Privacy Policy

Updated by UAPP

THIS PRIVACY POLICY WAS UPDATED ON 12th February, 2024 at 11:00 AM GMT

1. Introduction

1.1 Purpose of the Privacy Policy

1.1.1 Information Transparency

This Privacy Policy serves the essential purpose of providing detailed insights into how UAPP ("we," "us," or "our") handles, processes, and protects your personal and non-personal information.

1.1.2 Legal Compliance

It is designed to align with national and international data protection laws, ensuring compliance with regulations governing the collection, usage, and safeguarding of your information.

1.1.3 Empowering Users

By clearly outlining our data practices, this policy empowers you, the user, with knowledge about your rights, choices, and the implications of providing personal information to UAPP. UAPP complies with six principles of General Data Protection Regulation. The personal data of the users is:

Processed fairly, lawfully, and transparently.
Only used for the specified, clearly explained purpose it was collected for.
Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Kept accurate and up-to-date.
Only kept for as long as it is needed (usually until a project or activity is complete) and is then removed and securely deleted.
Processed in a manner that ensures appropriate security of the personal data; it is stored in secure systems and only transferred by secure means.

1.2 Scope of the Policy

1.2.1 Inclusive Application

This Privacy Policy extends its coverage to all individuals interacting with UAPP, encompassing students, prospective students, and any users engaging with our website and services.

1.2.2 Website and Services Inclusion

It applies to data collected through our website, online platforms, and all services offered by UAPP, ensuring a comprehensive understanding of the information handling practices across our digital ecosystem.

1.3 Acknowledgment of Consent

1.3.1 Informed Consent

By using our website, services, or providing personal information to UAPP, you explicitly acknowledge that you have carefully read, understood, and agreed to the terms outlined in this Privacy Policy.

1.3.2 Consent Agreement

Your use of our services implies a consent agreement for the collection, processing, and utilization of your information, as described in this policy. If you disagree with any aspect, we recommend refraining from using our services.

2. Information We Collect

2.1 Personal Information

2.1.1 Types of Personal Information

At UAPP, we meticulously collect various types of personal information to facilitate our services. These may include:

Contact Information: Full names, addresses, phone numbers, and email addresses.
Identification Data: Passport details, national identification numbers, and other relevant identifiers.
Academic Details: Comprehensive educational history, qualifications, and transcripts.
Demographic Information: Date of birth, gender, nationality, and language preferences.
Communication Data: Records of your interactions with UAPP, encompassing emails and other forms of communication.

2.1.2 Sensitive Personal Data

UAPP does not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about members and those signed up to UAPP. However, there are some situations where this will occur (e.g. if you have an accident on one of our events). If this does occur, we’ll take extra care to ensure your privacy rights are protected.

2.1.3 Collection Methods

We employ diverse methods to gather personal information, ensuring a secure and comprehensive approach:

Direct Interaction: Information provided by you when engaging with our website, completing forms, or communicating with our team.
Automated Technologies: We utilize cookies, web beacons, and similar technologies to enhance your online experience, streamline navigation, and personalize content
Third-Party Sources: Information obtained from educational institutions, service providers, and other relevant third parties to facilitate the admission process effectively.

2.2 Non-Personal Information

2.2.1 Types of Non-Personal Information

UAPP also collects non-personal information that aids in improving our services without directly identifying individuals. This may include:

Device Information: Details about the device used to access our services, including device type, operating system, and browser information.
Usage Data: Information about interactions with our website, such as pages visited, time spent, and referral sources.

2.2.2 Collection Methods

To ensure a holistic understanding, we employ various methods to collect non-personal information:

Cookies and Similar Technologies: These tools provide analytics, enhance website functionality, and help us understand user behaviour for continuous improvement.
Server Logs: Recorded information about your device, browser, and access times, aiding in troubleshooting and optimizing our platform.
Analytics Tools: We leverage analytics tools to gather insights into user behaviour, preferences, and overall website performance.

3. How We Use Your Information

3.1 Purpose of Processing

UAPP only uses your personal data with your consent, or where it is necessary in order to:

Enter into, or perform, a contract with you;
Comply with a legal duty;
Protect your vital interests;
For our own (or a third party’s) lawful interests, provided your rights don’t override these.

In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes)

3.1.1 Admission Processing

The primary purpose of collecting your personal information is to facilitate the university admission process. This includes evaluating qualifications, contacting educational institutions, and ensuring compliance with admission requirements.

3.1.2 Communication

We use your contact information to communicate with you throughout the admission process. This includes providing updates, requesting additional documentation, and addressing any queries you may have

3.1.3 Service Improvement

Non-personal information, such as usage data and analytics, is utilized to enhance our services. This involves improving website functionality, optimizing user experience, and identifying areas for refinement.

