Updated: July 1, 2021
It covers all the data collection activities (online and offline) of two Wizarding World Digital entities, Wizarding World Digital LLC and Wizarding World Digital Limited (“we”, “us” or “our”). It includes information we collect through our various Wizarding World digital channels, such as websites, mobile apps, streaming services and third-party social networks, as well as through customer care centres, points of sale and events that link directly to this policy (together, the “sites”).
This policy tells you how you can access and update your personal information and make certain choices about how it is used. It also explains rights you have to object to processing for direct marketing purposes and to object to processing that is not required by law or necessary for us to provide the sites, and how you can exercise those rights.
California law also requires us to provide certain information about how we collect and use the personal information of California residents and to grant those California residents certain rights with respect to their data. If you are a California resident, see the California and CCPA Privacy Rights, Metrics, and Disclosures section of this Policy for these disclosures and a description of your privacy rights. These privacy rights include a right to access, delete, or opt out of the sale of your personal information and require us to provide metrics related to the exercise of such privacy rights
For certain offerings on our sites, there may be additional notices about our privacy practices and choices, each of which will be considered to form part of this policy.
TABLE OF CONTENTS
- DATA CONTROLLERS
- CHILDREN'S PRIVACY
- THE INFORMATION WE COLLECT
- HOW WE USE THE INFORMATION
- INFORMATION SHARING AND DISCLOSURE
- YOUR MARKETING AND ADVERTISING CHOICES
- COOKIES AND OTHER TECHNOLOGIES
- DATA RETENTION AND SECURITY
- YOUR PERSONAL DATA RIGHTS
- CALIFORNIA AND CCPA PRIVACY RIGHTS, METRICS, AND DISCLOSURES
- INTERNATIONAL TRANSFERS
- CHANGES TO THIS POLICY
- CONTACT US
In some cases, third parties may act as independent controllers of your personal information, as explained further below.
In various countries, local data protection laws treat individuals under a certain age as children whose personal information requires additional protection under such laws (“children”). For example, the relevant age of a child for the purposes of obtaining valid consent from individuals to collect their personal information by online means is 13 in the UK and 16 in Ireland.
If you believe your child has provided us with personal information without your authorisation and you would like to have the personal information deleted, contact us as described below.
THE INFORMATION WE COLLECT
Personal data and other personal information. When you interact with our sites, we may collect and combine different types of personal information. We refer to this as “information” for short. The information may include:
Registration, account and sign-up information. We collect information about you in the course of your use of the site(s) or registration with us. For example, when you create or update an account, register for or download an app, or sign up for one of our offerings, you provide us with certain information, which includes your name and email address, and may include your photo or social-media profile. We may also receive information about your interest in and use of various products, services, programs, virtual items, content and activities (which we refer to below as “products” for short) that are available on or through our sites. You may also provide or be allocated certain details, such as a nickname, user name, password, Wizarding World attributes and/or other profile information.
Product purchase. If you make a purchase on one of our sites, our payment providers or the entity handling the sale will also collect certain payment information (e.g. payment method, billing information and delivery address).
Information about others / inviting friends. In certain situations, we collect information submitted by people you know. For example, a friend might submit information to invite you to take part in an offering, send you a gift, make recommendations or share content. They also may provide your details through an “invite your friends” function or by importing contacts from their address book or from social media sites. By processing those requests, we will receive your information, including details such as your name, email address, social-media profile, postal address and/or telephone number, and/or information about your interests in and use of various products.
Information from affiliates and third parties. We combine the information we process about you with information we receive from other organisations. This includes information from Warner Bros. and Pottermore affiliates, organisations sponsoring or co-branding our or our affiliates’ content, as well as demographic and other information from other business partners, advertising companies and research services.
Wizarding Passport™. You may choose to register for one or more of our sites through a Wizarding Passport, which refers to both your account and certain of the information you provide or are allocated in connection with your account (such as your Hogwarts house, wand, patronus, pet etc.). Your Wizarding Passport will identify you as a “member” of the Wizarding World sites and services and will serve as your credentials for logging into and using the sites and services and for other purposes. If you use a Wizarding Passport to connect your Wizarding World Digital account to an account maintained by one of our business partners, then we will share certain information from your profile with that partner. We will tell you what information will be shared before you connect with another organisation via the Wizarding Passport. When you do connect with that organisation, we may receive certain information in return (e.g. achievements in a game).
