This policy explains how we collect, use, store, and protect your personal information when you interact with Project Access.
We, at Project Access International, have a strong commitment to protect the privacy of all individuals in respect of which it processes information. We will only collect and use information in a manner consistent with your rights and our obligations under applicable law.
This Privacy Policy (the “Policy”) describes how information about you is collected and used by us or shared with others, how we safeguard it and how you may access and control its use.
This Policy applies to visitors to our website located at www.projectaccess.org (the “Site”) inclusive of any sub-domains of the Site, our social media pages, and to all users or potential users (mentees and mentors) of our services (the “Services”).
Protecting your privacy is paramount to us. Please read the following carefully to understand our views and practices regarding your information. By using the Site and the Services and/or otherwise interacting with Project Access International, you consent to us processing your personal data and other information in accordance with this Policy.
If you do not accept and agree with this Privacy Policy, you must stop using our Services immediately.
If you have any questions, concerns or comments about this Policy, please contact us at support@projectaccess.org.
For the purpose of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the Data Controller is Project Access. Project Access refers to the registered charity in England and Wales, Project Access International (charity number: 1190102), and our incorporated entities across the world. During the course of our charitable activities, we will process personal data about you in accordance with the GDPR.
“Personal data” means information we hold about you from which you can be or are identified. Personal data may be held in paper or electronic format or in another recorded form including photographs or video clips. It may include the following information: your name, contact details (personal and/or work details), next of kin details, criminal offences, financial background, educational background, university preferences, and expressions of opinion about you or indications of our management intentions towards you.
“Processing” means doing anything with personal data, such as accessing, disclosing, destroying, transferring, holding, amending, deleting or using the personal data.
We will comply with the six key principles in the GDPR. Your personal data shall be:
We are a mentorship network for helping students apply to top universities worldwide. We continuously expand our network and our focus is on building close, long-term relationships that enable us to deliver this service free of charge to those who need it. To do our job well and connect people in the best possible way, we need to understand our Mentees and Mentors well. To achieve the above, we create detailed profiles about our Mentees and Mentors to understand exactly who they are.
We collect six categories of personal data:
We may collect and process the following data about you:
We collect the following personal data when potential Mentees sign up to receive our emails:
Our lawful basis for processing is consent.
We collect the following personal data when Mentees sign up to our mentorship platform:
Our lawful basis for processing is to raise and fulfil a contract.
We process special category data, specifically ethnicity, for equality of opportunity in the public interest (Article 9(2)(g), Schedule 1 of the DPA 2018).
We use automated algorithms to match Mentees and Mentors based on the personal data provided. However, any decision for matching will have the final sign-off by a Project Access team member.
We collect the following personal data when potential Mentors sign up to receive our emails:
Our lawful basis for processing is consent.
We collect the following personal data when Mentors sign up to our mentorship platform:
Our lawful basis for processing is to raise and fulfil a contract.
We process special category data, specifically ethnicity, for equality of opportunity in the public interest (Article 9(2)(g), Schedule 1 of the DPA 2018).
We use automated algorithms to match Mentees and Mentors based on the personal data provided. However, any decision for matching will have the final sign-off by a Project Access team member.
We collect the following personal data when content contributors provide us with information for our knowledge bases, both online and in print:
Our lawful basis for processing is consent.
We don’t require you to provide special category data (i.e. ethnicity), but if you do provide such data, you consent to our use of it for publishing both online and in print.
We collect the following personal data when donors make a contribution:
Our lawful basis for processing is to raise and fulfil a contract. We will not contact you for the purposes of direct marketing without your explicit consent.
We collect the following personal data when potential Team Members sign up to receive our emails:
Our lawful basis for processing is consent.
We collect the following personal data when potential Team Members send us an application for a volunteer or job opening:
Our lawful basis for processing is legitimate interests.
We collect the following personal data when Team Members are on-boarded:
Our lawful basis for processing is to raise and fulfil a contract.
We process special category data, specifically ethnicity, for equality of opportunity in the public interest (Article 9(2)(g), Schedule 1 of the DPA 2018).
When you visit the Site, visit our social media pages or interact with the Services, we may use a variety of technologies that automatically or passively collect information about how the Site is used (“Usage data”).
We collect the following data when users visit our Site:
Usage data may include weblogs and other communication data, browser type, operating system, the page served, the duration of your visit, the time, referring URLs and other information normally transmitted in HTTP requests. Usage Data is statistical data about our users’ browsing actions and patterns and does not identify any individual. We will treat Usage data as personal data if we combine it with you as a specific and identifiable person.
Our lawful basis for processing is legitimate interests.
A cookie is a small file of letters and numbers that we put on your computer if you use the Site. By browsing the Site you agree to having these cookies placed on your computer. The cookies collect information in an anonymous form, including the number of visitors to a website, from where visitors to a website have come from and the pages visited.
Please read our Cookie Policy for further information.
We use Google Analytics to collect anonymous data about the users of our Site such as:
You can prevent Google Analytics from collecting this information by installing the Google opt-out browser add-on:
https://tools.google.com/dlpage/gaoptout.
However, if you block all cookies you may not be allowed access to all or parts of our Site, and some functions and features of the Site and/or the Services may not work properly. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies as soon as you visit our Site.
