Who we are and how to contact us
The Folio Society Ltd ("Folio") is a private company registered in England with company number 1015675. Our registered office is:
Clove Building, 4 Maguire Street, London SE1 2NQ
If you have any questions about how we look after your personal data, you can contact us:
- In writing, at the address above. Please mark your letter for the attention of the Data Controller
- By email to this address: email@example.com
- By telephone on +44 (0) 207 400 4200. Our customer service team is available 9.30 – 5.30 (UK time), Monday to Friday
You can manage your marketing preferences (whether we can mail you catalogues and special offers, call you on the telephone, email you or share your personal data with third parties) by contacting us as above or through the Preference Centre if you have an online account. We will update your preferences immediately but please note that as catalogues are printed in advance it may take up to 8 weeks to stop postal promotions.
How do we collect your personal data?
We collect your personal data in three main ways:
(1) When you give it to us directly
When you create a customer account, visit our website, communicate with us or purchase our products or services, you give us certain information. For example, you tell us your name and address, email address and telephone number when placing an order or entering a competition
(2) When our systems collect information or personal data as you use our website
Whenever you use our website, information gets recorded automatically by the IT systems used to operate that website. The most common type of information collected is in the form of cookies (small text files sent by your computer each time you visit our website) but can also include personal data transferred by the electronic device you use to access our website and its settings
(3) When publicly or commercially available data is used to update our records, for example by correcting any address errors by using a postcode checking service.
What categories of personal data do we collect?
We may collect the following information about you:
• Your name, date of birth and contact details
This can include your postal, billing and delivery addresses (which would include the addresses of any family or friends you choose to send books to); your telephone number and your email address
• Purchases and orders made by you, including method of payment. We do not retain any credit card information
• When you set up an account with us, your password (which we encrypt) and wish list selections
• Your book preferences, ratings and reviews
• Your marketing preferences
• Your on-line browsing history on our website
• Your correspondence with us
How do we use your personal data?
We use your personal data:
- To send you the books and other products and services you purchase from Folio
- To improve the range of books and offers we provide
- To present you with personalised offers on our website, through social media channels such as Facebook and Instagram and by placing banner advertisements on third party websites
- To personalise the offers you receive from us – books which may be of interest, unique events, and special offers and promotions. To do this we look at your previous purchases plus any preferences you may have indicated to build a profile of what you are most likely to want to buy. This is known as 'profiling'.
- To allow you to post links to our products on social media
- To manage any online accounts you register with us
- To ensure we communicate with you in accordance with your contact preferences
- To provide you with the opportunity to review our products and services
- To verify your identity if you ask for information about your personal data or order history
- To detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same)
- To carry out research to better understand your views on our products and services
- To help us find other customers who may also be interested in Folio’s beautiful books.
The legal basis for using your personal data is as follows:
(1) For the fulfilment of a contract between you and Folio. For example, when you order a book from us we are contractually obliged to deliver that book to you and we need your delivery name and address to do that
(2) For sending you relevant information about our books and offers where you have given specific consent to us to do so. For example, when you ask us to send you email newsletters and offers. You can withdraw this consent at any time by contacting us
(3) For the ‘legitimate interest’ of Folio in conducting and managing our business to enable us to give you the best products and the best and most secure experience in a way which might reasonably be expected as part of running our business. For example, we have an interest in marketing our books to you and making sure our marketing is relevant for you. Therefore, we may process your information to send book offers that are tailored to your interests. When you become a customer, we tell you how we would like to market our products and services to you and offer you a clear way to opt out of those communications. We will always make sure that our legitimate business interests do not override your interests and your rights under data protection laws. You can opt out of our marketing communications at any time by contacting us on +44 (0) 207 400 4200 or firstname.lastname@example.org, or through the Preference Centre if you have an online account. In addition to sending you marketing communications, we rely on our legitimate interests to process your personal data so that we can:
- Improve the range of books and offers we provide
- Carry out research to better understand your views on our products and services
- Give you the opportunity to review our products and services
- Provide you with a quality customer service experience
- Protect you, our employees and our business
- Handle any legal claims or regulatory actions taken against Folio
(4) For compliance with a legal obligation. For example, if Folio is required to provide supporting evidence to tax authorities.
When do we share your personal data?
So that we can provide you with our products and services, we have to share some of your personal data with trusted third parties.
When we share your personal data, we make sure that it remains secure:
- We conduct a data security review of third parties we share your personal data with to ensure that they will keep your personal data secure and confidential to the standards you and we would expect
- Every external company we work with is required to have a contract with us which clearly describes our expectations about the way in which they keep your personal data secure, the purposes for which they can use your personal data and which holds them fully responsible for meeting those expectations
- We will only send to third parties the personal data that is necessary for the purposes it is required for.
Folio does not sell customer data but we share your data as follows:
With core service providers to enable our business to function
We rely on a set of external companies to provide us with services that enable our business to run properly. Our core service providers include the delivery companies we use to send our books to you; banks and clearing houses to process your payments; our warehousing and despatch company; IT service providers; our provider of independent product and service reviews; and the company which handles some of our orders by telephone. It also includes companies to help us with our marketing, including catalogue printers and mailing houses, our advertising agencies, email marketing provider and data analytics companies. These companies help us ensure that our marketing communications are relevant, not duplicated and abide by your marketing preferences.
With other partners when your marketing preferences allow us
We work with a number of other third party companies to provide value to our business and to you. These companies include our trusted marketing and social media partners (for instance you can publish a link on Facebook or Twitter to any books of ours that you have enjoyed).
