Privacy Policy
Effective date: 20 July 2025
Last updated: 5 November 2025
Contents
-
Summary
-
Our details
-
How we collect or obtain personal information about you
-
Personal information we collect or obtain about you
-
How we use your personal information & legal bases
-
How long we retain your personal information
-
How we secure your personal information
-
Our use of cookies and similar technologies
-
International transfers and safeguards
-
Your rights in relation to your personal information
-
Your right to object to certain processing
-
Consequences of not providing your personal information
-
Changes to this Privacy Policy
-
Changes to your information
-
Children’s privacy
-
California “Do Not Track” disclosures
-
Handling of Marketplace and Amazon Order Data
-
Copyright, credit & logo
-
SMS marketing
1. Summary
| Data controller | Butyros Ltd |
| How we collect | • Information you give us (e.g. placing an order, contacting support, signing up to newsletters) • Information collected automatically via cookies & analytics when you use our site |
| Personal data collected | Name, postal & email address, telephone, IP address, device/browser details, order history, payment identifiers (we do not store full card details) |
| Main purposes | Order processing, customer service, running & improving our website, personalised marketing (with consent), legal & accounting obligations |
| Disclosure to third parties | Only what’s necessary to operate—e.g. couriers, payment processors, IT & marketing platforms—all bound by contract. We do not sell data. SMS opt-in data and consent will not be shared with or sold to any third parties. |
| Do we sell data? | No |
| Retention | No longer than necessary for each purpose, taking account of statutory duties (e.g. tax record-keeping) |
| Security | TLS/SSL encryption, access controls, secure hosting, staff training |
| Cookies | Analytical, functional and advertising cookies—see our Cookies Policy |
| Transfers outside UK/EEA | Only with appropriate safeguards (UK Addendum / SCCs / IDTA) |
| Your rights | Access, rectification, erasure, restriction, portability, objection, withdraw consent, complain to ICO |
2. Our details
-
Company name: Butyros Ltd
-
Data-protection lead: Privacy Team (acting Data Controller)
-
Contact email: privacy@foxandfablebooksellers.com
-
Postal contact: 70 Gracechurch Street, London, EC3V 0HR
3. How we collect or obtain personal information about you
-
Directly from you – when you:
-
create an account, place an order or fill in any form on our site;
-
correspond with us by phone, email, social media or live-chat;
-
subscribe to newsletters, SMS alerts or participate in promotions.
-
-
Automatically – via cookies, pixels and similar technologies that log IP address, device type, browser and on-site actions (page views, clicks, cart abandonment).
-
From third parties – e.g. payment providers confirming payment, social-login services (if you use them), delivery partners updating parcel status.
-
From marketplaces – e.g. Amazon, where you place an order through their platform and they share limited order details for fulfillment.
4. Personal information we collect or obtain about you
| Category | Examples |
|---|---|
| Identity & contact | Name, billing & delivery address, email, phone |
| Transaction | Order ID, items purchased, payment method token, delivery tracking number |
| Technical | IP address, login date/time, browser type, operating system, device identifiers |
| Usage | Pages visited, time on page, referring URL, clicks, search terms |
| Marketing | Newsletter opt-in status, SMS consent, marketing preferences |
| Location (mobile) | Approximate geolocation (e.g. country or city) if you grant permission via your browser or device. |
We do not intentionally collect special-category data (e.g. health) or children’s data (see §15).
5. How we use your personal information & legal bases
| Purpose | Legal basis |
|---|---|
| Fulfilling orders, processing payments, providing customer service | Contract (UK GDPR Art 6 (1)(b)) |
| Sending service emails (order updates, account notifications) | Contract / Legitimate interest |
| Operating & securing our website (fraud detection, debugging) | Legitimate interest |
| Improving products & user experience (analytics, A/B testing) | Consent (cookies) or Legitimate interest |
| Direct e-mail marketing & SMS offers | Consent (opt-in) |
| Targeted advertising (Facebook Pixel, Google Ads) | Consent |
| Complying with tax, accounting & consumer-protection laws | Legal obligation (Art 6 (1)(c)) |
| Defending legal claims | Legitimate interest |
6. How long we retain your personal information
We review retention periodically and delete or anonymise data when no longer needed:
| Data type | Typical retention |
|---|---|
| Order & invoice records | 6 years after financial year end (HMRC requirement) |
| Customer-service correspondence | 2 years from last contact |
| Marketing consent logs | Until withdrawn + 3 years |
| Analytics data (Google Analytics, GA4) | 14 months |
| Abandoned cart details | 30 days |
| Marketplace order data | Deleted or anonymised within 30 days after order completion unless required for legal or accounting purposes |
7. How we secure your personal information
-
TLS/SSL encryption for all in-transit data;
-
Data residency in ISO 27001-certified UK or EU data centres;
-
Role-based access controls & multi-factor authentication for staff;
-
Amazon-sourced customer data encrypted at rest and in transit, with access restricted to least-privileged warehouse staff;
-
Regular vulnerability scanning & penetration testing.
