- Visit our websites www.studentessentials.co:
- Purchase products from us;
- Contact us, for example by email or through submitting a form on our websites;
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Information About Us
For the purposes of the applicable UK and EU data protection laws ("Data Protection Law"), the data controller is Student Essentials (‘we, ‘our’ ‘us’).
What information do we collect?
Information that you give us
When you purchase products or make enquiries about our products, or otherwise provide us with your personal data while on our websites or contact us with a query or complaint, you may provide us with information about yourself.
This may include your name, address (including your billing and delivery address details where appropriate), your email address, contact telephone number, or feedback which you provide to us.
When you make a purchase, this will be through Shopify Payments or PayPal where you will be required to put your credit/debit card details. We do not store any information regarding your credit/debit card details. Please visit the Shopify Payments or PayPal Privacy Cookie website for detailed explanation on how they use your credit/debit card information. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
You are not obliged to provide your personal data to us. However, if you do not provide your personal data to us, we may not be able to provide products to you and respond to your queries.
Information that we collect about you
We may also collect and process records of any correspondence and communications that you have with us and a record of transaction history and details of transactions conducted on our websites is kept by us together with details of the fulfilment of any of your order.
We monitor, record, store and use email in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service.
As you move around our websites, subject to appropriate consents being obtained, we will collect information about your visit, such as which pages you visit, how often you visit and what links you click on.
This will include technical information such as Internet protocol (IP) address used to connect your computer to the internet, browser type and version, operating system and platform and information about your visit such as the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We may also receive information about you if you use any of the other services we provide. In this case we will have informed you when we collected that personal data that it may be shared internally and combined with personal data collected on the websites for the purposes set out in this policy, including helping us to build a profile of you to get to know you better, and so that we can personalise and enhance your customer experience with us, for example; to ensure that content is relevant for you.
Information that we receive about you from other sources
We may receive personal information about you from other sources such as retailers of our products, social media platforms where you make your information publically available, publicly available customer lists lawfully acquired from third party vendors and from third parties who work with us in connection with our websites and services.
How do we use your personal information?
Information you give to us. We will use this information:
- to carry out our obligations arising from any agreements entered into between you and us and to provide you with the information, products and services that you request from us;
- to carry out appropriate and necessary investigations and discharge our legal and regulatory obligations and duties, including to comply with anti-fraud and anti-money laundering requirements;
- to ensure that content from the websites is presented in the most effective manner for you and for your computer.
We may use the personal data we collect about you on an anonymised basis to create statistics and anonymised information which we then share with third parties including ad networks, search engines and analytics providers.
Please note we will not use any financial or credit card information. All payments are processed through Shopify Payments and PayPal.
Information we collect about you. We will use this information:
- to administer our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to carry out appropriate and necessary investigations and discharge our legal and regulatory obligations and duties, including to comply with anti-fraud and anti-money laundering requirements.
- to improve our websites to ensure that content is presented in the most effective manner for you and for your computer;
- to enhance our website experience to ensure you receive a personalised and continuously improving customer service;
- to allow you to participate in interactive features of our websites, when you choose to do so;
- as part of our efforts to keep our websites safe and secure;
- for data-matching purposes in respect of your use of our websites / services and your use of certain third party services;
- Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Using your information in accordance with Data Protection Law
- Compliance with legal obligations: As an entity established under the laws of England and Wales, we are obliged to comply with UK laws and guidance provided by UK regulatory bodies. In particular, we will need to process your personal information to verify your identity.
- Necessary for the entry into / performance of a contract: When you enter into a transaction with us, a contract between you and us will have been entered into. In order for us to fulfil our obligations under such contract (e.g. to allow you to purchase products from us), we will need to collect and process your personal information. Failure to provide the requisite personal information or objecting to this type of processing / exercising your deletion rights will unfortunately mean we cannot provide our goods / services to you.
We have a legitimate interest in processing your information as:
Impact of processing
We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as the processing of your personal data does not unreasonably intrude on your privacy.