To learn how Google uses data collected from our Site, please see the following link:
https://policies.google.com/privacy/partners?hl=en-GB&gl=uk.
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand users’ experience – for example:
This enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on users’ behaviour and their devices. This includes:
Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user.
For further details, please see Hotjar’s privacy policy:
https://www.hotjar.com/legal/policies/privacy/.
You can opt out of the creation of a user profile, Hotjar’s storing of data about your usage of our site, and Hotjar’s use of tracking cookies on other websites by following this opt-out link:
https://www.hotjar.com/policies/do-not-track/.
Your personal data has only been collected, utilised or shared by Project Access if:
We use the information you provide to us to:
We will keep the personal data we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you. We will not keep your personal data for longer than is necessary for the purpose. This means that data will be erased from our systems or anonymised when it is no longer required.
Any email marketing messages we send are done so through an EMS (email marketing service). An EMS is a third-party service provider of software/applications that allows marketers to send out email marketing campaigns to a list of users. Our EMS is SendGrid. Email marketing messages that we send may contain tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as times, dates, IP addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations, will show the activity each subscriber made for that email campaign. Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences; you can also contact the EMS provider (SendGrid).
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties that provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
In some circumstances, we are legally obliged to share information. For example, when we are involved in legal proceedings such as a safeguarding incident, or when we are complying with the requirements of legislation, a court order, or a governmental or regulatory authority.
Where we share your data with a third party, we will have regard to the six data protection principles.
We may disclose your personal information to third parties:
Currently, we share information with the following organisations, who operate under their own privacy policies referenced below:
We may combine your Usage Data and/or your personal data with those of other users of the Services and the Site and share or provide this trend information in aggregated and anonymised form with third parties, such as prospective investors, affiliates, partners, advertisers and research bodies. This will only ever be anonymised data, and will never be capable of personally identifying an individual, and will only be shared in accordance with applicable law. For example, we may anonymise your personal information and use it in aggregated form in order to report on industry, marketing and employment trends.
We will take appropriate steps to ensure that the processing of personal data is lawful or authorised, and to prevent the accidental loss, or damage to, personal data. We continuously strive, in accordance with industry standards, to have in place procedures and technologies to maintain the security of all personal data and confidential data from the point of collection to the point of destruction.
We transfer personal data to third parties where they agree to comply with similar procedures and policies or have in place adequate measures. An adequate measure would be a privacy shield certification, a Data Processing Agreement or a contract based on the EU Model Clauses.
To protect your personal data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Services. Steps we take to secure and protect your data include:
Please remember that the transmission of information via the internet is not completely secure. We will do our best to protect your information, but we cannot guarantee the security of your data transmitted to our Site. Any transmission is at your own risk. Once we have received your information, we will use security features to try to prevent unauthorised and unlawful access.
If a security breach causes an unauthorised intrusion into our system that materially or non-materially provides a risk to you, we will notify you as soon as possible and later report the action we took in response to any breach.
We will not retain your personal data longer than is necessary to fulfil the purposes for which it was collected. However, we may be required by applicable laws and/or regulations to hold your personal data longer than this period. If no contradicting legal obligation exists, we reserve the right to delete Mentor or Mentee profiles that have been inactive for at least 36 months, or when you request that your personal data be erased and no longer processed by us. Additionally, where there is a contradicting statutory obligation for us to retain your personal data, we will restrict/block further processing and then erase the relevant personal data when we no longer have a requirement to retain it.
You have:
Please note that all these rights are qualified in various ways. For example, where we store your personal data for statistical purposes, we may not be able to comply with an erasure request where it would likely impair such statistical purposes, or where we require your personal data for compliance with a legal obligation or in connection with legal proceedings.
You may contact our Data Protection Lead about all issues related to this Policy, your personal data and to exercise your rights under Data Protection laws. Requests must be made in writing and sent to support@projectaccess.org.
You can exercise your right to erasure at any time by contacting us at the same email address. We will, however, retain your name solely to record that you do not want us to keep further information about you.
If you feel that the processing of your personal data is not in line with our data-protection obligations, you can complain to our supervisory authority:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: https://ico.org.uk/
We are a charity registered in England and Wales that operates globally. Consequently, our use of your information involves international data transmission, including to countries outside the European Economic Area (EEA) where data-protection laws may not be considered “adequate” by the European Commission.
For data transfers to countries without an adequacy decision, we rely on several mechanisms to safeguard your data:
By using our Site and Services, or by providing us with your information, you consent to such international transfers and processing, including to countries where privacy rights may be less comprehensive than in your country of residence.
The Site may contain links to, or appear within, third-party websites and online media. Each of these external sites has its own privacy policy. We cannot accept responsibility or liability for their content or policies. Please review those policies carefully before submitting any personal data to those websites.
We may change this Policy from time to time, in whole or in part, at our sole discretion. Please check our website for the most recent version. You may also request a copy by contacting us. If we decide to use your personal data for a purpose different from the one originally notified, we will contact you to inform you of the change.
Last update: 2nd July 2024
We welcome any questions, comments or requests regarding this Policy. Please email us at support@projectaccess.org.
Whether you’re a student, mentor, or partner.
We’d love to hear from you and make things happen.