We at Project Access have a strong commitment to protect the privacy of all individuals in respect of which it processes information. We will only collect and use information in a manner consistent with your rights and our obligations under applicable law.
This Policy applies to visitors to our website located at www.projectaccess.org (the “Site”) inclusive of any sub-domains of the Site, and to all users or potential users (applicants, mentors, volunteers, and website users) of our services (the “Services”).
This Policy does not form part of any Volunteer Mentor Agreement or other mentor, mentee or volunteer contract and we may amend it at any time without notice.
If you have any questions, concerns or comments about this Policy, please contact us at email@example.com.
Our Privacy Motto
We are transparent about the information we hold about you.
We will work with you to keep your information accurate and current.
We will do our best to keep your information secure and prevent unauthorised access to it.
We will delete information when it is no longer required to deliver our Services or when you ask us to do so and we have no legal obligation to retain such information.
For the purpose of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the Data Controller is Project Access. During the course of our business activities, we will process Personal data about you in accordance with the GDPR.
“Personal data” means information we hold about you from which you can be or are identified. Personal data may be held in paper or electronic format or in another recorded form including photographs or video clips. It may include the following information: your name, contact details (personal and/or work details), next of kin details, sickness, health or disability information, race, religion or ethnicity, sexual orientation, criminal offences, financial background, educational background, university preferences, and expressions of opinion about you or indications of our management intentions towards you.
“Processing” means doing anything with Personal data, such as accessing, disclosing, destroying, transferring, holding, amending, deleting or using the Personal data.
We will comply with the six key principles in the GDPR. In summary, your Personal data shall be:
processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Quick Guide to Content
Cookies and analytics
Aggregated and anonymised data
Consent to processing and transfer of information outside of EEA
Third party websites
Changes to our Policy
1 Data collection
We are a mentorship network for helping students apply to top universities. We continuously expand our network of mentors and volunteers and our focus is on building close, long-term relationships that enable us to deliver this service free of charge to those who need it. To do our job well and connect people in the best possible way, we need to understand the applicants and mentors well. To achieve the above, we create detailed profiles about our applicants and mentors to understand exactly who they are.
We collect four categories of Personal data:
Personal data we collect from Applicants
Personal data that we collect from Mentors
Personal data that we collect from Volunteers and Staff
Personal data we get from Visitors to www.projectaccess.org or it’s sub-domains
Depending on whether you are an Applicant, Mentor or Volunteer, we may collect and process the following data about you:
Information that you provide by filling in forms on the Site.
Information that you share with us at special events that we host.
Information that you share with us over email exchanges and in questionnaires.
Information about you that is in the public domain such as information on your LinkedIn profile (or on any other social media platform including Twitter and Facebook).
Information that third parties who have worked with you or have otherwise interacted with you, share with us.
We collect the following data when applicants sign up to our mentorship platform:
Date of birth;
Hobbies, interests and career plans;
LinkedIn profile link;
First generation student;
University college (if applicable);
Financial background data such as household income and pupil premium;
Educational background data such as school, predicted grades and past degrees (if applicable);
University preference data such as university, course and topics of interest; and
Outcome data such as conditional offers and final acceptance.
With respect to applicants, we will process “sensitive personal data” about ethnicity and sexual orientation.
We collect the following data when mentors sign up to our mentorship platform:
Date of birth;
LinkedIn profile link;
First generation student;
Educational background data such as school, offers received and past degrees (if applicable);
University data such as university name, course, entry dates and graduation dates; and
Criminal proceedings or convictions
With respect to mentors, we will process “sensitive personal data” about ethnicity and sexual orientation.
We also collect criminal proceedings and convictions data about our mentors by our legal obligation to perform a Disclosure and Barring Service (DBS) check in the UK.
1.3 Volunteers and staff
We collect the following data when volunteers and staff are on-boarded:
Bank account details;
Date joined Project Access
With respect to volunteers and staff, we will process “sensitive personal data” about ethnicity in order to monitor compliance with equal opportunities legislation.