3.1.4 Administration

Personal data is utilized for internal administrative purposes related to consultant management. This includes but is not limited to payroll processing, performance evaluations, and communication regarding work-related matters.

3.1.4 Information Accuracy

It is essential that consultants keep their personal information accurate and up-to-date. Any changes in personal details, such as contact information or qualifications, should be promptly communicated to the relevant administrative department.

3.1.5 Legal Compliance

The processing of personal data for administrative purposes is carried out to comply with legal obligations, contractual requirements, and internal policies governing employment relationships.

3.1.6 Background Checks

UAPP collects and processes personal data of our consultants for the purpose of conducting background checks. These checks are carried out to ensure the integrity, reliability, and suitability of individuals representing UAPP.

3.2 Legal Basis for Processing

3.2.1 Consent

By using our services, you provide explicit consent for the processing of your personal information for admission-related purposes and other services outlined in this policy.

3.2.2 Contractual Necessity

Processing your information is necessary to fulfil our contractual obligations regarding admission services and administrative purposes. This includes verification of qualifications, communication, and overall admission facilitation.

3.2.3 Legitimate Interests

We may process your information based on our legitimate interests, such as improving our services, ensuring security, and preventing fraudulent activities.

3.3 Information Sharing

3.3.1 Educational Institutions

To facilitate the admission process, we may share your information with relevant educational institutions. This is strictly for the purpose of verifying qualifications and ensuring compliance with admission criteria.

3.3.2 Service Providers

We may engage third-party service providers to assist in various aspects of our services, such as data storage, analytics, and communication tools. These providers adhere to strict data protection standards. Data from third parties that we hold for admission purposes will never be disclosed or shared without the written agreement of the data controller.

3.4 Retention Period

3.4.1 Admission Process

Your personal information is retained for the duration of the admission process. Once the process is complete, we securely archive your information in compliance with data protection regulations.

3.4.2 Non-Personal Information

Non-personal information used for analytics and service improvement purposes is retained for an indefinite period to ensure continued enhancement of our services.

3.4.3 Employment contract

We retain personal information of our consultants for a defined period even after the termination of their contract. This retention is based on legal requirements, internal policies, and the necessity to fulfil the purposes for which the data was collected. Consultants data will be retained for a specified duration to facilitate historical record-keeping, reference checks, and any potential future engagements with the individual.

Consultants have the right to request the deletion of their personal information held by UAPP. Such requests should be submitted in writing, and the information will be promptly deleted unless retention is required by law or for legitimate business purposes.

4. Information Sharing

4.1 Sharing with Educational Institutions

4.1.1 Admission Facilitation

To facilitate the university admission process effectively, we may share your personal information with relevant educational institutions. This sharing is strictly limited to the necessary data required for admission verification and compliance.

4.1.2 Confidentiality Assurance

Rest assured; any information shared with educational institutions is treated with the utmost confidentiality. We ensure that only essential details directly related to the admission process are disclosed

4.2 Third-Party Service Providers

4.2.1 Purposeful Engagement

In certain instances, UAPP may engage third-party service providers to enhance our services. These providers may include data storage, analytics, and communication tools, among others.

4.2.2 Data Protection Standards

Before entering into partnerships, we rigorously assess and select third-party providers who adhere to stringent data protection standards. Contracts are established to ensure the secure and ethical handling of your information.

4.3 Legal Obligations

4.3.1 Compliance with Regulations

UAPP may disclose your information when legally obligated to do so, such as in response to a court order, government request, or other legal proceedings.

4.3.2 User Notification

In the event of legal disclosures, we strive to notify affected users, unless prohibited by law or court order, to ensure transparency and openness.

4.4 Consent-Based Sharing

4.4.1 Explicit Consent

We prioritize your privacy and will only share your information with third parties if you provide explicit consent. Consent is obtained for specific purposes, and you have the option to revoke it at any time.

4.4.2 Transparent Communication

Before seeking your consent, we provide clear and transparent communication regarding the purpose, scope, and duration of the information sharing. This empowers you to make informed decisions about your data.

5. Your Rights

We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:

The right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
The right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
The right to have inaccurate data rectified;
The right to object to your data being used for marketing or profiling; and
Where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.

5.1 Access to Your Information

5.1.1 Requesting Access

You have the right to request access to the personal information we hold about you. To initiate this process, please contact our designated privacy officer, and we will respond to your request promptly.

5.1.2 Information Disclosure

Upon receiving your request, we will disclose the information we hold, including the purpose of processing, categories of data, and recipients of your data

5.2 Correction and Deletion

5.2.1 Data Accuracy

You can request the correction of any inaccuracies in your personal information. We are committed to maintaining accurate and up-to-date records.

5.2.2 Deletion Requests

If you wish to have your personal information deleted from our records, you have the right to make such a request. This process is subject to legal and contractual obligations.