Social media. You can engage with some of our content and offerings, such as videos, apps and other offerings on or through third-party communities, forums and other social media sites, services, plug-ins and apps (“social media sites”). When you link to our sites or interact with us or our content through social media sites, you may choose for us to receive certain information from your social media account (e.g. name, user ID, email address, social-media profile, photos and videos, gender, birthday, your list of friends and their contact details, people you follow and/or who follow you, the posts or the “likes” you make). We may also receive information from your interaction with our content (e.g. content viewed and information about advertisements you have been shown or have clicked on).
Location information. We may have access to certain information about your general location, such as your country or address, when you provide it or via information (such as an IP address or device settings) relating to your computer, mobile phone or other device. With consent (where required by law), we may also collect information about your device’s precise location (e.g. geolocation via mobile devices).
Camera access. For some services or features, we will ask for permission to access your device’s camera. If you grant permission, you may be able to take pictures or video within the app experience or to access certain augmented reality (“AR”) features. Some of these features may rely on camera systems to track movements of your eyes and other facial features or your immediate surroundings to apply AR effects. Information gathered from facial scanning technology, e.g., TrueDepth API, is only used to make these services and features available to you and is only persistent on the device during use of the AR features. Facial data is not stored on our systems nor shared with any third party.
Technical and usage information. We also collect certain technical and usage information such as the type of device, browser and operating system you are using, your internet service provider or mobile carrier, unique device identifier, IDFA or IDFV, MAC address, IP address, device and browser settings, the webpages and apps you use, advertisements you see and interact with, and certain site usage information across our sites and other sites and apps. Please see our Cookies and other technologies section below for more information on how we may use those technologies to collect that information.
Customer enquiries. Where you contact us through one of our customer help desks or customer call centres or where you get in touch with us by email or using an online form, we will ask you for some information, including why you are getting in touch. We may have access to any relevant product that you have purchased, your purchase history, your previous correspondence with us and/or your contact details.
Market Research. We may contact you to provide feedback to help us develop and improve our products and services. We may collect this feedback through telephone or other interviews with you, where we may record and transcribe these discussions.
We may combine information that we collect from the Wizarding World websites with data collected from the Wizarding World mobile apps and other services.
Non-personal information. In addition, we may collect certain information that is not personal information, such as anonymous analytics data.
If you fail to provide information. Where we need to collect personal information by law, or under the terms of a contract that we have with you, and you fail to provide that information when requested, we may not be able to perform the contract that we have or are trying to enter into with you (for example, to provide you with products).
HOW WE USE THE INFORMATION
We use your personal information for the processing purposes and related lawful bases described below (or disclosed at the time of collection):
(1) Basis: where necessary to perform a contract with you (or to take steps at your request before entering into a contract)
Purposes of processing:
a. To provide you with access to content, products, services and other features on or via the sites.
b. To process your registration for a site, competition, prize draw or contest, and to administer your account or entry in accordance with any related contractual terms.
c. To send you information about changes to our terms or policies.
d. To process your payment and to fulfil your purchase or other transaction, including related communications about those.
(2) Basis: where necessary for purposes of our or third parties’ legitimate interests
Purposes of processing (and related legitimate interests):
a. To respond to your enquiries, e.g. to send you information you have requested, and to offer customer/user support services (fulfilling your request and providing you with such assistance).
b. To assist with the security and safety of our sites and users, e.g. by trying to prevent unauthorised or malicious activities (making our sites safe for users).
c. To enforce compliance with our terms and policies and to help other organisations, such as copyright owners, to enforce their rights, including by sharing your information with relevant third parties to assist us or them in pursuing available remedies and/or limiting any loss or damage sustained (protecting our and others’ rights).
d. To detect and prevent fraud (tackling fraudulent activity).
e. To analyse and understand how our sites are used, including by aggregating data about categories of users and by informing surveys, so that we can develop, maintain, personalise, protect and improve our sites (researching site usage and compiling usage statistics with a view to operating our sites more effectively and enhancing them to improve your experience).
