We are committed to respecting and protecting your privacy.
The purpose of this privacy statement is to inform you about the type of information that we gather about you when you visit our Site, how we may use that information and whether we give it to anyone. It also informs you of the choices you have regarding our use of, and your ability to correct, that information. We reserve the right to change this Statement from time to time, so please check back periodically.
The Statement will explain the following:
- What personal data we gather
- How is it used
- Who we share the information with
- Data Collection and Purpose Specification
- Storage of Data
- Personal Data
- Access to Data we Hold
- Erasure of data
J.Wippell & Co. Ltd gather and use the details provided to allow the company to enter into a contract with the customer and fulfil order requirements for the hiring or purchasing of their academic robes.
Online/email and telephone orders
The following personal information is gathered and used for the purpose of fulfilling your online order:
- Full Name
- Contact Address
- Email Address
- Telephone number
- University attended
- Graduation ceremony date and time
- Chest measurement
- Head measurements
Enquiries via telephone or email
The following personal information could be gathered when a customer makes an enquiry:
- Full Name
- Contact Address
- Email Address
- Telephone number
- Payment details
The Personally identifiable information stated above is used in the following ways:
- Process your order requirements or enquiry
- Update you on the status of your order or enquiry
- Keep a record of your order should you need to cancel or amend your order
- Keep a record of your enquiry should you need further assistance
- Evaluate and improve the quality of our products, services and websites
We will not sell, distribute or lease your personal information to third parties. We may need to disclose your information for order fulfilments or business purposes. Data is shared and accessible to authorised university personnel at your university, who oversee the graduation event and attendance at ceremonies. Such data is shared via secure, encrypted sharing tools area and restricted to necessary access and information in order to complete the order fulfilment and management of the event.
We collect the personal data that you provide when placing an order or making an enquiry. We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not collect or use personal data for any purpose other than for the purposes specified.
We will store your personal information relating to bookings placed with us. This information is held on our secure website. Paper copies of your order and personal details are also provided to authorised staff including our order administrator, who will process the order and pass the order to production (for manufacturing) or to the gown room operatives for allocation. This data does not leave the UK and remains on site in Exeter. The order details are attached to the robes and stored in a secure unit only accessible to authorised personnel.
Once the order is issued on site at graduation, the paper copy of the order attached to the robes are held by the company securely and when returned to company premises, all paper copies are securely destroyed.
Data is held on our secure database for seven years in line with auditing and legal requirements.
A paper copy of orders are held in secure cabinets accessible to authorised personnel only, for two years, after two years the information is destroyed.
By providing us with this data, you agree to this storing and/or processing. All online data is stored on our secure servers in the UK and paper copies are held in lockable filing cabinets.
Our Payment Service Provider is Sage Pay (formerly Protx) – the largest independent payment service provider (PSP) in the UK and Ireland.
Sage Pay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way.
Sage Pay uses a range secure methods such as fraud screening, I.P address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.
Sage Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.
Sage Pay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation.
We will on occasion ask for photographs of individuals at the graduation wearing J. Wippell & Co. attire. Such photographs will require the customer's explicit consent. The photograph will only be used for the purpose of social media and website marketing as specified in the consent form and personal information such as the customer's name, email, telephone and address will be stored with the photograph, this allows us to identify and erase the details and photograph at the customer's request. The personal information provided is only used for identifying the customers and is not used for any other purpose. The information is not shared with any third party.
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. The information or personal data is not disclosed to any third party or published in any publicly accessible report.
We will keep personal information relating to online orders, telephone orders, enquiry forms, complaints and photographs. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.
We have implemented security policies, rules and technical measures to protect the personal data that we have under our control from:
- Unauthorised access
- Improper use or disclosure
- Unauthorised modification
- Unlawful destruction or accidental loss
- Unlawful processing
All our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of our visitors' personal data. We ensure that your personal data will not be disclosed to state institutions and authorities except if required by law or other regulation.
You can ask us whether we are keeping personal data about you upon request, which you can indicate by:
Post: PO Box 1, 88 Buller Road, Exeter, Devon, EX4 1DQ
We will provide you with a readable copy of the personal data which we keep about you, within one month of receipt of this request - although we will before require proof of your identity. This can be extended by two months where the request for rectification is complex. We will provide this information free of charge.
We will however charge a reasonable fee when a request for information is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with the requests for further copies of the same information. This fee is based on the administrative cost to provide this information.
We allow you to challenge the data that we hold about you and, where appropriate, you may have the data erased, rectified or amended if it is incorrect or inaccurate. We reserve the right to refuse to provide our visitors with a copy of their personal data if the request is manifestly unfounded or excessive, but we will give reasons for our refusal. We do, however, allow you to challenge our decision to refuse to provide you with a copy of your personal data. You have the right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.
You have a right to have your personal data erased to prevent processing in the following specific circumstances:
Where the personal data is no longer necessary in relation to the purposes for which it was originally collected/processed.
If you wish to withdraw consent.
If you object to the processing and there is no overriding legitimate interest for continuing the processing.
The data was unlawfully processed in accordance with the GDPR.
The personal data has to be erased in order to comply with a legal obligation.
The personal data is processed in relation to the offer of information society services to a child.
If you would like J. Wippell & Co. Ltd to erase or amend personal data we hold, please email firstname.lastname@example.org with your full name, address, email address and the action you wish us to take. In order to complete such requests, the company will require proof of identification.
Our Privacy Notice and the Conditions of Use will change from time to time in response to changing legal, regulatory or operational requirements. We may e-mail periodic reminders of our notices and conditions, unless you have instructed us not to, but you should check our website frequently to see recent changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.
If you choose to visit Wippellgownhire.co.uk, your visit and any dispute over privacy is subject to this Privacy Notice and our Conditions of Use, including limitations on damages and application of the laws of England. If you have any concern about privacy, please e-mail us a thorough description and we will try to resolve the issue for you.
Data Protection Officer
J. Wippell & Co. Ltd
PO Box 1
88 Buller Road