Estudyquals — Privacy Policy

1) Who we are (Data Controller)

Estudyquals (“we”, “us”) is the data controller for personal data processed in connection with our programmes, services, partnerships, and this website.

Operational location: Larnaca, Cyprus. Privacy contact: privacy@estudyquals.com

For programmes delivered with awarding bodies or universities, those organisations may also act as independent or joint controllers. Their privacy notices apply in addition to this one.

2) Scope of this notice

This notice explains what data we collect, why and how we use it, who we share it with, how long we keep it, the legal bases we rely on, and your rights under EU GDPR/UK GDPR and applicable national laws.

3) What data we collect

• Identity & contact: name, title, date of birth, nationality, email, phone, address, ID numbers (e.g., passport/ID), learner IDs.
• Admissions & academic: prior qualifications, transcripts, English evidence (CEFR/IELTS/LRN), CV, references, application forms, interview notes, programme choices, enrolment status, attendance, grades, feedback.
• Financial: invoices, payments, bursaries/scholarships, sponsor/third‑party payer details.
• Learning & assessment: coursework submissions, originality reports, feedback, moderation samples, board outcomes.
• Support & safeguarding (where relevant): reasonable adjustments/ILP, disability/health info you choose to share; safeguarding reports.
• Communications & marketing: enquiries, call/meeting notes, email threads, events, newsletter preferences.
• Technical & website: IP address, device/browser type, pages visited, cookies/analytics, form submissions, download logs.

Special category data (e.g., health/disability for accessibility) is processed only where necessary, with an appropriate legal basis and safeguards.

4) How we collect data

• Directly: enquiries, forms, admissions, enrolment, learning activities, assessments, events.
• Third parties (with your knowledge/permission): referees, prior institutions, awarding bodies, agents/centres.
• Automatically: via our website/services (analytics, cookies, logs).

5) Legal bases for processing

• Contract (Art. 6(1)(b)) — applications, enrolment, delivery, assessment, results/certificates, learner support.
• Legal obligation (Art. 6(1)(c)) — regulatory/reporting duties, safeguarding.
• Legitimate interests (Art. 6(1)(f)) — manage/improve services, academic integrity, enquiries, IT security, marketing of similar services to existing customers (opt‑out available).
• Consent (Art. 6(1)(a)) — optional activities (e.g., newsletters to non‑customers, certain cookies, testimonials). Withdraw anytime.

Special category data (Art. 9): for accessibility/safeguarding we rely on explicit consent, or relevant employment/social protection law, or substantial public interest with safeguards.

6) Purposes of processing

• Admissions & enrolment
• Programme delivery (on‑site/online), VLE access, attendance/progress
• Assessment, moderation, boards, results, certificates
• Learner support & reasonable adjustments
• Partner/centre/agent management & compliance
• Financial administration (invoicing, payments, refunds)
• Safety, security, academic integrity, fraud prevention, IT security
• Communications & marketing (where permitted)
• Compliance, audit, and governance

7) Sharing your data

• Awarding bodies/universities (recognition, moderation, certification)
• Approved centres/partners/agents (under contract)
• Service providers (processors): VLE/hosting, email/SMS, proctoring/originality tools, payments, analytics, secure storage
• Professional/regulatory bodies & authorities (where required)
• Financial institutions and auditors

We do not sell your personal data.

8) International transfers

Where data is processed outside the EEA/UK (e.g., cloud services), we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and UK IDTA, where applicable) or adequacy decisions.

9) Retention periods

• Admissions (unsuccessful): 2 years after decision
• Learner assessment records: ≥1 year after ratification or per awarding body
• Assessment boards & moderation: 6 years
• Complaints/appeals: 6 years
• Safeguarding: per statutory guidance (case‑specific)
• Financial records: 6–10 years (jurisdiction dependent)

A detailed Retention Schedule is available on request.

10) Your rights

• Access, rectification, erasure, restriction
• Object to processing based on legitimate interests or to direct marketing
• Data portability (consent/contract, automated)
• Withdraw consent (where relied upon)

Contact privacy@estudyquals.com. We aim to respond within one month.

11) Marketing preferences

We may send programme updates to existing customers under legitimate interests. For others, we rely on consent. Unsubscribe anytime via email footer or by contacting us.

12) Cookies & analytics

We use cookies to operate the site, remember preferences, and analyse usage. Non‑essential cookies run only with consent (where required by law). Manage preferences via the cookie banner and your browser. See our Cookie Policy for details.

13) Automated decision‑making / profiling

We do not make decisions with legal or similarly significant effects solely by automated means. If this changes, we will explain the logic involved and your rights.

14) Security

We apply proportionate technical and organisational measures (access controls, encryption in transit/at rest where feasible, secure configuration, staff training, breach response). We will act in line with legal requirements in the event of a personal data breach.

15) Children & vulnerable persons

Where programmes involve under‑18s or vulnerable adults, we apply enhanced safeguards (ID/parental consent where applicable, safeguarding procedures, minimal data, need‑to‑know sharing).

16) Complaints

Contact privacy@estudyquals.com first. You may also contact your data protection authority. In Cyprus: Office of the Commissioner for Personal Data Protection. In the UK: ICO.