Privacy Policy

Privacy Policy

Last modified: 9 May 2021

Effective 9th May 2021. You can find the previous version of our Privacy Policy here

Contents:

Protecting your data, privacy and personal information is very important to Unibuddy Limited, registered in England and Wales, having its registered office address at Third Floor, 20 Old Bailey, London, United Kingdom, EC4M 7AN, and registered in the USA, having its registered office at Corporation Trust Center, 1209 Orange Street, in the City of Wilmington, County of New Castle, Delaware 19801 (“our”, “us” or “we” or “Unibuddy”
). 

This Privacy Policy (“Policy“) relates to services provided through our website at https://unibuddy.com/
(our “Website”) or using any of the services offered via the Website, such as the Unibuddy widget on a University website or the Unibuddy Mobile App (the “Platform”)
. You will be asked to indicate you acknowledge and consent to the practices described in this policy that set out the basis on which the Personal Data is collected from you, or that you provide to us will be processed by us. 

Definitions

“End User”  means any category of individual that has access to or engages with the Unibuddy Platform including but not limited to Prospective Students, Students, Student Ambassadors, administrators and other Customer employees.

“Consumer”  student, student ambassador, any user and job applicant 

“Controller” has the meaning under the GDPR. Where indicated “Controller” also refers to a “Business” under the CCPA.

“Customer” has the meaning of any University or/and Higher education provider (“Customer”).

“Partner” means a third party that hosts the Unibuddy widget on their website. 

“Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations (collectively the “Data Protection Laws”). 

“Prospective Student” (“Student”) means any user willing to explore educational opportunities with a Customer.

“Student” (“Student”) means any user that is already studying in university or higher education.

“Student Ambassador” (“Ambassador”) means a person acting on behalf of a Unibuddy Customer as its representative and interacts with Prospective Students.

“Unibuddy Events” means a feature of the Platform that enables the hosting of multiple chat channels and sequential live streams in a conference configuration.

“Unibuddy Live” means a feature of the Platform that enables the Customer to stream video content over the internet to recipients that have a Unibuddy account.

For the purpose of the General Data Protection Regulation (the “GDPR”) and the California Consumer Privacy Act of 2018 (the “CCPA”):

Platform and Website Users

Where you are using your Unibuddy account or Unibuddy Platform directly, Unibuddy acts as the “Data Controller” of such personal Data (as defined in the GDPR) or “Business” (as defined under the CCPA)
  and in such occasions, for some of our Products, we act as a Joint Controller, together with the Customer. 

In respect of the Personal Data of End Users/Consumers (students and student ambassadors), whereby the users are accessing the Platform via the Customer, the Customer is the Data Controller. Unibuddy shall process personal information as a Data Processor on behalf of the Customer, who uses our services (see “Information We Receive from Other Sources” below). For all respective occasions above we ensure that we comply with existing Data Protection Laws.

Job Applicants

In respect of Personal Data of individuals/consumers collected where you apply for a role at Unibuddy, we will be the Data Controller and certain aspects of this Policy will apply to our processing of your personal information.

Minimum User Age

Our Platform is only intended for use by persons above the age of consent in their respective jurisdiction. End Users are required to submit their date of birth for age verification purposes. Where there is a justifiable reason to use the Platform below the relevant age of consent, parental consent will be required for such use.

How to contact us

If you wish to access an older version of our Privacy Policy, please click here or alternatively please contact us
[email protected]

Where Unibuddy acts as a Processor, please contact the Controller/Business party in the first instance to address your rights with respect to such data. 

This policy (together with our Cookie Policy, Terms of Use and
Acceptable Use Policy and any other documents referred to therein), sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by Unibuddy and supplements, where applicable, the Customer’s privacy policy. 

Please read this privacy policy carefully to understand the types of information we collect from you, how we use that information, the circumstances under which we will share it with third parties, and your rights in relation to the personal data you provide to us.

1. HOW INFORMATION IS PROVIDED TO US

You will be asked to provide us with your information when you:

  • fill in forms on our Website, Platform, or correspond with us by phone, email or otherwise;
  • register to use our Platform (creating a Unibuddy account);
  • use the Platform;
  • report a problem with our Platform; or
  • complete any surveys we ask you to fill in (although you do not have to respond to these if you do not want to).

Where you enter any details relating to a Third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data with us.

For the avoidance of any doubt, any reference in this Privacy Policy to your data shall include data about other individuals that you have provided us with.

2. INFORMATION WE COLLECT ABOUT YOU

Unibuddy acting as a Data Controller or Joint Controller

In respect of all End Users, with regard to each of your visits to our Website or use of the Unibuddy Platform, we may automatically collect the following information:

  • device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information;
  • technical information about your computer, including where available, your IP address, operating system and browser type, for system administration and analytical purposes; and
  • details of your visits to our Website, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs), details of whether you are using the Website or the Unibuddy Platform.