We will only partner with a company that meets our own high standards and that we think is a good fit for our business and our customers. Each of these third parties is required by the terms of the contract we have agreed with them to use your personal data only as we instruct it and to ensure that your personal data is secure and deleted after use.
We may also on occasion share your data with trusted retail partners either directly or through alliances operated by third parties. The companies we share your data with directly and the retailers participating in these alliances are active in the publishing, clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. The alliances work by each trusted retailer sharing information on what their customers buy. This information is analysed to help the retailers understand consumers’ wider buying patterns. As a result, the retailers can tailor their communications, sending suitable offers that should be of interest, based on what they like to buy.
If you would rather not receive marketing offers from third party companies you can withdraw your permission whenever you want by contacting us at +44 (0) 207 400 4200 or email@example.com or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. Alternatively, you can update your details at any time through the Preference Centre if you have an online account.
With regulators and law enforcement agencies when required to do so by law
We are required to co-operate with regulators (like the UK Information Commissioner's Office or HMRC) and law enforcement agencies (like the police or the Serious Fraud Office) in every country we operate in. Although it does not happen often, regulators and law enforcement agencies can require us to share information with them as part of an investigation; this may include your personal data. We would have to disclose your personal data where we believe that disclosure is reasonably necessary to comply with the regulator or crime enforcement agency's demand.
When we think it is reasonably necessary to protect you or us
Occasionally businesses are subject to attempted criminal activities; this can affect both us and you. We will take all reasonable steps to protect you and our business but sometimes we may need to share your personal data where we think it is reasonably necessary to:
- Detect, monitor, investigate or prevent any suspected illegal activities, fraud or security issues
- Enforce our terms and conditions and to protect your and our rights and property
- Investigate and defend any third party claims or allegations
As part of a business sale or purchase, merger or reorganisation
Although we have no current plans to do so, from time to time we may look to purchase another business or sell or re-organise parts of our business to ensure that we remain in strong shape. Sometimes these types of corporate transactions involve the transfer of your personal data solely for the purposes of assessing the transaction. In the event that we sell or buy any business or assets, personal data which we hold about you may be one of the transferred assets.
In aggregated format
Strictly speaking this is not personal data, but on occasions we will use data from which you cannot be personally identified but which does include information that relates to you (such as your purchase history). This data is combined with data from other customers to provide general trends on customers’ preferences, ratings and reviews and general buying habits.
Do we send your personal data outside the European Economic Area?
From time to time we may use service providers outside the European Economic Area ("EEA"), in particular for the provision of IT services.
If we do share your personal data with service providers outside the EEA we will ensure reasonable safeguards are put in place to protect your personal data.
How long do we keep your personal data for?
We will not keep your personal data for longer than is necessary for the purposes described in this policy. At the end of the retention period, your data will either be deleted completely or anonymised so that it can be used in a non-identifiable way for statistical analysis and business planning.
As a guide:
- we will keep personal data while your online account is active
- we will keep personal and sales data while there is still a reasonable expectation that you will respond to our sales and marketing communications but never longer than ten years after your last communication with us
- we may keep certain categories of personal data after your account is closed in order to meet any legal or regulatory requirements, or to resolve a legal dispute. For example, we may need to keep certain personal data relating to your purchases in order to comply with authorities’ sales tax or VAT reporting requirements
You have a number of rights under data protection laws. These are summarised below.
You have the right to request a copy of the information that we hold about you. You can do this by contacting us at +44 (0) 207 400 4200 or firstname.lastname@example.org or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. To process your request, we will ask you to provide us with proof of identity so that we can be sure we are releasing your personal data to the right person.
We will process your request within one month or, if the request is particularly complex, three months. We can provide you with a copy of your personal data in electronic format or hard copy. If you would like additional copies, we will charge a fee to cover the administrative cost.
If we consider the frequency of your requests is unreasonable or the request is unfounded, we may refuse to comply with your request. Alternatively, we can provide the information but will charge a fee to cover the administrative cost.
We welcome feedback from you to ensure our records are as accurate and up-to-date as possible. If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by contacting us at +44 (0) 207 400 4200 or email@example.com or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. We will process your request as soon as we receive it or within one month of receipt at the latest.
You can ask us to delete your personal data. However, in some circumstances we can refuse to erase personal data which we need to keep (i) to comply with a legal obligation (for instance, in the UK we are required by HMRC to keep certain personal data for up to 6 years for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.
When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future, we will retain just enough of your personal data solely for suppression purposes.
Other than as described above, we will always comply with your request and do so promptly. We would also notify any third parties with whom we have shared your personal data about your request so that they also comply.
Some customers would still like to order our products but do not want to receive any marketing communications from us. This is not a problem as you can simply update your marketing preferences by contacting us at +44 (0) 207 400 4200 or firstname.lastname@example.org or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. Alternatively, you can update your preferences at any time through the Preference Centre if you have an online account.
If you would like us to stop processing your personal data for marketing purposes simply let us know by contacting us at +44 (0) 207 400 4200 or email@example.com or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. Alternatively, you can update your preferences at any time through the Preference Centre if you have an online account.
If you are not satisfied with any aspect of our handling of your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) in the UK, or your local data protection authority.
The cookie does NOT store any personal or sensitive data that would compromise your security (such as credit card details or passwords).
You can disable cookies within your own browser, but this will affect what you see on our website.