1.4 Visitors to our Site
When you visit the Site or interact with the Services, we may use a variety of technologies that automatically or passively collect information about how the Site is used (“Usage data”).
We collect the following data when users visit our Site:
IP address; and
Usage data may include weblogs and other communication data, browser type, operating system, the page served, the duration of your visit, the time, referring URLs and other information normally transmitted in HTTP requests. Usage Data is statistical data about our users’ browsing actions and patterns and does not identify any individual. We will treat Usage data as Personal data if we combine it with you as a specific and identifiable person.
2 Cookies and analytics
Security. Cookies used for this purpose are: crumb.
Analysis of traffic. Cookies used for this purpose are: ss_cid, ss_cvr, ss_cvt, ss_cvisit, ss_cpvisit, _ga, _gid, _gat.
The cookies collect information in an anonymous form, including the number of visitors to a website, from where visitors to a website have come from and the pages visited.
2.1 Google Analytics
We use Google Analytics to collect anonymous data about the users of our sites such as how often they visit, what pages they visit, what time they visit, how long the stay and what country they are visiting from.
To learn how Google uses data collected from our Site please see the following link: https://policies.google.com/privacy/partners?hl=en-GB&gl=uk.
3 Data processing
Your personal data has only been collected, utilised orshared by Project Access if:
you have consented to the processing
the processing is necessary for the performance of (or entering into) a contract
the processing is a result of an existing legal obligation to which we are subject
the processing is in your vital interests
the processing is in the public interest
the processing is in our legitimate interests
We use the information you provide to us to:
Provide you with relevant information and services;
Share information with mentors and the country team responsible for connecting you with that mentor;
Ensure that content from the Site is presented in the most effective manner for you;
Carry out our obligations arising from any contracts entered between you and us;
Invite you and allow you to take part in special events that we host from time to time;
Respond to communications from you;
Ask for feedback from you to improve our Services;
Analyse your activity on our Services to make improvements; and
Ensure safeguarding procedures are met.
We will keep the Personal data we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the Personal data we hold about you. We will not keep your Personal data for longer than is necessary for the purpose. This means that data will be erased from our systems or anonymised when it is no longer required.
4 Data sharing
We will not provide or disclose any of your Personal data to any third parties without your specific consent, unless we are satisfied that they are legally entitled to the data. For example, when we are involved in legal proceedings such as a safeguarding incident, or when we are complying with the requirements of legislation, a court order, or a governmental or regulatory authority.
Where we do disclose your Personal data to a third party, we will have regard to the six data protection principles. We will not sell your personal information to anyone.
We may disclose your personal information to third parties:
If Project Access or substantially all of its assets are acquired by a third party, in which case Personal data held by it about its applicants will be one of the transferred assets. If any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.
If we are under a duty to disclose or share your Personal data in order to comply with any legal or regulatory obligation or request.
To enforce an agreement entered into between you and us or to investigate potential breaches.
To protect the rights, property or safety of our applicants, mentors, volunteers or anyone else. This includes exchanging information with other companies and organisations for the purposes of fraud protection, the checking of criminal records and other references.
Currently, we share information with the following organisations, who operate under their own privacy policies referenced below.
5 Aggregated and anonymised data
We may combine your Usage Data and/or your Personal data with those of other users of the Services and the Site and share or provide this trend information in aggregated and anonymised form with third parties, such as prospective investors, affiliates, partners and advertisers. This will only ever be anonymised data, and will never be capable of personally identifying an individual, and, will only be shared in accordance with applicable law. For example, we may anonymise your personal information and use it in aggregated form in order to report on industry, marketing and employment trends.
6 Data security
We will take appropriate steps to ensure that the processing of Personal data is lawful or authorised, and to prevent the accidental loss, or damage to, Personal data. We continuously strive, in accordance with industry standards, to have in place procedures and technologies to maintain the security of all Personal data and confidential data from the point of collection to the point of destruction.
