COMPANY POLICIES

Terms & Conditions

Our T&C’s outlines the values and principles that help shape the way we work. It is primarily aimed at employees and we encourage our business partners, including suppliers, franchise and partners, to adopt and apply the T&C’s wherever they represent or promote the Yours brand. The key principles include:

Code of Practice for Suppliers

Yours Code of Practice summarises the minimum standards for working conditions that we expect our Suppliers to adhere to in the production of all Yours products. The Code of Practice requires compliance with all local legal and regulatory requirements of the country in which the facility is located; to recognise International standards and to uphold the core labour conventions of the International Labour Organization. Where there is any conflict between these we expect the higher standard to be achieved.

• All work must be conducted on a voluntary basis, and not under threat of any penalty or sanctions.

• The Supplier shall not use any form of forced, bonded, indentured, trafficked, slave or prison labour.

• Workers must not be required to lodge "deposits" or their identity papers with their employer. All workers should be provided free and unrestricted access to potable water and clean toilet facilities.

• used in the Code of Practice the term “Supplier” includes but is not limited to vendors, agents, factories, sub-contractors and material & component suppliers

HR policies

Yours Clothing Ltd will not use or allow the use of forced, compulsory labour, slavery, servitude or human trafficking in the course of its business. This includes sexual exploitation, securing services by force, threats or deception and securing services from children and vulnerable persons.

Our employment procedures guarantee that Yours Clothing Ltd conducts appropriate checks on all staff to ensure they can legally work in the United Kingdom.

In addition, all internal policies are reviewed regularly to ensure continued compliance with the Modern Slavery Act 2015.

• Outsourcing Policy. This establishes that Yours Clothing Ltd will continue to comply with the Modern Slavery Act 2015 and conduct annual reviews of outsourced suppliers

• Recruitment Policy. This confirms that Yours Clothing Ltd will conduct checks on all staff to safeguard that they can legally work in the United Kingdom

• Corporate Responsibility Policy. This policy is designed to ensure that Yours Clothing Ltd is conducting its business responsibly.

• Whistleblowing Policy. Yours Clothing Ltd encourages all of its employees to report any concerns related to the activities of the firm. The organisation’s whistleblowing procedure is designed to ensure that any matter raised under this procedure will be investigated thoroughly, promptly and confidentially, and the outcome of the investigation reported back to the individual who raised the issue. Additionally, the policy guarantees that no one will be victimised for raising a matter under this procedure.

Due Diligence and Audits of suppliers

We believe that our biggest exposure to Modern Slavery is in our product supply chains, which is a biggest focus initially. Within these areas, new suppliers and factories/sites are subject to due diligence checks in the form of a valid 3rd party ethical audit to SMETA (or similar standards). Existing factories are also required to provide Yours with 3rd party audit information.

In common with other retailers, audits are conducted either by our Yours Buying & Garment Technical team or by a third-party service provider on our behalf.

These audits are used to assess compliance with Yours Terms & Conditions and Code of practice for suppliers and identify issues for investigation so action can be taken.

In the first instance, we aim to gather the information through our audit programme to take action to improve conditions were necessary and to inform sourcing decisions.

Yours does not tolerate forced labour, slavery or human trafficking within our direct operations or supply chains. Where any non-compliance to Yours Code of Practice for Suppliers is identified, we expect and support suppliers to take action to correct it. If a supplier does not take effective action in a timely manner withdrawing our business remains the final sanction.

• Mapping our supplier chains to assess particular industry/sector and geographical risk, to have a clear idea of where the business risks lie

• Assessment scope covers all aspects of our business including Retail operations, Property, Logistics, HR and IT as well as our product supply chains

• Meeting with a 3rd party to discuss conducting a modern slavery risk assessment on behalf of Yours Clothing

• Reviewing our governance structures for responsible sourcing of Goods for Resale (GfR) and Goods Not for Resale (GNfR)

• Published the Yours Modern Slavery statement

• Internally publish the findings of modern slavery risk assessment, collate action plan to further mitigate risks and drive improvement using best practice examples from other retailers

• Engage our supply base by writing to all areas of our business to raise awareness of the Modern Slavery Act and Human Rights

• Review of potential KPIs and monitoring

Approved by the Board of Yours Clothing Ltd on 25.01.2021 and signed on its behalf by:

David Preece Company Secretary  25.01.2021

This data protection policy ensures that Yours Clothing Limited:

• Complies with data protection law and follows good practice

• Protects the rights of staff, customers, and business partners

• Is open about how it stores and processes individuals’ data

• Protects itself from the risks of a data breach

• The Data Protection Act 1998 describes how organisations — including Yours Clothing Limited — must collect, handle and store personal information.

