We’re committed to protecting the privacy of our customers and users and believe in being upfront about how we collect and process data.
We promise to collect, process, store and share your data safely and securely:
1.1. “UYR Limited”, “UYR Group”, “School Exercise Books UK” (referred to in this policy as “we”, “us” or “our”) are trading names of:
15/17 Langthwaite Road
Langthwaite Business Park
Registered Company Number: 03885328 ICO Registration Number: Z8584451
2.1. “UYR” has appointed a Data Protection Officer on a voluntary basis. They can be contacted in the following ways should you have any questions, complaints or feedback about your privacy:
Mail: Data Protection Officer
15/17 Langthwaite Road
Langthwaite Business Park
You can also call our Head Office who will pass your questions, complaints and feedback to our Data
Protection Officer for you:
Telephone: 01977 655 899
This section tells you what personal data we may collect from you, why we need it when you use our services and what other personal data we may receive from other sources.
3.1. We collect data you provide to us:
3.2. We collect data when you use our services:
3.3. We collect data from third parties we work with:
4. Data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
4.1. Identity data – name, title, date of birth, gender, nationality, school details of those buying or using our services, pupil’s names, pupil’s class, pupil’s gender, teacher names.
4.2. Contact data – location, postcode, email address, personal business email address, teacher’s school email address, telephone number.
4.3. Transaction data – details of the products and services you have purchased from us, including date and time of order and spend in relation to that transaction. We also collect the name on your payment card, your card, expiry date and CVV number.
4.4. Technical data - internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
4.5. Profile data - purchases or orders made by you, your interests, preferences, feedback and survey responses, preferences about the use of the services (including whether you are interested in certain events that we offer).
4.6. Usage data – information about how you use our website and services.
4.7. Marketing and communications data – your preferences in receiving marketing from us and your communication preferences.
4.8. Employment information – previous employment history, experience, relevant qualifications, work eligibility and references.
4.9. Statistical data – pupil’s grades, pupil’s workbooks, pupil’s development, teacher’s comments, aggregated data.
4.10.Health and Medical Information – we will collect medical information, where supplied, for staff applying for select roles and employees.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not specifically collect any special categories of personal data about you, outside of those stated above. This includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the table below: the personal information which we collect from you, how we use it, and the legal ground on which we rely when we use the personal information.
In some circumstances we can use your personal information if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
We have a number of lawful reasons that we can use (or 'process') your personal data. One of these lawful reasons is called 'legitimate interests'.
Broadly speaking legitimate interests means that we can process your personal information if:
The following are some examples of when and why we would use this approach during our normal course of business:
In order to provide you with our services and meet our legal obligations, we only share your data with 3rd parties, in the following circumstances:
We’ll never make your personal data available to anyone outside UYR for them to use for their own marketing purposes without your prior consent.
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal information outside the EEA, we have to tell you.
We transfer your data outside of the EEA in very limited circumstances. We have ensured those organisations that we share your data with look after it securely and have appropriate safeguards, as required by GDPR in place. These are organisations are:
If you would like to know more about the EU-US Privacy Shield, please Click Here
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
We will keep your personal information for as long as you are our customer or employee.Customer
After you stop being an active customer, because you have stopped regularly using our services or buying our products, we may keep your personal information for up to 6 years for one of the following reasons:
After such time, we will securely delete your personal information. If we receive a bounce back from any of the emails that we send to you on a number of occasions, we will delete your personal information in relation to those emails.Employee
For permanent employees, we keep personnel files for 6 years after an employment contract has ended. This information includes, but is not exclusive to employment contracts, training records and salary information. For temporary staff, we keep relevant records for 2 years.
This excludes members of the Senior Leadership Team, whose details are retained permanently.Pupils
The information for children is stored in our secure system in an encrypted format for the duration of the school year. Once the pupil leaves the class, the data is anonymised and is no longer identifiable to the pupil. This anonymised data is not personal data and is kept forever.
We may use your personal information to tell you about relevant services and any upcoming offers.
We can only use your personal information to send you marketing emails if we have either your consent to do so.
You can ask us to stop sending you marketing messages at any time – you just need to contact us or use the ‘unsubscribe’ links on any marketing message sent to you.
Where you opt-out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing our services or any other transaction between you and us.
We will always be transparent in the way we use your personal data. You will be fully informed about the processing through privacy notices.
You have the right to request access to the personal data that we hold about you and this should be provided to you, under the General Data Protection Regulation (GDPR) and Data Protection Act 2018, within one month of receipt. If you would like to request a copy of your personal data, please contact our Data Protection Officer in writing or via email with the details listed in point 2.1. Alternatively, please call our Head Office who can take your request and hand over to our Data Protection Officer.
We want to make sure that the personal data we hold about you is accurate and up to date. If any of your details are incorrect, please let us know and we will amend them.
You have the right to have your data ‘erased’ in the following situations:
If you would like to request erasure of your personal data, please contact our Data Protection Officer in writing or via email with the details listed in point 2.1. Alternatively, please call our Head Office who can take your request and hand over to our Data Protection Officer. Please note that each request will be reviewed on a case by case basis and where we have a lawful reason to retain the data, it may not be erased.
You have the right to restrict processing in certain situations such as:
You have the right to data portability in certain situations. You have the right to obtain and reuse your personal data for your own purposes via a machine-readable format, such as a .CSV file. If you would like to request portability of your personal data, please contact our Data Protection Officer in writing or via email with the details listed in point 2.1. Alternatively, please call our Head Office who can take your request and hand over to our Data Protection Officer. The Right to Data Portability only applies:
You have the right to object to UYR processing your data in these circumstances:
14.1.If you feel that UYR has not upheld your rights, we ask that you contact our Data Protection Officer whose details can be found in point 2.1 so that we can try and help.
14.2.If you are not satisfied with our response, or believe we are not processing your data in accordance with the law, you have the right to lodge a complaint with the Supervisory Authority, the Information Commissioner’s Office (ICO). Their details are supplied below: