At The Boarding Company Limited we believe in the importance of looking after your information and ensuring you have maximum control over it. Only those within our network with the appropriate access level are able to view your information. If you’d like any help accessing, amending or deleting any information please contact us.
We remain fully committed to the protection of your privacy at all times. The information contained in this policy has been published to inform you of the way in which any personal data (as defined below) you provide us with or we collect from you will be used. Please read this information carefully in order to fully understand how we treat such personal data.
No staff at The Boarding Company Limited are able to see any of your credit or debit card information. This information is held by Sage Pay, our payment providers. Sage Pay are the UK’s largest provider of online credit and debit card processing services. When we provide refunds to your card, we cannot see any of your card information at this time either. This makes purchasing online with The Boarding Company Limited's websites far more secure than any in-store, mail order or telephone purchase.
All transaction information passed between The Boarding Company Limited's websites and Sage Pay is encrypted. No cardholder information is ever passed unencrypted and any messages sent to our servers by Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely secure in the knowledge that nothing we pass to the Sage Pay servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign’s Global Root certificate, making them all but impossible to extract. The data Sage Pay hold is extremely secure and is regularly audited by the banks and banking authorities to ensure it remains so.
Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is encrypted and secure and cannot be tampered with.
No individuals within Sage Pay are able to decrypt transaction information or cardholder data. Sage Pay systems only allow access to their most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). Your transaction information and customer card information is secure even from Sage Pay’s own employees because their systems never display the full card numbers, even on administration screens.
The personal data we hold about you may be used in any of the following ways:
We will never supply your personal data to third parties.
We may at times provide links on our website to third party websites, including without limitation those owned or managed by our partner networks, affiliates or advertisers. These websites have separate privacy policies, and we therefore cannot accept any responsibility for the content. As such, choosing to follow these links is a choice you make at your own risk, and we advise that you check these websites' individual privacy policies before submitting any personal data.
You retain the right to request us to refrain from processing your data for the purposes of marketing. To exercise such right, you may use the unsubscribe link on our marketing messages, reply to any information we send you, detailing your request that we refrain from sending any marketing correspondence, or you can exercise this same right by contacting us, via our website “Contact Us” service. If, at any time, we intend to use your data for marketing purposes, it is standard practice for us to make you aware in advance of using such data.
You retain at all times the right to access / amend / delete any personal data we hold about you providing the request does not contradict any laws. You may exercise this right using the appropriate option within your account. You may also lodge a complaint with the UK data protection regulator, should you be dissatisfied with the way that we handle your personal data.
Personal data means any information relating to an identifiable person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
We may obtain and use the following personal data about you:
We store the personal data you provide us with on our secure servers. In the event of you choosing a password which grants you access to the account created within our website, it remains your responsibility to maintain the confidentiality of this password.
As the transmission of data via the internet cannot be assumed completely secure, we cannot guarantee the security of any of your data transmitted to our website; you are therefore responsible for any risk associated with such transmission. We will however at all times take all reasonable steps to ensure the transmission of your data is executed as securely as possible, and upon receipt of your we will continue at all times to enforce strict security procedures and features in an attempt to prevent any unauthorised access.
We will take reasonable steps to maintain appropriate technical and organizational measures to protect the personal data you provide to us against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data.
To ensure the best possible customer experience, we work with some external partners. We rigorously examine their policies before working with them, to ensure your data remains secure. Specific information is available on request.
We will keep your personal data for the duration of the period required by law. At the point of expiry from the required period, your personal data will be deleted.