Privacy Policy
✅ What Your Policy Does Well
Your policy already includes several key elements required by the ICO:
- Clear explanation of data uses, including profiling and automated decision-making.
- Details on third-party data sources and how that data is handled.
- User rights, including the right to object to profiling.
- Contact information for privacy concerns and complaints, including the ICO’s details.
- Commitment to transparency and updates to the policy.
⚠️ Areas for Improvement
To be fully compliant with ICO guidance, consider adding or clarifying the following:
- Legal Basis for Processing
- You must clearly state the lawful basis for each type of data processing (e.g., consent, contract, legal obligation, legitimate interests).
- For profiling or marketing, if relying on legitimate interests, explain what those interests are.
We process your data to provide educational placement services under the lawful basis of contract. For marketing communications, we rely on legitimate interests, which include promoting relevant educational opportunities. You have the right to opt out at any time.
- Data Retention Periods
- Specify how long you retain personal data or the criteria used to determine this period.
We retain personal data for up to 6 years after the end of your engagement with us, in line with financial and legal obligations. Data used for marketing is reviewed annually.
- Categories of Data Collected
- While some are implied, explicitly listing the types of personal data collected (e.g., name, email, browsing behaviour) would improve clarity.
We collect the following categories of personal data:
- Identity data (e.g., name, date of birth, passport number)
- Contact data (e.g., email, phone number, address)
- Educational history
- Financial data (e.g., funding details)
- Sensitive data (e.g., health or disability information, where necessary)
- Data Sharing
- You mention not selling or renting data, but you should also list or categorise any third parties with whom data is shared (e.g., analytics providers, payment processors).
We may share your data with:
- Partner universities and colleges
- Payment processors
- IT and analytics service providers
- Legal and regulatory authorities (if required)
- International Data Transfers
- If any data is transferred outside the UK, you must state this and explain the safeguards in place (e.g., adequacy decisions, standard contractual clauses).
Some of our service providers are located outside the UK. Where data is transferred internationally, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions are in place.
- Cookies and Tracking Technologies
- If your website uses cookies, you need a separate cookie notice and user consent mechanism unless cookies are strictly necessary.
Our website uses cookies to enhance user experience. You can manage your preferences via our cookie banner.
- Data Protection Officer (DPO)
- If you have appointed a DPO, include their contact details. If not, clarify who handles data protection queries.
We have not appointed a Data Protection Officer. For any data protection queries, please contact our Compliance Team at info@olympgroup.co.uk.
Changes to this Notice
We reserve the right to modify this Data Protection Notice at any time. We will duly inform you of any changes.
This Privacy Policy may be amended by us at any time. If we make any material changes to how we treat personal data, we will notify you by placing a prominent notice on our website. The time stamp you see on the policy will indicate the last date it was revised.
This Policy was last updated on 14/08/202
Address: Unit 1
10 Beechen Grove
Watford
WD17 2AD
Email: info@olympgroup.co.uk
Call Us At: 01923228258 OR 07713156875.
Company Nr: 14724122
Registered in: England & Wales