Privacy Policy & GDPR Compliance Statement

Collection and use of information

We only collect the minimum amount of personal data required to fulfil the purpose for which it is collected, in line with the principle of data minimisation. While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to, your email address ("personal information").

Legal basis for processing personal data

We process your personal data based on one or more of the following legal bases:

• Consent: You have given clear consent to the processing of your data for specific purposes (e.g., to receive marketing communications).
• Performance of a contract: The processing is necessary for the performance of a contract with you.
• Legal obligation: The processing is necessary to comply with a legal obligation.
• Legitimate interests: The processing is necessary for our legitimate interests, provided these are not overridden by your data protection rights.

Log data

We collect information that your browser sends whenever you visit our service ("log data"). This log data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

Service providers

We may employ third-party companies and individuals to facilitate our service, provide the service on our behalf, perform service-related tasks, or assist us in analysing how our service is used. These third parties have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We have data processing agreements in place with these third parties to ensure they comply with GDPR.

Data retention

We will retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected or as required by law. Once the data is no longer needed, it will be securely deleted or anonymised.

Security

The security of your personal information is important to us. We have implemented measures such as encryption, access controls, and secure storage (using OneDrive for Business) to protect your data. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

International data transfers

If we transfer your personal data outside the United Kingdom or European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws. This may include the use of Standard Contractual Clauses or other approved mechanisms.

User rights under GDPR

You have the following rights under GDPR:

• Access: The right to request access to your personal data.
• Correction: The right to request correction of any inaccurate personal data.
• Deletion: The right to request deletion of your personal data.
• Restriction: The right to request restriction of processing your personal data.
• Data portability: The right to request the transfer of your personal data to another service provider.
• Objection: The right to object to the processing of your personal data.
• Rights related to automated decision-making and profiling: The right to not be subject to a decision based solely on automated processing, including profiling.

To exercise any of these rights, please contact us at global@academic-action.com.

Data breaches

In the event of a data breach, we will notify affected individuals and relevant supervisory authorities within 72 hours, in accordance with GDPR requirements. We will provide details of the breach, its potential impact, and the measures we are taking to mitigate it.

Links to other sites

Our service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

Children’s privacy

Our service does not address anyone under the age of 13 ("children"). We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we take steps to remove that information from our servers.

Changes to this privacy policy

We may update our privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page. You are advised to review this privacy policy periodically for any changes. Changes to this privacy policy are effective when they are posted on this page. If we make any material changes to this privacy policy, we will notify you either through the email address you have provided us or by placing a prominent notice on our website.

Data controller and processor roles

Academic Action Ltd. acts as a data controller for personal data collected directly through our services. When we process personal data on behalf of another organisation, we act as a data processor and follow their instructions in handling the data.

Data protection officer (DPO)

For any questions or concerns regarding your data, you can contact our Data Protection Officer at global@academic-action.com.

Jurisdiction

This policy will be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.

For further questions or concerns, please contact us at global@academic-action.com.

‍