Privacy Policy

1. Who We Are

Ibtiaath Ltd ("Ibtiaath", "we", "us", or "our") is a company registered in England and Wales (Company No. 17056260), with its registered address at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. We operate the Ibtiaath platform, a digital service that facilitates university admissions, scholarship applications, certified document translation, research publication assistance, and student flight booking.

We act as the data controller for personal data collected through our platform. For privacy enquiries, contact us at: privacy@ibtiaath.com

2. What Data We Collect

We collect the following categories of personal data:

• Identity data: full name, date of birth, nationality, passport or government-issued ID number
• Contact data: email address, phone number, postal address
• Academic data: educational qualifications, transcripts, certificates, grades, and academic history
• Financial data: payment card details (processed by our payment providers — we do not store full card numbers), billing address, and transaction history
• Document data: scanned copies of official and academic documents you upload
• Technical data: IP address, device type, browser type, operating system, and usage logs
• Communications data: messages, support requests, and correspondence with our team

We do not collect or process special category data (such as health, racial or ethnic origin, religious beliefs, or biometric data) unless you voluntarily provide it and we have a specific lawful basis to process it.

3. Legal Basis for Processing (GDPR)

Under the UK GDPR and EU GDPR, we rely on the following legal bases to process your personal data:

• Contract performance (Art. 6(1)(b)): Processing necessary to deliver the services you have requested, including processing applications and payments.
• Legitimate interests (Art. 6(1)(f)): Improving our platform, fraud prevention, security, and internal analytics. We balance these interests against your rights.
• Legal obligation (Art. 6(1)(c)): Compliance with applicable laws, including financial regulations and anti-money laundering requirements.
• Consent (Art. 6(1)(a)): Where we send marketing communications or use non-essential cookies. You may withdraw consent at any time.

4. How We Use Your Data

• Processing and submitting your university admission applications
• Applying for scholarships on your behalf
• Translating and certifying academic documents
• Processing payments securely through third-party payment processors
• Assisting with research publication
• Booking student flights
• Communicating with you about your applications and account
• Detecting and preventing fraud and misuse of the platform
• Complying with legal obligations
• Sending service-related updates and, where consented, marketing communications

5. Sharing Your Data

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your data with:

• Universities and academic institutions: to process your admission or scholarship applications
• Payment processors: to securely handle financial transactions (e.g., Stripe, PayPal). These providers are PCI DSS compliant and process payments under their own privacy policies.
• Certified translators and authentication authorities: to fulfill translation and attestation services
• Cloud service providers: who host and secure our platform infrastructure under data processing agreements
• Legal and regulatory authorities: where required by law, court order, or regulatory body

All third-party processors are bound by data processing agreements and are required to handle your data in accordance with applicable data protection laws.

6. International Data Transfers

Some of our service providers may be located outside the UK or European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission, or reliance on adequacy decisions. You may request a copy of these safeguards by contacting us.

7. Data Retention

We retain your personal data only as long as necessary for the purposes set out in this policy:

• Account and service data: retained for the duration of your account plus 3 years after closure
• Financial and transaction records: retained for 7 years in compliance with UK financial regulations
• Application and document data: retained for 2 years from the date of the last service
• Marketing consent records: retained until you withdraw consent or for 3 years of inactivity
• Technical logs: retained for up to 12 months

After the applicable retention period, data is securely deleted or anonymised.

8. Your Rights Under GDPR

If you are located in the UK, EEA, or a jurisdiction with equivalent data protection laws, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your data in certain circumstances
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, email us at privacy@ibtiaath.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to delete: Request deletion of your personal information, subject to certain exceptions
• Right to correct: Request correction of inaccurate personal information
• Right to opt-out of sale or sharing: We do not sell or share your personal information for cross-context behavioural advertising. There is nothing to opt out of.
• Right to non-discrimination: We will not discriminate against you for exercising any of these rights
• Right to limit use of sensitive personal information: Contact us to limit our use of sensitive personal data to what is necessary to provide services

To submit a verifiable consumer request, contact us at privacy@ibtiaath.com. We will respond within 45 days.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include TLS encryption for data in transit, encrypted storage for sensitive documents, access controls, and regular security reviews. In the event of a data breach that is likely to result in a high risk to your rights, we will notify you and the relevant supervisory authority in accordance with applicable law.

11. Children's Privacy

Our platform is intended for users aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18 without verified parental or guardian consent. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

12. Cookies

We use cookies and similar tracking technologies as described in our Cookie Policy. You can manage your cookie preferences through our consent banner or your browser settings.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the platform. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our platform after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: