Privacy Policy | Foyles Bookstore
Close
Enter your search into one or more of the boxes below:
You can refine your search by selecting from any of the options below:
Search
Your Shopping Basket
AYOB
Signed Copies
Account Services

Privacy Policy: Use of Data and Cookies

 
 

Foyles is the trading name of W & G Foyle Ltd. References to Foyles and W & G Foyle include group companies. A list of group companies can be obtained from the Company Secretary, W & G Foyle Ltd, 203-206 Piccadilly, London W1J 9HD. Company No. 00945131, VAT No. 108277024. Foyles is a ‘controller’ under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

 

Working with our affiliates

We work closely with our affiliate, Waterstones Booksellers Limited (Waterstones, including the Hatchards brand), to ensure you receive greater choice and support – for example, if you order a product from Foyles, it may be fulfilled by Waterstones or Hatchards if this means you will receive it more quickly. And Waterstones may help Foyles to respond to customer enquiries (and vice versa)..

To fulfil the purposes set out in this Privacy Policy, we may receive your personal information from, or share your personal information with, Waterstones. You can find Waterstones’ privacy notice here. We have an agreement with Waterstones which ensures that we share responsibility for handling your personal information - you can contact either Foyles or Waterstones to exercise your privacy rights or ask questions about this arrangement.
 

Foyles places a great deal of importance in customer privacy and will always treat your personal data with the utmost care

Foyles is committed to protecting the privacy of those using our site and the confidentiality of the personal information which our customers provide us with. This policy covers the information we collect from you to process orders, provide services such as our loyalty scheme, and for marketing purposes. Foyles will never sell personal information under any circumstances. Foyles will never share personal information with third parties unless strictly necessary in order to provide services to you or fulfil your order. 

At Foyles we use the information we collect to serve our customers in the following ways: 

• When you place an order online with Foyles we store your personal information with regard to your order for the purpose of processing and fulfilling that order. Foyles does not store credit/debit card details. All credit/debit card transactions processed through our online checkout are administered by our payment provider PayPoint. 

• When ordering from the Foyles website, you can choose whether to create an account and keep information such as your name, email address, delivery and billing addresses, and payment details securely so you won't have to enter them each time you return to Foyles, or to use Guest Checkout and not keep any details but input them for every order. If you use Guest Checkout we will only use the details you provide us to process and fulfil your order, including updating you about the status of your order. 

• When an online order is placed, the information needed to complete it is transferred securely from our website to our in-house ordering system. We need to know your name, email address, delivery address, billing address and payment details. This information enables us to fulfil your order and keep you informed of the progress of your order. If you wish to have your details removed after completion of your order and expiration of any applicable refund period, please contact Foyles Web Orders on [email protected]

• The uses for which we collect information include administering any accounts, processing and obtaining payment, preventing or detecting fraud, and running any prize draws or competition you may enter. In so doing we will provide your personal information to our employees and third party agents only for such purposes as are strictly necessary. 

• If you opt-in to any of our email Newsletters your details will also be used to analyse your browsing and shopping preferences. We may use this data to show you personalised adverts, to select and tailor products, services or special discounts we think you'll be interested to hear about as part of our marketing programme.  Foyles uses a third party called eMarsys to help us analyse this data and to send out our Newsletters. 

• If you have signed up to any of our email Newsletters, Foyles will send you emails periodically showing you offers, promotions, news, event details, and similar. If at any time you wish to remove your details from the mailing list, simply click the unsubscribe link in any of our newsletters.

• If you have selected to allow us contact you on your Foyles Website Account preferences or other sign up methods, we may use these details and any updated contact details you give us, to contact you by mail, telephone, email, text message or otherwise, to let you know about these offers. We may also monitor or record our telephone conversations with you to ensure consistent service levels, to prevent or detect fraud, and for training and regulatory purposes. 

• In carrying out any of the activities specified in this section, in the event that data is temporarily transferred outside the European Economic Area, your information will be afforded the level of protection as required under applicable UK data protection legislation. 

• You have the following rights under the GDPR:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you are unhappy about how we are using your information or how we have responded to your request then initially you should contact [email protected]. If your complaint remains unresolved then you can contact the ICO, details available at www.ico.org.uk.

In the event that W & G Foyle or any relevant group company is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchasers' advisers and will be passed onto the new owners of the business for them and Group companies to use in the same ways.

 

Cookies

Cookies are small pieces of information that are stored by your browser on your computer's hard drive. Foyles uses cookies to improve your use of the site by recognising what you personally want to do such as automatic login or gain information about the use of our services and to enhance our site according to the preferences of our customers. Our cookies do not contain any personally identifying information. If you want to prevent the use of cookies, you can disable them within your browser.

Here is a list of the cookies we use and what they do.

Company Cookie Name(s) Purpose
AddThis / go.affec.tv / map.go.affec.tv __atuvc
__atuvs
These 3rd party __atuvc and _atuvs cookies are persistent cookies that are created and read in order to make sure the updated count is seen if a page is shared and returned before the share count cache is updated.
  at-rand Tracking page visits, sources of traffic and share counts.
  loc Geolocates people sharing content via social media sites to help understand the location of users who share the information.
  ouid Stores a unique user ID.
  uid Recognises a visitor when they return to the site.
  na_id
na_tc
Shares pages/links from a website on various social networks.
  uvc Used to update the counter monitoring the sharing of content via social media sites.
  __atrfs Collects non-personal information on the visitor's behaviour and non-personal visitor statistics.
  pt
ck
Helps brands and companies to understand the users that visit their webpages.
  oo Gathers data on user visits to the website, such as what pages have been accessed. The registered data is used for targeted marketing.
  xtc Anonymously tracks user behaviour on the websites that allow a user to share pages on social media using the AddThis tool. AddThis log the anonymous use to generate usage trends to improve the relevance of their services and advertising.
  ssc These cookies track sharing when the AddThis functionality is used.
Cloudflare __cf_bm Cloudflare's bot products identify and mitigate automated traffic to protect a site from bad bots. Cloudflare places the __cf_bm cookie on End User devices that access Customer sites that are protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for the proper functioning of these bot solutions.
Incapsula visid_incap_XXXXXXX Incapsula DDoS Protection and Web Application Firewall. The cookie on which sessions are related to a specific visitor. In order to identify clients which have already visited Incapsula.
Google __utma This cookie is for Google Analytics and is what’s called a “persistent” cookie, as in, it never expires. This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred. Google Analytics uses the information from this cookie to calculate things like Days and Visits to purchase.
  __utmb
__utmc
The B and C cookies are brothers used by Google Analytics, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires. __utmc has no way of knowing when a user closes their browser or leaves a website, so it waits 30 minutes for another pageview to happen, and if it doesn’t, it expires.
  __utmt This cookie is for Google Analytics and is used to throttle request rate. It processes user’s request and generates statistics about website traffic.
  __utmt This cookie is for Google Analytics and is used to throttle request rate. It processes user’s request and generates statistics about website traffic.
  __utmv Used to store visitor-level custom variable data. If you are making use of the user-defined report in Google Analytics, and have coded something on your site for some custom segmentation, the __utmv cookie gets set on the person’s computer, so that Google Analytics knows how to classify that visitor.
  __utmz This cookie is used for Google Analytics, and it keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website. This cookie is how Google Analytics knows to whom and to what source / medium / keyword to assign the credit for a Goal Conversion or an Ecommerce Transaction.
  _dc_gtm_UA-XXXXXXXX-X A Google Tag Manager cookie for controlling the loading of a Google Analytics script tag.
  _gat_UA-XXXXXXXX-X This cookie is for Google Analytics and is used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_XXXXXXXX-X (used above).
  _ga This cookie is used by Google Analytics to distinguish between users. It calculates visitor, session, campaign data and keeps track of site usage for the site's analytics report. It stores information anonymously and assigns a randomly generated number to identify unique visitors.
  _gid This cookie is used by Google Analytics for user identification. It stores information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected includes the number of visitors, the source where they have come from, and the pages visited in an anonymous form.
  NID
SIDCC
SID
APISID
1P_JAR
These cookies are used by Google to display personalized advertisements on Google sites, based on recent searches and previous interactions.
  HSID
SSID
APISID
SAPISID
HSID, SSID, APISID and SAPISID cookies enable Google to collect user information for videos hosted by YouTube.
  AID
OTZ
Links your activities on other devices you have previously logged into using your Google account. Based on this, the ads you see on your devices are coordinated and conversion events are measured.
  SEARCH_SAMESITE This cookie is used to prevent the browser from sending this cookie along with cross-site requests.
  __Secure-3PAPISID
__Secure-3PSID
__Secure-1PSID
__Secure-1PAPISID
__Secure-1PSIDCC
__Secure-3PSIDCC
Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising.
  OGPC This cookie enables the functionality of Google Maps.
  CONSENT This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
  test_cookie Used to determine if the user's browser supports cookies.
  IDE Used for serving targeted advertisements that are relevant to users across the web. Targeted advertisements may be displayed to users based on previous visits to a website. These cookies measure the conversion rate of ads presented to the user.
  DSID Stores visitors’ preferences and personalizes ads on Google websites based on recent searches and interactions.
  RUL Used by DoubleClick to determine whether website advertisement has been properly displayed – This is done to make their marketing efforts more efficient.
Facebook _fbp A Facebook cookie used to distinguish and keep track of unique users. When the Facebook pixel is installed on a website, and the pixel uses first-party cookies, the pixel automatically saves a unique identifier to an _fbp cookie for the website domain if one does not already exist.
  fr Used to deliver, measure and improve the relevancy of ads.
  sb To store browser details.
