Privacy, Security & GDPR

At The Boarding Company Limited we believe in the importance of looking after your information and ensuring you have maximum control over it. Only those within our network with the appropriate access level are able to view your information. If you’d like any help accessing, amending or deleting any information please contact us.

We remain fully committed to the protection of your privacy at all times. The information contained in this policy has been published to inform you of the way in which any personal data (as defined below) you provide us with or we collect from you will be used. Please read this information carefully in order to fully understand how we treat such personal data.

When you access or use our website, you agree to our privacy policy and you consent to our collection, storage, use and disclosure of your personal data for the purpose of processing an order, in accordance with this policy.

Private Information

No staff at The Boarding Company Limited are able to see any of your credit or debit card information. This information is held by Sage Pay, our payment providers. Sage Pay are the UK’s largest provider of online credit and debit card processing services. When we provide refunds to your card, we cannot see any of your card information at this time either. This makes purchasing online with The Boarding Company Limited's websites far more secure than any in-store, mail order or telephone purchase.

Transaction Security

All transaction information passed between The Boarding Company Limited's websites and Sage Pay is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to our servers by Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely secure in the knowledge that nothing we pass to the Sage Pay servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Encryption and Data Storage

Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign’s Global Root certificate, making them all but impossible to extract. The data Sage Pay hold is extremely secure and is regularly audited by the banks and banking authorities to ensure it remains so.

Sage Pay Links to Banks

Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is encrypted and secure and cannot be tampered with.

Sage Pay Employee Access

No individuals within Sage Pay are able to decrypt transaction information or cardholder data. Sage Pay systems only allow access to their most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). Your transaction information and customer card information is secure even from Sage Pay’s own employees because their systems never display the full card numbers, even on administration screens.

Our Use of Your Data

The personal data we hold about you may be used in any of the following ways:

  • To provide you with the means to create an order, including administration and management of your account.
  • To provide you with user support.
  • To comply with applicable laws, court orders, government and law enforcement agencies’ requests.
  • To send you further information about our services for which we think you may have an interest. This information will be supplied only where you have given consent.
  • To provide you with notification about any changes to the Service.

We will never supply your personal data to third parties.

We may at times provide links on our website to third party websites, including without limitation those owned or managed by our partner networks, affiliates or advertisers. These websites have separate privacy policies, and we therefore cannot accept any responsibility for the content. As such, choosing to follow these links is a choice you make at your own risk, and we advise that you check these websites' individual privacy policies before submitting any personal data.

Your Rights

You retain the right to request us to refrain from processing your data for the purposes of marketing. To exercise such right, you may reply to any information we send you, detailing your request that we refrain from sending any marketing correspondence, or you can exercise this same right by contacting us, via our website “Contact Us” service. If, at any time, we intend to use your data for marketing purposes, it is standard practice for us to make you aware in advance of using such data.

You retain at all times the right to access / amend / delete any personal data we hold about you providing the request does not contradict any laws. You may exercise this right by contacting us via our website “Contact Us” service. You may also lodge a complaint with the UK data protection regulator, should you be dissatisfied with the way that we handle your personal data.

Personal Data We May Obtain From You

Personal data means any information relating to an identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

We may obtain and use the following personal data about you:

  • Data you provide when creating an account, on our website, for the purposes of making a purchase.
  • Data and information you submit or upload through our “Contact Us” service
  • Details of transactions made by you through the website.
  • Responses to optional research surveys we ask you to complete.
  • Details of your visits to our website, which includes without limitation; location and traffic data, weblogs, resources you access and other communication data.

Where We Store Personal Data

We store the personal data you provide us with on our secure servers. In the event of you choosing a password which grants you access to the account created within our website, it remains your responsibility to maintain the confidentiality of this password.

As the transmission of data via the internet cannot be assumed completely secure, we cannot guarantee the security of any of your data transmitted to our website; you are therefore responsible for any risk associated with such transmission. We will however at all times take all reasonable steps to ensure the transmission of your data is executed as securely as possible, and upon receipt of your we will continue at all times to enforce strict security procedures and features in an attempt to prevent any unauthorised access.

How We Protect Your Personal Data

We will take reasonable steps to maintain appropriate technical and organizational measures to protect the personal data you provide to us against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data.

Our Partners

To ensure the best possible customer experience, we work with some external partners. We rigorously examine their policies before working with them, to ensure your data remains secure. Specific information is available on request.

How Long We Keep Personal Data For

We will keep your personal data for the duration of the period required by law. At the point of expiry from the required period, your personal data will be deleted.