f. To process your log-in to our sites using social media or other credentials or to facilitate your interaction within our sites and with social media or other third parties through our sites, where we do not need your consent to do so (authenticating users, facilitating your movement to, through and from our sites and other third parties and otherwise improving your experience of our sites and linked social media).
g. To send direct marketing to you and to tailor content, advertisements, offers and surveys for you, where we do not need consent to do so (promoting content, products and services from us and/or our affiliates, direct or via our or their advertising partners, that we believe may be of interest to you).
h. To improve and develop our products and services, which may include recording and transcribing any feedback that is collected from you through telephone or other interviews that we conduct, or that are conducted by us or on our behalf by third parties.
(3) Basis: where you give us consent
Purposes of processing:
a. To send direct marketing communications to you at your request, where we need your consent (for example, marketing emails or push notifications).
b. To place cookies and to use similar technologies with your consent (where we need your consent to do so).
c. To collect your precise location with your consent (where we need your consent to do so).
d. To process your log-in to our sites using social media or other credentials or to facilitate your interaction within our sites and with social media or other third parties through our sites, where we need your consent to do so.
e. On other occasions where we ask you for consent, for a purpose which we explain at that time.
(4) Basis: where necessary for complying with our legal obligations
Purposes of processing:
a. In response to requests by government or law enforcement authorities conducting an investigation.
b. To comply with any other legal requirements.
INFORMATION SHARING AND DISCLOSURE
We share and disclose your information in the ways described below or for other purposes that we explain when we collect your personal information. We may share your information with the organisations below, their personnel, or people providing services to them (e.g. professional advisers who are connected with the activity described). When we share personal information with service providers, they usually only process personal data in accordance with our instructions, as data processors. The other third parties listed below are independent controllers of the information, unless otherwise specified.
Change of control. We may transfer your information in the event of a business transaction to another person, such as if we or one of our business units or our relevant assets are acquired by, sold to, or merged with another company or as part of a bankruptcy or insolvency proceeding or a business reorganisation.
Service providers. Our agents and contractors may have access to your information to help carry out the services they are performing for us (e.g. fulfilment, creation, maintenance, hosting and delivery of our sites and/or products; conduct of marketing; account registration; handling payments; email and order fulfilment; administering competitions; conducting research and analytics; customer service; data processing; IT and communication services; public relations; and/or professional advice).
Wizarding World Digital entities and affiliates. If one of us, i.e. Wizarding World Digital LLC or Wizarding World Digital Limited, separately collects any of your information in the first instance, then the collecting entity will share such information with the other (acting as a joint controller). If we establish any subsidiaries, we may share your information with them for use in accordance with this policy (e.g. as processors acting on our instructions). We also share information with our Warner Bros. and Pottermore affiliates to use in accordance with their own privacy policies, including (with permission, where required) to provide, improve, offer, market and otherwise communicate with you about their own products.
Linked sites. Some of our sites contain links to other sites, including social media sites, whose privacy practices may be different from ours. You should consult the other sites' privacy policies and terms before submitting any of your information, as we have no control over information that is submitted to, or collected by, those third parties.
Sponsors, co-promoters and other third parties relating to the promotion of the Wizarding World. We sometimes offer content or programs (e.g. competitions, promotions, games, apps or social media site integrations) that are sponsored by, co-branded with or otherwise promoted by identified third parties. By virtue of those relationships, the third parties collect or obtain information from you when participating in the activity. The third parties will use the data they collect in accordance with their own privacy policies. We encourage you to look at the privacy policies and terms of any such third party to learn about their privacy practices. If you use the Wizarding World Passport to connect with other organisations that accept the Passport, then we may share information with those organisations. We will tell you what information we will share with each organisation at the time you choose to link your accounts.
Advertising networks. We may share certain information with reputable third parties to provide advertising to you based on your interests. For more information, see the next two sections, Your marketing and advertising choices and Cookies and other technologies.
Authorities. Our local tax authorities and regulators sometimes require us to report our processing activities.
With permission. We may also share certain information with third parties where you give us permission to do this.
We use or disclose your information in anonymised form at our discretion, such as to help us improve our sites and products.
