royal-warrant-queen royal-warrant-prince-of-wale

Privacy Policy

This privacy policy describes the data privacy practices which we Fortnum & Mason plc ('we', 'our') employ in relation to the information which you, our customers ('you', 'your'), provide when using the site ('Website') or purchasing goods in store or by telephone.

The full detailed privacy policy is available in sections at the links below, and provides further detailed information on our personal information processing, and your rights.

It is important that you read this privacy policy together with any other notice which we may provide you on specific occasions when we are collecting or processing your personal information (personal data), so that you are fully aware of how and why we are using your information, and the legal rights that you have.

We reserve the right to revise this privacy policy or any part of it at any time by posting the amended terms herein. This version was last updated on 08/12/2021.


The Information we Collect

As part of you using our Website and during the course of us providing products and/or services to you, we may collect, use, store and transfer the following types of information about you:

  • Personal Details: including your first name, last name, marital status, title and gender.
  • Contact Details: including your billing and shipping addresses, e-mail address and telephone numbers.
  • Image Data: including CCTV footage and photographs.
  • Financial Data: including bank details and credit/ debit card information.
  • Transactional Data: information on goods purchased either in-store or online, including payment and card information, billing and deliveries.
  • Technical Data: including your IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, and other technology on the devices you use to access our website.
  • Profile Data: including your username and password.
  • Communications: including your correspondence with us and any feedback that you provide us with.
  • Marketing Data: your preferences in receiving marketing and communications.
  • Instore Transaction Data: products purchased, amount spent, payment information.


How and when do we collect your personal information?

We collect the majority of the personal information that we process about you directly from you when you provide this information to us by: 

  • registering on the Website for an online account or otherwise contact us to obtain information relating to us or our products and/or services;
  • placing orders on the Website, in store or by telephone;
  • updating the 'Your Online Account', 'Your Address Book' or 'Your Order Details' section of the Website; and
  • communicating with us by phone, e-mail or otherwise, or when you complete a questionnaire or competition entry form;
  • subscribing to our e-newsletter;
  • purchases of goods and services, and other interactions in-store;
  • engage with us on social media;
  • Contacting us by any means with queries or complaints;
  • When accessing the guest Wi-Fi provided in our stores and restaurants

We may also collect technical information through the use of cookies when you access and interact with the Website (see the section below on “How do we use cookies?” and our separate cookie policy).

With a parent’s consent, we will collect and process children’s data for the purposes of attending Seasonal events. We do not collect personal information in other ways about people under the age of 16, and we will promptly delete such data if we are informed that we hold it.


Information from other sources

We may also receive personal information about you from various third parties that we engage with in order to assist us with providing products and/or services to you, including:

  • delivery and address information from our carriers who deliver products to you;
  • marketing information from marketing companies who send customer communications and direct marketing materials on our behalf;
  • data analytics information from companies that provide us with data analytics services; and
  • information on your account, payment and credit history, including information from credit bureaus and service providers we use to process payments.


How we use your personal information

We want to ensure you enjoy the best experience of all that Fortnum’s has to offer, whether it be the shopping experience you have on our website or through our communications with you. We believe sharing timely and relevant information with you, provides a more tailored, and so better, experience. We achieve this by combining the data we have about you; including how you’ve previously used our website, the products you’ve purchased and how you’ve responded to our direct communications. This enables us to showcase to you a more relevant set of products on our website, and to share with you news of the most relevant products, offers and events. Data privacy laws allows us to do this as part of our legitimate interest in understanding our customers and our promise to provide the highest levels of service.

To achieve this, we use your personal information for the following purposes:

  • to register you as a new customer;
  • to respond to your enquiries and complaints, and to manage our relationship with you;
  • to handle your orders, deliver items and process payments;
  • to send you communications required by law, for example information about your orders;
  • to send you email notifications when you place a product in your basket and you abandon your browsing before completing your checkout;
  • to communicate with you about updates, orders, products, services and promotional offers;
  • to update our records and maintain any online account you may have with us;
  • to administer and protect our business and this site, including to prevent or detect fraud or abuses of our Website, and safeguarding your personal and financial data;
  • to enrich our picture of who you are and what you like, and to inform our business decisions, we will combine data captured from across our business, third parties and data from publicly available lists;
  • for market research, reporting, analysis and modelling so as to improve the products and services we provide and to optimise our social media operations;
  • to comply with our financial record keeping obligations;
  • to protect our customers, premises, assets and partners from crime we use CCTV and other security measures in-store;
  • to develop, test and maintain our systems, services and products;
  • to use data analytics to improve our website, products, services and user experiences;
  • to comply with legal obligations to share data with law enforcement and/or government bodies; and
  • to enable third parties to carry out technical, logistical or other functions on our behalf.

