This is our privacy notice in line with the new data protection legislation (known as General Data Protection Regulation – GDPR) with effect from 25th May 2018.

The policy includes:

  • The data that we hold
  • How we use it
  • Why we need it
  • Who has access to it
  • What your rights are
  • Details of who to contact with any queries

Background

The Schoolwear Association (SA) is committed to protecting the data it collects and using it fairly to contact existing and potential members with business relevant information and applies the current laws, which are known as the General Data Protection Regulation (GDPR).

The SA is the Trade Association for the School Uniform market. It represents the interests of the market and its members. The SA communicates to the media, to government and all agencies involved in the various issues surrounding School Uniform. The SA promotes Best Practice and tries to encourage positive actions and attitudes at all times.

How the law protects you

Your privacy is protected by law. This section explains how this works.

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sometimes sharing it outside the Association. The law says we must have one or more of these reasons:

  • To fulfil a contract (i.e. the Membership Invoice) we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you otherwise consent to it

A legitimate interest is when we have a business or commercial reason to use your information in our normal course of business and as verified by our legitimate interest assessment (although even then it must not unfairly go against what is right and best for you).

Information we may collect about you

We will primarily hold business related information, although that may include some personal data about you, including for example your name, address, telephone/mobile number(s) and email address.

Examples of the sources of data we collect about you or your company:

  • Membership application form;
  • When you talk to us on the telephone, personally or communicate with us via social media or through the SA website;
  • In emails and letters;
  • Financial reports;
  • Business accounts;
  • Bank details, if you pay an Invoice directly;
  • When you use our website;
  • Cookies (find more detailed information via our website(s));
  • When you interact on social media;
  • Email tracking facilities;
  • In surveys;
  • Payment and transactional data;
  • The internet;
  • Publicly available information;

What personal data do we collect for business purposes?

The SA may collect the following information about you:

  • Your name;
  • Your business contact details: postal address including billing and delivery addresses,
  • Telephone numbers (including mobile numbers) and e-mail address;
  • Your on-line browsing activities on our websites, including schoolwearassociation.co.uk;
  • Your password(s) relating to the SA website;
  • Your communication and marketing preferences;
  • Your product interests, preferences, feedback and survey responses;
  • Your location;
  • Your correspondence and communications with the SA.

How we process your data

GDPR law says that we can only use your personal information if we have a proper reason to do so. This includes sharing your data with third parties. We may process your personal data for the following purposes, if relevant:

  • To administer your relationship with the SA and to manage interactions with your business;
  • To provide services to you;
  • To tailor your experience on our websites;
  • To manage any registered account(s) that you hold with us;
  • To verify your identity;
  • For crime and fraud prevention, detection and related purposes;
  • With your agreement, to contact you electronically about services which we think may interest you. You will always be given the opportunity to unsubscribe from receiving SA info;
  • For research and statistical analysis;
  • To carry out marketing activities in a business context, e.g. Your Membership renewal;
  • To provide you with information about other services we may be offering;
  • Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
  • To communicate with you about industry news and events, updates and other activities
  • We are involved in as a Trade Association and believe you would be interested in;
  • To provide advice or guidance about using our services;
  • To collect and recover money that is owed to us;
  • To communicate with you via social media;

We process this data on the basis of our legitimate interest to run the SA in an efficient and proper way for the benefit of our Members and the market in general. This includes managing our financial position, planning, audit, communications, business capability and to exercise our rights set out in agreements and contracts. We also process your personal data where required to comply with laws and regulations that apply to us.

How will we protect information we hold?

The SA has various data and security policies in place to ensure the safe-keeping of the data that we collect. Staff are trained and regularly updated to ensure they are treating your data within the guidelines of this notice.

Data is stored securely within the SA’s systems to prevent unauthorised access. To deliver services to you.

Retention Period

There are various lengths of time that data is kept for depending on need and other laws that we adhere to. You have the right to be forgotten within our database as long as there isn’t an over-riding legitimate business need.

Unless we explain otherwise to you, we’ll hold your personal information based on the following retention periods for personal data:

  • Membership records – throughout the commercial relationship and no less than 12 months after that should end
  • Events – up to 5 years after the event you attended
  • Financial records – 7 years
  • New Member enquiries – 7 years

When we may share your information

We will treat your personal information as private and confidential, but may share it with each other and disclose it outside of the SA if:

  • Allowed by any agreement entered into by you;
  • You consent;
  • Needed by our agents, advisers or others involved in running accounts and services for you;
  • Nneeded by third parties to help manage your records (such as our IT suppliers who run our computer systems) – please note we will have appropriate separate service contracts in place with these firms;
  • Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:-
    – to comply with our legal obligations;
    – to exercise our legal rights (for example in court cases);
    – for the prevention, detection, investigation of crime or prosecution of offenders; and
    – for the protection of our employees.

Please note that where we have a relationship with a third party involving your data, we will have a signed data controller/processor agreement with them.

What are your rights?

You have the right to ask us to provide you with access to and rectification or erasure of your personal data providing there isn’t a legitimate business need for it to be kept. Providing you with this information is free of charge, but charges may apply for excessive requests. You have the right to ask us to provide you or a third party with the personal data you have provided to us in an electronic format.

You have the right to object to certain purposes for processing.

If you wish to stop us from providing you with marketing or information communications then you can opt out at any time by ticking the appropriate boxes within an email or mailing or contacting us directly.

If you have any questions about how the SA use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by either of the following means:

  • Email us at: [email protected]
  • Write to us at: The Schoolwear Association, c/o Early Years Ltd, Oxhill Road, Shirley, Birmingham, B90 1LR

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.

Changes to this policy

Any changes we make to this policy in the future will be communicated to you by email or letter. The full notice (as it currently stands) will be available on our website (www.schoolwearassociation.co.uk) as well as available on request via the above email address.

Breaches

In the event that we believe there is a serious breach to our systems or data we will inform the Information Commissioner’s Office within 72 hours and will inform the affected parties as soon as practically possible thereafter.

This policy was last updated in May