YOUR MARKETING AND ADVERTISING CHOICES
Marketing communications and sharing with third parties. You can tell us if and how you would like to receive direct marketing from us, our affiliates and our or their advertising partners. To do this, or to find out more about this (i) log into an account you have created with us to adjust your settings or (ii) send us an email at [email protected]. To opt out of receiving direct marketing communications via email, you can also follow the "unsubscribe" instructions provided in any marketing email you receive from us. If you previously chose to receive alerts in the form of push notifications on your mobile device from us, but no longer wish to receive them, you can manage your preferences through your device settings, depending on the type of device.
For more information about interest-based advertising on your desktop or mobile browser, and your ability to opt out of this type of advertising on your browser by third parties that participate in self-regulatory programs, visit:
if you are based in Canada, the DAAC’s consumer opt-out tool;
if you are based in Europe, the EDAA’s Your Online Choices;
if you are based in Australia, the ADAA's www.youronlinechoices.com.au; or
if you are based elsewhere, any equivalent website that might be run by a local body that co-ordinates online advertising choices. To learn more about interest-based advertising in mobile apps and to opt out of this type of advertising by third parties that participate in the DAA’s AppChoices tool, download a version of AppChoices for your device.
To opt out of interest-based advertising in your apps, you may have more options depending on your mobile device and operating system. For example, most device operating systems (e.g. iOS for Apple phones, Android for Android devices, and Windows for Microsoft devices) provide their own instructions on how to limit or prevent the delivery of tailored in-app advertisements. You can review the support materials and/or the privacy settings for the respective operating systems to learn more about those features and how they apply to tailored in-app advertisements.
Please note if you opt out through the self-regulatory programs above, this will only apply to interest-based advertising by the third parties you select. You will continue to receive advertising, but that advertising may be less relevant to your interests. If you use a different device or browser or delete your cookies, you may need to renew your opt-out choice or, where consent is required for cookies, to opt in.
Precise location information. To disable the collection of precise location information from your mobile device through our mobile apps, you can access your mobile device settings and choose to limit that collection.
Camera. You can disable access to your camera for use in connection with photos or augmented reality features in your mobile device settings.
Please also see the next section, Cookies and other technologies, for more choices about managing other technical and usage information.
COOKIES AND OTHER TECHNOLOGIES
Cookies are small text files placed in your browser. Web beacons are small strings of code that provide a method for delivering a graphic image on a webpage for the purpose of transferring data, such as the IP address of the device that downloaded the page on which the web beacon appears, the URL of the page on which the web beacon appears, the time the page containing the web beacon was viewed, the type of browser that fetched the web beacon, and the identification number of any cookie on the device previously placed by that server.
We also use “Software Development Kits” (“SDKs”), java script and portions of code in our mobile apps to perform similar functions to cookies and web beacons. For example, SDKs collect technical and usage information such as mobile device identifiers and your interactions with our mobile app. Some of our sites use locally stored objects (“LSOs”) to provide content, such as video on demand, video clips or animation, and a better user experience.
Types of cookies and other technologies. We use the following types of cookies and similar technologies via our sites for the following purposes:
- Necessary: enabling core site functionality.
Strictly necessary cookies or similar technologies are essential in order to enable you to move around our sites or apps and use our features, such as accessing secure areas. Without them, services like enabling appropriate content based on your type of device cannot be provided.
- Analytics: allowing us to analyse site usage.
Analytics cookies or similar technologies collect information about how you use our sites or apps, so that we can analyse traffic and understand users' interactions to perform analytics, including to analyse, measure and report on usage and performance of our sites and marketing materials. For this purpose, we may use third-party service providers such as Google Analytics, who may use their own cookies or similar technologies. The information is used to improve our sites or products.
You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
To opt out of Google Analytics relating to your use of our sites, you can download and install the Google Analytics Opt-out Browser Add-on available via this link: https://tools.google.com/dlpage/gaoptout?hl=en.
- Functional: allowing us to personalise your experience of our sites.
Functional cookies or similar technologies allow our sites or apps to remember choices you make (such as your user name, or the region you are in) and to provide enhanced, more personal features. They can also be used to remember changes you have made to text size, fonts and other parts of webpages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
- Advertising: enabling advertising partners to serve interest-based advertisements.