• These rules apply regardless of whether data is stored electronically, on paper or on other materials.

• To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

Policy Scope

This policy applies to the Head Office, all store sites, all staff and volunteers, and all contractors, suppliers and other people working on behalf of Yours Clothing Limited.

It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998, including but not limited to individuals’:

• Name
• Postal Address
• Email Address
• Telephone Number
• Payment Information
• Photographs
• Locations
• IP Address
• Online Behaviours
• Any special category data such as; Religion, Health Information

Data protection risks

This policy helps to protect from some very real data security risks, including:

• Breaches of confidentiality. For instance, information being given out inappropriately.

• Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.

• Reputation damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.

Responsibilities

Everyone who works for or with the Company has some responsibility for ensuring data is collected, stored and handled appropriately.

Each team that handles personal data must ensure that it is handled and processed in line with this policy and the data protection principles.

However, these people have key areas of responsibility:

• The Board of Directors is ultimately responsible for ensuring legal obligations are met.

• The Compliance Officer is responsible for:

  • Keeping the board updated about data protection responsibilities, risks and issues.
  • Reviewing all data protection procedures and related policies, in line with an agreed schedule.
  • Handling data protection questions from staff and anyone else covered by this policy.

• The Company Secretary is responsible for:

  • Dealing with requests from individuals to see the data held about them (also called ‘subject access requests’).
  • Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.

• The IT Manager is responsible for:

  • Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
  • Performing regular checks and scans to ensure security hardware and software is functioning properly.
  • Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.

• The Managing Director is responsible for:

  • Approving any data protection statements attached to communications such as emails and letters.
  • Addressing any data protection queries from journalists or media outlets like newspapers.
  • Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.

General staff guidelines

• The only people able to access data covered by this policy should be those who need it for their work.
• Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
• All employees will be provided with training to help them understand their responsibilities when handling data.
• Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
• In particular, strong passwords must be used and they should never be shared.
• Personal data should not be disclosed to unauthorised people, either within the company or externally.
• Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
• Employees should request help from their line manager or the compliance officer if they are unsure about any aspect of data protection.

These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.

Where data is stored on paper, it will be kept in a secure place where unauthorised people cannot see it.

These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:

• When not required, the paper or files should be kept in a locked drawer or filing cabinet.
• Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
• Data printouts should be shredded and disposed of securely when no longer required.

Where data is stored electronically, it will be protected from unauthorised access, accidental deletion and malicious hacking attempts:

• Data should be protected by strong passwords that are changed regularly and never shared between employees.
• If data is stored on removable media, these should be kept locked away securely when not being used.
• Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing services.
• Servers containing personal data should be sited in a secure location, away from general office space.
• Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.
• Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
• All servers and computers containing data should be protected by approved security software and a firewall.

Personal data is of no value to Yours Clothing unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:

• When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
• Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
• Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.
• Employees should not save copies of personal data to their own computers. Always access and update the most recent version of the document from the main file, and update the version.

The law requires Yours Clothing to take reasonable steps to ensure data is kept accurate and up to date.

The more important it is that the personal data is accurate, the greater the effort should be put into ensuring its accuracy.

It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

• Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
• Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
• Make it easy for data subjects to update the information held about them. For instance, via their account online.
• Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.

All individuals who are the subject of personal data held are entitled to:

• Ask what information the company holds about them and why.
• Ask how to gain access to it.
• Be informed how to keep it up to date.
• Be informed how the company is meeting its data protection obligations.

