Privacy & Cookies Policy

This Privacy & Cookies Policy explains how we collect, process and look after your personal information, and how we use cookies. It contains 17 sections. You can view each section by selecting the relevant link below:

1. Introduction

1.1 Welcome to our website (the “Site”), the digital heart of J.K. Rowling’s Wizarding World, dedicated to unlocking the power of imagination. The Site is described in more detail in our Terms & Conditions. The Site is owned by Pottermore Limited (referred to as “Pottermore”, “we”, “us” or “our” as appropriate), a company established in England and Wales. The main part of the Site is currently available at https://www.pottermore.com. The Site also includes the online digital content store of the Harry Potter books, artwork and other merchandise (the “Pottermore Shop”), which is currently available at https://uk.shop.pottermore.com, https://gbp.shop.pottermore.com, https://eur.shop.pottermore.com or https://usd.shop.pottermore.com (depending on your location). We may also make the Site, parts of it or other versions of it available through further digital channels or devices.

1.2 This Privacy & Cookies Policy describes our practices with regard to the information that we collect when you use the Site, what we do with such information and how we protect it. It also describes our practices on the use of cookies. For the purpose of relevant data-protection and privacy laws (such as, in the UK, the General Data Protection Regulation 2016/678/EU), the data controller is Pottermore Limited. Please see our Terms & Conditions and our About page for more information about Pottermore Limited and the basis on which we provide the Site. Some of the capitalised words used in this Privacy & Cookies Policy are defined in our Terms & Conditions and our Pottermore Shop Terms & Conditions.

1.3 We strive to protect the privacy of Site users. We encourage all users to act responsibly and with care when it comes to their personal information and that of others. Please read this Privacy & Cookies Policy to understand how the information you provide to us is used.

1.4 Please note that by visiting and using the Site, you acknowledge the use of your information and the use of cookies, as described in this Privacy & Cookies Policy.

2. Changes to this Privacy Cookies Policy

2.1 Subject to applicable law, we may make changes to this Privacy & Cookies Policy at any time. See the end of this Privacy & Cookies Policy for details of the date when it was last updated. We may notify you of any such changes by sending you notice in writing, by posting a copy of the revised Privacy & Cookies Policy on the Site and/or, if you are a Registered User, by emailing you at the email address that you have provided for your Pottermore Account.

2.2 We ask that Registered Users keep their account information up to date, including your email address, so that any notice that we send you by email under this section reaches you.

2.3 If we make any material changes in the way we collect, use and/or share personal information, we will give you prominent notice of those changes. We will not, without your consent or another legal basis for doing so, apply those changes to any personal information that we previously collected from you.

3. The information we collect and how and why we use it

3.1 Personal data

We collect personal information about you on or via the Site, in limited circumstances described below, including when: (a) you choose to provide it to us when contacting us; or (b) the technical data that we collect (such as an IP address) are treated as personal data under applicable laws; or (c) you provide this information to us in order to set up a Pottermore Account during the registration process. In this Privacy & Cookies Policy the term “personal data”, or “personal information”, means any information about an individual from which that person can be identified, excluding data where the identity has been removed (i.e. anonymous data).

Pottermore Account registration data

If you wish to discover which house the Sorting Hat will place you in or which wand will choose you, or wish to discover other personalised content or wish to buy content from the Pottermore Shop (together, the “Registered Services”), you will need to create an account on the Site (“Pottermore Account”). Please note that the Registered Services are subject to various age restrictions and may be subject to additional terms and conditions from time to time.

Legal bases for processing

We shall only use your personal data when the law allows us to do so. Most commonly, we shall use your personal data in the following circumstances:

  • where we need to perform any contract that we are about to enter into or have entered into with you (such as a contract for the sale of products or digital content via the Site);
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights and freedoms do not override our (or such third party’s) interests; and/or
  • where we need to comply with a legal or regulatory obligation.

Please refer to the Glossary to find out more about the types of lawful basis that we shall rely on to process your personal data.

We do not generally rely on consent as a legal basis for processing your personal data – other than in relation to the sending of third-party direct marketing communications to you via email, if you agree to receive such communications. You have the right to withdraw consent to such marketing at any time by contacting us.