If you wish to change how we use your data, please contact us using the contact details at the end of this notice. Please note that if you choose not to share your personal details with us, or refuse certain contact permissions, we might not be able to provide some of the services you’ve asked for.


Legal basis for processing personal information

By law, when processing your personal information, a company is required to have a ‘legal basis’ for doing so. The legal basis we use to process your personal information will generally be one or more of the following:

  • Contractual basis: it is necessary to enable us to comply with our contractual obligations to supply you with products and/or services;
  • Legitimate interest: it is necessary for our legitimate business interests in administering our relationship with you, and running our business effectively. Where legitimate interest is our legal basis for processing your data, we will take into account any potential impacts on your rights, freedoms, and interests;
  • Legal compliance: it is necessary to enable us to comply with a legal or regulatory obligation; or
  • Consent: where we have asked for and gained your consent to use your information for particular purposes e.g. to send you marketing communications, or information related to your child (only for the purposes of attending Seasonal events).

If you fail to provide information that we have requested, we may be unable to provide some products and services to you. For example, if you failed to provide us with your full address, it would not be possible for us to fulfil your delivery, or if you failed to provide us with your payment card details then we will not be able to process your payment.

For further information on the specific legal basis we are relying on in relation to any of the individual processing activities we have highlighted above, please contact us using the details in the ‘How to Contact Us’ section.


Withdrawing of consent

Where consent is our legal basis for processing your personal information, you can withdraw your consent at any time and we will then stop that particular processing your information. If you wish to withdraw your consent, then please contact us using the details in the ‘How to Contact Us’ section, at the end of this privacy notice. 


How do we use your personal information for marketing purposes?

If you are an existing customer or you have consented to receiving marketing communications by phone, post or email, we may send you information on any offers, events or news about our products and/or services that we believe may be of interest to you. Please note, you may opt out of receiving this information, but if you do so, we will be unable to keep you informed of any offers, events or news regarding our products and services.

If you are opted into Fortnum & Mason marketing we may use Google and Facebook services to identify users for personalised advertising on these platforms.


Opting out and marketing preferences

You can unsubscribe from marketing emails using the ‘unsubscribe’ link in any marketing email we send you. You can ask us to stop sending you marketing messages (whether by email or post) by changing your preferences in your Fortnum & Mason Account.


When do we share your personal information?

We sometimes share your personal information with trusted third parties so that they can assist us in providing products and/or services to you. These trusted third parties will only process your information on our instructions, and we remain responsible for ensuring that your personal information is protected and processed lawfully.

Some examples of such trusted third parties are:

  • companies such as delivery couriers;
  • Direct marketing companies who help us send customer communications;
  • Technology partners involved in the operation and support of our website and business systems, and understanding customer behaviour;
  • Customer call centres who help us to provide customer services;

In some specific circumstances, we may share your personal information with third parties who process it for their own purposes. Those third parties will have their own legal obligations to protect your information, and you will have legal rights that you can enforce directly against them.

  • If we sell, transfer or merge parts of our business or our assets, or seek to acquire another business or merge with them, we may share your personal information with the other party to the transaction;
  • In order to process payments, prevent fraud and reduce credit risk, we may share your personal information with other companies and organisations; and
  • Where requested or if we consider that it is reasonably required, we may share your personal information with government bodies, regulatory bodies or law enforcement organisations so that they can carry out their legal functions.

If you would like further information about the third parties with whom we share your personal information then please contact us using the details in the ‘How to Contact Us’ section, at the end of this privacy notice.


International transfers

In some instances, we (or the third parties that we share your personal information with) may transfer, process, hold or allow access to your personal information outside the UK and the European Economic Area (“EEA”). Where this occurs, we will put adequate safeguards in place to ensure that your personal information remains protected in a manner that is consistent with how it would be protected under UK and EU data protection laws.

In most cases, the safeguards that we put in place will be either:

  • a decision by the UK government that the country to which the data is being transferred provides an adequate level of protection; or
  • we will put in place a contract with the recipient of your personal information which contains the model clauses that have been approved by the UK Information Commissioner’s Office (ICO), and are in line with the European Commission’s standards for data transfers.
If you would like further details in relation to the countries to which your personal information is currently transferred, and the safeguards that are in place in relation to the transfer, then please contact us using the details in the ‘How to Contact Us’ section, at the end of this privacy notice.


Collection of Information by Third-Party Sites

Our Website may contain links to other websites whose information practices may be different to ours. You should consult the privacy notices of those third-party sites as we have no control over information that is submitted to, collected, or processed by them.


How do we use cookies?

A cookie is a short string of text that a website stores in your browser’s cookie file on your computer's disk.

Examples of things that cookies can help to do are:

  • remember what is in your shopping basket when you shop online;
  • support you in logging into a website;
  • analysing web traffic; and
  • tracking your browsing behaviour.