Advertising cookies or similar technologies allow us and our affiliates and our and their advertising partners to target, offer, market or advertise products. These cookies and other technologies also facilitate, manage and measure the performance of advertisements displayed on or delivered by or through our sites. These advertising partners may also have the capability to track your browsing across sites, apps and social media sites. See the Advertising choices section above for more information.
- Social media: used when you share content with, or link to or from, social media sites.
Social media cookies or similar technologies are used when you share content using a social media sharing button or “like” button on our sites or apps, or when you link your account or engage with our content on or through a social media site such as Facebook, Twitter or Instagram. The social network will record that you have done that. The information may be linked to targeting/advertising activities.
Managing cookies and other technologies.
On a mobile app, go to “Privacy settings” or your device settings. You can adjust your browser to reject cookies from us or from any other site operator. Controlling cookies via browser controls may not limit our use of other technologies. Please consult your browser’s settings for more information. Blocking cookies or similar technology might, however, prevent you from accessing some of our content or site features. You can also check your browser settings to learn how to delete cookies.
Adobe's Flash player and similar applications use Local Shared Object (“LSO”) technology to remember settings, preferences and usage similar to browser cookies. Flash cookies are not managed through your web browser, but you can access your Flash management tools from Adobe's website. Your browser may also offer other tools to delete or reject other LSOs; check your browser’s settings or help menu for more information.
We do not currently respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.
Please see the Your marketing and advertising choices section above to learn about other ways to control data collection for advertising purposes.
DATA RETENTION AND SECURITY
In broad terms, we will only retain your personal information for as long as necessary for the purposes described in this policy. This means that the retention periods will vary according to the type of personal information and the reason that we have the personal information in the first place. For example, some personal information related to the provision of services to you or by you will be kept for a number of years in order to comply with various finance and tax-related legal obligations. Other service-related personal information may be kept for a different period because it is in our legitimate interests to do so in order to provide or receive an appropriate follow-up service.
After a retention period has elapsed, the personal information is securely deleted. We may, however, retain copies of your information in anonymised form, which we may use or disclose at our discretion, such as to help us improve our sites and products.
We have put in place reasonable controls (including physical, technological and administrative measures) designed to help safeguard the personal information that we collect via the sites. No security measures are perfect, however, and so we cannot assure you that personal information that we collect will never be accessed or used in an unauthorised way, which may happen due to circumstances beyond our reasonable control. We have put in place procedures to deal with a suspected personal data breach, and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
YOUR PERSONAL DATA RIGHTS
Your legal rights. Under certain circumstances, you may have the following rights under data protection laws in relation to your personal information (which may be limited to personal data):
right of access to your personal information;
right to rectification of your personal information;
right to erasure of your personal information;
right to restriction of processing of your personal information;
right to portability of your personal information;
right to object to processing of your personal information;
right not to be subject to significant automated decision-making (including when based on profiling); and/or
right to withdraw consent to processing of your personal information.
Some of those rights may only apply to you if you are resident in the EEA or a country with similar data protection laws. To find out more about those specific rights, see the last paragraph of this section and your local data protection authority’s website, such as the ICO’s website (www.ico.org.uk), if you are located in the UK, or the Irish Data Protection Commission’s website (www.dataprotection.ie), if you are located in Ireland.
Additionally, California law grants California residents the right to, among other things, access, delete, and opt out of the sale of certain personal information. For more information, see the section on CALIFORNIA AND CCPA PRIVACY RIGHTS AND DISCLOSURES below.
Exercising your rights. If you wish to exercise any of those rights, send an email to [email protected].
Your legal rights in more detail (for UK and other EEA residents). In certain circumstances, you have the following legal rights in relation to your personal information (to the extent consisting of “personal data” in the EEA and countries with similar data protection laws, and so we use that term in the rest of this section). We may ask you for additional information, so that we take reasonable steps to check that – for example – we only provide personal data to the person to whom the data relate.
Right of access to your personal data (also known as a "data subject access request"). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing such data.
Right of rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data that you provide to us.
Right to erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances. Please note, however, that we may retain your data in certain circumstances in accordance with law, which will be notified to you, if applicable, at the time of your request.
