PRIVACY POLICY

Bajaj Study Abroad Education LLP

Introduction & Governance Structure

Bajaj Study Abroad Education LLP (“the Company,” “we,” “us,” or “our”) is an international student recruitment firm operating from India. We facilitate student placements into higher education institutions across the United Kingdom. This Privacy Policy governs the collection, processing, storage, and transfer of personal data relating to prospective and enrolled students interacting with our services, website, and digital infrastructure.

1.1 Governance & Accountability Structure

The Company maintains an established data governance framework to ensure compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

Data Protection Governance: The Company is not legally mandated to appoint a formal Data Protection Officer (DPO) under Article 37 of the UK GDPR. Compliance is managed directly by our designated Internal Data Protection Lead.
Contact Information: For all regulatory inquiries, exercises of data subject rights, or compliance matters, contact the Data Protection Lead directly at info@bajajeduworld.com.

1.2 Article 27 UK Representative Exemption Statement

The Company is established outside the United Kingdom and processes the personal data of UK-based individuals or data subjects intending to study in the UK. Under Article 27(2) of the UK GDPR, the Company is exempt from the statutory requirement to appoint a UK Representative based on the following cumulative legal criteria:

Occasional Processing: The processing of personal data relating to UK data subjects occurs strictly on an intermittent, seasonal basis tied to university intake cycles.
Absence of Risk: The processing operations do not involve high-risk profiling or systematic monitoring that would jeopardize the rights and freedoms of natural persons.
No Large-Scale Special Category Data: The Company does not process special category data or criminal conviction data on a large scale.

Clear Roles: Controller vs. Processor Classifications

The Company operates in dual capacities under UK GDPR guidelines depending on the specific phase of the student recruitment lifecycle:

2.1 The Company as a Data Controller

The Company acts as a Data Controller when determining the purposes and means of processing personal data for:

Initial student registrations, consultations, and profile evaluations.
Direct business operations, website diagnostics, and marketing communications.
Managing customer relationships prior to institutional submission.

2.2 The Company as a Data Processor

The Company acts as a Data Processor when performing processing operations on behalf of third parties:

Target Entities: Partner Higher Education Institutions in the UK (e.g., York St John University, Wrexham University, The University of Law, and Arden University) and official pathway providers (e.g., Navitas).
Scope: When compiling, formatting, and transferring application dossiers or visa evaluation documents, the respective UK university acts as the ultimate Data Controller. The Company processes this data strictly under the mandated boundaries of Data Processing Agreements (DPAs) and institutional instructions.

Lawful Bases for Processing (UK GDPR Article 6)

The Company processes personal data exclusively under the following valid legal bases defined in Article 6(1) of the UK GDPR:

Processing Activity / Purpose	Categories of Personal Data	Lawful Basis (UK GDPR Article 6)
Processing registrations, assessing initial academic eligibility, and counseling.	Name, Email, Phone, Academic Transcripts.	Article 6(1)(b) [Contractual]: Necessary to take specific steps at the request of the data subject prior to entering into a service contract.
Submitting applications and admissions portfolios to direct partner UK universities.	Academic Records, Financial Proofs, Passports, CVs, References.	Article 6(1)(b) [Contractual]: Performance of our core recruitment service agreement to secure university placement.
Maintaining customer relationships, executing business analytics, and internal quality audits.	Communication History, System Usage Data, Feedback Forms.	Article 6(1)(f) [Legitimate Interests]: Necessary for the Company’s legitimate operational interests to improve recruitment services.
Distributing institutional updates, course intake notifications, and marketing material.	Name, Contact Details, Program Preferences.	Article 6(1)(a) [Consent]: Explicit, freely given, specific, and informed opt-in consent.
Fulfilling regulatory reporting, financial audits, or anti-fraud verifications.	Identity Data, Financial Transaction Logs.	Article 6(1)(c) [Legal Obligation]: Necessary for compliance with statutory financial and regulatory laws.

