DATA PROTECTION POLICY

DC Global Academy

A Division of DC Global Education Group Ltd (United Kingdom)

1. Policy Statement

DC Global Academy is committed to safeguarding personal data and ensuring that all data processing activities are conducted lawfully, fairly, transparently, and securely in accordance with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Applicable international privacy principles where relevant

As part of DC Global Education Group Ltd, we recognise our responsibility to maintain the confidentiality, integrity, and availability of personal data entrusted to us by learners, instructors, institutional partners, corporate clients, and website users.

Data protection is embedded into our governance framework and operational procedures.

2. Scope of this Policy

This policy applies to:

  • All personal data processed by DC Global Academy

  • Digital and paper-based records

  • Learner information

  • Instructor and partner information

  • Admissions-related data

  • Financial and transactional records

  • Website and platform user data

It covers processing carried out through:

  • Our website

  • Learning management systems

  • Admissions guidance services

  • Event registration forms

  • Communications channels

  • Payment gateways

  • Institutional partnerships

3. Data Controller & Responsibility

The Data Controller is:

DC Global Education Group Ltd
United Kingdom
Email: dataprotection@dcglobalacademy.com

Ultimate responsibility for data protection compliance rests with DC Global Education Group Ltd.

Operational data protection oversight is integrated into:

  • Governance & Compliance oversight

  • Platform administration

  • Admissions support services

  • Financial administration functions

4. Data Protection Principles

DC Global Academy adheres strictly to the seven core principles of UK GDPR:

4.1 Lawfulness, Fairness & Transparency

Personal data is processed lawfully, fairly, and in a transparent manner. Individuals are informed about how their data is used.

4.2 Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

4.3 Data Minimisation

Only personal data necessary for the intended purpose is collected and processed.

4.4 Accuracy

Personal data is kept accurate and up to date. Reasonable steps are taken to rectify inaccurate data.

4.5 Storage Limitation

Personal data is retained only for as long as necessary to fulfil its purpose or meet legal obligations.

4.6 Integrity & Confidentiality

Appropriate technical and organisational measures are applied to ensure security against unauthorised or unlawful processing, accidental loss, destruction, or damage.

4.7 Accountability

We maintain documentation and evidence demonstrating compliance with data protection obligations.

5. Categories of Personal Data Processed

We may process the following categories:

5.1 Identity Data

  • Full name

  • Date of birth (where required)

  • Nationality (where relevant to admissions)

5.2 Contact Data

  • Email address

  • Telephone number

  • Residential address

5.3 Educational & Academic Data

  • Educational background

  • Programme enrolment history

  • Assessment records

  • Completion status

  • Certificates issued

5.4 Financial Data

  • Payment confirmation records

  • Transaction history

  • Refund records

(Note: Payment card details are processed directly by secure third-party payment processors and are not stored on our servers.)

5.5 Technical Data

  • IP addresses

  • Browser type

  • Device information

  • Usage logs

5.6 Communications Data

  • Email correspondence

  • Support enquiries

  • Complaints and appeals submissions

6. Lawful Bases for Processing

Personal data is processed under the following lawful bases:

  • Performance of a contract (e.g., course enrolment and delivery)

  • Legal obligation (e.g., financial recordkeeping, regulatory compliance)

  • Legitimate interests (e.g., fraud prevention, quality assurance)

  • Consent (e.g., marketing communications)

Where consent is required, it is obtained explicitly and may be withdrawn at any time.

7. Data Processing Purposes

We process personal data to:

  • Register and manage learner accounts

  • Deliver online and partner programmes

  • Issue certificates

  • Provide admissions guidance

  • Facilitate partner institution referrals

  • Process payments and refunds

  • Provide learner support

  • Manage instructor relationships

  • Comply with legal and regulatory obligations

  • Conduct internal quality assurance reviews

We do not sell personal data to third parties.

8. Data Sharing & Third Parties

Personal data may be shared with:

  • Partner institutions (where necessary for programme delivery or admissions)

  • Secure payment processors (e.g., Stripe)

  • Hosting and technology service providers

  • Professional advisers (accountants, legal advisers)

  • Regulatory authorities (where legally required)

All third-party processors are subject to contractual safeguards and confidentiality obligations.

9. International Data Transfers

Where personal data is transferred outside the UK, appropriate safeguards are implemented, including:

  • Contractual protections

  • Secure transmission protocols

  • Risk assessments

Transfers are conducted only where lawful and necessary.

10. Data Security Measures

We implement appropriate security measures, including:

  • SSL encryption (HTTPS)

  • Secure hosting infrastructure

  • Role-based access controls

  • Password management policies

  • Limited administrative access

  • Activity logging and monitoring

  • Regular software updates

  • Secure backup procedures

Security measures are reviewed periodically.

11. Data Retention

Personal data is retained for:

  • Course completion verification

  • Legal compliance and accounting purposes

  • Dispute resolution

  • Accreditation documentation support

Retention periods vary based on legal and operational requirements. Data is securely deleted or anonymised when no longer required.

12. Data Subject Rights

Individuals have the right to:

  • Request access to their personal data

  • Request correction of inaccurate data

  • Request deletion (where applicable)

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent

Requests may be submitted to: dataprotection@dcglobalacademy.com

Identity verification may be required prior to processing requests.

13. Data Breach Response

In the event of a personal data breach:

  • The incident will be assessed immediately

  • Risks to affected individuals will be evaluated

  • Regulatory authorities will be notified where required

  • Affected individuals will be informed if legally necessary

  • Corrective measures will be implemented

All incidents are documented and reviewed.

14. Governance & Oversight

Data protection is integrated into our governance framework through:

  • Policy documentation

  • Staff and instructor awareness

  • Risk assessment procedures

  • Oversight by DC Global Education Group Ltd

  • Periodic internal review

This ensures ongoing compliance and accountability.

15. Policy Review

This policy is reviewed regularly to ensure alignment with:

  • Legislative updates

  • Regulatory changes

  • Operational developments

  • Institutional best practices

16. Contact Information

For data protection enquiries:

DC Global Academy
A division of DC Global Education Group Ltd
United Kingdom
Email: dataprotection@dcglobalacademy.com