Right to restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you would like us to establish the accuracy of such data; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Right to portability of your personal data to you or to a third party. If you so request, we shall provide you, or a third party that you have chosen, with a copy of your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use or where we used the information to perform our contract with you.
Right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground, in which case we will consider whether we have compelling reasons to continue to process your data.
Right to object to direct marketing. You also have the right to object where we are processing your personal data for purposes of direct marketing. Please see the section above Your marketing and advertising choices for how to exercise the right.
Right to withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products, content or services to you.
Right to complain in the UK or elsewhere in the EEA. If you would like to complain, contact us using the details below. This does not override your right to complain to the relevant supervisory authority at any time.
CALIFORNIA AND CCPA PRIVACY RIGHTS, METRICS, AND DISCLOSURES
This California Privacy Rights, Metrics, and Disclosure section addresses legal obligations and rights laid out in the California Consumer Privacy Act, or CCPA. These obligations and rights apply to businesses doing business in California and to California residents and information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with California consumers or households (“California Information”).
CCPA Regulations require us to provide disclosure of metrics for the previous calendar year regarding California resident requests. These metrics report the number of access, deletion, and Do Not Sell requests made, the number fulfilled in whole, or in part, and the number denied. That information can be found by navigating to the CCPA Metrics Reporting Page.
California Information We Collected and Shared
California Information We Collected
On some sites we may have collected the following categories of California Information:
• Address and other identifiers – such as name, postal address, zip code, email address, account name, payment card numbers, or other similar identifiers
• Unique and online identifiers – such as IP address, device IDs, or other similar identifiers
• Characteristics of protected classifications – such as race, ethnicity, or sexual orientation
• Commercial information – such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
• Internet, gaming or other electronic network activity information – such as browsing history, search history and information regarding an individual’s interaction with an internet website, application, or advertisement
• Professional or educational information
• Biometric information
• Video footage (e.g., CCTV); Audio recordings; Photographs; Calendar information
• Location information – (e.g. if you access our sites on your mobile device we may collect Information about your device’s precise location.)
• In game or online viewing activities (e.g., videos viewed, pages viewed)
• Inferences drawn from California Information, such as individual profiles, preferences, characteristics, behaviors.
We may have collected these categories of California Information for the following purposes:
• Performing services on behalf of the business, such as customer service, processing or fulfilling orders, providing content recommendations, and processing payments
• Auditing customer transactions
• Fraud and crime prevention
• Debugging errors in systems
• Marketing and advertising
• Internal research, analytics and development – e.g., user-preference analytics
• Developing, maintaining, provisioning or upgrading networks, products, services, or devices.
We may have obtained California Information from a variety of sources, including:
• Directly from you, including technical and usage information when you use our sites
• Linked sites, such as Social Media sites, and third-party platforms
• Our affiliates
• Our joint-ventures and promotional and strategic partners
• Information suppliers
• Distributors and other vendors
• Marketing mailing lists
• Other users submitting California Information about you, such as to invite you to participate in an offering, make recommendations, or share content
• Publicly available sources.
California Information We May Have Shared
For some sites we may have shared these categories of California Information for operational purposes with providers who provide services for us, like processing your bill:
• Address and other identifiers
• Unique and online identifiers
• Commercial information
• Internet, gaming or other electronic network activity information
• Professional or educational information
• Biometric information
• Video footage (e.g., CCTV); Audio recordings; Photographs; Calendar information
• Location information
• In app or online viewing activities
• Inferences drawn from California Information, such as individual preferences, characteristics, behaviors.
The California Consumer Privacy Act defines ‘sale’ very broadly. It includes the sharing of California Information in exchange for anything of value. In the year before the date this policy was issued, we have not sold California Information:
Your California Privacy Rights to Request Disclosure of Information We Collect and Share About You
If you are a California resident, California Civil Code Section 1798.83 permits you to request information about our practices related to the disclosure of your personal information by certain members of the Warner Bros. Family of Companies to certain third parties for their direct marketing purposes. Please send your request (along with your full name, email address, postal address, and the subject line labeled “Your California Privacy Rights”) by email at [email protected]
CCPA also grants California residents the right to request certain information about our practices with respect to California Information. In particular, you can request the following:
• The categories and specific pieces of your California Information that we’ve collected
• The categories of sources from which we collected California Information
• The business or commercial purposes for which we collected or sold California Information
• The categories of third parties with which we shared California Information.
