UK GDPR Compliance

This page explains how Abbey Gates School Store complies with the UK General Data Protection Regulation (UK GDPR), which governs the protection of personal data in the United Kingdom.

Scope and Applicability

Although Abbey Gates School Store does not maintain a user registration system or store personal data in a database, we may collect limited personal data automatically through website analytics, cookies, and server logs. This includes IP addresses, browser type, and browsing behaviour for the purpose of improving site functionality and security. This data is processed solely in accordance with the UK GDPR.

Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access – to request confirmation of whether your data is being processed and to obtain a copy of it
• Right to rectification – to correct inaccurate or incomplete data
• Right to erasure – to request deletion of your data where there is no compelling reason for its continued processing
• Right to restrict processing – to limit how your data is used under certain conditions
• Right to data portability – to receive your data in a structured, commonly used format
• Right to object – to object to processing based on legitimate interests or direct marketing
• Right not to be subject to automated decision-making – including profiling

How We Comply

We do not collect personal data for marketing, profiling, or commercial purposes beyond what is necessary for website operation. Any data collected is retained only as long as required for technical functionality, security, or legal compliance. We use encrypted connections (HTTPS), minimal cookie usage, and anonymised analytics to ensure data protection by design and by default.

Data We Process

Only the following data may be automatically collected:

• IP address (anonymised where possible)
• Browser type and version
• Pages visited and time spent on site
• Cookie identifiers (for session and preference management)

No names, email addresses, phone numbers, or payment details are stored on our servers. Payment processing is handled entirely by third-party PCI-compliant gateways.

Legal Basis for Processing

Our processing of personal data is based on legitimate interest for website security, performance optimisation, and user experience improvement. We do not rely on consent for this limited processing, as it is necessary for the operation of our online store.

How to Exercise Your Rights

To exercise any of your rights under UK GDPR, please contact us via email at [email protected]. Include your full name and a clear description of your request. We will respond without undue delay and within one month of receipt.

Response Timeframes

We are required by UK GDPR to respond to your request within one calendar month. In complex cases, we may extend this period by up to two additional months and will inform you of any delay within one month of receiving your request.

No Discrimination Policy

We will never deny you goods or services, charge different prices, or provide a different level of service because you have exercised your rights under UK GDPR.

Updates and Changes

We may update this page periodically to reflect changes in law or our data practices. The most recent version will always be posted here with an updated effective date.

Contact Information

If you have any questions about this compliance page, your rights under UK GDPR, or wish to make a complaint, please contact:

Archer Thornton
[email protected]
Royal Hospital Kilmainham, Military Road, Kilmainham, Dublin 8, D08 K6Y, Ireland

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent supervisory authority for data protection: ico.org.uk.