Privacy Policy

Effective date: 20 July 2025
Last updated: 21 September 2025

Contents

  1. Summary

  2. Our details

  3. How we collect or obtain personal information about you

  4. Personal information we collect or obtain about you

  5. How we use your personal information & legal bases

  6. How long we retain your personal information

  7. How we secure your personal information

  8. Our use of cookies and similar technologies

  9. International transfers and safeguards

  10. Your rights in relation to your personal information

  11. Your right to object to certain processing

  12. Consequences of not providing your personal information

  13. Changes to this Privacy Policy

  14. Changes to your information

  15. Children’s privacy

  16. California “Do Not Track” disclosures

  17. Copyright, credit & logo

  18. SMS marketing

1. Summary

Data controller Books 4 Less Limited
How we collect • Information you give us (e.g. placing an order, contacting support, signing up to newsletters)
• Information collected automatically via cookies & analytics when you use our site
Personal data collected Name, postal & email address, telephone, IP address, device/browser details, order history, payment identifiers (we do not store full card details)
Main purposes Order processing, customer service, running & improving our website, personalised marketing (with consent), legal & accounting obligations
Disclosure to third parties Only what’s necessary to operate—e.g. couriers, payment processors, IT & marketing platforms—all bound by contract. We do not sell data. SMS opt-in data and consent will not be shared with or sold to any third parties.
Do we sell data? No
Retention No longer than necessary for each purpose, taking account of statutory duties (e.g. tax record-keeping)
Security TLS/SSL encryption, access controls, secure hosting, staff training
Cookies Analytical, functional and advertising cookies—see our Cookies Policy
Transfers outside UK/EEA Only with appropriate safeguards (UK Addendum / SCCs / IDTA)
Your rights Access, rectification, erasure, restriction, portability, objection, withdraw consent, complain to ICO

2. Our details

  • Company name: Butyros Ltd

  • Data-protection lead: Privacy Team (acting Data Controller)

  • Contact email: privacy@foxandfablebooksellers.com

  • Postal contact: 70 Gracechurch Street, London, EC3V 0HR

3. How we collect or obtain personal information about you

  • Directly from you – when you:

    • create an account, place an order or fill in any form on our site;

    • correspond with us by phone, email, social media or live-chat;

    • subscribe to newsletters, SMS alerts or participate in promotions.

  • Automatically – via cookies, pixels and similar technologies that log IP address, device type, browser and on-site actions (page views, clicks, cart abandonment).

  • From third parties – e.g. payment providers confirming payment, social-login services (if you use them), delivery partners updating parcel status.

4. Personal information we collect or obtain about you

Category Examples
Identity & contact Name, billing & delivery address, email, phone
Transaction Order ID, items purchased, payment method token, delivery tracking number
Technical IP address, login date/time, browser type, operating system, device identifiers
Usage Pages visited, time on page, referring URL, clicks, search terms
Marketing Newsletter opt-in status, SMS consent, marketing preferences
Location (mobile) Approximate geolocation (e.g. country or city) if you grant permission via your browser or device. This is used to estimate shipping costs and display relevant currency.

We do not intentionally collect special-category data (e.g. health) or children’s data (see §15).

5. How we use your personal information & legal bases

Purpose Legal basis
Fulfilling orders, processing payments, providing customer service Contract (UK GDPR Art 6 (1)(b))
Sending service emails (order updates, account notifications) Contract / Legitimate interest
Operating & securing our website (fraud detection, debugging) Legitimate interest
Improving products & user experience (analytics, A/B testing) Consent (cookies) or Legitimate interest where cookies are not required
Direct e-mail marketing & SMS offers Consent (opt-in)
Targeted advertising (Facebook Pixel, Google Ads) Consent
Complying with tax, accounting & consumer-protection laws Legal obligation (Art 6 (1)(c))
Defending legal claims Legitimate interest

6. How long we retain your personal information

We review retention periodically and delete or anonymise data when no longer needed:

