educationforyou.co.uk
Please wait...
«Education For You» LTD → UK Higher Education Consulting Agency, +44 7736029798 , +44 2045773499
We greatly appreciate your interest in our organisation. The protection of personal data is a matter of utmost importance to the management of educationforyou.co.uk. Generally, the use of the educationforyou.co.uk website does not require the provision of personal data. However, should a user wish to access specific services provided through our website, the processing of personal data may become necessary. In instances where the processing of personal data is required and there is no legal basis for such processing, we will seek the explicit consent of the data subject.
The processing of personal data, including but not limited to the name, address, email address, or telephone number of an individual, will always be conducted in compliance with the General Data Protection Regulation (GDPR) and any other applicable country-specific data protection laws relevant to educationforyou.co.uk. Through this data protection declaration, we aim to inform the general public about the nature, scope, and purposes for which personal data is collected, used, and processed by our organisation. Additionally, this declaration serves to notify data subjects of their rights concerning the personal data held by us.
As the data controller, educationforyou.co.uk has implemented a range of technical and organisational measures to ensure the highest level of protection for personal data processed via this website. However, it is important to note that data transmissions over the Internet may inherently have security vulnerabilities, and therefore absolute protection cannot be guaranteed. For this reason, data subjects are free to provide personal data to us through alternative means, such as by telephone, should they prefer.
The data protection declaration of educationforyou.co.uk is aligned with the terminology employed by the European legislator in the adoption of the General Data Protection Regulation (GDPR). It is our objective that this declaration be clear and comprehensible to the general public, as well as to our customers and business partners. To facilitate this, we aim to first clarify the terms used in this declaration.
In this data protection declaration, we employ the following terms, among others:
“Personal data” refers to any information relating to an identified or identifiable natural person (referred to as the “data subject”). An identifiable natural person is one who can be identified, either directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
A “data subject” is any identified or identifiable natural person whose personal data is being processed by the controller responsible for that processing.
“Processing” refers to any operation or set of operations performed on personal data or on sets of personal data, whether by automated means or otherwise. This includes, but is not limited to, the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of such data.
“Restriction of processing” refers to the marking of stored personal data with the intent of limiting its processing in the future.
“Profiling” refers to any form of automated processing of personal data aimed at evaluating certain personal aspects related to a natural person. This includes, in particular, analysing or predicting aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
“Pseudonymisation” refers to the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
“Controller” or “controller responsible for the processing” refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by that law.
“Processor” refers to a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
“Recipient” refers to a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether or not they are a third party. However, public authorities that may receive personal data in the context of a specific inquiry in accordance with Union or Member State law are not regarded as recipients. The processing of such data by these public authorities must comply with applicable data protection rules in line with the purposes of the processing.
“Third party” refers to any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and those persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Consent of the data subject” refers to any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, whereby they, through a statement or clear affirmative action, signify their agreement to the processing of personal data relating to them.
For the purposes of the General Data Protection Regulation (GDPR), other applicable data protection laws in Member States of the European Union, and other relevant data protection provisions, the controller is:
Company Name: EDUCATION FOR YOU LTD
Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Phone: +44 7736029798, +44 2045773499
Email: info@educationforyou.co.uk
Website: https://educationforyou.co.uk/
The website of educationforyou.co.uk collects a range of general data and information when a data subject or an automated system accesses the site. This general data and information are stored in the server log files. The data collected may include: (1) the types and versions of browsers used, (2) the operating system of the accessing system, (3) the website from which the accessing system reached our site (so-called referrers), (4) the sub-pages visited, (5) the date and time of access, (6) the Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that may be relevant in the event of attacks on our information technology systems.
When using this general data and information, educationforyou.co.uk does not draw any conclusions about the data subject. This information is primarily needed to: (1) deliver the content of our website properly, (2) optimise the website’s content and advertisements, (3) ensure the long-term functionality of our information technology systems and website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. Consequently, educationforyou.co.uk analyses this anonymously collected data and information statistically, with the aim of improving data protection and security and ensuring an optimal level of protection for the personal data we process. The anonymous data stored in the server log files is kept separate from any personal data provided by a data subject.
