This is our exhibitor and visitor privacy notice in line with the new data protection legislation (known as General Data Protection Regulation - GDPR) with effect from 25th May 2018.

The policy includes:

  • The data that we hold
  • How we use it
  • Why we need it
  • Who has access to it
  • What your rights are
  • Details of who to contact with any queries


The Schoolwear Show Limited (TSSL) is committed to protecting the data it collects and using it fairly to contact existing and potential visitors and exhibitors with business relevant information and applies the current laws, which are known as the General Data Protection Regulation (GDPR).

TSSL is owned by five companies, Banner, Gymphlex, David Luke, Rowlinson and Wm Turner, who between them run one Exhibition each year for the benefit of the School Uniform market.

How the law protects you

Your privacy is protected by law. This section explains how this works.

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sometimes sharing it outside AIS Ltd. The law says we must have one or more of these reasons:

  • To fulfil a contract (i.e. the Exhibitor Invoice) we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you otherwise consent to it

A legitimate interest is when we have a business or commercial reason to use your information in our normal course of business and as verified by our legitimate interest assessment (although even then it must not unfairly go against what is right and best for you).

Information we may collect about you

We will primarily hold business related information, although that may include some personal data about you, including for example your name, address, telephone/mobile number(s) and email address.

Examples of the sources of data we collect about you or your company:

  • exhibitor application form;
  • visitor application form;
  • when you talk to us on the telephone, personally or communicate with us via social media or website;
  • in emails and letters;
  • financial reports;
  • business accounts;
  • bank details, if you exhibit at the Show;
  • when you use our website;
  • cookies (find more detailed information via our website(s));
  • when you interact on social media;
  • email tracking facilities;
  • in surveys;
  • payment and transactional data;
  • the internet;
  • publicly available information;

What personal data do we collect for business purposes?

TSSL may collect the following information about you:

  • your name;
  • your business contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
  • your on-line browsing activities on our websites, including;
  • your password(s);
  • your communication and marketing preferences;
  • your product interests, preferences, feedback and survey responses;
  • your location;
  • your correspondence and communications with TSSL.

How we process your data

GDPR law says that we can only use your personal information if we have a proper reason to do so. This includes sharing your data with third parties. We may process your personal data for the following purposes, if relevant:

  • to administer your relationship with TSSL and to manage interactions with your business;
  • to provide services to you;
  • to tailor your experience on our websites;
  • to manage any registered account(s) that you hold with us;
  • to verify your identity;
  • for crime and fraud prevention, detection and related purposes;
  • with your agreement, to contact you electronically about services which we think may interest you;
  • for research and statistical analysis;
  • to carry out marketing activities in a business context, e.g. Shows and email Bulletins;
  • to provide you with information about other services we may be offering;
  • where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
  • to communicate with you about industry news and events, updates to your supplier relationship and other activities we are involved in as an Exhibition Organiser and believe you would be interested in
  • to provide advice or guidance about using our services
  • to collect and recover money that is owed to us
  • to communicate with you via social media

We process this data on the basis of our legitimate interest to run TSSL in an efficient and proper way for the benefit of our Exhibitors and Visitors. This includes managing our financial position, planning, audit, communications, business capability and to exercise our rights set out in agreements and contracts. We also process your personal data where required to comply with laws and regulations that apply to us.

How will we protect information we hold?

TSSL has various data and security policies in place to ensure the safe-keeping of the data that we collect. Staff are trained and regularly updated to ensure they are treating your data within the guidelines of this notice.

Data is stored securely within TSSL’s systems to prevent unauthorised access. To deliver services to you.

Retention Period

There are various lengths of time that data is kept for depending on need and other laws that we adhere to. You have the right to be forgotten within our database as long as there isn't an over-riding
legitimate business need.

Unless we explain otherwise to you, we'll hold your personal information based on the following retention periods for personal data:

  • Exhibitor and Visitor records - throughout the commercial relationship and no less than 12 months after that should end
  • Shows and Events – up to 5 years after the event you attended
  • Financial records - 7 years
  • New supplier enquiries - 7 years

When we may share your information

We will treat your personal information as private and confidential, but may share it with each other and disclose it outside of TSSL if:

  • allowed by any agreement entered into by you;
  • you consent;
  • needed by our agents, advisers or others involved in running accounts and services for you or collecting what you might owe to other companies;
  • needed by third parties to help manage your records (such as our IT suppliers who run our computer systems) - please note we will have appropriate separate service contracts in place with these firms;
  • governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:-
    • to comply with our legal obligations;
    • to exercise our legal rights (for example in court cases);
    • for the prevention, detection, investigation of crime or prosecution of offenders; and
    • for the protection of our employees.

Please note that where we have a relationship with a third party involving your data, we will have a signed data controller/processor agreement with them.

What are your rights?

You have the right to ask us to provide you with access to and rectification or erasure of your personal data providing there isn’t a legitimate business need for it to be kept. Providing you with this information is free of charge, but charges may apply for excessive requests. You have the right to ask us to provide you or a third party with the personal data you have provided to us in an electronic format.

You have the right to object to certain purposes for processing.

If you wish to stop us from providing you with marketing or information communications then you can opt out at any time by ticking the appropriate boxes within an email or mailing or contacting us directly.

If you have any questions about how TSSL use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by either of the following means:

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at

Changes to this policy

Any changes we make to this policy in the future will be communicated to you by email or letter. The full notice (as it currently stands) will be available on our website ( as well as available on request via the above email address.


In the event that we believe there is a serious breach to our systems or data we will inform the Information Commissioner's Office within 72 hours and will inform the affected parties as soon as practically possible thereafter.

This policy was last updated in May 2018.