Card Payment Gateway Terms and conditions

Terms and conditions for the use of the University of Edinburgh Card Payment Gateway.

Online security

The University of Edinburgh has made every endeavour to ensure the security and integrity of personal information. Payment details are encrypted whenever transmitted or received online. Personal information is only accessible by staff designated to deal with receiving online payments. Access to this information is controlled using user names and passwords.

Your information

The information we collect

We gather various pieces of information when you use a Card Payment Gateway.  Listed below is the information we may collect when you place an order through a Card Payment Gateway:

  • Your name, title and billing address: This information is essential in processing your payment.
  • Your delivery address: When goods purchased on a Card Payment Gateway are to be delivered you will be asked to provide a delivery address for this purpose.
  • University degree and student information: In order to process certain orders made through a Card Payment Gateway (e.g. Academic Transcripts) we will ask you to provide your University of Edinburgh matriculation number, or details of your studies.
  • Other relevant personal information: If you are booking a place at a conference or event through a Card Payment Gateway, the conference organisers may ask you to provide other relevant information e.g. details of any dietary requirements or allergies.
  • Customer Feedback: We may carry out customer research by providing customers with access to feedback questionnaires. Although this feedback is anonymous, the questionnaires provide the opportunity for free text comments, in which a customer may supply personally identifiable information about themselves, other customers or members of staff.   How we use your information We use the information you provide in a number of ways:
  1. To successfully process your order.
  2. To process a refund.  We retain details of orders made through a Card Payment Gateway so that we can easily and securely make refunds if necessary.
  3. For event administration. If you have booked a place at an event through a Card Payment Gateway, the event organisers will use the information you provide for event administration and organisation purposes.
  4. To communicate with you. If there is a problem with an order that you have placed through a Card Payment Gateway, or the organisers of a conference or event need to provide you with additional information we will use the contact details
  5. To inform you about events that you may be interested in.  Occasionally organisers of academic events will contact attendees of a previous event in order to provide details of a forthcoming event which may be of interest.

 

Who has access to your information

The information you provide through a Card Payment Gateway is in general only accessible by members of staff at the University of Edinburgh.  In addition only staff who work in a department directly related to your order will have access to your information.

Certain academic conferences are organised and ran by individuals or groups which are not part of the University of Edinburgh.  In such a situation we will allow conference organisers access to your information in order that the conference can be organised successfully.

We do not share your information with any advertisers and do not use Card Payment Gateways to generate mailing lists for e-mail marketing purposes.

Third-parties

We work with a number of third parties in order to provide the Card Payment Gateways, and process payments online.

WPM Education

WPM Education Ltd is a third-party company which provides and hosts the Card Payment Gateways.

The information you provide when using a Card Payment Gateway is stored within databases on WPM Education's servers, which are located within the UK.

WPM Education hold this information solely for the purpose of allowing the University of Edinburgh to run the Card Payment Gateways.  WPM Education do not use your information or share it with any other organisations.

WorldPay

In order to process payments online we work with WorldPay (UK) Ltd, a third-party company.  We provide WorldPay with the following information solely for the purpose of processing card payments:

  • Your name,
  • Your card billing address,

  • Your credit or debit card details. WorldPay only use this information to process card transactions.  WorldPay do not share your information with any other organisation or use it for any purpose other than processing card transactions. 

    Cookies 

    We use cookies on the Card Payment Gateways in order to provide payment functionality. 

    Cookies set by Card Payment Gateways Strictly necessary cookies 

    The following cookies are set by the Card Payment Gateways when you visit the site and are essential to providing the online functionality.  You must accept these cookies to make use of the Card Payment Gateways.

CookieCookie name(s)Data StoredWhen does it expire?Description
WPM StoreWPM_StoreA random string of letters and numbersAfter 20 minutes of non-activity.This cookie is used to follow your interaction with ePay, and maintain your shopping basket.
Store SessionWPM_Store_SessionA random string of letters and numbers20 minutes after first accessing the site.This cookie is used to follow your interaction with ePay.
Company IDCompanyIDA random string of letters and numbers20 minutes after first accessing the site.This cookie is used to follow your interaction with ePay, and ensure the correct store details are displayed.
Session IDASPSESSIONIDA random string of letters.The cookie is deleted when you close your web browserThis is a session cookie. A session cookie is required to follow your progress through the website. It is essential to ensure that any information you enter or routes you take are remembered by the website. Without this cookie, every page you visited would treat you as a completely new visitor.

Performance cookies - Google Analytics

As with other University of Edinburgh sites we also use Google Analytics to monitor visitor behaviour and the use of Card Payment Gateways, and to make improvements.  Google Analytics sets cookies which collect anonymous information on the pages visited.

How do we protect your data

Our customer data, which is held securely on the University’s servers. All staff who access the database are required to complete the University’s data protection training. Only customer details are accessible to staff. No payment details are accessible.

The University’s online payment system is compliant with the Payment Card Industry Data Security Standard (PCI DSS). To find out more about PCI Compliance, visit: www.pcisecuritystandards.org

Important points

  1. You do not have to accept Google Analytics cookies in order to use a Card Payment Gateway.
  2. Other University of Edinburgh sites use Google Analytics and you should refer to their own Privacy and cookies statement for more information on how they set cookies.

For more details on the cookies created by Google Analytics, please refer to the main University website privacy policy.

www.ed.ac.uk/about/website/privacy-policy

What can I do if I have any concerns?

We aim to be transparent about the way we process your personal data but we understand that you may still have questions or concerns. If there is anything you are unclear about then please contact our Data Protection Officer via dpo@ed.ac.uk who shall be happy to help.  If you remain dissatisfied then you have the right to complain to the ICO. Further advice on how you can raise a concern with us or escalate a matter to the ICO is available via the ICO website: https://ico.org.uk/your-data-matters/raising-concerns/

Contact us

Please contact us with any other enquiries by e-mailing finance.helpline@ed.ac.uk

This article was published on