The data controller shall process and store the personal data of the data subject only for the duration necessary to fulfil the purpose for which the data is being stored, or as long as permitted by the European legislator or other applicable laws and regulations to which the controller is subject.
If the purpose for storage no longer applies, or if the storage period prescribed by the European legislator or another competent authority expires, the personal data will be routinely blocked or erased in compliance with the applicable legal requirements.
Each data subject has the right, as granted by the European legislator, to obtain confirmation from the controller as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right of confirmation, they may contact any employee of the controller at any time.
Each data subject has the right, as granted by the European legislator, to obtain from the controller, at any time and free of charge, information about their stored personal data, along with a copy of that information. Additionally, the European directives and regulations grant the data subject access to the following information:
Furthermore, the data subject has the right to obtain information on whether their personal data are being transferred to a third country or an international organisation. In such cases, the data subject also has the right to be informed of the appropriate safeguards in place concerning the transfer.
If a data subject wishes to exercise their right of access, they may contact any employee of the controller at any time.
Each data subject has the right, as granted by the European legislator, to obtain from the controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may contact any employee of the controller at any time.
Each data subject has the right, as granted by the European legislator, to obtain from the controller the erasure of personal data concerning them without undue delay. The controller is obligated to erase personal data without undue delay where one of the following grounds applies, provided that the processing is not necessary:
If one of the aforementioned reasons applies and a data subject wishes to request the erasure of personal data stored by educationforyou.co.uk, they may contact any employee of the controller at any time. An employee of educationforyou.co.uk shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged, pursuant to Article 17(1) of the GDPR, to erase the personal data, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure of any links to, or copies or replications of, those personal data, as far as processing is not required. An employee of educationforyou.co.uk will arrange the necessary measures in each individual case.
Each data subject has the right, as granted by the European legislator, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. The data subject also has the right to transmit those data to another controller without interference from the controller to whom the personal data were originally provided, provided that the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means. This right does not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Additionally, when exercising their right to data portability under Article 20(1) of the GDPR, the data subject has the right to request the direct transmission of personal data from one controller to another, where technically feasible and where such transmission does not adversely affect the rights and freedoms of others.
To exercise the right to data portability, the data subject may contact any employee of educationforyou.co.uk at any time.
Each data subject has the right, as granted by the European legislator, to object, at any time and on grounds relating to their particular situation, to the processing of personal data concerning them, where such processing is based on point (e) or (f) of Article 6(1) of the GDPR. This right also applies to profiling based on these provisions.
Upon receiving an objection, educationforyou.co.uk will cease processing the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or if the processing is necessary for the establishment, exercise, or defence of legal claims.
If educationforyou.co.uk processes personal data for direct marketing purposes, the data subject has the right to object, at any time, to the processing of their personal data for such marketing. This includes profiling to the extent that it is related to direct marketing. Upon receiving an objection to processing for direct marketing purposes, educationforyou.co.uk will immediately cease processing the personal data for these purposes.
Furthermore, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data by educationforyou.co.uk for scientific or historical research purposes, or for statistical purposes, as outlined in Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may contact any employee of educationforyou.co.uk. Additionally, the data subject is entitled, in the context of using information society services and in accordance with Directive 2002/58/EC, to exercise their right to object by automated means using technical specifications.
Each data subject has the right, as granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for entering into or the performance of a contract between the data subject and a data controller, (2) is authorised by Union or Member State law to which the controller is subject and which provides for appropriate measures to safeguard the data subject’s rights, freedoms, and legitimate interests, or (3) is based on the data subject’s explicit consent.
Where the decision (1) is necessary for entering into or the performance of a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, educationforyou.co.uk shall implement appropriate measures to safeguard the data subject’s rights, freedoms, and legitimate interests. These measures shall include, at a minimum, the right for the data subject to obtain human intervention from the controller, to express their point of view, and to contest the decision.
If the data subject wishes to exercise their rights concerning automated individual decision-making, they may contact any employee of educationforyou.co.uk at any time.
Each data subject has the right, as granted by the European legislator, to withdraw their consent to the processing of their personal data at any time.
If a data subject wishes to exercise their right to withdraw consent, they may contact any employee of educationforyou.co.uk at any time.