Purposes for using your personal data

We have set out below, in a table format, a description of all the ways that we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you would like further details about the specific legal ground that we are relying on to process your personal data where more than one ground has been set out in the table below.

Type of data collectedPurpose of processingLawful basis for processing (including basis of legitimate interest)
When you register for a Pottermore Account
Your month and year of birth – these are not displayed publicly.To ensure that the Site features and any communications you are offered are appropriate for your age.(a) Performance of a potential contract with you.

(b) Necessary to comply with a legal obligation (to comply with any age-related laws and regulations).

(c) Necessary for our legitimate interests (in understanding the age profile of the Site audience).

Your name (please use the name by which you would wish to be called) and email address – these are not displayed publicly.
  • To identify you and to address you when communicating with you about your access to, or use of, the Site;
  • to personalise your Pottermore Account;
  • to send you site-generated emails (e.g. account verification emails);
  • to send you email communications from time to time containing: exclusive content; general news; special offers; surveys; prize promotions; and updates on events (e.g. news about film or stage events), products, content and/or services (e.g. information about attractions and books) provided by our trusted partners that are closely connected with the Site, the Pottermore Shop and/or the Wizarding World, but only if you indicate that you wish to receive such communications via your Pottermore Account preferences, which will first be set at the time you create your Pottermore Account and can then be updated by you at any time. After receiving your permission to do so, we will send you email communications until you indicate that you wish to stop receiving such communications, which you can do at any time by following the instructions in section 11 (Editing your Pottermore Account settings and unsubscribing from Pottermore emails);
  • to send you a password reminder at your request; and/or
  • for other business and operational purposes related to the Site or your Pottermore Account.
(a) Performance of a contract with you.

(b) Necessary to comply with a legal obligation (to comply with any consumer laws and regulations).

(c) Necessary for our legitimate interests (in running the Site and improving your experience of the Site).

(d) Consent (if given, to receive direct marketing emails).

Your password – this is not displayed publicly, and it is hashed once you have entered it.To give you the ability to log on to your Pottermore Account.Performance of a contract with you.
Information from other sources – this is not displayed publicly. NB: we work closely with third parties (such as business partners and analytics providers) and may receive information about you from them.To gain a better understanding of our audience.Necessary for our legitimate interests (to study how customers use the Site, to develop the Site and to expand our business).
When you use any interactive feature of the Site
Such personal details as you may provide in the course of doing so (e.g. when answering questions and submitting the answers via a Site functionality, such as when using the Sorting Hat).To facilitate your use of that Site feature and to generate any response and/or personalised content following such use.(a) Consent to use the data for such purpose. (b) Necessary for our legitimate interests (in running the Site and improving your experience of the Site).
When you place an order from the Pottermore Shop
Your first name, surname, email address and (if relevant) delivery address – these are not displayed publicly.
  • To identify and contact you about orders that you place via the Pottermore Shop;
  • to personalise your purchase;
  • in case of a merchandise order, to determine whether the item is available for purchase in your country, and, if so, to arrange for delivery of such item if you buy it via the Site;
  • to identify you in our internal records as the purchaser of the product that you order;
  • to send you marketing communications from time to time containing (i) general news about the Pottermore Shop, the Site more generally and about the Wizarding World; (ii) news regarding activity and content on the Pottermore Shop and the Site more generally; (iii) special offers and prize promotions on products and/or services that are closely connected with the Site and/or the Wizarding World; but only if you indicate that you wish to receive such marketing communications via your Pottermore Account preferences, which will first be set at the time you create your Pottermore Account and can then be updated by you at any time. After receiving your permission to do so, we will send you marketing communications until you indicate that you wish to stop receiving such communications, which you can do at any time by following the instructions in section 11 (Editing your settings and unsubscribing from Pottermore emails); and/or
  • for other business and operational purposes related to the Pottermore Shop or your Pottermore Account.
(a) Performance of a contract with you.

(b) Necessary to comply with a legal obligation (to comply with any consumer laws and regulations).

(c) Necessary for our legitimate interests (in running the Site and improving your experience of the Site).

(d) Consent (if given, to receive direct marketing emails).

