Security & Privacy Policy

Who are we?
References in this Security and Privacy Policy to “we”, “us” and “Harrods” are to Harrods Limited (company number 30209), registered office 87-135 Brompton Road, Knightsbridge, London SW1X 7XL.

Our Privacy Promise
Your privacy is of utmost importance to us. Any of your personal details will only be used by Harrods and our carefully selected third party partners to ensure that we deliver an excellent service to you, and to process and deliver your order and maintain your account with us.

As is the case with many large and high profile organisations, communications by telephone may be recorded for the purposes of monitoring our customer service standards, training and for security purposes.

How do we use your information?

Harrods Limited is a registered data controller under the Data Protection Act 1998.

Any personal information we collect from you will be used in accordance with the Data Protection Act 1998 and other applicable laws. The details we collect will be used to:

1. Process your order and communicate with you about the goods or services you have ordered from us (your details may be passed on to a third party for them to supply or deliver products you have ordered and we may retain your details for a reasonable period of time after you have completed the transaction in order to fulfil any contractual obligations such as refunds, guarantees etc).
2. Process payments and prevent fraudulent transactions (we may retain your details (including your credit/debit card information) for these purposes for a reasonable period of time and we may pass your details to a third party to carry out these functions).
3. Update our records and maintain your account with us.
4. Recommend offers and merchandise that may be of interest to you, where you have consented to be contacted for such purposes.
5. Improve the content and appearance of our website or catalogues, to ensure that content from our website and our catalogues are presented in the most effective manner for you.
6. Comply with our legal requirements.

With a view to understanding our customer’s needs better, we will, with your permission, retain the information you have provided us and the details of any purchases you have made to enable us to offer products and services that are likely to be of interest to you.

If you have indicated that you would like us to, we may also pass your information onto other companies in the Harrods Group, or carefully selected third parties who may inform you about their products and services which may be of interest to you.

If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.

If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.

If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data.

How we collect your information?

We may collect and process your information as follows:

1. Information that you provide by filling in forms for transactional or any other purposes.
2. Details of transactions you make with us or when telephoning us and of the fulfilment of your orders.
3. If you contact us, we may keep a record of that correspondence.
4. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
5. Details of your visits to our website and the resources that you access.

Disclosure of your information

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may disclose your personal information to third parties:

1. In the event that we sell or buy any business or assets, in which case we may disclose your personal details to the prospective seller or buyer of such business or assets.
2. If Harrods or substantially all of its assets are acquired by a third party, in which case personal details held by it about its customers will be one of the transferred assets.
3. If we are under a duty to disclose or share your personal details in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of Harrods, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Keeping in Touch with Harrods and Your Rights

At Harrods we want to keep you up to date with information about new ranges, special offers and improvements to this site. If you decide you do not wish to be contacted by us, you can request that we stop using your information and that we stop mailing information to you, by writing to the Customer Services Department, quoting Security and Privacy Enquiry, at Customer Services, Harrods, 87-135 Brompton Road, Knightsbridge, London SW1X 7XL or by emailing us on [email protected] and informing us so.

If you no longer wish to receive emails from us, each email we send contains a simple, automated way for you to request that we stop. If you wish to do this, simply follow the instructions at the end of any email or please call our Customer Care Team who will be more than happy to help you. You may continue to receive mailings which are already on route to you for a short period of time while your request is being processed.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal details to these websites.

We will not keep your personal information processed by us for any purpose or purposes for longer than is necessary for that purpose or for those purposes. The Data Protection Act 1998 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Act 1998. Any access request may be subject to a small fee to meet our costs in providing you with details of the information we hold about you.

Security Policy

Security of our website is of utmost importance to us. Our site uses software to provide high level SSL encryption technology. There are two simple ways to check if a page on our website is secure; firstly a small padlock sign will appear in the bottom bar of your browser and the ‘http’ will be replaced with ‘https’ at the front of in the browser address window. Although we use advanced security measures to protect your information against loss, misuse and alteration, as is the case with all computer networks linked to the internet, we cannot make absolute guarantees over the security of the information you provide over the internet and as such we cannot be held responsible for it.

Please note that email correspondence is free format text and cannot be encrypted, therefore it is not a secure means of communication.

We will never contact you by email to ask you to send or confirm any of your personal details, if we need any information of this nature we will only contact you by telephone.

Never send any sensitive information, such as passwords or credit card information, via email.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Where we store your information

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal details, you agree to this transfer, storing or processing. Harrods take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Security and Privacy Policy.

Changes to our Security and Privacy Policy

Any changes we may make to our Security and Privacy Policy in the future will be posted on this page.


Questions, comments and requests regarding this Security and Privacy are welcomed and should be addressed to Customer Services Department, quoting Security and Privacy Enquiry, at Customer Services, Harrods, 87-135 Brompton Road, Knightsbridge, London SW1X 7XL or by emailing us on [email protected]

Cookie Policy

Cookies are small data files which are temporarily stored on your computer (or other electronic device) when you visit our website. We use cookies to make your overall experience quicker, easier and more efficient. They cannot harm your computer and do not contain any personal or private information.

We use 2 types of cookies on our website (listed below). For further information on how cookies work (and how to manage them) and a description of each of the cookies we use, please refer to the information below.

Functionality cookies

Functionality cookies enable you to use our ‘favourites’ and ‘share’ functionalities on the site.

Analytics cookies

Analytics cookies analyse the way customers use our website.

