Table of contents
- Who is International Admission Service (IAS)?
- Legal basis for processing your personal data
- When do we collect your Personal Data?
- Categories of Personal Data we collect
- Why do we use your Personal Data?
- How do we look after your Personal Data?
- How long do we retain your Personal Data?
- Sharing your Personal Data
- Processing and Transferring your Personal Data
- Your rights as a data subject
- Contact Details: Data Protection Officer
The terms “the Company,” “we,” “us,” “our,” and “ours” refer to International Admission Service (IAS). The terms “you,” “your,” and “yours” refer to the user or viewer of the Website or user of the Services, as applicable.
Who is International Admission Service (IAS)?
International Admission Service (IAS) is a "data controller.” This means that we are responsible for deciding how we hold and use personal information about you. Where we act as a data controller, we are required under data protection legislation to notify anyone who provides personal data to us, either directly or through a third party, of the information contained in this Privacy Notice.
Registered as a limited company in the United Kingdom, International Admission Service (IAS) is an Education Agent for overseas university admission. Our head office is located in London, United Kingdom, at the following address:International Admission Service (IAS)
80-82 Nelson Street,
The address for our branch office in Dhaka, Bangladesh, is:International Admission Service (IAS)
House No: 313 (1st floor)
Road No: 21, Mohakhali, DOHS,
Dhaka: 1212, Bangladesh
For ease of reading this notice, the “Company” will be referred to as “we” and “us” in this policy.
Legal basis for processing your personal data
The Company is a global company and understands that the laws on data protection may be different in different countries; however, the Company has set out below several other reasons for which we may collect and process your data, including:
- In specific situations, we can collect and process your data with your consent, for example, when you tick a box to receive marketing material from us.
- When collecting your data, we’ll endeavor to collect the minimum necessary to provide our services.
- Depending upon national and sometimes state law, you may be called a “minor or child” when signing a contract or consenting for us to collect and process your data. This means you have not reached the legal age of consent.
- In many countries, including Australia, New Zealand, Canada, Singapore, and the USA, it is usual to require a person to be 18 years of age to have reached the legal age of consent.
- In Europe, it is usual for a person who is 16 years of age, 13 in the UK, to consent to receive marketing information. As part of protecting you and your rights, if the law says you are still a “minor or child,” we require your parents/guardians’ consent to collect and process your data via online services directly.
- Explicit Consent means that you have been presented with an option to agree or disagree with collecting, using, or disclosing personal information.
- Suppose we need to collect special categories of data from you to provide you with the services you require or meet our legal obligations. In that case, we will collect this data based on your explicit consent, national/regional social protection laws, or for statistical reporting purposes requested by official bodies.
- The particular category data that we may request from you includes details such as your racial or ethnic origin and passport or birth certificate because they are necessary to satisfy enrolment or visa requirements. We may also need to collect data concerning your health (e.g., medical check reports and immunization history) to provide additional support to you.
- In certain circumstances, we will need to collect your data to meet our contractual obligations to you.
- We will collect this data to make an offer to you to study or enroll with us or work with us.
- We will use this data to establish a contract that sets out your obligations as a student or employee and our obligations as the study services or employment provider to you.
If the law requires us to, we may need to collect and process your data for several reasons, for example to:
- prevent fraud
- Meet the needs of immigration authorities
- Meet the requirements of universities
- Comply with Consumer Protection law
In specific situations, we collect your data to undertake our legitimate interests in a way that might reasonably be expected as part of running our business and does not materially impact your rights, freedom, or interests. It might include:
- Staying in touch with you for purposes of staying in touch with ex-students as part of an alumni program
- Keeping you informed regarding Company highlights and news
When do we collect your Personal Data?
- When you visit any of our website pages (here, we collect transaction-based data).
- When you apply to register or open an online account via our website or marketing campaigns.
- When you complete our online or paper/PDF application forms.
- When you engage with us on social media.
- When you contact us by any means with queries, comments, etc.
- When you book an appointment with us.
- When you book to attend an event.
- When you’ve given a third-party permission to share with us the information they hold about you.
- When you attend a university, campus, or office, which may have CCTV systems operating for the security of Students, Visitors, and Staff, these systems may record your image during your visit.