Hotjar _hjAbsoluteSessionInProgress Used to detect the first pageview session of a user, which is set as a true/false flag. It tracks the beginning of a user’s journey for a total session count. It does not contain any identifiable information.
  _hjFirstSeen Identifies a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
  _hjid Set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID.
  _hjIncludedInPageviewSample Lets know whether a user is included in the data sampling defined by a site's pageview limit.
  ajs_anonymous_id Records the amount of user’s that visit a site, and track whether they have visited before.
  _hjTLDTest When the Hotjar script executes it tries to determine the most generic cookie path it should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, it tries to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
Emarsys
recommender.scarabresearch.com
recommender-eu.scarabresearch.com
scarab.visitor This cookie stores the visitor id which will identify the visitor through multiple sessions to give a consistent experience, allowing the website to promote related products to what a visitor has viewed.
  scarab.mayAdd
scarab.mayViewed
These are the session cookies that are used for click and add-to-cart tracking. When a user clicks on a recommended item, and there is not enough time to report the click to our server (to avoid blocking the user flow), the click information is stored in a cookie. The next time the script loads in the same browser, these cookies are read and the data is sent to our servers.
  scarab.profile This cookie stores user profile information, products the user browsed, etc. It also stores performance metrics about our scripts, load times, execution times, and so on after being generated by the first event. The information stored in this cookie is encrypted.
  cdv This is the 3rd-party version of scarab.visitor. It stores a server side generated visitor id to identify the same visitors through different sessions. It provides the capability to identify a visitor as a known user even if no identification event has taken place. If this cookie is blocked, the user cannot be identified without an identification event.
  s This is a 3rd-party cookie used for similar purposes as scarab.mayAdd and scarab.mayViewed. It stores a server side generated session id for session length identification. If this cookie is blocked, the visitors session lengths are estimated by event timestamps.
  xp This is the 3rd-party version of the first party cookie scarab.profile. It is set from the first party version. It contains user profile data in a serialized, encrypted format. The data is covering events, such as, item view, category view and searches.
mathtag.com uuid To optimize ad relevance by collecting visitor data from multiple websites such as what pages have been loaded.
  mt_mop Used for targeting purposes to optimise ad relevance by utilising visitor data from multiple websites provided by the MediaMath ad-exchange and Google.
  mt_misc OptimizationMediaMath uses cookies to help recognize a computer or device so that they can deliver relevant advertising to you, measure the impact of that advertising and better understand and recognize digital media usage patterns.
adnxs.com uuid2 The uuid2 cookie is set by AppNexus and records information that helps in differentiating between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
  anj Used by the AppNexus Platform, the anj cookie contains advertising interest segments provided by clients and other third parties. Clients use those segments to select advertisements for delivery on the Platform.
  icu The icu cookie is used to select ads and limit the number of times a user sees a particular ad.
  uids This cookie contains a base 64 encoded JSON object which contains external unique randomly-generated values that enable other partners to distinguish browsers and mobile devices.
  usersync The usersync cookie contains data denoting whether a cookie ID is synced with our partners.
awin1.com bld Affiliate tracking cookie. Sets a browser-specific ID to identify a new click on the same browser. The cookie expires after one year.
crwdcntrl.net _cc_aud
_cc_cc
_cc_domain
_cc_dc
_cc_id
crwdcntrl.net is a domain used by Lotame which is an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like crwdcntrl.net can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behaviour. Your profile can then be exchanged and sold between various companies like crwdcntrl.net as well as being sold to other advertisers and marketers.
Microsoft AzureSearch This cookie is used to identify whether the site search is using azure search or normal search.
  ai_session This cookie name is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique anonymous session identifier cookie.
  ai_user This cookie name is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform. This is a unique user identifier cookie enabling counting of the number of users accessing the application over time.
  ASP.NET_SessionId An asp.net cookie that is automatically generated to identify the users session on the server.
  ASPXAUTH Used to determine if a user is authenticated.
OneTrust OptanonConsent This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.
Foyles.co.uk ServerID Used to maintain a secure session during a user’s whole visit. Providing an improved and faster server time, the ServerID cookie remembers which server should handle the user’s requests.
  BasketId Used by the site to get the items added to the basket for the browser.
  FoylesBiblioTitle BookDay This was used earlier in the site to show the item that was marked as book of the day on the right panel. This is no longer displayed on the right panel now.
  FoylesBiblioTitle Events This was used earlier in the site to show the upcoming event on the right panel. This is no longer displayed on the right panel now.
  aCode This is used when an affiliate code is provided in the query string.
  CampaignTrackingCode This is used to track the campaign code when the site loaded from a link that contains a valid campaign code.
  Foyles_devPay Updates delivery page information when proceeding to pay while ordering.
  FoylesContrast Updates accessibility colours styling of site when toggled.
  FoylesTextSize Updates accessibility text sizing of site when toggled.

 

 
Discover More
© W&G Foyle Ltd