How long we keep your information for
When your data is no longer required for the purposes listed above, we will delete it within the periods set out below:
- Cookies are refreshed in accordance with our cookies policy;
Any other information will typically be deleted within 1 year from date of our last positive interaction with you to enable us to deal with any issues or concerns you may have about how we processed your order or otherwise, and also to allow us to bring or defend legal proceedings. This data is archived where you are inactive for a period of 12 months. In some circumstances, some of your data will be deleted in much shorter timescales, where possible.
Third-party service providers may, without limitation, be appointed by us to provide us with technical support, to process your transactions and to maintain your accounts or to run promotions or marketing campaigns, and we will disclose your personal data to them to enable them to provide these services, as further detailed below. In addition, credit card details are sent directly to our secure payment processors Shopify Payments and PayPal who process payments on our behalf. For more information on how they handle your information please visit their Terms and Conditions.
We will disclose your information to:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; e.g. service providers who operate elements of our website service and process personal data on our behalf. These may include businesses who provide technology services such as hosting for our servers and email distribution, and business partners who provide delivery fulfilment services. We may also disclose your personal data to our supply and delivery partners for the purpose of processing and fulfilling your order. Where such disclosures are made, this will be under contractual arrangements with us and carried out in accordance with the requirements of the Act.
- third party suppliers and service providers to the extent they assist our group with its legal / regulatory obligations e.g. providers of services in respect of anti-money laundering, fraud, verification etc.;
- analytics and search engine providers that assist us in the improvement and optimisation of our websites and other selected third parties; and
- law enforcement agencies, or other appropriate third parties, where we consider your behaviour to be unlawful, offensive, inappropriate or objectionable in one of our stores or on our websites.
We share your Personal Information with third parties to help us use your Personal Information. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout
We will disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- to protect the rights, property or safety of us, our customers, or others. This includes exchanging information with other companies and organisations (including without limitation, other third parties, your employer, educational institution, email or internet provider, your parents (if you are under the age of 18) and law enforcement agencies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction; and
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements or in order to enforce or apply our terms and contidions and other agreements, or otherwise for the prevention or detection of fraud or crime.
In assessing your request for products or services, we may use your personal data for the purposes of the prevention and detection of fraud. One of the purposes for which we may disclose your address and postcode details is to check against the IMRG Security Alert or any other Fraud Prevention Scheme. At all times where we disclose your personal data it will remain secure.
Where we store your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Protecting Your Information
Our websites use up-to-date industry procedures to protect your personal information. We also protect the security of your data during transmission using Secure Sockets Layer (SSL) encryption software. We may vary this in the future if we feel you will benefit from greater security whilst using our websites.
All direct payment gateways offered by Shopify Payments and PayPal and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Third Party Services
We may from time to time make available through our websites certain services provided by third parties. To gain access to these services, you must register with these third parties and deal with them direct. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You have a number of rights under data protection law in relation to the way we process your personal data, although these are not absolute and in some instances we may be unable to accept your request, in which case we will respond to you to explain why. These are set out below. You may contact us using the details on our websites to exercise any of these rights, and we will respond to any request received from you within one month from the date of the request.
Please address any questions, comments and requests regarding our data processing practices to us in this way in the first instance.
1. You have the right to request access to your personal data
You have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data.
2. You have the right to ask us to rectify your personal data
You have the right to request that we rectify your personal data if it is not accurate or not complete.
3. You have the right to ask us to erase your personal data
You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if we no longer need to use your personal data to provide products or services to you, where you withdraw your consent for us to market to you, or where you object to the way we process your personal data (see right 6 below).
4. You have the right to ask us to restrict or block the processing of your personal data
You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we don need to use your personal data for the purpose we collected it for but you may require it to establish, exercise or defend legal claims.
5. You have the right to port your personal data
You have the right to obtain and reuse your personal data from us to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.
6. You have the right to object to our processing of your personal data
You have the right to object to our processing of your personal data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.
7. You have the right not to be subject to automated decisions
You have the right to object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.
8. You have the right to withdraw your consent
You have the right to withdraw your consent where we are relying on it to use your personal data.
If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office. Their address is:
First Contact Team
Information Commissioner's Office
Updating Your Information
If you believe your details are incorrect you can amend your details by contacting us at firstname.lastname@example.org.
This policy was last reviewed and updated: November 2018
Please remember to include your name, address and postcode along with any correspondence reference you may have.