GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on 25 May 2018. As an education consultancy operating in Ireland and serving students from around the world, Brightpath Global is fully committed to GDPR compliance and protecting the privacy rights of everyone we work with.

What is GDPR?

The GDPR is the European Union's regulation on data protection and privacy. It gives individuals greater control over their personal data and places strict obligations on organisations that collect and process personal information. The regulation applies to:

• All organisations based in the EU/EEA that process personal data
• Organisations outside the EU/EEA that offer goods or services to EU residents
• Any organisation that monitors the behaviour of EU residents

As a Dublin-based education consultancy, GDPR applies directly to our operations. We also recognise that many of our clients come from countries with their own data protection laws, and we strive to meet the highest standards globally.

Our Commitment to GDPR Compliance

Brightpath Global has implemented comprehensive measures to ensure GDPR compliance across all aspects of our business. Our commitment includes:

Lawfulness, Fairness, and Transparency

We only process personal data when we have a lawful basis to do so. We are transparent about what data we collect, why we collect it, and how we use it. Our Privacy Policy provides detailed information about our data practices.

Purpose Limitation

We collect personal data only for specified, explicit, and legitimate purposes. We do not use your data for purposes incompatible with those for which it was originally collected. For example:

• Application data is used to process your university applications
• Contact details are used to communicate about your enquiries and services
• Analytics data is used to improve our website experience

Data Minimisation

We collect only the personal data that is necessary for the purposes we have specified. We do not ask for information we do not need, and we regularly review our data collection practices to ensure they remain appropriate.

Accuracy

We take reasonable steps to ensure the personal data we hold is accurate and up to date. We encourage you to inform us of any changes to your information, and you have the right to request correction of inaccurate data at any time.

Storage Limitation

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our Privacy Policy includes our data retention schedule.

Integrity and Confidentiality

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or damage. This includes:

• SSL/TLS encryption for data transmission
• Secure storage systems with access controls
• Regular security reviews and updates
• Staff training on data protection

Accountability

We maintain records of our data processing activities and can demonstrate our compliance with GDPR principles. We take responsibility for protecting your data and are prepared to respond to any data protection concerns.

Your Rights Under GDPR

GDPR provides individuals with powerful rights over their personal data. At Brightpath Global, we respect and facilitate these rights:

How We Process Your Data

As an education consultancy, we process personal data in several ways:

For University Applications

When you engage our services to apply to Irish universities, we collect and process:

• Personal identification details (name, date of birth, nationality)
• Contact information (email, phone, address)
• Academic records (transcripts, certificates, test scores)
• Supporting documents (personal statements, references)

This data is processed under the legal basis of contract performance — it is necessary to fulfil our agreement to help you apply to universities.

For Website Enquiries

When you submit an enquiry through our website, we collect your name, email, and message content. This is processed under our legitimate interest in responding to potential clients.

For Website Analytics

We use Google Analytics to understand how visitors use our website. This involves processing of technical data (IP address, browser type, pages visited) under our legitimate interest in improving our services. See our Cookie Policy for details.

For Marketing Communications

If you subscribe to our newsletter or marketing updates, we process your contact details based on your consent. You can withdraw consent at any time.

Data Sharing with Universities

An essential part of our service involves sharing your application materials with Irish universities and colleges. This data sharing is:

• Necessary to fulfil our contract with you
• Limited to data required for your applications
• Only with institutions you have chosen to apply to
• Subject to each institution's own privacy policies

Irish universities are themselves subject to GDPR and maintain their own data protection practices. We encourage you to review each institution's privacy policy when applying.

International Data Transfers

While Brightpath Global is based in Ireland (within the EEA), some of our service providers may be located in other countries. When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• Adequacy decisions: Transfers to countries recognised by the EU as having adequate data protection
• Standard Contractual Clauses (SCCs): EU-approved contractual terms ensuring data protection
• Data Processing Agreements: Binding contracts with all third-party processors

Data Security Measures

We implement robust security measures to protect your personal data:

Data Breach Notification

In the unlikely event of a personal data breach, we will:

• Notify the Irish Data Protection Commission within 72 hours (where required)
• Inform affected individuals without undue delay if there is a high risk to their rights
• Document all breaches and our response actions
• Take steps to mitigate any potential harm

Exercising Your Rights

To exercise any of your GDPR rights, you can contact us at:

• Email: privacy@brightpathglobal.ie
• Contact Form: brightpathglobal.ie/contact
• Post: Brightpath Global, Dublin, Ireland

When you make a request:

• We will verify your identity to ensure the security of your data
• We will respond within one month (extendable by two months for complex requests)
• We will provide the service free of charge (unless requests are manifestly unfounded or excessive)
• We will explain our reasons if we cannot fulfil a request

Complaints and Supervisory Authority

If you are not satisfied with how we handle your data protection request, you have the right to lodge a complaint with a supervisory authority. In Ireland, this is:

We encourage you to contact us first to resolve any concerns, but you always have the right to approach the DPC directly.

Updates to Our Compliance Practices

Data protection law and best practices evolve over time. We regularly review and update our compliance measures to ensure we continue to meet our obligations. Any significant changes to our practices will be reflected in our Privacy Policy and, where appropriate, communicated to affected individuals.

Further Information

For detailed information about our data practices, please refer to:

• Privacy Policy — Full details on how we collect, use, and protect your data
• Cookie Policy — Information about cookies and tracking technologies on our website

If you have any questions about GDPR or how we protect your data, please don't hesitate to contact us.

Brightpath Global is committed to maintaining the highest standards of data protection. We believe that respecting your privacy is fundamental to building trust and providing excellent service.