• The categories of California Information that we’ve shared with service providers who provide services for us, like processing your bill.
To exercise your CCPA rights with respect to this information, either visit our Privacy Centre or contact us toll free at 833-WB-PRVCY (833-927-7829) or TTY: 833-PRVCY-TT (833-778-2988). These requests for disclosure are generally free.
Your Right to Request the Deletion of California Information
Upon your request, we will delete the California Information we have collected about you, except for situations when that information is necessary for us to: provide you with a product or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to us, or that are reasonably aligned with your expectations based on your relationship with us.
To exercise your CCPA rights, either visit our Privacy Centre or contact us toll free at 833-WB-PRVCY (833-927-7829) or TTY: 833-PRVCY-TT (833-778-2988). These requests are generally free.
Do Not Track Notice
We do not currently take actions to respond to Do Not Track signals and similar signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.
See the Your Choices section to learn how to control data collection for certain purposes.
Our Support for the Exercise of Your Data Rights
Consumers Under 16 Years Old
CCPA has specific rules regarding the use of California Information from consumers under 16 years of age. In particular, consistent with the CCPA, if we knowingly collect the California Information of a consumer under the age of 16, we will not sell the information unless we receive affirmative permission to do so. If the consumer is between the ages of 13 and 16 years of age, the consumer may provide that permission; if the consumer is under the age of 13, the consumer’s parent or guardian must provide the permission. If you would like further information on how we handle California Information from consumers under the age of 16 years of age, or if you have questions about these information practices, you may contact us at [email protected] or Warner Media Privacy Office, 4000 Warner Blvd., Bldg. 160, Burbank, CA 91522.
Wizarding World Digital LLC is a company located in the USA, and Wizarding World Digital Limited is a company located in the UK. When you use our sites and services, Wizarding World Digital LLC and Wizarding World Digital Limited collect or receive your data in the USA and UK respectively. This means that personal information we collect will be processed by us or on our behalf in the UK and the USA. Data protection and privacy regulations in the USA may not offer the same level of protection as in other parts of the world, such as the EEA.
If you are located in the UK or elsewhere in the EEA or if Wizarding World Digital Limited has collected your information, then, when we transfer your information to our affiliates outside the EEA, we make use of standard contractual clauses that have been approved by the European Commission for data transfers. We also use those clauses when we transfer your information to third parties outside the EEA, or we may adopt other means to ensure that adequate safeguards are applied to your information (such as the EU-US Privacy Shield or binding corporate rules). You can obtain further information on the methods that we use to protect your information when it is transferred outside the EEA by contacting us by email at [email protected].
CHANGES TO THIS POLICY
From time to time, we may make changes to this policy. We will notify you about material changes by placing a notice on our sites and/or sending an email to you. We encourage you to check back and review this policy periodically so that you always know our current privacy practices.
Wizarding World Digital LLC, a limited liability company registered in the United States, and Wizarding World Digital Limited, a private company limited by shares registered in England and Wales, jointly control how your information is used. We work together to make decisions about use of information and to respond to queries, or to respond to requests to exercise personal data rights.
In respect of UK or other EEA-located users, Wizarding World Digital Limited has been appointed as the representative in the EEA of Wizarding World Digital LLC.
If you have any questions about this policy or any concerns about our privacy practices, you can contact our data privacy team:
by email at [email protected]; or
by post (marked for the attention of the Wizarding World Digital Data Privacy Team) at:
WarnerMedia Privacy Office, 4000 Warner Blvd., Bldg. 160, Burbank, CA 91522, USA; or
Warner House, 98 Theobalds Road, London WC1X 8WB, UK.
We will respond to your question or concern as soon as practicable.
Our affiliates are:
Warner Bros. Entertainment Inc. and its other affiliates from time to time, as listed on the affiliates’ page (which may be updated periodically); and
Pottermore Limited and its subsidiary Pottermore Inc.