GDPR, Privacy Policy and Use of Cookies

Your Graduation is a trading style of Marston Events Limited (hereafter MEL). MEL takes cyber security very seriously and works very hard to ensure that its IT security standards and operations are at a high level and as secure as they can be given our resources and the evolving nature of cyber security threats.

MEL is committed to protecting your privacy and recognises its responsibility under GDPR to keep confidential any information about you which is acquired in connection with your order or booking. MEL is registered under the Data Protection Act with the relevant bodies. MEL reviews its registration status regularly to ensure full compliance with current relevant legislation.

Any data acquired is only used for the management and control of your order or booking and for the delivery of the services you have ordered for your ceremony or event. Your institution will have specified to us the services we will be called upon to provide. Please note that because of the nature of the event you are attending, some of your details will become of a public nature when you physically graduate i.e. your name, your degree and subject and level of award. 

Our protocol for any telephone callers or live chat visitors is  that they will be subjected to a minimum of 2 security questions before being able to discuss any order, partial or completed. The order will only be discussed with the graduand or, if different, the person who placed the order and was billed.

Your order data is shared with your University, College or Institution (which already holds extensive additional data on you anyway). Your data (typically your name and address for delivery purposes) is only provided to any third party where they are directly contracted to MEL to provide a service contributing to the completion of your order. An example would be a courier or other delivery service.

For clarity, please note that we do not retain any data relating to any detailed financial aspect of the transaction like card number, expiry, bank account number (whether by card, bank transfer, cheque or other payment method) on our website or in our database. Only payment status data is recorded in our database e.g. paid, awaiting payment, refunded, transaction number (but not transaction details). We are PCI DSS compliant and subject to regular checking and audit through our card processors. In the case of bank transfer or cheque transactions, no data is held by us beyond paying in details to the bank to identify the order against which payment is being made. We do not hold bank sort codes, account numbers or any other bank data. For card and similar payments takenover the internet, all detailed financial data is held by authorised third parties who operate to PCI DSS standards e.g. Worldpay, Elavon, EVO, BOI.

Your data is not provided to any party (other than your Institution) for any purpose whatsoever, nor is your data sold or made any other use of by MEL or its contracted service providers.

After 6 months from the date of completion of your order your data is archived, initially online, and then after another 6 months it is archived offline. As we are required by HMRC to retain commercial records for 7 years from the date of the transaction, this offline archive will be retained until that legal deadline has passed. Once statutory requirements are fulfilled the data from your order or booking is deleted from our systems. 

As required by law, we are able to delete your order data upon request by email. However as noted above we are olbliged (also by law) to retain certain information for up to 7 years. This is explained in any corerspondence with you on your request.

As part of our contracts with some Institutions, we are required to retain photographs in electronic format for specific periods or even indefinitely. These images will be archived offline along with the orders but, where required by contract, will be retained indefinitely with basic identifiers in the event that  any image is needed for reprints later. We will conduct identification protocols as described 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Cookies are used for two purposes on our website. One is a randomly generated number which is used to maintain the continuity of your order process. Once you close your browser this number is deleted and no longer useful. The other form of cookie is to enable us to track your use of our website so that we can improve the website and its ease of use. This kind of cookie does not provide us with any personal data about you, but does enable us to know your region, type of browser etc and information specific to your use of our website only.