3.1 Legitimate Interests and the Balancing Test

Where processing is conducted under Article 6(1)(f), the Company has performed a formal three-part Legitimate Interests Assessment (LIA) comprising:

Purpose Test: Identifying the legitimate commercial interest (e.g., network security, business optimization, service evaluation).
Necessity Test: Confirming that the processing is strictly necessary and that no less intrusive alternative exists.
Balancing Test: Weighing the Company’s business requirements against the individual’s privacy expectations. The processing is limited to non-intrusive operations where data subjects have a reasonable expectation of data use, ensuring zero adverse impact on their fundamental rights.

Special Category and Criminal Conviction Data Handling

The Company does not rely on generic or implied consent when processing sensitive personal data. Processing satisfies both an Article 6 lawful basis and an explicit Article 9 or Article 10 condition:

4.1 Special Category Data (Health & Disability Records)

Application: Collected only when a student requires institutional disability support, medical accommodations, or health disclosures for visa medical certifications.
UK GDPR Article 6 Basis: Article 6(1)(b) (Performance of contract/pre-contractual steps).
UK GDPR Article 9 Condition: Article 9(2)(g) – Processing is necessary for reasons of substantial public interest, specifically meeting the statutory requirements of the UK Equality Act 2010 to ensure equal opportunity and treatment.

4.2 Criminal Conviction and Offence Data

Application: Processed only where mandatory for institutional admissions screening or UK Visas and Immigration (UKVI) clearance.
Legal Basis: Article 10 of the UK GDPR read in conjunction with Section 10(5) and Schedule 1 of the UK Data Protection Act 2018. Processing is strictly limited to statutory safeguarding obligations, immigration compliance, and verification of institutional entry prerequisites.

Strict Data Minimization (Defined Scope of Collection)

The Company enforces a absolute prohibition against the collection of ambiguous, excessive, or unverified information. Data collection is strictly limited to the following categories required for international student recruitment:

Identity Data: Full legal name, date of birth, gender, nationality, and passport number.
Contact Data: Permanent residential address, personal email address, and telephone number.
Academic and Professional Data: Secondary and higher education transcripts, graduation certificates, English language proficiency test scores (e.g., IELTS, PTE), letters of recommendation, and curriculum vitae (CV).
Financial and Visa Data: Bank statements, sponsorship letters, funding proofs, and historical visa issuance/refusal documentation required for pre-CAS (Confirmation of Acceptance for Studies) financial checks.

No peripheral or non-essential personal information is requested or retained.

Automated Decision-Making and Lead Management Systems

The Company utilizes automated workflows within its Customer Relationship Management (CRM) and lead automation systems.

Operational Scope: Automation is limited strictly to administrative sorting, lead routing to designated counselors, and triggering email notifications regarding intake timelines or missing documentation.
Exclusion of Automated Decisions: The Company does not execute any automated decision-making or automated profiling that generates legal consequences or similarly significant effects for the individual under Article 22 of the UK GDPR.
Human-in-the-Loop Framework: Every critical assessment, evaluation of academic eligibility, and final decision to submit an application to a UK university is conducted entirely via human review by qualified Company counselors.

Cookie Compliance and Regulatory Enforcement (PECR Alignment)

In strict compliance with the Privacy and Electronic Communications Regulations (PECR), the Company operates a managed Cookie Consent Framework:

Prior Consent Enforcement: No non-essential cookies (including performance, analytical, behavioral tracking, or advertising cookies) are deployed, executed, or written to the user’s browser prior to active, affirmative consent.
Granular Opt-In Controls: Users are presented with distinct check-box interfaces allowing independent consent configurations for separate cookie categories. Essential/Strictly Necessary cookies required for basic website operation cannot be deactivated.
Consent Logging: Every user interaction within the cookie banner (consent grant, category selection, or total rejection) is recorded within a secure, time-stamped, anonymized consent log to satisfy the accountability requirements of the ICO.
Revocation Mechanism: Users retain the right to modify or completely withdraw cookie consent at any time via the persistent “Cookie Settings” hyperlink located permanently in the footer of our web domain.

