GDPR Policy
General Data Protection Regulation (GDPR) Policy
At Arfa Karim Technology Incubator, we are committed to protecting and respecting your privacy. This GDPR Policy outlines how we collect, use, store, and protect your personal information, in accordance with the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018, and applicable UK data protection laws.
Data Controller
For the purposes of GDPR, Arfa Karim Technology Incubator is the data controller. This means we are responsible for deciding how your personal data is processed and for ensuring that it is done in accordance with the law.
Types of Data We Collect
We collect and process the following types of personal data:
Personal Identification Information: Name, email address, phone number, date of birth, etc.
Academic Information: Previous education, courses enrolled, grades, and certifications.
Payment Information: Credit/debit card details and bank account information (processed securely via third-party payment providers).
Usage Data: Information about how you access and use our website, such as IP addresses, browser types, and usage data collected via cookies.
Purpose of Data Collection
We use your personal data for the following purposes:
- To provide services: To process your course application, manage enrollment, and provide the courses and related services.
- To communicate with you: To send you updates, newsletters, and other marketing communications, where appropriate, based on your consent.
- To fulfill legal obligations: To comply with our legal obligations, including but not limited to data retention for tax and financial reporting.
Legal Basis for Processing
We rely on the following legal bases for processing your personal data:
- Consent: Where you have provided consent (e.g., signing up for newsletters).
- Contractual necessity: To fulfill our contract with you, such as processing your course enrollment and delivering the service.
- Legal obligation: To comply with applicable laws, including tax and accounting requirements.
- Legitimate interests: For purposes such as marketing, fraud prevention, and enhancing our services, unless your rights override these interests.
Data Retention
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal obligations, dispute resolution, and enforcement of our agreements. After this period, your data will be securely erased or anonymized.
Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, firewalls, and regular security audits.
Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can ask us to correct any information that is inaccurate or incomplete.
- Right to Erasure: You can request that we delete your personal data, subject to certain conditions.
- Right to Restriction of Processing: You can request that we restrict the processing of your personal data under certain circumstances.
- Right to Data Portability: You can request that we provide your data in a structured, commonly used, and machine-readable format.
- Right to Object: You can object to the processing of your personal data in certain situations, including for marketing purposes.
Third-Party Sharing
We do not sell or rent your personal data. However, we may share your data with trusted third-party service providers who assist us in delivering our services (e.g., payment processors, email services, and marketing platforms). These third parties are obligated to keep your information confidential and secure and to only process it as instructed by us.
International Transfers
In some cases, we may transfer your personal data outside the European Economic Area (EEA) to third-party service providers who are based in countries that do not have the same level of data protection as the UK or EEA. Where this occurs, we will ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses or relying on the EU-U.S. Privacy Shield Framework.
Cookies
We use cookies to enhance your experience on our website. You can manage your cookie preferences by adjusting your browser settings. For more details, please refer to our Cookie Policy.
Changes to This Policy
We may update this GDPR Policy from time to time to reflect changes in the law or our practices. We will notify you of any significant changes by posting the updated policy on our website and, where appropriate, by email.
Contact Us
If you have any questions or concerns about this GDPR Policy or how we process your personal data, please contact us at:
Email: [email protected]
Postal Address: 642 Cathcart Road, Glasgow, Scotland, G42 8AA, UK.
Email: [email protected]
Postal Address: 642 Cathcart Road, Glasgow, Scotland, G42 8AA, UK.
Terms of Use
We kindly invite you to review our Admissions and Refund Policy, GDPR Policy, Cookie Policy, Privacy Policy and Terms & Conditions. These documents have been carefully designed to ensure transparency, safeguard your personal data, and provide clear guidelines for your engagement with our institution. We encourage you to reach out to us if you have any questions or need further clarification. Your understanding and trust are important to us.
