when you use this website (www.wippellgownhire.co.uk).
If you are asked to provide information when using this website, it will only be used in the ways described
This policy is updated from time to time. The latest version is published on this page.
If you have any questions about this policy, please email firstname.lastname@example.org or write to: DPO,
J.Wippell & Co. Ltd, PO Box 1, 88 Buller, Road, Exeter, Devon, UK, EX4 1DQ
J.Wippell & Co. Ltd gather and use the details provided to allow the company to enter into a contract
with the customer and fulfil order requirements for the hiring or purchasing of their academic robes.
What personal data we gather
Online/email and telephone orders
The following personal information is gathered and used for the purpose of fulfilling your online order:
- Full Name
- Contact Address
- Email Address
- Telephone number
- University attended
- Graduation ceremony date and time
- Chest measurement
- Head measurements
Enquiries via telephone or email
The following personal information could be gathered when a customer makes an enquiry:
- Full Name
- Contact Address
- Email Address
- Telephone number
- Payment details
How we use the information we gather
The Personally identifiable information stated above is used in the following ways:
- Process your order requirements or enquiry
- Update you on the status of your order or enquiry
- Keep a record of your order should you need to cancel or amend your order
- Keep a record of your enquiry should you need further assistance
- Evaluate and improve the quality of our products, services and websites
Who we share your information with
We will not sell, distribute or lease your personal information to third parties. We may need to disclose your information
for order fulfilments or business purposes. Data is shared and accessible to authorised university
personnel at your university, who oversee the graduation event and attendance at ceremonies. Such data
is shared via secure, encrypted sharing tools area and restricted to necessary access and information
in order to complete the order fulfilment and management of the event.
Data Collection and purpose specification
We collect the personal data that you provide when placing an order or making an enquiry. We do not collect information about
our visitors from other sources, such as public records or bodies, or private organisations. We do
not collect or use personal data for any purpose other than for the purposes specified.
Storage of Data
We will store your personal information relating to bookings placed with us. This information is held on our secure website.
Paper copies of your order and personal details are also provided to authorised staff including our
order administrator, who will process the order and pass the order to production (for manufacturing)
or to the gown room operatives for allocation. This data does not leave the UK and remains on site
in Exeter. The order details are attached to the robes and stored in a secure unit only accessible
to authorised personnel.
Once the order is issued on site at graduation, the paper copy of the order attached to the robes are held by the company
securely and when returned to company premises, all paper copies are securely destroyed.
Data is held on our secure database for seven years in line with auditing and legal requirements.
A paper copy of orders are held in secure cabinets accessible to authorised personnel only, for two years, after two years
the information is destroyed.
By providing us with this data, you agree to this storing and/or processing. All online data is stored on our secure servers
in the UK and paper copies are held in lockable filing cabinets.
The company use third party payment gateway Worldpay for all card transactions.
The WorldPay payment system uses a combination of both established and innovative techniques to ensure
the security and integrity of all sensitive data. Furthermore, our public web servers are certified
by Thawte, a public Certificate Authority, ensuring that both the shopper and retailer can have confidence
that nobody can impersonate WorldPay to obtain confidential information.
The transfer of the purchase details from the retailers site to Worldpay are encapsulated using our own
encrypted and digitally-signed protocol. This uses a combination of standard methods such as PGP, RSA
and MD5 to ensure that the information passed is secure and tamper-proof.
Data storage on WorldPay systems, and the communication between WorldPay and the worldwide banking networks,
is regularly audited by the banking authorities to ensure a secure transaction environment. We also
ensure that we stay up-to-date with the latest versions of any third-party code we use, and continually
review our own proprietary code.
We will on occasion ask for photographs of individuals at the graduation wearing J. Wippell & Co. attire.
Such photographs will require the customer's explicit consent. The photograph will only be used for
the purpose of social media and website marketing as specified in the consent form and personal information
such as the customer's name, email, telephone and address will be stored with the photograph, this
allows us to identify and erase the details and photograph at the customer's request. The personal
information provided is only used for identifying the customers and is not used for any other purpose.
The information is not shared with any third party.
When we receive a complaint from a person we make up a file containing the details of the complaint.
This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level
of service we provide. The information or personal data is not disclosed to any third party or published
in any publicly accessible report.
We will keep personal information relating to online orders, telephone orders, enquiry forms, complaints
and photographs. It will be retained in a secure environment and access to it will be restricted according
to the 'need to know' principle.
We have implemented security policies, rules and technical measures to protect the personal data that
we have under our control from:
- Unauthorised access
- Improper use or disclosure
- Unauthorised modification
- Unlawful destruction or accidental loss
- Unlawful processing
All our employees and data processors, who have access to, and are associated with the processing of
personal data, are obliged to respect the confidentiality of our visitors' personal data. We ensure
that your personal data will not be disclosed to state institutions and authorities except if required
by law or other regulation.
Access to data we hold
You can ask us whether we are keeping personal data about you upon request, which you can indicate by:
- Email: email@example.com
- Post: PO Box 1, 88 Buller Road, Exeter, Devon, EX4 1DQ
We will provide you with a readable copy of the personal data which we keep about you, within one month
of receipt of this request - although we will before require proof of your identity. This can be extended
by two months where the request for rectification is complex. We will provide this information free
We will however charge a reasonable fee when a request for information is manifestly unfounded or excessive,
particularly if it is repetitive. We may also charge a reasonable fee to comply with the requests for
further copies of the same information. This fee is based on the administrative cost to provide this
We allow you to challenge the data that we hold about you and, where appropriate, you may have the data
erased, rectified or amended if it is incorrect or inaccurate. We reserve the right to refuse to provide
our visitors with a copy of their personal data if the request is manifestly unfounded or excessive,
but we will give reasons for our refusal. We do, however, allow you to challenge our decision to refuse
to provide you with a copy of your personal data. You have the right to complain to the supervisory
authority and to a judicial remedy without undue delay and at the latest within one month.
Erasure of data
You have a right to have your personal data erased to prevent processing in the following specific circumstances:
- Where the personal data is no longer necessary in relation to the purposes for which it was originally
- If you wish to withdraw consent.
- If you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The data was unlawfully processed in accordance with the GDPR.
- The personal data has to be erased in order to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child.
If you would like J. Wippell & Co. Ltd to erase or amend personal data we hold, please email
firstname.lastname@example.org with your full name, address, email address and the action you wish
us to take. In order to complete such requests, the company will require proof of identification.
Our Privacy Notice and the Conditions of Use will change from time to time in response to changing legal,
regulatory or operational requirements. We may e-mail periodic reminders of our notices and conditions,
unless you have instructed us not to, but you should check our website frequently to see recent changes.
Unless stated otherwise, our current Privacy Notice applies to all information that we have about you
and your account. We stand behind the promises we make, however, and will never materially change our
policies and practices to make them less protective of customer information collected in the past without
the consent of affected customers.
If you choose to visit Wippellgownhire.co.uk, your visit and any dispute over privacy is subject to this
Privacy Notice and our Conditions of Use, including limitations on damages and application of the laws
of England. If you have any concern about privacy, please e-mail us a thorough description and we will
try to resolve the issue for you.
Data Protection Officer
J. Wippell & Co. Ltd
PO Box 1
88 Buller Road