Data Retention Justifications

The Company retains personal data only for the minimum duration required to satisfy operational, contractual, and legal compliance obligations:

Prospective Unenrolled Applicants: Where a student initiates contact or undergoes preliminary counseling but does not enter into a formal recruitment service agreement, all collected personal data is permanently deleted 2 years from the date of the last recorded interaction.
Enrolled and Placed Students: Where the Company successfully processes an application and places a student into a UK university, the complete physical and digital dossier is retained for 7 years following the formal closure of the application cycle.
- Justification: This 7-year retention period is legally mandated to comply with statutory corporate accounting regulations, tax audit compliance, and to provide evidence in the event of contractual liability claims or regulatory immigration audits.

Statutory Data Subject Rights Under the UK GDPR

Every individual covered by this Privacy Policy possesses the following enforceable legal rights under Chapter III of the UK GDPR:

Right of Access (Article 15): The right to obtain confirmation as to whether your data is being processed, and to receive a clear, complete copy of your personal data.
Right to Rectification (Article 16): The right to demand the immediate correction of inaccurate or incomplete personal data.
Right to Erasure / Right to be Forgotten (Article 17): The right to secure the permanent deletion of personal data where it is no longer necessary for the purposes collected, or where consent has been withdrawn and no overriding lawful basis exists.
Right to Restrict Processing (Article 18): The right to limit processing operations during disputes regarding data accuracy, legality, or verification tests.
Right to Data Portability (Article 20): The right to receive your personal data in a structured, commonly used, machine-readable format and transmit it directly to another controller.
Right to Object (Article 21): The right to object at any time to processing grounded in legitimate interests or direct marketing workflows.
Right to Withdraw Consent (Article 7(3)): The right to withdraw consent at any time without affecting the lawfulness of processing completed prior to the withdrawal.

9.1 Protocol for Exercising Rights

To exercise any statutory right, submit a formal written request to the Data Protection Lead at info@bajajeduworld.com. The Company will verify identity and fulfill valid requests within one calendar month of receipt, completely free of charge.

9.2 Regulatory Escalation

You have the right to lodge a formal complaint regarding the Company’s data handling practices directly with the UK Information Commissioner’s Office (ICO) via their official portal: https://ico.org.uk. We request that you contact our internal Data Protection Lead to resolve any grievances prior to engaging the regulator.

UK GDPR AND ICO COMPLIANCE

1. LAWFUL BASIS

Processing Purpose	Category of Data	Lawful Basis (Article 6)
Student Applications	Name, academic transcripts, passport copies, CVs.	Contract: Processing is necessary to take steps at the student’s request to enter into an agreement with a university.
Visa Support Services	Financial statements, CAS letters, immigration history.	Legal Obligation: Required to comply with UKVI (UK Visas and Immigration) and statutory requirements for international students.
B2B Channel Partnerships	Partner contact details, commission records, business IDs.	Contract: Necessary for the performance of the partnership agreement between Bajaj and the channel partner.
Marketing & Newsletters	Email addresses, course preferences.	Consent: Students or partners have opted-in to receive specific updates about intakes and university partners.
Fraud Prevention	Verification of academic documents and bank statements.	Legitimate Interests: Necessary for the legitimate interest of ensuring the integrity of the recruitment process for partner universities.
Website Analytics	IP addresses, browsing behavior via cookies.	Consent: Obtained via your PECR-compliant cookie banner for non-essential cookies.

2. UK GDPR RIGHTS

As an individual whose data we process, you have specific rights regarding your personal information. You can exercise these rights at any time by contacting our Data Protection Officer at info@bajajeduworld.com.

1. The Right to be Informed

You have the right to be told exactly how we use your data. This privacy policy serves as our way of being transparent about our collection, processing, and storage of your information.

2. The Right of Access (Subject Access Request)

You can ask us for a copy of the personal data we hold about you. This includes information regarding your university applications, visa documents, and communication history. We will typically provide this free of charge within one month.

3. The Right to Rectification

If any information we hold such as your academic transcripts, contact details, or passport information is inaccurate or incomplete, you have the right to have it corrected.

4. The Right to Erasure (‘The Right to be Forgotten’)

In certain circumstances, you can ask us to delete your data (e.g., if you withdraw your application and we no longer have a legal obligation to keep it).

