information (to the extent consisting of “personal data” in the EEA and countries with similar data protection laws, and so we use that term in the rest of this section). We may ask you for additional information, so that we take reasonable steps to check that – for example – we only provide personal data to the person to whom the data relate.

  • Right of access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing such data.
  • Right of rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data that you provide to us.
  • Right to erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances. Please note, however, that we may retain your data in certain circumstances in accordance with law, which will be notified to you, if applicable, at the time of your request.
  • Right to restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you would like us to establish the accuracy of such data; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to portability of your personal data to you or to a third party. If you so request, we shall provide you, or a third party that you have chosen, with a copy of your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform our contract with you.
  • Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground, in which case we will consider whether we have compelling reasons to continue to process your data.
  • Right to object to direct marketing. You also have the right to object where we are processing your personal data for purposes of direct marketing. Please see the section above Your marketing and advertising choices for how to exercise the right.
  • Right to withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products, content or services to you.
  • Right to complain in the UK or elsewhere in the EEA. If you would like to complain, please contact us using the details below. This does not override your right to complain to the relevant supervisory authority at any time.
  • CHILDREN'S PRIVACY

    In various countries, local data protection laws treat individuals under a certain age (“Relevant Age”) as children whose personal information requires additional protection under such laws. For example, the Relevant Age for the purposes of obtaining valid consent from individuals to collect their personal information by online means is 13 in the US and UK.

    For any given country in which site users are based: (a) we do not knowingly collect personal information from children under the Relevant Age; and (b) if we become aware that we have inadvertently collected personal information from a site user under the Relevant Age, we will delete such information from our records.

    If you believe your child has provided us with personal information without your authorisation and you would like to have the personal information deleted, please contact us as described below.

    INTERNATIONAL TRANSFERS

    Wizarding World Digital LLC is a company located in the USA, and therefore when you use our sites and services, Wizarding World Digital LLC collects or receives your data in the USA. This means that personal information we collect will be processed by us or on our behalf in the USA, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world, such as the EEA.

    If you are located in the UK or elsewhere in the EEA or if Wizarding World Digital Limited has collected your information, then, when we transfer your information to our affiliates outside the EEA, we make use of standard contractual clauses that have been approved by the European Commission for data transfers. We also use those clauses when we transfer your information to third parties outside the EEA, or we may adopt other means to ensure that adequate safeguards are applied to your information (such as the EU-US Privacy Shield or binding corporate rules). You can obtain further information on the methods that we use to protect your information when it is transferred outside the EEA by contacting us by email at privacy@wizardingworld.com.

    ### CHANGES TO THIS POLICY

    From time to time, we may make changes to this policy. We will notify you about such changes by placing a notice on our sites and/or sending an email to you. We encourage you to check back and review this policy periodically so that you always know our current privacy practices.

    ### CONTACT US

    Wizarding World Digital LLC, a limited liability company registered in the United States, and Wizarding World Digital Limited, a private company limited by shares registered in England and Wales, jointly control how your information is used. We work together to make decisions about use of information and to respond to queries, or to respond to requests to exercise personal data rights.

    In respect of UK or other EEA-located users, Wizarding World Digital Limited has been appointed as the representative in the EEA of Wizarding World Digital LLC.

    If you have any questions about this policy, you can contact our data privacy team:

  • by email at privacy@wizardingworld.com; or
  • by post (marked for the attention of the Wizarding World Digital Data Privacy Team) at:
  • Warner Bros. Privacy Office, 4000 Warner Blvd., Bldg. 3, Burbank, CA 91522, USA; or
  • Warner House, 98 Theobalds Road, London WC1X 8WB, UK.
  • AFFILIATES

    Our affiliates are:

  • Warner Bros. Entertainment Inc. and its other affiliates from time to time, as listed at https://policies.warnerbros.com/privacy/en-us/affiliates/html/affiliates_en-us_2.1.0.html (which may be updated periodically); and
  • Pottermore Limited and its subsidiary Pottermore Inc.