GDPR Privacy and Security Policy

 
  1. Who are we?

Our company is Anglia Sports & Schoolwear Ltd (company number 02705642) and our correspondence address is 8 & 9 Brunel Business Centre, Enterprise Way, CLACTON-ON-SEA, CO15 4QW. We have been appointed by the school your child attends to supply you with your child’s school uniform under the online trading name www.yourschoolwear.co.uk. Being an online retailer, we are of necessity a processor of personal data.

  1. Lawful basis for processing personal data

Our lawful basis for processing personal data gathered through our e-commerce website under the General Data Protection Regulation (GDPR) is Legitimate Interests. Specifically, our interests in processing personal data are:

  1. What information do we collect?

We only collect information that is entered directly into our website, so there are no external sources for personal data. Information is collected from the contents of the ‘shopping basket’ and from the personal data inputted in the checkout pages, specifically billing & delivery addresses, email address and billing & delivery names. Additionally, we request, but do not require, contact telephone numbers. Cardholder data is entered separately into a third-party payment gateway and so is out of scope for GDPR and PCI compliance.

  1. How long do we retain personal data?

The personal data you provide is held indefinitely so:

Whilst personal data is held indefinitely, to better ensure our marketing is relevant, only order data generated within the past two years will be processed for marketing purposes.

  1. What information do we share?

    We employ a third-party, Trek Logistics Ltd (company number
    11980897), to stock and dispatch consignments to our customers. The personal data we share with them is used only for processing orders and returns. Other than for collection orders, Trek Logistics will in turn disclose delivery name and address information to Royal Mail to allow them to deliver orders. Where Trek Logistics sends orders with a carrier, they may additionally disclose the telephone number and email address provided, as many carriers now send texts or email to advise of an expected delivery time slot on the morning of delivery.

We share billing name, billing address and email address with our payment processor for them to check that the details given match the card issuer’s records and for issuing customers with an electronic confirmation of payment. Customers' orders are imported from our website into our order processing and stock control system, which is stored on a secure remote hosted server (cloud storage). Additionally, we share some non-personal data necessary for payment processing and for commissioning refunds.

All personal data shared with third-parties is necessary for completing contracts to supply goods and for complying with consumer legislation. No personal data we share with third-parties is subsequently processed for marketing purposes, profiling or otherwise monetised.

Personal data maybe disclosed when expressly requested by a law enforcement agency for the prevention of crime or when it is otherwise compulsory for us to disclose to an authority. For example, as part VAT inspection by HMRC.
 

  1. Your GDPR rights

We process personal data based on legitimate interests and as such you have the right to object to your personal data being used for marketing purposes. If you raise an objection we must discontinue processing your personal data for direct marketing.

You have the right of access to the personal data we hold about you. The personal data we hold is limited to just the information you have provided us and there are no external sources.

The right to data portability does not apply to data processing when the basis for processing is legitimate interests.

You have the right to rectification if any personal data we hold about you is incorrect. In practise, this is likely to be limited to changes to information you have entered in to our website, such as a change of address, which you can correct yourself when logging in to your account. Nonetheless, please feel free to contact us if you have any difficulty editing your details. If you wish us to edit personal data we hold for you, we will take proportional steps to establish the identity of the person requesting the rectification.

You have the right to object to or restrict our continued processing of your personal data. Within the scope of our business, unless you have given us an order to process, regular ongoing processing is limited to marketing activities unless we have a legal obligation to disclose personal data.

 

  1. How do we protect your information?

    All cardholder data (CHD) is entered directly in to WorldPay’s secure PCI DSS compliant payment gateway and under no circumstances is CHD disclosed to us by WorldPay. We only receive a transaction number to reference your purchase, which is required in the event we need to refund your purchase.

Connections to our website server are encrypted so information you send and receive whilst browsing our website are protected with encryption, making it harder for data to be intercepted by third-parties.

We attest through annual self-assessment submitted to WorldPay that all our payment channels meet the standards set by the PCI SSC for the secure processing of CHD.

  1. Use of Cookies

    Our website stores small text files on users’ computers called cookies to improve the shopping experience. Cookies are not programs and therefore cannot contain viruses or other malicious software.

The cookies our website places on shoppers’ computers perform the following functions:

We operate an ‘implied consent’ cookie policy which means we assume you are happy with our use of cookies. If you are not happy, then you should either not use our website, delete the cookies having visited our site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)
 

The WorldPay payment gateway has it’s own Cookie Policy which can be viewed via the link https://www.worldpay.com/uk/worldpay-cookies. Please note that the payment gateway functionality may require your browser to have third-party cookies enabled. This is because the payment gateway requests your browser supply a cookie placed on your computer by our website at a point in time when your browser has been redirected to the payment gateway, thus making it a third-party cookie at runtime.