- When you engage with our online marketing tools and attend our online admission sessions through tools such as Zoom etc.
- For employees, we collect your data throughout your employment with the Company.
Categories of Personal Data we collect
Your contact and other details, i.e., you’re:
- Date of birth
- Sexual orientation
- Marital status
- Medical information
- Disability information
- Postal address (can be a postal box number and a street address)
- Social media contacts
- Telephone number/s (mobile and landline)
- Email address
- Skype ID
- Next of kin’s details
Identity and Immigration documentation, i.e., your:
- Driver's license
- National Insurance Number
- Identity card
- Visa details
- Birth certificate
- Marriage certificate
- TB Certificate
- COVID-19 status
- Criminal Convictions and offenses
Your financial details, i.e., you’re:
- Funds details
- Sources of funds
- Bank details
- Bank Statement
Your educational and work history inclusive of but not limited to your:
- Current and past qualifications
- Institution/s you studied at
- Most recent study experience
- Work experience details
Details of your interactions with us, such as:
- We collect details of inquiries and comments you make on the web pages you visit or when you contact us by email, telephone, or in person.
- Information is gathered by the use of ‘cookies’ in your web browser. (Learn more about our ‘Cookies Policy.’
Additionally, for employment purposes:
- Social security (or equivalent) details
- Next of Kin details
- Health information
- Your image, voice, and written contributions
- As you interact with our website and other platforms made available by the company, we may automatically collect technical data about your equipment, browsing actions, and patterns.
Why do we use your Personal Data?
- To ensure that we provide you with the information and service you need, we sometimes combine our data about you. This is allowed as part of our legitimate interest to provide you with the right and optimum service.
- If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
- If you choose not to share your data with us or refuse specific contact permissions, we might not be able to provide some or all of the services you’ve asked for. In this case, we will contact you to confirm your request.
The reasons we use your data include:
- To operate and administer our business to provide you with the best possible service for queries, admission and visa applications, etc. This is done on the based private business interests.
- To respond to your queries and requests.
- We may keep a record of communication with you. We do this based on our contractual obligations to you, our legal obligations, and ou,r legitimate interests in providing you with the best service.
- To protect our business and you from fraud and other illegal activities. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
- To protect our students, visitors,s and staff, premise,s, and assets, we operate CCTV systems in some of our offices that record images for security. We do this based on our legitimate business interests.
- To process payments and prevent fraudulent transactions. This is done based on legitimate business interests and to help protect you from fraud.
- We will use your personal data preferences to keep you informed by email, web, text, social media, and telephone about relevant services and events with your consent.
- To protect your vital interests if you become unable to provide consent.
- To hire and manage employees and contractors. We do this as part of our contract with you.
- To send you communications required by law or necessary to inform you about our changes to the services we provide you. (For example, updates to this Privacy Notice).
- These service messages will not include any marketing content and do not require prior consent when sent by email or text message. We need to keep you informed to comply with our legal obligations.
- To comply with our contractual or legal obligations to share data with law enforcement if necessary, for example: If a court order is presented, we must share your data with law enforcement agencies or courts of law.
How do we look after your Personal Data?
- We know how much data security matters. We will treat your data with the utmost care and respect and take all appropriate steps to protect it.
- We secure access to all transactional areas of our websites and apps using ‘HTTPS’ technology.
- Access to your data is restricted and secure, and sensitive personal data such as health information is secured via password protection and encryption.
- Storage systems for paper copies are secured, and access is managed through the Company’s access protocols.
How long do we retain your Personal Data?
We will only retain your data for as long as necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting
requirements. We may retain your data for a more extended period in the event of a complaint or if we reasonably believe there is a prospect of litigation concerning our
relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
- We have a detailed records management program in place, and all records (paper and electronic) must be managed according to their security and disposal steps.
- Whenever we collect or process your data, we will store it safely and only for as long as it is necessary for the original purpose of compiling it or as required by law.
- Your data will be deleted entirely at the end of the documented retention period.
Sharing your Personal Data
We share your data with trusted Third Parties.