Note: We may be unable to delete certain data if we are legally required to keep it for tax, audit, or UKVI compliance.

5. The Right to Restrict Processing

You can ask us to “block” or suppress the processing of your data. This means we can still store your data but cannot use it further (e.g., while we are verifying the accuracy of your files).

6. The Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services. We will provide your data in a structured, commonly used, and machine-readable format (such as a CSV or PDF).

7. The Right to Object

You have the absolute right to object to the processing of your data for direct marketing. You can also object if we are processing your data based on “Legitimate Interests,” unless we can demonstrate compelling grounds that override your interests.

8. Rights Related to Automated Decision-Making

You have the right to human intervention if a significant decision is made about you by a computer (e.g., an automated “pass/fail” on a preliminary application screening). At Bajaj Scholar, our recruitment experts review applications personally to ensure fairness.

9. How to Exercise Your Rights

To make a request regarding any of these rights, please follow these steps:

Submit a Request: Email us at info@bajajeduworld.com with the subject line “UK GDPR Rights Request.”
Identity Verification: To protect your privacy, we may ask for proof of identity (such as a copy of your passport) before releasing or changing any data.
Timeline: We will respond to your request within 30 days. If the request is complex, we may extend this by a further two months, but we will notify you if this is the case.

10. Lodging a Complaint

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113

3. INTERNATIONAL TRANSFER INFORMATION

Transfer of Data Outside the UK

To provide our recruitment services, Bajaj Study Abroad Education LLP may transfer your personal data between our offices in India and our partner institutions in the United Kingdom.

How we protect your data

When we transfer data to a country that does not have a UK “adequacy regulation” (such as India), we ensure it receives a level of protection “not materially lower” than that in the UK. We achieve this by:

Using the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) in our agreements with partners.
Conducting Transfer Risk Assessments (TRAs) to ensure local laws do not compromise your privacy.
Ensuring all data is transferred via secure, encrypted CRM and email channels.

By submitting your application, you acknowledge that your information will be processed in our Indian operations centers to facilitate your admission to UK institutions.

4. The PECR-Compliant Cookie Banner

1. Banner Visual Layout:

We value your privacy Bajaj Study Abroad Education LLP uses cookies to enhance your journey to the UK. We use necessary cookies for site security and, with your choice, marketing cookies to provide tailored university updates.

[ Accept All ] [ Reject All ] [ Manage Settings ] View our [Cookie Policy] for more details.

Functional Requirements:

Opt-in only: Marketing and tracking cookies (like Meta Pixel or your CRM tracker) must stay OFF until the student clicks “Accept All” or toggles them “On” in the settings.
Withdrawal: A small floating “Cookie Icon” must remain on every page so a student can change their mind at any time.

2. Detailed Cookie Policy

Add this section to your website. It should be its own page or a clearly marked section of your Privacy Policy.

1. Introduction

This Cookie Policy explains how Bajaj Study Abroad Education LLP (“we,” “us,” or “our”) uses cookies and similar technologies when you visit our website to explore international education opportunities.

2. What are Cookies?

Cookies are small text files stored on your device. They help us remember your preferences (like which universities you are interested in) and track how you use our site so we can improve your experience.

3. The Cookies We Use

We categorize our cookies based on their purpose:

Strictly Necessary (Always Active):
- Purpose: Security, load balancing, and remembering your privacy choices.
- Lawful Basis: Legitimate Interests / Necessity.
Performance & Statistics:
- Purpose: These allow us to count visits and traffic sources so we can measure the performance of our site.
- Retention: Typically 13 months.
Marketing & Automation (Requires Opt-In):
- Purpose: These are used to track your interests across the web to show you relevant advertisements for upcoming intakes.
- Third Parties: We use tools from Meta (Facebook Pixel), LinkedIn, and our CRM Lead Automation software.
- Retention: Varies (e.g., 90 days to 1 year).