Your billing address – this is not displayed publicly.
  • To authorise and approve your payments for orders that you place;
  • to contact you by postal mail if we cannot contact you by other methods;
  • to determine which versions of the product (for example, which edition of a book) are available in your country;
  • to personalise your purchase; and
  • to identify you in our internal records as the purchaser of the copy of the product that you order.
(a) Performance of a contract with you.

(b) Necessary to comply with a legal obligation (to comply with any consumer laws and regulations).

(c) Necessary for our legitimate interests (in running the Site and improving your experience of the Site).

Information collected for purchasing and receiving products on behalf of a recipient via the Pottermore Shop.

You can buy goods on the Pottermore Shop for a third-party recipient in accordance with our US Pottermore Shop Terms & Conditions for our US customers, or our Pottermore Shop Terms & Conditions for all our other customers. We refer to the person buying the goods as the “purchaser” and the person receiving the goods as the “recipient”. The purchaser may send us details of the recipient’s first name, surname, delivery address and email address (and any other information that the purchaser may choose to provide) so that we can provide the goods to the recipient. If you are the purchaser, by sending us the recipient’s information you are confirming that the recipient is willing for us to use (or that we can otherwise legitimately use) the recipient’s information to provide the goods and in the other ways referred to above. If you are the recipient, then by using the Site, starting to download the books, or accessing or using the books by any other means, you acknowledge our need to use your information and our use of cookies, as described in this Privacy & Cookies Policy (in particular, without limitation, the use of your first name, surname and email address in the ways described above). If you are a recipient and would like to have your personal information deleted, please contact us using the contact information below. Please note that we may continue to retain information in some cases following a deletion request for purposes required or permitted by law.

(a) Performance of a contract with you. (b) Necessary to comply with a legal obligation (to comply with any consumer laws and regulations). (c) Necessary for our legitimate interests (in running the Site and improving your experience of the Site).
Customer service queries. If you contact us to raise a query, in doing so you may provide us with some of your personal information, such as your name or contact details.To respond to your query.Consent to receive a response to the query.

3.2 Types of non-personal information we collect and use

In addition we may collect information that does not represent personal data for a variety of purposes as set out below:

Anonymous analytics data

Like many companies who operate websites, we collect basic information about your use of our Site, such as the number and duration of visits to the Site, your user type or category, any search queries entered on our Site, and details of which particular pages have been visited. We do not combine this information with any other information that could identify you personally. We use this information to analyse how the Site is functioning and how it is used by our users, to help us maintain and improve the Site on an ongoing basis.

Performance data

While using the Site, certain information is automatically logged about how you are using the Site to analyse performance and usage of the Site. This information may include the URL of the website that linked you to the Site, your IP address and the pages you visit while on the Site. The IP address indicates the location of your computer on the internet. We use this information to analyse how the Site is functioning and how it is used by our users, to help us maintain and improve the Site on an ongoing basis.

Third-party analytics data

Like many companies that operate websites, we allow carefully selected third parties to set cookies in order to capture analytics information, where permitted. When you use social-media functionality on the Site, analytics cookies may be set to measure usage. This information may be linked to your device, but otherwise is collected in a way that does not identify you personally.

3.3 Children’s privacy. In various countries, local data protection laws treat individuals under a certain age (“Relevant Age”) as children whose personal data require additional protection under such laws. In the UK, for example, the Relevant Age is 13 for the purposes of obtaining valid consent from individuals by online means. For any given country in which Site users are based: (a) we do not knowingly collect personal information from children under the Relevant Age; and (b) if we become aware that we have inadvertently collected personal information from a Site user under the Relevant Age, we will delete such information from our records. If you believe your child has provided us with personal information and you would like to have the personal information deleted, please contact us using the contact information below.

3.4 Minors’ privacy in the context of the Pottermore Shop. In the context of purchasers from the Pottermore Shop, we do not knowingly use personal information from persons under the age of majority in the relevant country. If we become aware that a person under the age of majority in the relevant country is attempting to access the Pottermore Shop, we may use technical measures to prevent such person from entering into transactions on the Pottermore Shop. If you believe your child has provided us with personal information and you would like to have the personal information deleted in such context, please contact us using the contact information below.