Data Controller

In respect of End Users of the Platform we collect the following types of information and Unibuddy acts as a Data Controller of such Personal Data:

  • Contact information such as names and email addresses; 

Joint Controller

In addition, Customers may request that Unibuddy collect certain additional Personal Data from Prospective Students in which case Unibuddy acts as a Joint Controller of such Personal Data. Such Personal Data may include but is not limited to:

  • Additional contact information such as telephone numbers or addresses;
  • IP address;
  • Country of origin;
  • Field of study;
  • Personal interests;
  • Education level; or
  • Any other relevant Personal Data requested by the Customer; 

Unibuddy acting as a Processor

Where Customers provide Personal Data of their End Users, such as Student Ambassadors or Students, Unibuddy acts as a Processor of such Personal Data. Such Personal Data may include but is not limited to:

  • Contact information such as telephone numbers or addresses;
  • IP address;
  • Country of origin;
  • Field of study;
  • Personal interests;
  • Education level; 
  • Any relevant Personal Data collected and provided by the Customer; or
  • Any other Personal Data, including conversation data, voluntarily provided by End Users through the use of the Platform services including but not limited to the widget, Unibuddy Live and Unibuddy Events;

3. INFORMATION WE RECEIVE FROM OTHER SOURCES

When using our Platform, we will be in contact with third parties who may provide us with certain information about you in order to enable your use of the Platform: 

  • Customers.  In relation to Student Ambassadors and other Customer employees, Unibuddy receives the Personal Data as set out below to enable Customer’s End Users to access the Unibuddy Platform. 
  • Service providers. For example, we may use analytics service providers to analyze how you interact and engage with the Platform, or third parties may help us provide you with customer support.
  • Social networks connected to the services. If you provide your social network account credentials to us via the bio field or otherwise sign in to the Platform through a third-party site or service, you understand some content and/or information in those accounts may be transmitted into your Account with us.
  • Partners. If you sign up to access Unibuddy through a third party partner website, Unibuddy and/or our partner may indicate that certain data will be shared with that third party.

4. HOW WE USE YOUR INFORMATION AND JUSTIFICATION OF USE 

Use of personal information under certain data protection laws must be justified under one of a number of legal “grounds” and the Customer is required to set out the ground in respect of each use of your Personal Data in their Privacy Policy. These are the principal grounds that justify the use of your Personal Data:<

  • Consent: where you have consented to the use of your information (you are providing explicit, informed, freely given consent, in relation to any such use and may withdraw your consent in the circumstance detailed below by notifying Us or the Customer);
  • Contract performance: where your information is necessary to enter into or perform a contract with you;
  • Legal obligation: where we need to use your information to comply with legal obligations;
  • Legitimate interests: where we use your information to achieve the University’s legitimate interest and the reasons for using it outweigh any prejudice to your data protection rights; and
  • Legal claims: where your information is necessary to defend, prosecute or make a claim against you or a third party.

In respect of the use of the Platform, Unibuddy (whether acting as Controller, Joint Controller or Processor) uses information held about you (and information about others that you have provided us with) in the following ways:

Types of Information Collected by End User Use Justification Lawful Basis
All End Users
First name, surname, email, phone number To provide you with access to our Platform and any other information which you request from us and to notify you of changes to our Platform Contract performance, legitimate interest (to provide all users with updated information in the event the Platform change)
First name, surname, email, phone number To send automated product communications and re-engagement communications for inactive accounts as part of the Platform Legitimate interest (to ensure the database is accurate and up to date and communicate with users)
Information we collect about you (as detailed above) To administer and improve the Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes in a pseudonymised manner. To ensure the content on our Platform is presented in the most effective manner for you and your computer or mobile device Contract performance, legitimate interest (to improve the Platform and report internally on usage and gain insight on user basis at a statistical level)

Conversation history and information submitted when interacting with prospective students or ambassadors (as applicable). 

 

Conversations can also be ‘tagged’ to group conversations under certain topics.

To allow End Users to interact as part of the Platform. To enable the Customer to analyse Student Ambassador conversations. 

 

Unless an exception applies, the conversation history will not identify the Prospective Student, but will identify the Student Ambassador.

Contract performance, legitimate interests (to allow the Customer to assess the type of questions being asked and the quality and appropriateness of the responses), (to the extent you provide any sensitive personal data in any free text box, you are consenting to the processing of such sensitive Personal Data)

 

Legitimate interest (to understand the queries prospective students are asking and compile more appropriate responses)
Student Ambassadors

Your first and last name;

photo; phone number, email address, encrypted password; country/city/location, country flag; languages spoken; academic history (and previous high school; degree/university degree; degree level (undergraduate/postgraduate);

current area of study; 

university year (1st, 2nd etc.); 

Hobbies, interests and societies; and an ‘about me’ free text selection.

