Privacy Policy

At University of Exeter we’re committed to protecting and respecting your privacy.  The University’s Website Privacy Policy can be found at Website and cookies | About our site | University of Exeter

This policy is relevant specifically to the Online store, which is hosted outside of the main University website, and explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights and choices in relation to your information.

Any questions regarding this policy and our privacy practices should be sent by email to marketplaceDH1@exeter.ac.uk or by writing to the University's Information Governance Team at University of Exeter, Stocker Road, Exeter, EX4 4PZ.

How do we collect information from you?

We obtain information about you in the following ways:

Information you give us directly

For example, we may obtain information about you when you purchase products and services or when you register to receive future marketing notices.

Information you give us indirectly

Your information may be shared with us by other parts of the University of Exeter, or by third parties.  You should check any privacy policy provided to you where you give your data to a third party.

When you visit this website

We, like many companies, automatically collect the following information:

  • technical information, including the type of device you’re using, the IP address, browser and operating system being used to connect your computer to the internet. This information may be used to improve the services we offer.
  • information about your visit to this website, for example we collect information about pages you visit and how you navigate the website, i.e. length of visits to certain pages, products and services you viewed and searched for, referral sources (e.g. how you arrived at our website).

We collect and use your personal information by using cookies on our website – more information on cookies can be found under the ‘Use of Cookies’ section below.

Social Media

When you interact with us on social media platforms such as Instagram, Facebook and Twitter we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms.

What type of information is collected from you?

The personal information we collect, store and use might include:

  • your name and contact details (including postal address, email address and telephone number);
  • information about your activities on our website and about the device used to access it, for instance your IP address and geographical location – this helps Shopify to spot potentially fraudulent transactions to safeguard online shopping for all customers.
  • your bank or credit card details. If you make a purchase, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions. On the website we use the Shopify Payment portal. In our stores we use Cardnet. Both are world leaders in payment solutions.
  • any other personal information shared with us either online or via email or social media.

Data protection laws recognise certain categories of personal information as sensitive and therefore requiring greater protection, for example information about your health, ethnicity and religion. We do not collect sensitive data about you.

How and why is your information used?

We may use your information for a number of different purposes, which may include:

  • providing you with the services, products or information you asked for.
  • processing orders that you have submitted;
  • carrying out our obligations under any contracts entered into between you and us;
  • keeping a record of your relationship with us;
  • conducting analysis and market research so we can understand how we can improve our services, products or information;
  • dealing with entries into a competition;
  • seeking your views or comments on the services we provide;
  • notifying you of changes to our services;
  • sending you communications which you have requested and that may be of interest to you. These may include information about campaigns, fundraising appeals and activities and promotions of goods and services; and
  • processing grant or job applications.

How long is your information kept for?

We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfil our statutory and regulatory obligations (e.g., tax and accounting purposes).

We review our retention periods on a regular basis.

You can request that your information is deleted from our systems at any time by contacting us via the contact details in the first section.

Who has access to your information?

We do not sell or rent your information to third parties.

We do not share your information with third parties for marketing purposes.

However, we may disclose your information to third parties in order to achieve the other purposes set out in this policy. These third parties may include:

Third parties working on our behalf: We may pass your information to our third-party service providers, suppliers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example delivery companies). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our staff, supporters, customers, users of the website or others. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Our major third parties include:

Shopify – we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Lawful Processing

Data protection law requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:

Specific Consent

Where you have provided specific consent to us using your personal information in a certain way, such as to send you email, text and/or telephone marketing.

Performance of a contract

Where we are entering into a contract with you or performing our obligations under it like when you buy products and services.

Legal obligation

Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like the Charity Commission or Fundraising Regulator.

Legitimate interests

Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights).

We consider our legitimate interests to be running the retail businesses of the University of Exeter in pursuit of our aims and ideals as set-out by the University of Exeter. For example to:

  • send communications which we think will be of interest to you;
  • conduct research to better understand who our customers are to better target our products;
  • monitor who we deal with to protect the company against fraud, money laundering and other risks;
  • enhance, modify, personalise or otherwise improve our products, services and communications for the benefit of our customers; and
  • understand better how people interact with our website.

When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, your vital interests, or, in some cases, if it is in the University of Exeter’s interest for us to do so).

Marketing Communications

We may use your contact details to provide you with information about the products and services you can buy, if we think it may be of interest to you.

Email

We will only send you marketing and fundraising communications by email, text and telephone if you have explicitly provided your prior consent. You may opt out of our marketing communications at any time by clicking the unsubscribe link at the end of our marketing emails.

Post

We may send you marketing and fundraising communications by post unless you have told us that you would prefer not to hear from us.

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about products and services that you can buy, then you can select your choices by ticking the relevant boxes situated on the form used to collect your information.

We’re committed to putting you in control of your data so you’re free to change your marketing preferences (including to tell us that you don’t want to be contacted for marketing purposes) at any time by contacting us using the details in the first section.

We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted and will retain your details on a suppression list to help ensure that we do not continue to contact you. However, we may still need to contact you for administrative purposes like where we are processing an order or thanking you for your custom.

Your Rights

Under UK data protection law, you have certain rights over the personal information that we hold about you. Here is a summary of the rights that we think apply:

Right of access

You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.

If you want to access your information, please send a description of the information you want to see and proof of your identity by post to the address provided in the first section.

Right to have your inaccurate personal information corrected

You have the right to have inaccurate or incomplete information we hold about you corrected. The accuracy of your information is important to us so we’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us via the methods outlined in the first section.

Right to restrict use

You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy or we’re not lawfully allowed to use it.

Right of erasure

You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it.

Right for your personal information to be portable

If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you in a particular format.

Right to object

You have the right to object to processing where we using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office, https://ico.org.uk/

Keeping your information safe

When you give us personal information, we take steps to ensure that appropriate technical and organisational controls are in place to protect it.

Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of or in the address bar of web browsers.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Use of 'cookies' and online action trackers

Like many other websites, this website uses cookies. Cookies are data files that are placed on your device or computer and often include an anonymous unique identifier. For example, we use cookies to store your country preference. This helps us to deliver a better more personalised service when you browse our website and improve our services.

For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site. These are used to improve functionality and guide product decision making.

As our third-party online shop provider Shopify may also use your online behaviour to provide you with targeted advertisements that they believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by using the links below:

- Facebook: https://www.facebook.com/settings/?tab=ads

- Google: https://www.google.com/settings/ads/anonymous

- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

Links to other websites

Our website may contain links to other websites run by other organisations. This policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the privacy policy of that third party site.

16 or Under

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.

Vulnerable circumstances

We are committed to protecting vulnerable customers and appreciate that additional care may be needed when we use their personal information. In recognition of this, we observe good practice guidelines in our interactions with vulnerable people.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are located in a country outside of the EEA. You should be aware that these countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.

If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services. We undertake regular reviews of who has access to information that we hold to ensure that your info is only accessible by appropriately trained staff and contractors.

Changes to this policy

Any changes we may make to this policy in the future will be posted on this website so please check this page occasionally to ensure that you’re happy with any changes. If we make any significant changes we’ll make this clear on this website.

Review of this Policy

We keep this policy under regular review. This policy was last updated in May 2023.