3.5 Special data. We do not seek to collect any special categories of personal data about you: those would include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we seek to collect any information about criminal convictions and offences. If, however, when using any interactive feature of the Site (such as an online contact form or questionnaire), you in fact provide us with any such special data or information about criminal convictions and offences, then by submitting such data/information, we’ll assume that you are fine with our use of such data/information for (a) the purpose for which you have voluntarily provided such data/information and (b) any purpose that is reasonably compatible with such purpose. You may withdraw that permission at any time by contacting us.

3.6 If you fail to provide data. Where we need to collect personal data by law, or under the terms of a contract that we have with you and you fail to provide those data when requested, we may not be able to perform the contract that we have or are trying to enter into with you (for example, to provide you with products or digital content). If so, we shall notify you if this is the case at the time.

4. How else may we use the information we collect?

4.1 Legal action. We may use the information we collect to comply with law, to investigate a complaint made by another user or a potential breach of the Site’s Terms & Conditions or to prevent and detect unlawful or criminal activity, fraud and misuse of, or damage to, the Site or the products, content and services made available through it, and to take appropriate legal action against those responsible. Such use will be necessary to comply with a legal obligation or necessary for our and/or others’ legitimate interests (in being protected from such potentially harmful/unlawful acts or omissions).

4.2 Linking data. We may on occasion link or combine the information that we collect about you with information that we receive from other sources. We may combine this information with information you give to us and information we collect about you. (For example, we may decide to combine two or more databases into a single database of user information.) We may use this information and the combined information for your and/or our benefit (for example, to allow us to provide a more seamless support whenever you contact us or to provide you with better, personalised services and content and/or, if you have opted to receive such communications, recommendations about trusted partners’ products, content or services that might interest you). Such use will be necessary for our legitimate interests (in improving our operation and your experience of the Site).

4.3 Change of purpose. We shall only use your personal data for the purposes for which we collected the data, unless we reasonably consider that we need to use such data for another reason and that reason is compatible with the original purpose. If you would like to get an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we shall notify you and explain the legal basis on which we intend to rely.

4.4 Legal use. Please note that we may also process your personal data without your knowledge or consent, in compliance with the above rules, if and to the extent that this is required or permitted by law.

5. Information sharing and disclosure

We share your personal information in certain limited ways as described below. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We refer below to “Internal Third Parties” and “External Third Parties”, which are defined in section 16.2 below.

5.1 If you disclose personal information to us when contacting us with a query or placing an order, we may share that personal information with relevant Internal Third Parties and/or External Third Parties for the purpose of handling your query or order and (for merchandise) fulfilling your order, for fraud prevention and for the purposes of operating, managing and administering (including, without limitation, transaction processing on) the Site.

5.2 We may share your information with other External Third Parties for the performance of any contract we enter into with them in connection with the Site.

5.3 We may further share and disclose your personal information with other External Third Parties for the purpose of better integrating their services with the Pottermore Shop. Before we share or disclose any of your personal information with any Internal Third Parties and/or External Third Parties for marketing purposes, we will ask you for your permission to do so.

5.4 In addition, we may share information about visitors to the Site in an anonymous and aggregate form with relevant Internal Third Parties and/or External Third Parties to understand user trends and patterns and to manage and improve our business relationships.

5.5 We do not send any information that we collect on the Site to any social networking sites, nor do we share that information with such sites. We do not collect any personal information about you from those sites.

5.6 We may disclose information we collect, including personal information, as set out below:

(a) to Internal Third Parties and/or External Third Parties for them to administer any accounts or services provided to you through the Site as described above (including, if you are a Registered User, in relation to the registration, creation and operation of your Pottermore Account);

(b) if you consent to receiving marketing communications from Internal Third Parties and/or External Third Parties, to those third parties, for them to send you marketing communications regarding products, content and services they offer;

(c) if there is a change (whether in whole or in part) in the ownership, operation or control of Pottermore Limited, our business or any of our assets, including a change as a result of insolvency or bankruptcy, we may disclose information to the new owner, operator or controller and, if we do so, we will require such person to use it only (i) in accordance with the terms of our Privacy & Cookies Policy (or terms that compatible with those) and/or (ii) as may be required or permitted by law;

(d) apart from the use and sharing of your personal information in the circumstances already described, we may share information we collect (including personal information) as required or allowed by law (for example, as needed to protect our and our licensors’ rights and property or to comply with any applicable law or valid legal process);

(e) to affiliated companies and/or joint venture partners in connection with the Site; and/or

(f) with your permission.

6. Your payment details

We will never send you an email containing your full payment details, and we will never publicly disclose your payment details, whether on the Pottermore Shop or elsewhere. If you appear to have received an email from us, or seen a Pottermore Shop page, that displays your full payment details, this is not genuine – a third party may be attempting to steal your information. Please see section 10 for further information on how we protect the payment information held for you for the Pottermore Shop.

7. Other types of information we collect and use

7.1 We aim to provide a number of features that help provide a more personalised and enhanced experience to our users. To achieve this, we may collect and use a limited amount of information from you that does not (in itself) identify you personally. In addition, we may ask you about which books and films in the Harry Potter series you have enjoyed. We will never publicly disclose any such information on the Site without obtaining your permission.

7.2 We also collect non-personal data, including aggregated, statistical data about visitors to the Site and traffic patterns (and share it with third parties such as our Partners). This information does not identify you in any personal capacity; it simply gives generalised information about the users of the Site. Please see below for more information on our use of cookies and similar technologies.

7.3 We also use watermarking technology to help us combat hacking, piracy and the unauthorised use of books sold through the Pottermore Shop. This involves the use of code numbers to help us to identify individual copies of a book. We may use such watermarking technology to identify items purchased through your Pottermore Account to help us investigate and protect against hacking, piracy, unauthorised use and any other behaviour that may be in breach of our Terms & Conditions or applicable laws.

7.4 We may disclose fully anonymised information, including aggregated or de-identified anonymous data, in our discretion.

8. Cookies and similar technologies

8.1 While you are using the Site, certain information is logged about how you are using the Site to analyse performance and usage of the Site. This information may include, for example, the URL of the website which linked you to the Site, your IP address and the pages you visit while on the Site. The IP address indicates the location of your computer on the internet.

8.2 A “cookie” is a small data file that is sent to your browser from a web server and stored on your device’s hard drive. References below to cookies also include other means of automatically accessing or storing information on your device. Many browsers are set to accept cookies by default. You have the ability to accept or decline cookies as you prefer: please see section 8.4 below for further details.

8.3 We use various different types of cookie via the Site.

  • We use cookies that are necessary and/or useful for the functioning of the Site. For example, if you use the Pottermore Shop, we use “session cookies” (which will usually be deleted when you log out) to keep track of your internet session while on the Pottermore Shop, which, for instance, allow us to remember the items you add to your shopping basket and the site language and currency you have selected to use. Without those cookies the online services that you have asked for cannot be provided.
  • We also use “persistent cookies” (which are longer-term) (and other automatically tracked information) to help you move around and enjoy the features on the Pottermore Shop more easily and to remember settings to improve your visit (at your request), such as your site language preferences or whether you want to be signed in automatically next time you visit.
  • We also use cookies to help improve the performance of the Site and to provide you with a better, more personalised user experience.
  • We also use cookies to store your preferences and other information on your computer in order to save you time by eliminating the need to enter the same information repeatedly.

So cookies allow you to take advantage of some of the Site's key features, which if you choose to decline cookies, mean you may not be able to sign in or to use other interactive features of the Site and its services that depend on cookies.

In further detail, Pottermore cookies fall into the following categories, which we have documented to help you understand the types of cookies that are used to improve your browsing experience on the Site:

Analytics (e.g. Google Analytics; Webengage)

These cookies are used to compile various (anonymised) metrics for our users to get a better understanding of how the Site is used (pages visited and time spent on the Site, for example), so that we can deliver more of the content you want, and less of the content you don’t. This information also helps us to make better decisions for our future initiatives. We use partners like Webengage and Google Analytics. These analytics cookies may be set by those partners, and set in accordance with the relevant partner’s own privacy and cookies policies. Please see section 8.4 below for information on opting out of Google Analytics.

E-commerce (Shopify)

E-commerce cookies may be used via the Pottermore Shop to manage your shopping basket and user experience. We use Shopify. Certain e-commerce cookies may be set by Shopify in accordance with its own privacy and cookies policies.