 To provide a public bio of the student ambassadors in order for prospective students and new entrants to find the appropriate student ambassador to interact with. Contract performance, consent (to the extent you provide any sensitive personal data in any free text box, you are consenting to the processing of such sensitive personal data).
Prospective Students and Students: 

First and last name email address, encrypted password; 

Mobile phone number; 

Country; 

The degree level you are interested in, (undergraduate or postgraduate) and area of study; whether you have already applied to the university; and

Chat conversations and interactions with student ambassadors.

Customers may request additional Personal Data to be processed for use of the Platform.

 To enable Prospective Students and Students to engage with universities.

Contract performance, consent (to the extent you provide any sensitive personal data in any free text box, you are consenting to the processing of such sensitive Personal Data).

Legitimate interest (to ensure the database is accurate and up to date and communicate with users).

First name, surname, email, the degree and level of study you are interested in and your country of origin.

 

Customers may request additional Personal Data to be processed for use of the Platform.

 For the university to market products and services that they believe will be of interest to you. Consent (you have the right to unsubscribe at any time by contacting the university).

We will not sell your personal data (or any other data you provide us with) to third-parties; however, we reserve the right to share any data which has been anonymised to improve the Platform. 

5. WHERE WE STORE YOUR PERSONAL INFORMATION

Your Personal Data is maintained, processed and stored by us and our authorized Service Providers (defined below) in USA, Europe, UK and Israel. We may also retain your Personal Data in other locations as reasonably necessary for the proper performance and delivery of our Platform, or as may be required by law.

While privacy laws may vary between jurisdictions, Unibuddy and its affiliates and Service Providers are each committed to protect Personal Data in accordance with this Privacy Policy and customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in their jurisdiction.

Customers based outside the EEA will be subject to local data privacy legislation. A full list of our third party Service providers/Sub-processors and details of their privacy policies can be found here, which will be updated from time to time. By using our Platform you consent and agree with the Sub-processors we use above. Where we have made changes and have provided you with an updated list of our Sub-processors, we will provide you with a notification
and provide 30 days’ notice to determine whether you agree with the changes and continue to use our Platform or alternatively you can discontinue using our Platform.

You acknowledge and accept that countries outside the EEA may not provide the same level of adequate protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Your passwords are stored on Unibuddy’s servers in encrypted form. We do not disclose your account details to anyone except when legally required to do so. It is your responsibility to keep your password secure. Unfortunately, the transmission of information via the internet is not completely secure. Although Unibuddy will do its best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.

6. DISCLOSURE OF YOUR INFORMATION

We may also disclose your personal information to third parties in the following circumstances:

Purpose of disclosure and third party(s) to which disclosure might be made Use Justification
Unibuddy may share certain Personal Data with Customers and Partners where the applicable third party acts as a Joint Data Controller or Processor. Such Personal Data may include: Personal Data submitted in the creation of a Unibuddy account (such as name, email, etc); any Personal Data submitted via the Platform, services such as the widget, Unibuddy Live and Unibuddy Events, provided that conversation data on the Unibuddy widget will not normally identify an individual unless justified under exceptional legal grounds. Contract performance, legitimate interest (to allow our service providers to provide the necessary services).
We may disclose your Personal Data to our service providers (to assist us in performing any contract we enter into with them or you, including providing the Website and the services it enables), analytics providers, including Mixpanel (to assist us in the improvement and optimisation of the Website) and/or a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. Contract performance, legitimate interest (to allow our service providers to provide the necessary services).
If Unibuddy or substantially all of its assets are acquired by a third party, personal information about our customers will be one of the transferred assets. Legitimate interest (to sell our Company or assets), Consent (for sensitive personal data).
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Unibuddy, our Customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection. For Prospective Students – in the event you are in a breach of our Acceptable Use Policy or where we are under a lawful obligation to share your Personal Data, we might share it with the university, including conversation history. Legal obligation.
We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. Legal obligation (to cooperate with law enforcement and regulatory authorities).

7. HOW LONG WE RETAIN YOUR PERSONAL DATA 

We will hold the above information for as long as is necessary in order to provide you with the ability to use our Platform, deal with any specific issues that may arise, or otherwise as is required by law or any relevant regulatory body. Once your account is terminated or deactivated, we shall delete the personal data relating to your account within 14 days. Some Personal Data may need to be retained for longer than this to ensure Unibuddy can comply with applicable laws and internal compliance procedures, including retaining your email address for marketing communication suppression if you have opted not to receive any further marketing. If information is used for two purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period when that period expires.

We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.

8. YOUR RIGHTS

General Data Protection Regulation (GDPR and GDPR UK)

Under the General Data Protection Regulation (EU) 2017/676 and General Data Protection Regulation (UK) and Data Protection Act 2018, you have various rights in relation to your Personal Data.

