Last updated — March 2026

Privacy Policy

Your data is your identity. This notice explains how iEducation collects, uses, and protects your personal information under UK GDPR.

At iEducation, we are committed to protecting your personal data and handling it in a transparent, lawful, and fair manner in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR).

This Privacy Policy explains how we collect, use, store, and share your personal information.


1. Data Controller

iEducation Ltd is the Data Controller responsible for your personal data.

Company No: 12912632
VAT No: 429 1808 83
ICO Registration Number:

ZB205880


Data Protection Contact

Data Protection Officer (DPO): Hanif Kibria
Email: info@ieducationltd.co.uk
Phone: +44 7581 024380
Address: Suite 23, Nile Business Centre, London, E1 2DE


2. Personal Data We Collect

We collect the following categories of personal data depending on your interaction with us:

Student Recruitment & Admissions

  • Full name and contact details
  • Date of birth and age
  • Gender and pronouns (optional diversity monitoring)
  • Passport and identification documents
  • Education history and qualifications
  • English test results
  • Financial and payment information (where applicable)
  • Immigration status
  • Photographs
  • Account login details
  • Communication records

Safeguarding / Compliance Data

  • DBS check information
  • Criminal conviction data (where legally required)
  • Right to study/visa eligibility information

Marketing & Communications

  • Name and contact details
  • Marketing preferences
  • Interaction history (emails, WhatsApp, website forms)

Complaints and Queries

  • Contact details
  • Correspondence history
  • Complaint or claim details

Recruitment Data (if applicable)

  • CV and employment history
  • Education history
  • References
  • Identification documents

3. Lawful Basis for Processing (UK GDPR Article 6)

We rely on the following lawful bases:

PurposeLawful Basis
Student admissions and counsellingContract
University application processingContract
Identity verificationLegal obligation
Immigration/visa supportLegal obligation
Financial transactionsContract / Legal obligation
Safeguarding & DBS checksLegal obligation
Marketing communicationsConsent
Customer support & complaintsContract / Legitimate interest
Service improvementLegitimate interest

We do not rely on consent where another lawful basis is more appropriate.


4. Special Category & Criminal Offence Data

Some of the data we process is considered special category data or criminal offence data, including:

  • DBS (criminal record) information
  • Immigration status
  • Diversity monitoring data (gender, pronouns where applicable)
  • Health or safeguarding-related disclosures (if provided)

We process this data under:

  • Article 9(2)(g) – Substantial public interest
  • UK Data Protection Act 2018 Schedule 1 conditions
  • Article 10 – Criminal conviction data processing for safeguarding and compliance

Safeguards:

  • Restricted access to authorised staff only
  • Secure encrypted storage
  • Data minimisation principles
  • Staff confidentiality agreements

5. How We Collect Your Data

We collect data from:

  • Directly from you (forms, applications, WhatsApp, email)
  • Educational institutions and universities
  • Government or regulatory bodies (e.g. visa/immigration systems where applicable)
  • DBS and background check providers
  • Referral partners or authorised agents (if applicable)

6. How We Use Your Data

We use your personal data to:

  • Provide education counselling and admission services
  • Process university applications
  • Verify identity and eligibility
  • Support visa and immigration processes
  • Manage payments and financial arrangements
  • Provide customer support and resolve complaints
  • Send marketing updates (only where consent is provided)
  • Improve our services and internal operations

7. Data Retention Periods

We only keep personal data for as long as necessary:

Data TypeRetention Period
Student application dataUp to 6 years after application completion
Financial records6–7 years (legal requirement)
Marketing dataUntil consent withdrawn or 2 years of inactivity
Complaint records6 years after case closure
Recruitment data (unsuccessful applicants)12 months

After this period, data is securely deleted or anonymised.


8. Who We Share Your Data With

We may share your data with:

  • UK and international universities and colleges
  • Immigration and visa authorities
  • Payment processors and banking providers
  • CRM and cloud service providers (e.g. secure hosting systems)
  • Email and SMS communication providers
  • DBS and background check providers
  • Professional advisers (legal/accounting where required)

We ensure all third parties are bound by data processing agreements and GDPR compliance obligations.


9. International Data Transfers

Your personal data may be transferred outside the UK, including to Bangladesh and other countries where we operate.

We ensure all international transfers are protected using:

  • UK International Data Transfer Agreement (IDTA), or
  • UK Addendum to EU Standard Contractual Clauses (SCCs), or
  • Adequacy regulations (where applicable)

We ensure all recipients provide a similar level of protection to UK GDPR standards.


10. Children’s Data Protection

We may process data relating to individuals under 18.

We take additional safeguards, including:

  • Parental/guardian consent where required
  • Clear explanation of data use in accessible language
  • Restricted access to children’s data
  • Enhanced safeguarding procedures

We comply with the ICO Children’s Code.


11. Marketing & Communications (PECR Compliance)

We only send marketing communications when:

  • You have given clear consent, OR
  • You are an existing customer and we rely on soft opt-in (where legally permitted)

You can opt out at any time by:

  • Clicking “unsubscribe” in emails
  • Messaging us on WhatsApp
  • Contacting us directly

We never sell personal data for marketing purposes.


12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or significant effects on individuals.

If this changes, we will update this policy and inform you clearly.


13. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of data
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time

Requests will be responded to within one month.


14. How to Complain

If you are unhappy with how we handle your data, you can contact us directly.

You also have the right to complain to:

Information Commissioner’s Office (ICO)
https://www.ico.org.uk


15. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated revision date.