Session Cookies

These are temporary cookies which are deleted by your browser once you have closed the relevant webpage.Different cookies work in different ways. The cookies used on our website work in one of the following ways:How do cookies work?

First-Party Cookies

These track behaviour within our website that help us improve the functionality and your experience of our website.

Third-Party Cookies

We work with third party suppliers who may also set cookies on our website, such as Google Analytics, which provides us with visitor information about our website.

Persistent Cookies

These cookies remain on your computer after you have closed the webpage and recognise you when you revisit our website (so you don’t have to re-entering the same information every time). On, we use cookies that behave in four main ways. These cookies are called First-Party, Third-Party, Session and Persistent Cookies. Below, take a look at what these cookies do.

Session Cookies

Session Cookies exist temporarily while you are reading and navigating the website. Once you have closed the page, the web browser will delete all Session Cookies.

First-Party Cookies 

First-Party Cookies track behaviour within the confines of the website. They help us to offer you improved functionality and a smoother customer experience.

Third-Party Cookies 

Third-Party Cookies are set in websites outside of (For example, Google Analytics uses Third-Party Cookies to provide us with information on visits to and from our website).

Persistent Cookies

A Persistent Cookie will outlast your session on In this sense, Persistent Cookies remember your behaviour. For example, a Persistent Cookie will store your details to prevent the laborious task of re-entering the same information every time you visit us. (For example, Persistent Cookies save the contents of your shopping bag if you leave and have not purchased).

How can I manage cookies?

If you do not want to accept cookies, you can change your browser settings by following the instructions below so that cookies are not accepted. If you do this, please note you may lose some of the functionality of our website. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies:



Window OS

  1. Select ‘Options’ from the ‘Tools’ tab at the top of your browser window.
  2. Select the ‘Under the Hood’ tab, find the ‘Privacy’ section, and select the ‘Content settings’ tab.
  3. Select ‘Allow local data to be set’.

Mac OS

  1. Select ‘Preferences’ from the ‘Explorer’ tab at the top of your browser window.
  2. Find ‘Cookies’ under ‘Receiving Files’.
  3. Select the ‘Never Ask’ option.


Window OS

  1. Select ‘Internet Options’ from the ‘Tools’ tab at the top of your browser window, then click on the ‘Privacy’ tab.
  2. Make sure that the ‘Privacy level’ is set to Medium or below, which enables cookies in your browser.
  3. Cookies will be disabled if settings are set to Medium or higher.

Mac OS

  1. Select ‘Preferences’ from the ‘Explorer’ tab at the top of your browser window.
  2. Find ‘Cookies’ under ‘Receiving Files’.
  3. Select the ‘Never Ask’ option.

Internet Explorer:

Window OS

  1. Select ‘Options’ from the ‘Tools’ tab at the top of your browser window.
  2. Select the ‘Privacy’ icon.
  3. Click on ‘Cookies’ and select ‘allow sites to set cookies’.

Mac OS

  1. Select ‘Options’ from the ‘Tools’ tab at the top of your browser window.
  2. Select the ‘Privacy’ icon.
  3. Click on ‘Cookies’ and select ‘allow sites to set cookies’.


Window OS

  1. Select the Cog icon at the top of your browser window,
  2. Select the ‘Preferences’ tab.
  3. Select ‘Security’ and check the option that says ‘Block third-party and advertising cookies’.
  4. Click ‘Save’.

Mac OS

  1. Select ‘Preferences’ from the ‘Safari’ tab at the top of your browser window.
  2. Select ‘Security’ and then ‘Accept cookies’ option.
  3. Select the ‘Only from site you navigate to’ option.

Our functionality cookies

catAccCookies: Cookie of WordPress Consent Cookies plugin. It tells WordPress if the user has clicked on the Cookies banner.

__cfduid: Session Cookie of Cloudflare. Our server (Digital Ocean) uses Clouflare to avoid attacks. This cookie is associated with sites using CloudFlare, used to speed up page load times. According to CloudFlare it is used to override any security restrictions based on the IP address the visitor is coming from. It does not contain any user identification information.

Our analytics cookies

_utma: This cookie is used to determine new and returning visitors.  It has an expiration time of 2 years.  If the ga.js library is executed and no _utma cookie exists, this will be recorded as the users’ first visit and a _utma cookie will be set.  If a _utma cookie is already in place, the expiration time is reset and the user is recorded as a return visitor.

_utmb: This cookie is used to determine a new session.  The cookie is set when the ga.js library executes and there is no _utmb cookie in place.  It has an expiration time of 30 minutes, therefore if a user is inactive for a period longer than this, a new cookie will be set when the library executes and the interaction will be recorded as a new session.

_utmc: This cookie enables website owners to track visitor behaviour and measure site performance. It is not used in most sites but is set to enable interoperability with the older version of Google Analytics code known as Urchin. In this older versions this was used in combination with the  __utmb cookie to identify new sessions/visits for returning visitors. When used by Google Analytics this is always a Session cookie which is destroyed when the user closes their browser.

_utmz: This cookie is used to determine the traffic source, medium, campaign name and campaign term which delivered the user to your website.  It is created when the javascript library executes and expires after 6 months.  This helps Google collect the data which can then help them to determine which traffic sources assist conversions within the multi-channel section of Analytics.

_utmv: This cookie is used for storing visitor-level custom variable data.  It is created when the _setCustomVar method is used with a visitor level custom variable.  Like the _utma cookie, this cookie expires after 2 years and is reset each time the user visits your site before the expiration of the cookie.