Privacy Policy

We may collect the following information about you:

• Your name, date of birth and contact details. This can include your postal, billing and delivery addresses (which would include the addresses of any family or friends you choose to send books to); your telephone number and your email address

• Purchases and orders made by you, including method of payment. Should you choose to give permission for credit card data to be stored, this will be securely held by our third-party payment gateway provider, not on this website.

• When you set up an account with us, your password (which we encrypt) and wish list selections

• Your book preferences, ratings and reviews

• Your marketing preferences

• Your on-line browsing history on our website

• Your correspondence with us

In some instances, we may need to collect additional personal data for the purposes set out in this Privacy Policy.

We use your personal data: - To send you the books and other products and services you purchase from Folio - To improve the range of books and offers we provide To present you with personalised offers on our website, through social media channels such as Facebook and Instagram and by placing banner advertisements on third party websites - To personalise the offers you receive from us – books which may be of interest, unique events, and special offers and promotions. To do this we look at your previous purchases plus any preferences you may have indicated to build a profile of what you are most likely to want to buy. This is known as 'profiling'. - To allow you to post links to our products on social media - To manage any online accounts you register with us - To ensure we communicate with you in accordance with your contact preferences - To provide you with the opportunity to review our products and services - To verify your identity if you ask for information about your personal data or order history - To detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same) - To carry out research to better understand your views on our products and services -To help us find other customers who may also be interested in Folio’s beautiful books. - The legal basis for using your personal data is as follows: (1) For the fulfilment of a contract between you and Folio. For example, when you order a book from us we are contractually obliged to deliver that book to you and we need your delivery name and address to do that (2) For sending you relevant information about our books and offers where you have given specific consent to us to do so. For example, when you ask us to send you email newsletters and offers. You can withdraw this consent at any time by contacting us (3) For the ‘legitimate interest’ of Folio in conducting and managing our business to enable us to give you the best products and the best and most secure experience in a way which might reasonably be expected as part of running our business. For example, we have an interest in marketing our books to you and making sure our marketing is relevant for you. Therefore, we may process your information to send book offers that are tailored to your interests. When you become a customer, we offer you a clear way to opt out of those communications. We will always make sure that our legitimate business interests do not override your interests and your rights under data protection laws. You can opt out of our marketing communications at any time by contacting us on +44 (0) 207 400 4200 or datacontroller@foliosociety.com, or through the Preference Centre if you have an online account. In addition to sending you marketing communications, we rely on our legitimate interests to process your personal data so that we can: Improve the range of books and offers we provide Carry out research to better understand your views on our products and services Give you the opportunity to review our products and services Provide you with a quality customer service experience Protect you, our employees and our business Handle any legal claims or regulatory actions taken against Folio (4) For compliance with a legal obligation. For example, if Folio is required to provide supporting evidence to tax authorities.

So that we can provide you with our products and services, we have to share some of your personal data with trusted third parties.

When we share your personal data, we make sure that it remains secure:

We conduct a data security review of third parties we share your personal data with to ensure that they will keep your personal data secure and confidential to the standards you and we would expect

Every external company we work with is required to have a contract with us which clearly describes our expectations about the way in which they keep your personal data secure, the purposes for which they can use your personal data and which holds them fully responsible for meeting those expectations

We will only send to third parties the personal data that is necessary for the purposes it is required for.

Folio does not sell customer data but we share your data as follows:

With core service providers to enable our business to function

We rely on a set of external companies to provide us with services that enable our business to run properly. Our core service providers include the delivery companies we use to send our books to you; banks and clearing houses to process your payments; our warehousing and despatch company; IT service providers; our provider of independent product and service reviews; and the company which handles some of our orders by telephone. It also includes companies to help us with our marketing, including catalogue printers and mailing houses, our advertising agencies, email marketing provider and data analytics companies. These companies help us ensure that our marketing communications are relevant, not duplicated and abide by your marketing preferences.

With regulators and law enforcement agencies when required to do so by law

We are required to co-operate with regulators (like the UK Information Commissioner's Office or HMRC) and law enforcement agencies (like the police or the Serious Fraud Office) in every country we operate in. Although it does not happen often, regulators and law enforcement agencies can require us to share information with them as part of an investigation; this may include your personal data. We would have to disclose your personal data where we believe that disclosure is reasonably necessary to comply with the regulator or crime enforcement agency's demand.