Details of how our website uses cookies is contained in our Cookie Policy.


How do we keep your information secure?

We employ appropriate security measures to prevent unauthorized access to information that we collect including for example, secure online order forms, encryption of personal data, technical testing of systems.

Please note that due to the nature of the internet, email correspondence with us may not be entirely secure, so please do not send any sensitive information such as credit card details or passwords via email.

We use many information security safeguards to keep your personal information secure, including but not restricted to the following:

  • Connections between internal systems and the internet are protected by firewalls;
  • data in transit is encrypted to industry standard;
  • access to systems and data is password protected, and restricted on a need-to-know basis, so employees can only access the data they need in order to perform their job;
  • your payment card data is always encrypted;
  • offices, secure areas and data centres are protected with physical access controls;
  • we continually monitor our systems for vulnerabilities and signs of attack, and carry out penetration tests regularly to assess the strength of our defences;
  • we enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal information; and
  • before divulging your personal information in response to a telephone call or email enquiry, we ask you for proof of identity in order to ensure that we do not provide your personal information to someone else.


Data retention

Whenever we collect or process your personal information, we will only keep it for as long as necessary for the purposes for which it was collected. At the end of this period, your data will either be deleted or anonymised.

Ref Type of Data Details Purpose of data Review Period Retention Period or Criteria
1 Personal Details Eg Name, Address, Title, Gender To support email and whitemail marketing, customer reporting and analytics 12 months 5 years

Contact Details

Eg Billing Address, Delivery address, email address and phone number To support email marketing & customer reporting 12 months 5 years

Image Data

Eg CCTV images, photographs if taken during an event and you have not objected to this For security and PR 12 months 5 years


Eg Payment card details To provide financial information with regard to purchases as well as to support fraud prevention 12 months 7 years


Transactional Data

Eg order information, product purchased, total cost, payment information, billing and delivery information To support transactional queries, customer and product reporting & analytics 36 months 7 years

Technical Data

Eg Internet Protocol (IP) address, login data, browser type and version, time-zone setting and location, browser plug in types and versions, operating system and platform and other technology devices used to access the website, geographical location, length of visit, number of pages viewed To support online reporting & analytics as well as operational information 12 months 5 years
7 Profile Data Eg Order history, preferences, feedback on survey and response, To support reporting, analytics and personalisation of marketing activity 12 months 5 years
8 Marketing Data Eg Preferences in receiving marketing and communications To support marketing activity 12 months 3 years
9 Instore Data Eg products purchased, amount spent, payment information To support transactional queries, customer and product reporting & analytics 12 months 7 years


Your legal rights

You have the following rights in relation to the personal information that we hold about you:

  • The right to request access to your personal information (commonly known as a “data subject access request”). This enables you to request a copy of the personal information we hold about you and to check we are processing it lawfully.
  • The right to request correction of the personal information we hold about you. This enables you to request that we correct any incomplete or inaccurate information that we hold about you.
  • The right to request erasure of your personal information in some circumstances. This enables you to request that we erase your personal information where there is no good reason for us continuing to process it.
  • The right to object to us processing your personal information. This enables you to object to us processing your personal information where we are relying on our legitimate interest as a legal basis for processing, or where we are using your personal information for direct marketing purposes.
  • The right to restrict our processing of your personal information. This enables you to ask us to suspend the processing of your personal information in certain circumstances.
  • The right to data portability. In certain circumstance this enables you to request that we provide you, or a third party, with a copy of the personal information that you provided to us in a structured, commonly used, machine-readable format.
  • The right to stop us using your personal information for direct marketing by a specific channel or all channels.
  • Where you have given us your consent for any processing activity, you may withdraw that consent at any time, and we will stop any processing which relied on that consent.
  • The right to request that we review any decision made solely on the basis of automatic processing of your data, where no person was involved either in the processing, nor in reviewing the outcome of the processing.
To protect the confidentiality of your information, we will ask you questions to verify your identity before proceeding with any requests to exercise your rights under this privacy policy.


For more information on your legal rights or if you would like to exercise these rights, please contact us using the contact details at the end of this notice.


How to Contact us

If you have any questions about this privacy policy, would like further details on any of the information contained in this privacy notice, or to exercise any of your legal rights, please contact us by email at

Whilst we would appreciate the opportunity to deal with your concerns before you do so, if you are unhappy with how we have used your personal information you have the right to lodge a complaint at any time with a supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office (ICO).

Fortnum & Mason plc.

Registered in England : 00084909

Registered office: 181 Piccadilly, London W1A 1ER.

Registered as a Data Controller with the Information Commissioner’s Office, registration number: Z5685139

Your Privacy Preferences

Your Data