5.3 Object to Processing

5.3.1 Processing Objections

You have the right to object to the processing of your personal information under certain circumstances. We will review and respond to your objection, providing reasons for our decision.

5.3.2 Restriction of Processing

In cases where processing objections are being addressed, we may restrict the processing of your information until a resolution is reached.

5.4 Data Portability

5.4.1 Requesting Data Portability

At your request, we will provide your personal information in a structured, commonly used, and machine-readable format. This allows you to transmit the data to another controller if desired.

5.4.2 Direct Transmission

Upon request, and where technically feasible, we can transmit your personal information directly to another controller, facilitating a seamless transition if you choose to switch service providers.

5.5 Exceptions

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. This is particularly the case where we receive surveys or administrative data from third parties for admission purposes as this will nearly always be in de-identified or anonymized formats. This means that no directly identifying information is shared with us. In these situations, the data collector will have provided you with a privacy notice that informs you how your data will be used but because we do not know who you are, we are not able to directly provide you with a privacy notice ourselves.

You can complain to UAPP directly by contacting us using the contact details on website. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk

6. Security Measures

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorized access to, or use or disclosure of your personal information. Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). All staff receive data protection training and we have a set of detailed data protection procedures which personnel is required to follow when handling personal data set out in our policies.

6.1 Data Security Practices

6.1.1 Encryption Protocols

To safeguard your personal information, we employ robust encryption protocols during data transmission. This ensures that data exchanged between you and our platforms remains secure and confidential

6.1.2 Access Controls

Access to your personal information is restricted to authorized personnel only. Our access control mechanisms and authentication procedures ensure that only designated individuals have the necessary permissions.

6.2 Retention Period

6.2.1 Admission Process

Your personal information is retained for the duration of the university admission process. Once this process is successfully completed, your data is securely archived in compliance with data protection regulations.

6.2.2 Non-Personal Information

Non-personal information used for analytics and service improvement purposes is retained for an indefinite period to support the ongoing enhancement of our services.

6.2.3 Employment contract

6.3 Confidentiality Measures

6.3.1 Employee Training

Our personnel undergo comprehensive privacy training to understand the significance of data protection. This training includes the proper handling and safeguarding of both personal and non-personal information.

6.3.2 Confidentiality Agreements

All employees are bound by strict confidentiality agreements, emphasizing their commitment to maintaining the confidentiality of your information. Breaches of confidentiality are subject to disciplinary action

6.4 Storage and Processing Security

6.4.1 Secure Servers

Your information is stored on secure servers with robust safeguards against unauthorized access. Our servers are housed in state-of-the-art data centres, equipped with physical and digital security measures.

6.4.2 Regular Security Audits

We conduct regular security audits and assessments to identify and address potential vulnerabilities. This proactive approach ensures that our systems maintain a high level of resilience against emerging threats.

6.5 Incident Response and Notification

6.5.1 Incident Monitoring

We continuously monitor for potential security incidents. In the event of any suspicious activity, our incident response team promptly investigates and takes appropriate action.

6.5.2 Notification Protocol

If a data breach or security incident occurs, we adhere to established notification protocols. Affected individuals will be notified promptly, detailing the nature of the incident and recommended actions.

6.6 Third-Party Security

6.6.1 Vendor Due Diligence

Before engaging third-party service providers, we conduct thorough due diligence to ensure they adhere to stringent data protection standards. Our contracts with these providers include provisions for data security and confidentiality.

6.6.2 Data Processing Agreements

When applicable, we enter into data processing agreements with third parties, outlining their responsibilities in safeguarding the information shared with them

7. Childrens Privacy

7.1 Age Restrictions

7.1.1 Minimum Age Requirement

Our services are intended for individuals who meet the minimum age requirement determined by applicable data protection regulations. We do not knowingly collect or process personal information from individuals below this specified age.

7.1.2 Age Verification

To ensure compliance with age restrictions, we may implement age verification measures during the registration or information collection process. Users unable to meet the minimum age requirement will be restricted from accessing certain features or services

8. Marketing

8.1 Direct Marketing

8.1.1 Purposeful Communication

We engage in direct marketing activities to provide you with relevant information about our services, promotions, and educational opportunities. Our direct marketing efforts are designed to enhance your experience and keep you informed.

8.1.2 Consent-Based Communication

Participation in direct marketing is entirely based on your explicit consent. You have the option to opt-in to receive marketing communications during the registration process, and you can modify your preferences at any time.

8.2 Opt-out Options

8.2.1 Unsubscribe Mechanism

If you no longer wish to receive direct marketing communications, we provide clear and accessible opt-out mechanisms. You can unsubscribe from marketing emails or adjust communication preferences through your account settings.