If an individual contacts the company requesting this information, this is called a Subject Access Request. Subject Access Requests from individuals should be made by email.

The data controller will always verify the identity of anyone making a subject access request before handing over any information.

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances, Yours Clothing will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Yours Clothing aims to ensure that individuals are aware that their data is being processed, and that they understand:

• How the data is being used
• How to exercise their rights

To these ends, the company has a Privacy Policy, setting out how data relating to individuals is used by the company. The latest version of this policy is available on the company website www.yoursclothing.co.uk

1.1. Objectives

The objectives of the Yours Clothing Limited Information Security Policy are:

• Confidentiality - Access to Data shall be confined to those with appropriate authority, and protected from unauthorised access.

• Integrity – Information shall be complete and accurate. All systems, assets and networks shall operate correctly, according to specification.

• Risk Management - Appropriate measures are taken to manage risks to the availability and disclosure of information.

• Compliance – Ensured compliance with laws, regulations, and the terms of contracts.

*Failure to comply with the Yours Clothing Limited Information Security Policy may lead to disciplinary action.

1.2. Policy Aim

The aim of this policy is to establish and maintain the security of individuals’ information, information systems, applications and networks owned or held by Yours Clothing Limited by:

• Ensuring all members of staff are aware of, and fully comply with the relevant legislation as described in this and other policies.

• Explaining the principals of security and how they shall be implemented in the organisation.

• Ensuring all members of staff fully understand their own responsibilities towards a consistent approach to security.

• Creating and maintaining a level of awareness of the need for Information Security as an integral part of the day to day business.

• Protecting information assets.

1.3. Scope

• This policy applies to all information, information systems, networks, applications, locations and users of Yours Clothing Limited, or supplied under contract to them.

2.1. Ultimate responsibility for information security rests with the Yours Clothing Board of Directors, and they shall be responsible for managing and overseeing implementing the policy and related procedures

2.2. Line Managers are responsible for ensuring that their permanent and temporary staff, and contractors are aware of:

• The areas of the Information Security Policy that is applicable in their department

• Personal responsibilities for information security

• Where to find, and how to access advice on information security matters

2.3. All staff shall have to comply with information security procedures including the maintenance of data confidentiality and integrity.

2.4. The Information Security Policy shall be maintained, reviewed, and updated accordingly on an annual basis.

2.5. Line managers shall be responsible for the security of their department physical environments where information is accessed, processed or stored.

2.6. Each member of staff shall be responsible for the operational security of the information systems they use.

2.7. Each system user shall comply with the security requirements that are currently in force, and shall also ensure that the confidentiality, integrity and availability of the information they use is maintained to the highest standard.

2.8. Contracts with external contractors that allow access to the organisation’s information systems shall be in operation before access is allowed. These contracts shall ensure that the staff or sub-contractors of the external organisation shall comply with all appropriate security policies.

3.1. Yours Clothing Limited is obliged to abide by all relevant UK and European Union legislation. The requirement to comply with this legislation shall be devolved to employees and agents, who may be held personally accountable for any breaches of information security for which they may be held responsible.

4.1. Management of Security

• Responsibility for Information Security shall reside with the Board of Directors.

• Department Managers are responsible for implementing, monitoring, documenting and communicating security requirements within their teams for the organisation.

4.2. Information Security Awareness Training

• Information security awareness training shall be included in the staff induction process.

• Staff awareness will be reviewed, refreshed, and updated as necessary.

4.3. Contracts of Employment

• All contracts of employment shall contain a confidentiality clause.

• Information security expectations of staff shall be included within the employee handbook, and on induction.

4.4. Security Control of Assets

• Each IT asset, (i.e. hardware, software, application) shall have a named person who shall be responsible for the information security of that asset.

4.5. Access Controls

• Only authorised personnel who have a justified business need shall be given authorisation to access restricted areas containing information systems or stored data.

4.6. Computer Access Control

• Access to computer facilities shall be restricted to authorised users who have business need to use the facilities.

4.7. Application Access Control

• Access to data, system utilities and program source libraries shall be controlled and restricted to those authorised users who have a legitimate business need e.g. systems or database administrators.