Cookie Inventory

Cookie	Provider	Function	Expiry
_ga	Google	Site analytics	2 years
_fbp	Meta	Facebook advertising	3 months
Bajaj_Portal	Internal	Application session	Session
CRM_Track	[CRM Name]	Lead automation tracking	1 year

5. RETENTION PERIODS

1. Prospective Student Leads

Data: Name, email, phone number, course interest.
Duration: 2 years from last contact.
Criteria: If a student does not engage (e.g., open an email or book a consultation) within 24 months, their lead data should be deleted or anonymized in your CRM.

2. Active Application Documents

Data: Transcripts, passport copies, CVs, SOPs, English test results.
Duration: 6 years after the application cycle ends or student departs.
Criteria: This aligns with the UK statutory limitation period for breach of contract claims. If a student is successful, this data is often kept for the duration of their course plus 6 years.

3. Financial & Visa Records

Data: Bank statements for visa proof, CAS letters, fee receipts.
Duration: 7 years after the end of the financial year.
Criteria: Required by HMRC and Indian tax authorities for auditing and anti-money laundering (AML) compliance.

4. Unsuccessful Applicants

Data: Full application file for a student who was rejected or withdrew.
Duration: 1 year from the decision date.
Criteria: This allows sufficient time to handle any appeals or complaints regarding the recruitment process, after which the sensitive documents (like bank statements) should be securely destroyed.

5. Channel Partner Records

Data: Contracts, commission invoices, business identification.
Duration: 7 years after the termination of the partnership.
Criteria: To ensure legal and financial accountability for all referred students and payments.

6. HIGH‑LEVEL SECURITY MEASURES

How We Protect Your Information

Bajaj Study Abroad Education LLP takes the security of your personal data seriously. We have implemented technical and organizational measures to protect your information from unauthorized access, loss, or misuse:

Encryption: We use industry-standard encryption for data both while it is stored and while it is being sent over the internet.
Access Control: Access to your personal information is strictly limited to authorized employees who need it to process your university application.
Secure Systems: Our CRM and website infrastructure are protected by firewalls and multi-factor authentication (MFA).
Incident Response: We have procedures in place to detect and respond to any potential data breaches, including notifying you and the relevant regulators where required by law.

7. ICO COMPLAINT DETAILS

Your Right to Complain

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that Bajaj Study Abroad Education LLP has not been able to assist with your complaint or concern, you have the right to lodge a complaint with the UK’s independent data protection regulator.

Information Commissioner’s Office (ICO)

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Phone: 0303 123 1113
Website: https://www.ico.org.uk
Live Chat: https://ico.org.uk/global/contact-us/live-chat

Special Category & Children’s Data Disclosure

1. Special Category Data

Under the UK GDPR, certain types of data are considered “sensitive” and require higher levels of protection.

What we may collect:
- Health Data: Information regarding disabilities or medical conditions (to facilitate university accommodation or support services).
- Criminal Records: Disclosure of “spent” or “unspent” convictions (where required for specific courses like Medicine, Nursing, or Teaching).
Lawful Basis (Article 6): Legal Obligation or Contract.
Specific Condition (Article 9): Explicit Consent. You must have a separate “tick-box” or signed declaration for this data.
Safeguards:
- Encryption: This data is stored in a highly restricted, encrypted “vault” within our CRM.
- Limited Access: Only our Lead Compliance Officer and the specific University Admissions team have access.
- Redaction: We redact or delete this information as soon as the university confirmation or visa requirement is satisfied.

2. Children’s Data (Under 18s)

Since some students apply for Foundation or UG programs at age 16 or 17, they are considered children under UK data laws.

Age of Consent: In the UK, the age of digital consent is 13. However, for legal contracts (like university applications), we require parental or legal guardian involvement for anyone under 18.
Verification: Our CRM is designed to flag applicants under 18. In these cases, we collect the contact details of a parent or guardian.
Lawful Basis: Consent (given by the parent/guardian) and Contractual Necessity.
Safeguards: We use “Data Minimization” we only collect the absolute minimum data required to process an under-18 application.