The controller has integrated the Google Analytics component (with the anonymization function) on this website. Google Analytics is a web analytics service that collects, gathers, and analyzes data about the behavior of website visitors. This includes data about the website from which a user arrived (the so-called referrer), which sub-pages were visited, and how often and for what duration a sub-page was viewed. Web analytics are primarily used to optimize the website and to conduct a cost-benefit analysis of online advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States.
For web analytics via Google Analytics, the controller uses the application “_gat._anonymizeIp,” which ensures that the IP address of the data subject's Internet connection is anonymized by Google when accessing the website from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze traffic on our website. Google uses the collected data to evaluate the use of the website, provide online reports on website activities, and offer other services related to website usage.
Google Analytics places a cookie on the information technology system of the data subject. Cookies, as defined earlier, allow Google to analyze the use of the website. When accessing pages of this website where the Google Analytics component is integrated, the browser on the data subject's system automatically transmits data to Google for online advertising and commission settlement purposes. Through this process, Google may collect personal data, such as the IP address of the data subject, to understand visitor origins and track clicks for commission reporting.
The cookie stores personal information, including access times, the location from which access was made, and the frequency of visits to the website by the data subject. Such data, including the IP address, is transmitted to Google in the United States, where it is stored. Google may share this data with third parties through the technical process.
The data subject may prevent the use of cookies on this website by adjusting their web browser settings to block cookies permanently. Such adjustments will also prevent Google Analytics from placing cookies on the data subject's system. Additionally, any cookies already set by Google Analytics can be deleted through the web browser or other software programs.
The data subject also has the right to object to data collection and processing by Google Analytics. To exercise this right, the data subject may download and install a browser add-on available at https://tools.google.com/dlpage/gaoptout. This add-on prevents Google Analytics from collecting and processing data about website visits by notifying Google through a JavaScript command. If the system is later reinstalled, formatted, or updated, the browser add-on must be reinstalled to maintain the objection to data processing. If the add-on is uninstalled or disabled, it can be reinstalled or reactivated at any time.
Further information about Google's data protection policies is available at https://www.google.com/intl/en/policies/privacy/, and the terms of service for Google Analytics can be accessed at http://www.google.com/analytics/terms/us.html. Additional information about Google Analytics can be found at https://www.google.com/analytics/.
Article 6(1)(a) of the GDPR serves as the legal basis for processing operations where we obtain the data subject’s consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party—for example, when processing is required for the supply of goods or the provision of services—the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations necessary for pre-contractual measures, such as inquiries related to our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as compliance with tax obligations, the processing is based on Article 6(1)(c) of the GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. For example, if a visitor is injured on our premises, it may be necessary to process their name, age, health insurance information, or other vital details to provide this information to a doctor, hospital, or other relevant third party. In such cases, the processing is based on Article 6(1)(d) of the GDPR.
Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing that does not fall under the aforementioned grounds but is necessary for the purposes of legitimate interests pursued by our company or a third party, provided that such interests are not overridden by the data subject’s interests or fundamental rights and freedoms requiring the protection of personal data. Such processing operations are considered permissible under Recital 47, Sentence 2 of the GDPR, which acknowledges that a legitimate interest may exist when the data subject is a client of the controller.
Where the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest lies in conducting our business operations in a manner that supports the well-being of our employees and shareholders.
The criteria used to determine the storage period for personal data are based on the applicable statutory retention periods. Once these periods expire, the corresponding data is routinely deleted, provided it is no longer required for the performance of a contract or the initiation of a new contract.
We clarify that the provision of personal data may be required by law (e.g., compliance with tax regulations) or may arise from contractual obligations (e.g., details regarding a contractual partner).
In certain cases, the conclusion of a contract may necessitate the data subject providing personal data, which must subsequently be processed by us. For example, the data subject is required to provide personal data when entering into a contract with our company. Failure to provide such data may result in the inability to conclude the contract with the data subject.
Before providing personal data, the data subject is encouraged to contact any employee of our company. The employee will clarify whether the provision of personal data is required by law, by contract, or for the conclusion of the contract, whether there is an obligation to provide the data, and the potential consequences of failing to provide the required personal data.
Last update: 25.01.2025