Customer Service (ZenDesk)

Our customer services partner ZenDesk may set cookies if you visit the ZenDesk Help Center to improve your experience and understand your user preferences. Those website cookies would be set by ZenDesk in accordance with its own privacy and cookies policies.

Performance data

This type of cookie lets us track how long it takes users to load each page, what pages we can cache and whether we need you to log in again. We don’t use any third parties for this.

Embedded video (YouTube)

We know that many of you love the films, so we make use of clips on YouTube to highlight certain elements of the story. YouTube may set its own cookies, and the YouTube cookies policy can be found here.

Social media (Twitter)

J.K. Rowling isn’t just a master of novel writing – she’s also pretty handy within the confines of 140 characters! In order to host her tweets, we embed Twitter links. Twitter may set its own cookies, and Twitter’s cookies policy can be found here.

Preferences

We use this type of cookie to ensure that we don’t show you things you’ve already seen before, like the cookie policy acknowledgement and the intro page. This means you get to spend more time with the content you love, and less time with the content you don’t.

Session state

Websites often collect information about how users interact with a website. This may include the pages that users visit most often, and whether users get error messages from certain pages. We may use these so-called “session state cookies” to help us improve our services, in order to improve our users’ browsing experience. Blocking or deleting these cookies will not render the Site unusable.

Krux

The Krux cookie is a third-party cookie that may be set for Registered Users once logged in. It is set by member(s) of the Warner Bros. group of companies and may be used to track the Registered User’s behaviour across Warner Bros. online and mobile sites and to serve relevant advertising on those sites.

The cookies outlined above expire after varying periods from around 30 minutes up to 2 years or more. The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted.

If you carry on using the Site, we’ll assume that you are fine with our use of cookies in these ways, but you can disable any of these cookies at any time if you wish (as set out below).

8.4 You may refuse to accept cookies by activating the setting on your web browser that allows you to refuse the setting of cookies, or you can modify your browser so that it notifies you when cookies are sent to it. The Help portion of your browser, most likely found on the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. You can check whether these settings are currently enabled on your computer – or find out how to change your current settings – here (but note that Pottermore does not control these third-party resources):

Javascript: www.enable-javascript.com

Cookies: www.whatarecookies.com

Unless you do this, cookies will be issued when you use the Site, but you can disable them via your browser at any time. If you do not accept cookies or decide to disable them, you will still be able to access and use the Site, but you may lose some features and functionality. For example, you cannot remain signed in to your Pottermore Account if you disable cookies.

If you wish to restrict or block web browser cookies which are set on your device, then you can do this by going to the help menu within your internet browser. Alternatively, you may wish to visit the “manage cookies” section on www.allaboutcookies.org, which contains information on how to prevent cookies from being stored on your device.

To opt out of being tracked by Google Analytics across websites visit: http://tools.google.com/dlpage/gaoptout/

You can find out more about cookies at www.allaboutcookies.org and www.youronlinechoices.eu.

9. Links

The Site contains links posted by us to third-party websites (including social networking platforms) that we do not operate or control and that are not subject to this Privacy & Cookies Policy. Please note that we are not responsible for the content or privacy practices of external sites. Please read our Terms & Conditions for further information on these links. We strongly recommend that you read the privacy policy and cookies policy of any such website that you visit before disclosing any information via such website.

10. How do we protect personal information?

10.1 As required by applicable data-protection and privacy laws, we follow appropriate security procedures in relation to the storage and disclosure of information that you have given to us in order to protect against unauthorised access. In particular, we take steps to protect the security of your information, including your payment information and passwords, with appropriate physical, technological and administrative measures. Please note the inherent risks of providing information and dealing online, and we will not accept responsibility for any breach of security that is due to circumstances beyond our reasonable control.

10.2 We have put in place procedures to deal with any suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so.

10.3 If you have any concerns about data security, please see the end of this Privacy & Cookies Policy for details of how to contact us.

11. Editing your Pottermore Account settings and unsubscribing from Pottermore emails

11.1 If you register with the site, you will be asked about your communication preferences. If you want to edit your preferences at any time, log in to the Site and go to https://my.pottermore.com/my-details, where you can check what preferences you have set and adjust them if you want to do so.