We transfer Personal data to third parties where they agree to comply with similar procedures and policies or have in place adequate measures.
To protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Services. Steps we take to secure and protect your data include:
Regular backups of your data;
Mailbox and data access auditing;
Full SSL (https) connection to site;
User-level authentication to Personal data;
Restricted access through Information Rights Management (IRM);
Data loss prevention scanning for all outgoing emails; and
Personal data is stored at rest in an encrypted format so are non-human readable.
Please remember that the transmission of information via the internet is not completely secure. We will do our best to protect your information but we cannot guarantee the security of your data transmitted to our Site. Any transmission is at your own risk. Once we have received your information, we will use security features to try to prevent unauthorised and unlawful access.
If a security breach causes an unauthorized intrusion into our system that materially affects you, we will notify you as soon as possible and later report the action we took in response to any breach.
7 Data retention
We will not retain your Personal data longer than is necessary to fulfil the purposes for which it was collected. However, we may be required by applicable laws and/or regulations to hold your personal data longer than this period. If no contradicting legal obligation exists, we reserve the right to delete mentor or applicant profiles that have been inactive for at least 36 months or when you request that your Personal data be erased and no longer processed by us. Additionally, where there is a contradicting statutory obligation for us to retain your Personal data, we will restrict/block further processing and then erase the relevant Personal data when we no longer have a requirement to retain it.
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
Please note that all these rights are qualified in various ways. For example, where we store your Personal data for statistical purposes, we may not be able to comply with an erasure request where it would likely impair such statistical purposes or where we require your Personal data for compliance with a legal obligation or in connection with legal proceedings.
You may contact our Data Protection Officer about all issues related to this Policy, your Personal data and to exercise your rights under Data Protection laws. You must make the request in writing specifying the nature of your request. All such written requests should be sent to firstname.lastname@example.org.
You can exercise your rights to erasure at any time by contacting us at email@example.com. We will however have to retain your name so that we can record the fact that you do not want us to retain information about you.
If you feel that the processing of your Personal Data is not in line with our data protection obligations, you can complain to a data protection supervisory authority.
Austria: Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Vienna. https://www.data-protection-authority.gv.at/
UK:Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. https://ico.org.uk/
9 Consent to processing and transfer of information outside the EEA
We are an international not-for profit organisation who have mentors and applicants situated all over the world. Therefore, our use of your information necessarily involves the transmission of data on an international basis, including to countries outside Europe, where data protection laws may be deemed by the European Commission to be “inadequate”. We will transfer your Personal data to our affiliate companies. We may also transfer your Personal data to our third-party vendors and others within and outside Europe (including in the US). In these cases, we use privacy shield certified providers, or providers with Data Processing Agreements or the EU Model Clauses.
If you are in the European Union, please be aware that information we collect about you may be transferred to and processed outside of the European Union. By using the Site and the Service, or providing us with any information, you consent to the collection, processing, maintenance and transfer of such information in and to countries outside of the European Union in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside.
10 Third party websites
The Site may contain links to and from the websites of our partner networks, advertisers and affiliates or other third parties and the Services may appear on third party websites and online media. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we cannot and do not accept any responsibility or liability for these policies. Please check these policies carefully before you submit any Personal data to these websites.
11 Changes to our Policy
We may change this Policy from time to time, in whole or part, at our sole discretion. We encourage you to check our website to view the most recent version of this Policy. You may also request a copy of the most recent version of this Policy by contacting us. If, at any time, we decide to use your Personal data for a purpose that is different from the original purpose of collecting your Personal data, we will contact you regarding this change.
Last update: 21st January 2019
Remember: you can always get in touch!
We really do welcome any questions, comments and requests you may have regarding this Policy. You can contact us by emailing us at firstname.lastname@example.org.