Student Ambassadors, Customer employees and Students should contact the Customer in the first instance as their Data Controller. 
Prospective Students should contact Unibuddy in the first instance as their Controller or Joint Controller at [email protected].

The Data Controller, is primarily responsible for ensuring you can exercise these rights and the data Processor, shall assist the Data Controller to effectively exercise your rights.
You have the following rights in relation to your Personal Data.

Rights Details
Right to access You have the right to access Personal Data held by the Controller(s), including a description of your data. Personal Data processed can be found in the profile section of your Unibuddy account, while further information is available on request.
Right to rectification You have the right to rectify any details to ensure that your personal information is accurate. In order to assist with this, you should notify the Data Controller of any changes to the personal information that you have provided by sending a request to rectify your personal data where you believe the personal data collected is inaccurate or incomplete.
Right to erasure/ ‘Right to be forgotten Asking the Controller(s) to delete all of your Personal Data will result in the deletion of your personal data held by that Controller without undue delay (unless there is a legitimate and legal reason why the Controller is unable to delete certain Personal Data, in which case you will be informed of this in writing).
Right to restriction of processing You have the right to ask the Controller to stop processing your Personal Data at any time in certain circumstances. Such a request will result in the Controller restricting its processing of such data.
Right to data portability You have the right to request that the Controller provides you with a copy of all of your Personal Data and to transmit your Personal Data to another Data Controller in a structured, commonly used and machine-readable format, where it is technically feasible to do so where such processing is based on consent or pursuant to contractual performance.
Right to complain You have the right to lodge a complaint to a supervisory authority such as the Information Commissioner’s Office in the UK (see www.ico.org.uk). Although we encourage our customers to engage with us in the event they have any concerns or complaints.

Unibuddy will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the Personal Data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.

Requests to stop processing your Personal Data or deleting your Personal Data will likely mean that you are no longer able to use Unibuddy’s Platform, or at least those aspects of the Platform which require the processing of the types of Personal Data you have asked us to delete, which may result in you no longer being able to use the Platform.

Where you exercise any of your rights above, the Controller may notify third parties to whom such Personal Data has been disclosed of such request. However, such third party may have the right to retain and continue to process such personal data in its own right.

State of California, USA – Resident Rights

If you are a resident of the State of California, USA, you have the rights outlined in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].

You have the following rights under the CCPA legislation:

Rights Details
Right to access

You have the right to access personal data held by the Business, including a description of your data. Essential personal data held by the Business can be found in the profile section of your Unibuddy account, while further information is available on request. The categories of sources from which Personal Data was collected. The business or commercial purpose for collecting your personal data. The categories of third parties with whom we have shared your Personal Data. The specific pieces of Personal Data that we have collected about you.

If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient.
Right to correct inaccurate information You have the right to rectify any details to ensure that your personal information is accurate. In order to assist with this, you should notify the Business of any changes to the personal information that you have provided by sending a request to rectify your personal data where you believe the personal data collected is inaccurate or incomplete.
Right of deletion Asking the Business to delete all of your personal data will result in the deletion of Personal Data held by that Business without undue delay (unless your Personal Data is required to provide you with the Platform or complete a transaction or other action you have requested). If your deletion request is subject to one of these exceptions,your deletion request may be denied, in which case you will be informed of this in writing.
Right to know what data is being sold  or shared and to whom We do not sell personal information to any third parties.
Right to Opt-out of Sale and data sharing You have the right to request that the Business does not sell or share your Personal Data to third parties.
Right to limit disclosure and use of sensitive information You have the right, at any time, to direct the Business that collects sensitive personal information about you to limit its use of your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods or services.
Right of no retaliation We will not discriminate against you for exercising your rights. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA.

Subject Access Request/Valid Request

To exercise the rights described above, you must send us a Subject Access Request/Valid Request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within 30 day period of receipt for all Valid requests under GDPR and 45 days of receipt under CPPA. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may submit a Valid Request using the following methods: 

By sending an email to [email protected]

By post: Third Floor, 20 Old Bailey, London, United Kingdom, EC4M 7AN

9. COOKIES

Unibuddy and our third-party partners, such as our analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookie Policy, which includes information on how to control or opt out of these cookies and tracking technologies.

10. THIRD PARTY WEBSITES

Our Website may, from time to time, contain links to third party websites. If you follow a link to any of those third party websites, please note that they have their own Privacy Policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.

11. CHANGES TO THIS POLICY

Any changes we make to our privacy policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the Unibuddy Platform. We therefore encourage you to review the Website from time to time to stay informed of how we are processing your information. Your continued use of the Platform and the Website shall be deemed your acceptance of the varied Privacy Policy.

12. CONTACT

If you have any questions and comments about this Privacy Policy or want to report a potential data breach please address these to [email protected]