11.2. If you registered for an account on a previous version of the Site (prior to 13 April 2016), you may have consented to receiving marketing communications from us. Your marketing settings will remain as they were at the time before that version of the Site was replaced, and you can still withdraw your consent to receiving marketing communications at any time by: (i) clicking the “unsubscribe” link in any of the marketing communications we send you; (ii) emailing unsubscribe@team.pottermore.com; or (iii) changing your Account Preferences in your Pottermore Account.

11.3 You can also edit your settings as described above in section 11.1 or 11.2 above to correct or update your personal details held by us, i.e. to change your:

  • name;
  • email address;
  • country of residence;
  • billing address (if you have one)
  • delivery address; and/or
  • password.

12. Accessing and updating your personal information

12.1 You can access all the personal information we hold on you (excluding any Pottermore Shop transactional data) and edit certain personal information in your My Details page in your Pottermore Account.

12.2 Please also see section 15 below for details of your legal rights of access and other legal rights in relation to your personal data.

13. Ending your account and retention of data

13.1 Ending your account.

We reserve the right to suspend or terminate access to your Pottermore Account for any reason, and we reserve the right to delete your Pottermore Account and any personal information associated with your Pottermore Account.

You can delete your Pottermore Account by sending us a written request. To find out how to do so, please refer to our FAQ pages in the first instance. We will endeavour to comply with any such request promptly and in any event within thirty (30) days of receiving your request.

13.2 Retention of data

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected such data, including for the purposes of satisfying any legal, accounting or reporting requirements.

When we terminate or delete your Pottermore Account, we will delete all the personal information, including your activity history, associated with that Pottermore Account (except for any basic information about our customers that we are required by law to retain for six years after ceasing to be customers for tax purposes). Once your account has been deleted, you will not be able to log in to your Pottermore Account unless you create a new Pottermore Account. If we terminate your Pottermore Account, we reserve the right to refuse re-registration.

In other respects, elements of your personal information and activity history on the Site may be retained as long as necessary as required by law. After such time, those data may be retained in fully anonymised form, and then used in order to improve our services.

Nothing in this section 13 affects your legal rights in relation to your personal data: please see section 15 below for details of those.

14. Transfer of information outside the EEA

14.1 We may sometimes share the information we collect with Internal Third Parties and/or External Third Parties in the limited circumstances described in section 5 above. Some of those third parties may be based in locations outside the European Economic Area (“EEA”).

14.2 Also, while many of our services are hosted and managed within the EEA, we may transfer, store, or process information at locations outside the EEA. It may be processed by staff operating outside the EEA who work for us or for one of the Internal Third Parties and/or External Third Parties. Such staff may be engaged in, among other things, the provision of support services.

14.3 In connection with such transfer, storing and processing, we will take all steps necessary to ensure that your data are processed securely, lawfully and in accordance with this Privacy & Cookies Policy. These steps may include our use of model clauses issued by the European Commission or such other schemes or arrangements as may be appropriate from time to time to cover transfers of personal data outside of the EEA (i.e. which, in effect, give personal data the same protection that the data have within Europe), including, in the case of the USA, by using third parties that have signed up to the EU-US Privacy Shield framework. For further details of such safeguards, please see the European Commission’s website.

14.4 Please note that the governments, courts or law-enforcement or regulatory authorities of countries outside the EEA, in addition to those within the EEA, may be able to obtain access to or disclosure of any personal information processed in those locations through the laws of their respective countries.

14.5 If you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us.

15. Your legal rights

15.1 Rights. Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • right of access to your personal data;
  • right to rectification of your personal data;
  • right to erasure of your personal data;
  • right to restriction of processing of your personal data;
  • right to portability of your personal data;
  • right to object to processing of your personal data;
  • right not to be subject to automated decision-making (including profiling); and
  • right to withdraw consent to processing of your personal data.

To find out more about these rights, please see section 16 below and the ICO’s website (www.ico.org.uk).

15.2 Exercising your rights. If you wish to exercise any of those rights, please contact us. You can also access the personal information we hold on you (excluding Pottermore Shop transactional data) in your My Details page in your Pottermore Account.

15.3 No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.

15.4 What we may need from you. We may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data are not disclosed to any person that has no right to receive such data. We may also contact you to ask you for further information in relation to your request to speed up our response.

15.5 Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we shall notify you and keep you updated.