When we think it is reasonably necessary to protect you or us

Occasionally businesses are subject to attempted criminal activities; this can affect both us and you. We will take all reasonable steps to protect you and our business but sometimes we may need to share your personal data where we think it is reasonably necessary to:

Detect, monitor, investigate or prevent any suspected illegal activities, fraud or security issues

Enforce our terms and conditions and to protect your and our rights and property Investigate and defend any third party claims or allegations

As part of a business sale or purchase, merger or reorganisation

Although we have no current plans to do so, from time to time we may look to purchase another business or sell or re-organise parts of our business to ensure that we remain in strong shape. Sometimes these types of corporate transactions involve the transfer of your personal data solely for the purposes of assessing the transaction. In the event that we sell or buy any business or assets, personal data which we hold about you may be one of the transferred assets.

In aggregated format

Strictly speaking this is not personal data, but on occasions we will use data from which you cannot be personally identified but which does include information that relates to you (such as your purchase history). This data is combined with data from other customers to provide general trends on customers’ preferences, ratings and reviews and general buying habits.

From time to time we may use service providers outside the European Economic Area ("EEA"), in particular for the provision of IT services.

If we do share your personal data with service providers outside the EEA we will ensure reasonable safeguards are put in place to protect your personal data.

We will not keep your personal data for longer than is necessary for the purposes described in this policy. At the end of the retention period, your data will either be deleted completely or anonymised so that it can be used in a non-identifiable way for statistical analysis and business planning.

As a guide:

we will keep personal data while your online account is active we will keep personal and sales data while there is still a reasonable expectation that you will respond to our sales and marketing communications but never longer than ten years after your last communication with us we may keep certain categories of personal data after your account is closed in order to meet any legal or regulatory requirements, or to resolve a legal dispute. For example, we may need to keep certain personal data relating to your purchases in order to comply with authorities’ sales tax or VAT reporting requirements

You have a number of rights under data protection laws. These are summarised below.

the right to be informed

We need to be clear with you about how we process your personal data. We do this through this Privacy Policy, which we will keep up to date and available on our website.

the right of access

You have the right to request a copy of the information that we hold about you. You can do this by contacting us at +44 (0) 207 400 4200 or datacontroller@foliosociety.com or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. To process your request, we will ask you to provide us with proof of identity so that we can be sure we are releasing your personal data to the right person.

We will process your request within one month or, if the request is particularly complex, three months. We can provide you with a copy of your personal data in electronic format or hard copy. If you would like additional copies, we will charge a fee to cover the administrative cost.

If we consider the frequency of your requests is unreasonable or the request is unfounded, we may refuse to comply with your request. Alternatively, we can provide the information but will charge a fee to cover the administrative cost.

the right to correction

We welcome feedback from you to ensure our records are as accurate and up-to-date as possible. If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by contacting us at +44 (0) 207 400 4200 or datacontroller@foliosociety.com or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. We will process your request as soon as we receive it or within one month of receipt at the latest.

the right to erasure

You can ask us to delete your personal data. However, in some circumstances we can refuse to erase personal data which we need to keep (i) to comply with a legal obligation (for instance, in the UK we are required by HMRC to keep certain personal data for up to 6 years for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.

When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future, we will retain just enough of your personal data solely for suppression purposes.

Other than as described above, we will always comply with your request and do so promptly. We would also notify any third parties with whom we have shared your personal data about your request so that they also comply.

Some customers would still like to order our products but do not want to receive any marketing communications from us. This is not a problem as you can simply update your marketing preferences by contacting us at +44 (0) 207 400 4200 or datacontroller@foliosociety.com or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. Alternatively, you can update your preferences at any time through the Preference Centre if you have an online account.

the right to object

If you would like us to stop processing your personal data for marketing purposes simply let us know by contacting us at +44 (0) 207 400 4200 or datacontroller@foliosociety.com or by writing to Data Controller, The Folio Society, Clove Building, 4 Maguire Street, London SE1 2NQ. Alternatively, you can update your preferences at any time through the Preference Centre if you have an online account.

If you are not satisfied with any aspect of our handling of your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) in the UK, or your local data protection authority.

We keep our Privacy Policy under regular review and will place any update on this web page. This policy was last updated on 30 November 2022.

A cookie is a small file that is held on your web browser to identify who you are to our website. Foliosociety.com uses cookies to show you the most appropriate offers and information. We use cookies to provide us with other information, such as when visitors come from a partner website, from a search engine or via an email that we have sent, and to hold items in your basket or wish list.

Third party vendors, including Google, also use cookies to serve ads based on a user’s prior visits to foliosociety.com. Users may opt out of Google’s use of cookies by visiting the Google advertising opt-out page.

The cookie does NOT store any personal or sensitive data that would compromise your security (such as credit card details or passwords).

You can disable cookies within your own browser, but this will affect what you see on our website.

The Folio Society has an individual Cookie policy which can be found here.