Data type Typical retention
Order & invoice records 6 years after financial year end (HMRC requirement)
Customer-service correspondence 2 years from last contact
Marketing consent logs Until withdrawn + 3 years
Analytics data (Google Analytics, GA4) 14 months (as configured)
Abandoned cart details 30 days

7. How we secure your personal information

  • TLS/SSL encryption for all in-transit data;

  • Data residency in ISO 27001-certified UK or EU data centres;

  • Role-based access controls & multi-factor authentication for staff;

  • Payment card data processed directly by PCI-DSS Level 1 providers—Books 4 Less never stores full card numbers;

  • Regular vulnerability scanning & penetration testing.

8. Our use of cookies and similar technologies

We use strictly-necessary, functional, analytical and advertising cookies. For full details including categories, lifetime and how to change your preferences - see our separate Cookies Policy.

Our website uses cookies to help keep track of items you put into your shopping cart, including when you have abandoned your cart. This information is used to determine when to send cart reminder messages via SMS, if you have opted in to receive them.

9. International transfers and safeguards

Where we (or our processors) transfer personal data outside the UK or European Economic Area - for example to servers in the United States - we rely on:

  • International Data Transfer Agreement (IDTA) or UK Addendum to SCCs with the recipient;

  • Appropriate technical & organisational measures (encryption, access controls);

  • Transfer Impact Assessments in line with ICO guidance.

10. Your rights in relation to your personal information

Under the UK GDPR you have the right to: access; rectification; erasure; restriction; data portability; object; withdraw consent at any time; and lodge a complaint with the Information Commissioner’s Office (ICO).

11. Your right to object to certain processing

You may object at any time to processing based on legitimate interests or to direct marketing (including profiling). We will stop processing unless we have compelling legitimate grounds or a legal requirement.

12. Consequences of not providing your personal information

If you decline to provide data marked as mandatory (e.g. address for delivery) we will be unable to process your order. Providing data for marketing purposes is entirely optional.

13. Changes to this Privacy Policy

We may update this notice to reflect changes in law, technology or our business. Any material changes will be notified via email (if we hold it) and a prominent banner on our homepage. Please check back periodically; the “Effective date” shows the latest revision.

14. Changes to your information

Please keep your details up to date. You can amend most information in your account dashboard, or email us at privacy@foxandfablebooksellers.com.

15. Children’s privacy

Our site is not directed to children under 13, and we do not knowingly collect their data. If you are a parent or guardian and believe your child has provided us with personal data, contact us and we will delete it promptly.

16. California “Do Not Track” disclosures

Our website does not respond to “Do Not Track” signals.

17. Copyright, credit & logo

© 2025 Butyros Ltd. All rights reserved. Third-party trademarks belong to their respective owners and are used under licence or fair-use.

18. SMS marketing

By consenting to Fox & Fable's SMS marketing in the checkout and initialising a purchase or subscribing via our subscription tools, you agree to receive recurring text notifications (for your order, including abandoned cart reminders), text marketing offers, and transactional texts, even if your mobile number is registered on any state or national do-not-call list. Message frequency varies.

Our website uses cookies to help keep track of items you put into your shopping cart, including when you have abandoned your checkout. This information is used to determine when to send cart reminder messages via SMS.

Your phone number, name, and purchase information will be shared with our SMS platform. We use service providers such as Klaviyo & Twilio; see their privacy notices for further details. This data will be used for sending you targeted marketing messages and notifications. Upon sending the text messages, your phone number will be passed to a text messages operator to fulfil their delivery.

If you wish to unsubscribe from receiving text marketing messages and notifications, reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests, will not be considered a reasonable means of opting out. Standard message and data rates may apply. For any questions, please text HELP to the number you received the messages from.

The above excludes text messaging originator opt-in data and consent; this information will not be shared with or sold to any non-affiliated third parties for their own marketing purposes.