16. Glossary

16.1 Lawful basis.

“Legitimate interest” means the interest of our business in conducting and managing our business to enable us to give you the best services/products/content and the best and most secure experience. We make sure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

“Performance of a contract” means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

“Comply with a legal or regulatory obligation” means processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which we are subject.

16.2 Third parties.

“Internal Third Parties” means other entities that are direct or indirect subsidiaries of Pottermore and/or owned and/or controlled (directly or indirectly) by J.K. Rowling from time to time (acting as co-controllers or as processors), which are based in the EU or USA and provide certain operational and/or administrative services to us and/or otherwise in relation to the Wizarding World, and includes the officers, employees and agents of such entities who are involved in such services. Such agents include The Blair Partnership and J.K. Rowling’s private family office, each based in the UK.

“External Third Parties” means:

  • Service providers and other commercial partners (acting as processors) based in the UK, EU or USA that support us in fulfilling our contractual obligations and in operating our business, including those providing us with certain account-registration, marketing, public-relations and data-processing services, order fulfilment services, payment processors, delivery services, customer services and IT and communication services (such as server-hosting, CRM-platform, email and telephony providers), and includes the officers, employees and agents of such entities who are involved in such support role. Such public-relations service providers include JKR PR (a partnership between Stonehillsalt PR Ltd and Mark Hutchinson Management Limited), based in the UK.
  • Members of the Warner Bros. group of companies from time to time (acting as co-controllers or as processors) principally based in the USA or the UK that have produced and/or are producing audio-visual content, merchandise and/or other products or digital content based on the Wizarding World, and includes the officers, employees and agents of such entities who are connected with any such activity.
  • Professional advisers (acting as co-controllers or as processors), including lawyers, bankers, accountants and insurers, who are based in the UK, EU or USA and provide their respective professional services to us.
  • HM Revenue & Customs, regulators and other authorities (acting as co-controllers or as processors), which are based in the UK and may require reporting of processing activities in certain circumstances, and includes their relevant personnel.

16.3 Your legal rights.

In certain circumstances, you have the following legal rights in relation to your personal data:

Right of access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing such data.

Right of rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data that you provide to us.

Right to erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for our continuing to process such data. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

Right to restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you would like us to establish the accuracy of such data; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Right to portability of your personal data to you or to a third party. If you so request, we shall provide you, or a third party that you have chosen, with a copy of your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.

Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you believe that it affects your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.

Right not to be subject to automated decision-making (including profiling) where that would have a significant effect on you. We do not in fact engage in such activities, so this right will not, in practice, be relevant in the context of your use of the Site.

Right to withdraw consent at any time where we are relying on consent to process your personal data. This will not, however, affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products, content or services to you. We shall inform you if that is the case at the time when you withdraw your consent.

17. About us and how to contact us

17.1 We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy & Cookies Policy. Our current DPO is Ms Louise Hughes. If you have any queries or concerns about this Privacy & Cookies Policy or wish to exercise any legal rights in relation to your personal data, please contact the DPO using the details set out below.

17.2 You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

17.3 The Site is owned by Pottermore Limited, a company incorporated in England and Wales, whose company details are as follows:

Company Name: Pottermore Limited

Registered Office: Devonshire House, 1 Devonshire Street, London W1W 5DR, UK

Company Registration Number: 06979090

VAT Registration Number: 980826881

ICO Registration Number: Z2535777

17.4 If you would like to contact us about the information that we hold about you or to exercise any of your legal rights in relation to such information, please write to our Data Protection Officer at Pottermore Limited, PO Box 7828, London W1A 4GE, UK or email our Data Protection Officer at dpo@team.pottermore.com, marking it clearly as a “Data subject request”. You can also access all the information that we hold about you (excluding Pottermore Shop transactional data) in your My Details page in your Pottermore Account.

If you have any other queries about privacy or cookies on the Site, please feel free to contact us:

By online form:Contact us

By post: Pottermore Limited, PO Box 7828, London W1A 4GE, UK

By email:dpo@team.pottermore.com

17.5 In Delaware and California, online booksellers may be legally required to prepare an annual report providing information about disclosures of personal information made to comply with legal process. Pottermore is currently exempt from this requirement, so no report has been prepared.

Last updated: 24 May 2018