- We sometimes share your data with trusted third parties to provide services and business functions. An example of a third party would be an International Admission Service (IAS) contracted College/University Partner.
- We set obvious directions and expectations for those organizations regarding your privacy and personal data safety and protection.
- The directions and expectations are set out by us/third parties in our contract and include:
- Providing them only the information they need to perform their specific services
- Setting out the purpose for which the personal data is being shared
- Confirmation that they will make every reasonable effort to ensure that your privacy is respected and protected
- If we stop using their services, they will undertake to either securely delete or render anonymous any of your data held by them
- They will inform us immediately in the event of a suspected or actual breach being detected
The types of third parties we work with include:
- Educational Agent Groups
- IT companies supporting our websites
- Cloud storage companies
- Customer Relationship Management application providers
- Educational establishments
- Educational professionals
- Regulatory authorities
- Accommodation providers
- Estate services
- Online webinar providers
- Financial service providers
- Travel service providers
- British Council
How do third-party partners use your Personal Data?
- When you use a service from one of our chosen partners, your data will be collected and used by them under the terms of their separate privacy policies.
Why do we share your Personal Data?
- We need to share your data with trusted third parties to meet legal and regulatory obligations and fulfill our contractual promise to you.
We will only share your data with third parties in particular circumstances, for example:
- With your consent, given that you supplied your data, we may pass that data to a third party for their direct marketing purposes.
- When working with academic professionals to ensure the delivery of high-quality services to you.
- We may share information about fraudulent or potentially fraudulent activity on our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- If we receive a valid request from the police or other law enforcement agency, regulatory or Government authority in your country of origin or elsewhere, we may be required to disclose your data.
- From time to time, we may expand, reduce or sell the Company and this may involve the transfer of business entities or the whole business to new owners. If this happens, your data will, where relevant, be transferred to the new owner or controlling party under the terms of this Privacy Notice.
Processing and Transferring your Personal Data
- We have operations in different geographic regions; therefore, we will sometimes need to share your data across national boundaries and borders, i.e., outside the European Economic Area (EEA).
- Suppose we do transfer your data across an international border. In that case, procedures are in place to ensure your data receives the same protection as if it were being processed inside your country of residence, for instance, an EEA member-country or Australia or Asia or Canada or the USA, etc.
Your rights as a data subject
Under certain circumstances, by law, you have the right to:
Request access to your data
You can request access to your data; this is only known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and check that we are lawfully processing it.
Request correction of the personal data
You can send us a request to make corrections (if there is any error) to the data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your data
Erasure request is commonly known as “right to be forgotten” - this enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
Object to processing of your data
Where we rely on a legitimate interest (or those of a third party) and something about your particular situation makes you want to object to processing on this ground. You also have the right to object to where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your data
This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your data to another party
This is also known as “right to data portability.” We will provide your data in a structured, commonly used, machine-readable format to you or a third party you have chosen. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Request to withdraw consent
Suppose you may have provided your consent to collect, process, and transfer your data for a specific purpose. In that case, you have the right to withdraw your consent for that particular processing. To withdraw your consent, please contact us using the contact details in this Privacy Notice. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to unless we have another legitimate basis for doing so in law.
If you wish to exercise any of the rights set out above, please contact us at the provided contact details at the end of this policy. For any of the requests above:
No fee is usually required
You will not have to pay a fee to access your data (or exercise any other rights). However, we may charge a reasonable fee if your access request is unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to anyone who has no right to receive it. We may also contact you to ask you for further information about your request to speed up our response.
Time limit to respond.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
You have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please please get in touch with us first instance.
- If you require any further information, we will be pleased to provide you with further detail.
- If you are contacting us to complain about an alleged breach of this Privacy Notice or our legal privacy obligations, please provide us with as much detail about your complaint to deal with your concern quickly and effectively.
- We will take every privacy complaint seriously and assess it to resolve it quickly and efficiently.
- We’d be grateful for your cooperation with us during this process by providing us with any relevant information that we may need.
Contact Details: Data Protection Officer
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer, H M Mashiur Rahman, in writing with full details of your request.
AddressH M Mashiur Rahman
Data Protection Officer
International Admission Service (IAS)