4.8. Equipment Security

• In order to minimise loss of, or damage to, all assets, equipment shall be physically protected from threats and environmental hazards.

4.9. Computer and Network Procedures

• Management of computers and networks shall be controlled through standard documented procedures that have been authorised by the board.

4.10. Information Risk Assessment

• Risk assessment and management requires the identification and quantification of information security risks in terms of their perceived value of asset, severity of impact and the likelihood of occurrence. 

• Once identified, information security risks will be recorded on a central business risk register and action plans devised to effectively manage those risks. The risk register and all associated actions shall be reviewed regularly. Any implemented information security arrangements shall also be a regularly reviewed. These reviews shall help identify areas of continuing best practice and possible weakness, as well as potential risks that may have arisen since the last review was completed.

4.11. Information Security Events and Weakness

• All information security events and suspected weaknesses will be reported. These shall be investigated to establish their cause and impacts with a view to avoiding similar or future events.

4.12. Protection from Malicious Software

• Yours Clothing shall use management procedures and countermeasures relating to any software used to protect itself against the threat of malicious software. Users shall not install software on the organisation’s property without permission from the IT Manager, or a Director.

4.13. User Media

• Removable media of all types that contain software or data from external sources, or that have been used on external equipment, require the approval of the IT Manager or a Director before they may be used on Yours Clothing systems. Such media must also be fully virus checked before being used on the organisation’s equipment.

4.14. Monitoring System Access and Use

• An audit trail of system access and data use by all staff shall be maintained.

• Yours Clothing regularly audits compliance with this and other policies. In addition it reserves the right monitor activity where it suspects that there has been a breach of policy. The Regulation of Investigatory Powers Act (2000) permits monitoring and recording of employees’ electronic communications (including telephone communications) for the following reasons:

• To establish the existence of facts

• Detection and investigation of any unauthorised use of the system

• Prevention and detection of crime

• To ascertain or demonstrate standards which are achieved or ought to be achieved by persons using the system (quality control and training)

• National Security Interests

• Compliance with regulatory practices or procedures

• Ensuring the effective systems operation.

• Any monitoring will be undertaken in accordance with the above act and the Human Rights Act

4.15. Accreditation of Information Systems

• Yours Clothing will ensure that all new information systems, applications and networks include a security plan and are approved by the Board before they commence operation.

4.16. System Change Control

• Changes to information systems, applications or networks shall be reviewed and approved by the IT Manager and the Board.

4.17. Intellectual Property Rights

• Yours Clothing will ensure that all information products are properly licensed and approved. Users shall not install software on the organisation’s property without permission from the IT Manager or a Director.

4.18. Business Continuity and Disaster Recovery Plans

• The organisation shall ensure that business impact assessment, business continuity and disaster recovery plans are produced for all mission critical information, applications, systems and networks.

4.19. Reporting

• The IT Manager shall keep the Board informed of the information security status of the organisation by means of regular reports.

The directors recognise their duties under section 172(1) (a) to (f) of the Companies Act 2006 and at all times act in the way they consider, in good faith, would be most likely to promote the success of the company for the benefit of its members as a whole. We have built and maintain strong relationships with our customers, suppliers and producers. They are key to the success of our business. In doing so we like to maintain our business standards to the highest ethical standards. In support of the community the company has partnered with a local hospital charity for focused fundraising drives. This is in addition to supporting national fund raising drives for charities selected by its employees as well as being a bronze award holder for the level of charitable contributions donated to the charities trust through the company assisted payroll giving scheme. Understanding and clear communication remains key to our relationship with our Bankers and professional advisors, together they offer valued experienced guidance. We are an equal opportunity employer and continue to invest in our people and their working conditions and remain committed to good human relations and working practices in all areas of our business. We endeavour to minimise our impact upon the environment and to contribute positively wherever possible. We recycle all plastics and cardboard throughout our stores, warehouse and offices. We utilise Hybrid cars to reduce emission as well as having installed solar panels which supply non-polluting electricity back to the National Grid. The Company actively follows up on our Energy Savings Opportunity Scheme (ESOS) Reports.