8.2.2 Timely Processing

Opt-out requests are processed promptly. Once you opt-out, you will cease to receive marketing communications within a reasonable timeframe, ensuring that your preferences are respected

9. Data Storage

9.1 Data Storage Practices

9.1.1 Secure Servers

Your personal information is stored on secure servers with advanced security measures to prevent unauthorized access. Our data storage practices align with industry standards and comply with data protection regulations.

9.1.2 Regular Security Audits

We conduct regular security audits and assessments of our data storage infrastructure to identify and address potential vulnerabilities. This proactive approach ensures the ongoing integrity and confidentiality of stored data.

9.2 Data Transfer and Processing

9.2.1 Purpose-Limited Transfer

When transferring your data to third-party service providers, we ensure that it is done for specific and legitimate purposes. These transfers comply with applicable data protection laws, and contractual agreements are in place to uphold data security standards.

9.2.2 Cross-Border Data Transfers

If your data is transferred across borders, we take measures to comply with relevant data protection regulations. Cross-border transfers are conducted with due diligence and consideration for the protection of your information.

10. Modern Slavery and Human Trafficking

This policy and statement is made pursuant to section 54(1) of the Modern Slavery Act (2015) and constitutes UAPP’s formal slavery and human trafficking policy. This policy has been approved by the Director and senior management team of the organisation.

UAPP does not believe there is any place in today’s world for slavery and human trafficking and in making this statement commits to ensuring there is no modern slavery or human trafficking in our staff and student recruitment supply chains or in any part of our businesses.

We are committed to evolving our practices through all our group to combat slavery and human trafficking and to encourage the same principles and standards from our student recruitment and business partners

No breaches of the Modern Slavery Act 2015 have ever been reported in 2023 or in the previous years.

10.1 Commitment Against Modern Slavery

With many of the staff on a temporary, contract or permanent basis, we appreciate the importance of robust operational practices. Through the aforementioned due diligence processes, company audits, and internal policies and staff training, we act to minimise the risk of individuals being placed into any form of slavery.

Checks are also undertaken to verify and identify where workers may be sharing bank accounts, addresses and telephone numbers which may be a risk indicator

UAPP will continue to assess the risks associated with modern slavery and human trafficking and aim to fully understand other indicators of modern slavery

10.1.1 Zero-Tolerance Policy

We maintain a zero-tolerance policy against modern slavery in all aspects of our operations. Our commitment is rooted in ethical practices, ensuring that neither our organization nor our partners engage in any form of modern slavery.

10.1.2 Ethical Employment Practices

To uphold our commitment, we adhere to ethical employment practices and regularly assess our internal processes. We promote fair labour practices and ensure that our workforce is treated with dignity and respect

10.2 Supplier and Partner Compliance

In order to identify and mitigate the risks associated with modern slavery and human trafficking, UAPP has adopted the following processes

1. We conduct internal audits on our recruitment process to ensure that we only engage eligible workers for agency work.

2. We expect the companies we work with to have anti-slavery and human trafficking policies and processes that cover the subsequent relationships with their suppliers as it is not practical for us to influence and have a direct relationship with all levels of the business relationship.

10.2.1 Due Diligence

We conduct thorough due diligence on our suppliers and partners to assess their commitment to anti-modern slavery measures. Contracts with suppliers explicitly outline the expectation of compliance with ethical labour practices

10.2.2 Periodic Audits

Periodic audits are conducted to verify supplier and partner compliance. Any deviations from the agreed-upon standards are addressed promptly, and corrective actions are implemented.

10.3 Training and Awareness

10.3.1 Employee Training

Our employees undergo regular training to increase awareness of modern slavery issues. This training empowers them to identify and report any potential concerns, fostering a culture of vigilance against modern slavery. Employees, workers, business partners and customers are encouraged to report any concerns that may give rise to a risk of modern slavery or human trafficking. Employees are advised on how to report any concerns they have associated with modern slavery and trafficking.

10.3.2 External Engagement

We engage with external organizations, NGOs, and industry initiatives to stay informed about best practices in combating modern slavery. This external engagement enhances our understanding and enables continuous improvement.

11. Changes to the Privacy Policy

11.1 Notification of Changes

11.1.1 Transparent Communication

In the event of updates or changes to our privacy policy, the newer version of Privacy policy will always be posted on our website.

11.2 Date of Last Update

11.2.1 Revision Timestamp

The date of the last privacy policy update will be prominently displayed at the beginning of the document. This timestamp allows users to track the currency of the policy and easily identify any changes

12. Contact Information

For any queries, concerns, or requests related to our Cookies Policy, you can contact our Data Protection Officer (DPO) at:
Data Protection Officer (DPO)
Address: 19 Warton Road, London - E15 2GG
Email: support@uapp.uk
Contact Phone Number: +44 2072 658478