8. Our use of cookies and similar technologies
We use strictly-necessary, functional, analytical and advertising cookies. For full details including categories, lifetime and how to change your preferences - see our separate Cookies Policy.
Our website uses cookies to help keep track of items you put into your shopping cart, including when you have abandoned your cart. This information is used to determine when to send cart reminder messages via SMS, if you have opted in to receive them.
9. International transfers and safeguards
Where we (or our processors) transfer personal data outside the UK or EEA - for example to servers in the United States - we rely on:
- International Data Transfer Agreement (IDTA) or UK Addendum to SCCs;
- Appropriate technical & organisational measures (encryption, access controls);
- Transfer Impact Assessments per ICO guidance.
10. Your rights in relation to your personal information
Under the UK GDPR you have the right to: access; rectification; erasure; restriction; data portability; object; withdraw consent; and complain to the Information Commissioner’s Office (ICO).
11. Your right to object to certain processing
You may object at any time to processing based on legitimate interests or to direct marketing (including profiling). We will stop processing unless we have compelling legitimate grounds or a legal requirement.
12. Consequences of not providing your personal information
If you decline to provide data marked as mandatory (e.g. address for delivery) we will be unable to process your order. Providing data for marketing purposes is entirely optional.
13. Changes to this Privacy Policy
We may update this notice to reflect changes in law, technology or our business. Any material changes will be notified via email (if we hold it) and a prominent banner on our homepage.
14. Changes to your information
Please keep your details up to date. You can amend most information in your account dashboard, or email us at privacy@foxandfablebooksellers.com.
15. Children’s privacy
Our site is not directed to children under 13, and we do not knowingly collect their data. If you believe a child has provided data, contact us and we will delete it promptly.
16. California “Do Not Track” disclosures
Our website does not respond to “Do Not Track” signals.
17. Handling of Marketplace and Amazon Order Data
When we receive customer information from third-party marketplaces such as Amazon, we use that data solely to fulfil and deliver your order, confirm shipment, and handle customer service or returns. This information is stored on encrypted servers (AES-256), transmitted via HTTPS, and deleted or anonymised within 30 days after order completion unless retained for legal or accounting reasons. We do not use marketplace-provided data for marketing, profiling, or analytics. Access is restricted to authorised Fox & Fable staff using company-managed devices under multi-factor authentication.
18. Copyright, credit & logo
© 2025 Butyros Ltd. All rights reserved. Third-party trademarks belong to their respective owners and are used under licence or fair-use.
19. SMS marketing
By consenting to Fox & Fable's SMS marketing in the checkout and initialising a purchase or subscribing via our subscription tools, you agree to receive recurring text notifications (for your order, including abandoned cart reminders), text marketing offers, and transactional texts, even if your mobile number is registered on any state or national do-not-call list. Message frequency varies.
Our website uses cookies to help keep track of items you put into your shopping cart, including when you have abandoned your checkout. This information is used to determine when to send cart reminder messages via SMS.
Your phone number, name, and purchase information will be shared with our SMS platform. We use service providers such as Klaviyo & Twilio; see their privacy notices for further details. This data will be used for sending you targeted marketing messages and notifications. Upon sending the text messages, your phone number will be passed to a text messages operator to fulfil their delivery.
If you wish to unsubscribe from receiving text marketing messages and notifications, reply with STOP to any mobile message sent from us or use the unsubscribe link provided. Standard message and data rates may apply.
The above excludes text messaging originator opt-in data and consent; this information will not be shared with or sold to any non-affiliated third parties for their own marketing purposes.
