Brightpath Global ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (brightpathglobal.ie) or use our education consultancy services.
1. Who We Are
Brightpath Global is an education consultancy based in Dublin, Ireland, helping international students pursue their studies at Irish universities and colleges. For the purposes of the General Data Protection Regulation (GDPR), we are the data controller responsible for your personal data.
Contact Details:
- Company Name: Brightpath Global
- Address: Dublin, Ireland
- Email: privacy@brightpathglobal.ie
- Website: brightpathglobal.ie
2. Information We Collect
We collect and process different types of personal information depending on how you interact with us:
2.1 Information You Provide Directly
When you contact us, submit an enquiry, or use our consultancy services, you may provide:
- Identity Data: Full name, date of birth, gender, nationality, passport details
- Contact Data: Email address, telephone number, postal address, country of residence
- Education Data: Academic qualifications, transcripts, certificates, English language test scores (IELTS, PTE, TOEFL), previous institutions attended
- Application Data: University preferences, course selections, personal statements, reference letters
- Financial Data: Information about funding sources (for visa applications or scholarship assessments)
- Communication Data: Records of correspondence via email, phone, or contact forms
2.2 Information Collected Automatically
When you visit our website, we automatically collect certain technical information:
- Technical Data: IP address, browser type and version, device type, operating system, time zone setting
- Usage Data: Pages visited, time spent on pages, navigation paths, referring website or source
- Cookie Data: Information collected through cookies and similar tracking technologies (see our Cookie Policy)
2.3 Information from Third Parties
We may receive information about you from:
- Partner universities and colleges regarding your application status
- Referrals from other students or educational agents
- Social media platforms if you engage with our social profiles
3. Legal Basis for Processing
Under GDPR, we must have a lawful basis to process your personal data. We rely on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing consultancy services and processing university applications | Contract: Processing is necessary to perform our contract with you |
| Responding to enquiries and providing information | Legitimate Interest: To respond to potential clients and provide requested information |
| Sending marketing communications (newsletters, updates) | Consent: Only with your explicit opt-in consent |
| Website analytics and improvement | Legitimate Interest: To understand website usage and improve our services |
| Legal compliance (visa documentation, regulatory requirements) | Legal Obligation: To comply with applicable laws and regulations |
4. How We Use Your Information
We use your personal information for the following purposes:
4.1 To Provide Our Services
- Assessing your eligibility for Irish universities and courses
- Preparing and submitting applications on your behalf
- Communicating with universities regarding your applications
- Providing guidance on visa applications and documentation
- Offering advice on accommodation, travel, and settling in Ireland
4.2 To Communicate With You
- Responding to your enquiries and requests
- Providing updates on your application status
- Sending important notifications about our services
- With your consent, sending newsletters and promotional content
4.3 To Improve Our Services
- Analysing website usage to enhance user experience
- Understanding trends in student preferences
- Developing new services based on client needs
4.4 To Comply With Legal Obligations
- Maintaining records as required by law
- Cooperating with regulatory authorities
- Protecting our legal rights and interests
5. Data Sharing and Disclosure
We take your privacy seriously and do not sell your personal information to third parties. However, we may share your data with:
5.1 Irish Universities and Colleges
As an essential part of our service, we share your application materials (personal details, academic records, supporting documents) with the universities and colleges you apply to. This sharing is necessary to process your applications and is covered under our contract with you.
5.2 Service Providers
We work with trusted third-party service providers who help us operate our business:
- Website Hosting: Secure servers to host our website
- Email Services: To manage communications
- Analytics: Google Analytics for website usage analysis
- CRM Systems: To manage client relationships securely
These providers are contractually bound to protect your data and only process it on our instructions.
5.3 Legal and Regulatory Authorities
We may disclose your information when required by law, court order, or to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Respond to lawful requests from public authorities
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. You will be notified of any such change and the choices you have regarding your data.
6. International Data Transfers
As we work with universities in Ireland and service providers that may be located outside the European Economic Area (EEA), your data may be transferred internationally. When this occurs, we ensure appropriate safeguards are in place:
- Adequacy Decisions: Transfers to countries the EU has deemed to provide adequate protection
- Standard Contractual Clauses: EU-approved contracts ensuring data protection standards
- Data Processing Agreements: Binding agreements with all processors
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Application records (successful applicants) | 7 years from course completion |
| Application records (unsuccessful applicants) | 3 years from last contact |
| Enquiry data (non-clients) | 2 years from last contact |
| Marketing consent records | Until consent is withdrawn |
| Website analytics data | 26 months (Google Analytics default) |
After these periods, we securely delete or anonymise your data unless a longer retention is required by law.
8. Your Rights Under GDPR
Under the General Data Protection Regulation, you have significant rights regarding your personal data. These rights include:
8.1 Right to Access
You can request a copy of the personal data we hold about you. This is known as a "Subject Access Request" (SAR). We will respond within one month of receiving your request.
8.2 Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to request correction. We will update our records promptly.
8.3 Right to Erasure ("Right to be Forgotten")
In certain circumstances, you can request that we delete your personal data. This right applies when:
- The data is no longer necessary for its original purpose
- You withdraw consent (where consent is the legal basis)
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
8.4 Right to Restrict Processing
You can request that we limit how we use your data while we address a concern you have raised, such as verifying accuracy or considering an objection.
8.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and to transmit it to another organisation.
8.6 Right to Object
You can object to processing based on legitimate interests or direct marketing. For marketing, we will stop processing immediately. For other purposes, we will stop unless we have compelling legitimate grounds.
8.7 Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making.
Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: privacy@brightpathglobal.ie
- Contact Form: brightpathglobal.ie/contact
We will respond to your request within one month. We may need to verify your identity before processing your request. If your request is complex or we receive multiple requests, we may extend the response time by up to two additional months, in which case we will inform you.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:
- Encryption: Data transmitted via our website is protected using SSL/TLS encryption (HTTPS)
- Access Controls: Only authorised personnel can access personal data, with role-based permissions
- Secure Storage: Data is stored on secure servers with appropriate physical and digital safeguards
- Regular Reviews: We regularly review and update our security practices
- Staff Training: Our team receives training on data protection and privacy practices
While we take all reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.
10. Children's Privacy
Our services are primarily directed at prospective university students, who are typically 18 years or older. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will take steps to delete such information.
11. Third-Party Links
Our website may contain links to third-party websites (such as university websites, social media platforms, or external resources). We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies before providing any personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Post a prominent notice on our website
- Where appropriate, notify you by email
We encourage you to review this policy periodically to stay informed about how we protect your information.
13. Complaints and Supervisory Authority
If you have concerns about how we handle your personal data, we encourage you to contact us first so we can try to resolve the issue. However, you also have the right to lodge a complaint with a supervisory authority.
In Ireland, the supervisory authority is:
- Data Protection Commission (DPC)
- 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
- Website: www.dataprotection.ie
- Phone: +353 1 765 0100 / 1800 437 737
14. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:
- Email: privacy@brightpathglobal.ie
- Contact Form: brightpathglobal.ie/contact
- Post: Brightpath Global, Dublin, Ireland
For information about cookies and tracking technologies, please see our Cookie Policy. For an overview of our GDPR compliance practices, visit our GDPR Compliance page.
This Privacy Policy is governed by and construed in accordance with the laws of Ireland and the European Union. By using our website and services, you acknowledge that you have read and understood this policy.