top of page
RBCGC lOgo.png

GDPR Policy

1. Introduction

RBCGC Group ("we," "us," or "our") is committed to ensuring the protection and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

This document outlines how we process, store, and protect personal data while minimizing legal risks and ensuring full compliance with data protection laws in the United Kingdom.

2. Scope of GDPR Compliance

This GDPR Compliance Statement applies to:

  • Data collected from individuals who interact with RBCGC Group, including clients, students, business partners, and website visitors.

  • Personal data processed through our services, including student recruitment, digital business solutions, and incubator support.

  • Data shared with partner organizations such as RichReach.uk, educational institutions, and affiliated brands.

3. Legal Basis for Processing Data

Under the UK GDPR, we process personal data based on the following legal grounds:

  • Consent: When individuals provide explicit consent for marketing, communications, and student enrollment services.

  • Legitimate Interest: For business operations such as improving services, analytics, fraud prevention, and securing business transactions.

  • Contractual Obligation: When data processing is necessary to provide services (e.g., university applications, digital business services).

  • Legal Obligation: When we are required to process data to comply with UK laws and regulations.

4. Categories of Personal Data Processed

We collect and process the following types of personal data:

  • Personal Identifiable Information (PII): Full name, date of birth, contact details.

  • Educational Data: University applications, academic history, study preferences.

  • Financial Data: Student finance applications, scholarships, tuition payment details.

  • Marketing Data: Social media interactions, marketing campaign engagement.

  • Technical Data: IP addresses, device data, browsing behavior via cookies and analytics tools.

5. Data Collection Methods

We collect personal data through:

  • Online forms, applications, and website interactions.

  • Direct communication via phone, email, WhatsApp, or social media.

  • Data partnerships with organizations like RichReach.uk and educational institutions.

  • Tracking tools such as Google Analytics, Facebook Pixel, and LinkedIn Ads.

6. Data Security Measures

We implement strict security protocols to prevent unauthorized access, loss, or misuse of personal data. These include:

  • Data Encryption: Secure encryption of sensitive information.

  • Access Control: Limited access to personal data on a need-to-know basis.

  • Firewall & Antivirus Protection: Prevent cyber-attacks and unauthorized intrusions.

  • Data Retention Policy: Personal data is stored only for the necessary duration to fulfill legal and business obligations.

7. Data Sharing & Third-Party Access

We share personal data only when necessary and under strict security agreements:

  • RichReach.uk: Under our partnership agreement for student recruitment services.

  • Universities & Educational Institutions: For student applications and enrollment support.

  • Cloud Service Providers (Google Drive, CRM Systems, Web Hosting Platforms): For secure data storage.

  • Regulatory & Legal Authorities: If required by law enforcement or UK compliance regulations.

8. International Data Transfers

If personal data is transferred outside the UK, we ensure:

  • Compliance with UK GDPR adequacy decisions for secure transfers.

  • Contracts with Standard Contractual Clauses (SCCs) for third-party providers outside the UK.

  • Encryption and secure processing of any cross-border data transfers.

9. Data Subject Rights Under UK GDPR

Individuals whose data we process have the following rights:

  • Right to Access: Request details of personal data held.

  • Right to Rectification: Correct any inaccurate or incomplete data.

  • Right to Erasure ("Right to be Forgotten"): Request deletion of personal data under legal conditions.

  • Right to Restrict Processing: Limit how personal data is used.

  • Right to Object: Stop processing for marketing or other non-essential purposes.

  • Right to Data Portability: Transfer personal data to another service provider.

  • Right to Withdraw Consent: At any time, without affecting past processing.

10. Data Retention Policy

We retain personal data for the minimum necessary duration:

  • Student recruitment data: Up to 5 years after last interaction.

  • Business partner & client data: Up to 7 years for contractual/legal reasons.

  • Marketing data: Until the individual unsubscribes or withdraws consent.

11. Compliance with UK GDPR Regulations

12. Reporting Data Breaches

We comply with all UK GDPR legal obligations, including:

  • Maintaining internal records of data processing activities.

  • Performing Data Protection Impact Assessments (DPIA) when necessary.

  • Ensuring all data processing aligns with UK regulatory requirements.

  • Training employees on data protection and privacy best practices.

If a data breach occurs, we:

  • Immediately assess the impact and risk level.

  • Notify the UK Information Commissioner’s Office (ICO) within 72 hours if required.

  • Inform affected individuals if the breach poses a high risk to their data security.

  • Implement corrective measures to prevent future breaches.

13. Contact Information & Complaints

For GDPR-related inquiries or to exercise your data rights, contact us: 📧 Email: policies@rbcgcgroup.com
📍 Registered Office: 20-22 Wenlock Road, London, N1 7GU

If you believe your data has been misused, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.

 

Legal Disclaimer:

This GDPR Compliance Statement is designed to protect RBCGC Group and its subsidiaries from liability concerning data processing and legal disputes. RBCGC Group acts as a business incubator and does directly provide student recruitment, But Not branding, or digitalization services. These services are offered by affiliated brands, and data is processed accordingly.

This policy is subject to updates. Continued use of our services after policy changes indicates acceptance of the revised terms. Last updated: 18/02/2025

bottom of page