Terms and conditions

Terms and conditions for the use of the University of Edinburgh Online Store, ePay.

Online security

The University of Edinburgh has made every endeavour to ensure the security and integrity of personal information. Payment details are encrypted whenever transmitted or received online. Personal information is only accessible by staff designated to deal with receiving online payments. Access to this information is controlled using user names and passwords.

Your information

The information we collect

We gather various pieces of information when you use ePay.  Listed below is the information we may collect when you place an order through ePay:

  • Your name, title and billing address: This information is essential in processing your payment.
  • Your delivery address: When goods purchased on ePay are to be delivered you will be asked to provide a delivery address for this purpose.
  • University degree and student information: In order to process certain orders made through ePay (e.g. Academic Transcripts) we will ask you to provide your University of Edinburgh matriculation number, or details of your studies.
  • Other relevant personal information: If you are booking a place at a conference or event through ePay, the conference organisers may ask you to provide other relevant information e.g. details of any dietary requirements or allergies.
  • Customer Feedback: We may carry out customer research by providing customers with access to feedback questionnaires. Although this feedback is anonymous, the questionnaires provide the opportunity for free text comments, in which a customer may supply personally identifiable information about themselves, other customers or members of staff.   How we use your information We use the information you provide in a number of ways:
  1. To successfully process your order.
  2. To process a refund.  We retain details of orders made through ePay so that we can easily and securely make refunds if necessary.
  3. For event administration. If you have booked a place at an event through ePay, the event organisers will use the information you provide for event administration and organisation purposes.
  4. To communicate with you. If there is a problem with an order that you have placed through ePay, or the organisers of a conference or event need to provide you with additional information we will use the contact details
  5. To inform you about events that you may be interested in.  Occasionally organisers of academic events will contact attendees of a previous event in order to provide details of a forthcoming event which may be of interest.

 

Who has access to your information

The information you provide through ePay is in general only accessible by members of staff at the University of Edinburgh.  In addition only staff who work in a department directly related to your order will have access to your information.

Certain academic conferences are organised and ran by individuals or groups which are not part of the University of Edinburgh.  In such a situation we will allow conference organisers access to your information in order that the conference can be organised successfully.

We do not share your information with any advertisers and do not use ePay to generate mailing lists for e-mail marketing purposes.

Third-parties

We work with a number of third parties in order to provide the ePay online store, and process payments online.

WPM Education

WPM Education Ltd is a third-party company which provides and hosts the ePay online store.

The information you provide when using ePay is stored within databases on WPM Education's servers, which are located within the UK.

WPM Education hold this information solely for the purpose of allowing the University of Edinburgh to run the ePay Online Store.  WPM Education do not use your information or share it with any other organisations.

WorldPay

In order to process payments online we work with WorldPay (UK) Ltd, a third-party company.  We provide WorldPay with the following information solely for the purpose of processing card payments:

  • Your name,
  • Your card billing address,
  • Your credit or debit card details. WorldPay only use this information to process card transactions.  WorldPay do not share your information with any other organisation or use it for any purpose other than processing card transactions. Cookies We use cookies on ePay in order to provide online store functionality. Cookies set by ePay Strictly necessary cookies The following cookies are set by ePay when you visit the site and are essential to providing the online store functionality.  You must accept these cookies to make use of the ePay Online Store.

Cookie

Cookie name(s)

Data Stored

When does it expire?

Description

WPM Store

WPM_Store

A random string of letters and numbers

After 20 minutes of non-activity.

This cookie is used to follow your interaction with ePay, and maintain your shopping basket.

Store Session

WPM_Store_Session

A random string of letters and numbers

20 minutes after first accessing the site.

This cookie is used to follow your interaction with ePay.

Company ID

CompanyID

A random string of letters and numbers

20 minutes after first accessing the site.

This cookie is used to follow your interaction with ePay, and ensure the correct store details are displayed.

Session ID

ASPSESSIONID

A random string of letters.

The cookie is deleted when you close your web browser

This is a session cookie. A session cookie is required to follow your progress through the website. It is essential to ensure that any information you enter or routes you take are remembered by the website. Without this cookie, every page you visited would treat you as a completely new visitor.

Performance cookies - Google Analytics

As with other University of Edinburgh sites we also use Google Analytics to monitor visitor behaviour and the use ePay, and to make improvements.  Google Analytics sets cookies which collect anonymous information on the pages visited.

When first visiting ePay you will be asked whether or not you are willing to accept cookies from Google Analytics.  This differs from the main University website privacy policy, where Google Analytics cookies are set by default.

How do we protect your data

Our customer data, which is held securely on the University’s servers. All staff who access the database are required to complete the University’s data protection training. Only customer details are accessible to staff. No payment details are accessible.

The University’s online payment system is compliant with the Payment Card Industry Data Security Standard (PCI DSS). To find out more about PCI Compliance, visit: www.pcisecuritystandards.org

Important points

  1. You do not have to accept Google Analytics cookies in order to use ePay.
  2. The choice you make regarding Google Analytics cookies on ePay applies only to the www.epay.ed.ac.uk site.  Other University of Edinburgh sites use Google Analytics and you should refer to their own Privacy and cookies statement for more information on how they set cookies.

For more details on the cookies created by Google Analytics, please refer to the main University website privacy policy.

www.ed.ac.uk/about/website/privacy-policy

What can I do if I have any concerns?

We aim to be transparent about the way we process your personal data but we understand that you may still have questions or concerns. If there is anything you are unclear about then please contact our Data Protection Officer via dpo@ed.ac.uk who shall be happy to help.  If you remain dissatisfied then you have the right to complain to the ICO. Further advice on how you can raise a concern with us or escalate a matter to the ICO is available via the ICO website: https://ico.org.uk/your-data-matters/raising-concerns/

Contact us

Please contact us with any other enquiries by e-mailing finance.helpline@ed.ac.uk