3. Clarification of Data Protection Roles

Bajaj Study Abroad Education LLP acts in different capacities depending on the stage of the student recruitment and application lifecycle:

As a Data Controller: We act as a Controller when we collect your personal data to manage our direct business operations, execute marketing campaigns, qualify prospective leads, and run internal administrative processes across our branches.
As a Data Processor: We act as a Processor when we collect, verify, and compile your academic transcripts, financial statements, and identification documents specifically to upload them onto the admissions portals of our direct partner universities. In this capacity, we are acting on the strict, documented instructions of those institutions.
Joint Controller Relationships: For certain institutional partnerships where student data is managed dynamically via shared CRM networks, portal integrations, or co-branded recruitment events, Bajaj Study Abroad Education LLP and the respective partner university operate as Joint Controllers. A formal data-sharing agreement governs these arrangements, defining mutual responsibilities for handling your rights.

4. Special Category Data & Lawful Basis

When processing sensitive information—such as health data for university accommodation or disability support, and criminal conviction checks required for specific visa applications—we do not rely solely on user consent. To satisfy Article 9 of the UK GDPR, we invoke the following specific lawful conditions:

Article 9 Conditions for Special Category Data

Explicit Consent (Article 9(2)(a)): Utilized for specific, voluntary disclosures made by the student to facilitate university welfare and adjustments.
Substantial Public Interest (Article 9(2)(g)): Read in tandem with the UK Data Protection Act 2018 (Schedule 1), we process this data under statutory and government purposes to ensure student safety, regulatory immigration compliance, and the prevention of unlawful acts.

5. Legitimate Interests Assessment (LIA) Summary

When we process your personal data under the lawful basis of Legitimate Interests (such as managing business analytics, improving our website automation, or reaching out to prospective leads), we ensure it satisfies the ICO’s three-part test:

The Purpose Test: To efficiently run, market, and expand our international student recruitment services, ensuring that applicants are matched with the most relevant direct partner universities.
The Necessity Test: Processing is restricted to essential contact and academic profile data. There is no less intrusive way to effectively match and communicate university placement opportunities.
The Balancing Test & Safeguards: We weigh our business interests against your individual privacy rights. To protect your data, we implement strict access controls on our internal CRM, clear opt-out mechanisms on all automated lead communications, and enforce data minimization protocols.

9. Cookie Compliance Framework

We ensure our website cookie architecture complies with Privacy and Electronic Communications Regulations (PECR) and ICO guidelines:

No Pre-Consent Activation: No non-essential cookies (such as tracking, marketing, or analytical cookies) are deployed or stored on a user’s browser before they provide explicit affirmative consent via our cookie banner.
Granular Choice: Users are presented with distinct, un-checked toggle switches allowing them to accept or reject specific categories of cookies (e.g., opting into functional cookies while rejecting advertising trackers) rather than an “All-or-Nothing” choice.
Easy Withdrawal: A persistent, easily accessible privacy icon or link is available on every webpage, allowing users to alter or withdraw their cookie consent at any time as easily as it was given.

10. Transparency of Data Collection

We have eliminated all ambiguous phrasing (such as “including but not limited to” or “marketing partners”). The data we collect is explicitly bound to defined categories and clear operational purposes:

Data Collection Categories

Data Category	Specific Items Collected	Definitive Purpose
Identity & Contact	Full Name, Date of Birth, Passport Number, Email Address, Telephone Number.	To verify applicant identity and establish direct communication regarding university options.
Academic & Professional Profile	Academic Transcripts, Graduation Certificates, English Proficiency Scores (IELTS/PTE), CV/Resume.	To evaluate eligibility against the entry criteria of our direct partner institutions.
Financial Documentation	Bank Statements, Loan Sanction Letters, Sponsor Affidavits.	To verify financial viability for international student visa compliance and university financial checks.

11. Automated Decision-Making & Profiling

Our lead automation platforms and CRM systems utilize basic automated filtering to match an applicant’s grades and English language scores against the baseline entry requirements of our direct partner universities.

Impact on Users: This automation strictly serves as an internal sorting aid to streamline application processing. It never results in a final, automated rejection of a student’s application.
Right to Human Review: If an automated filter flags an applicant as ineligible for a specific program, the profile is automatically routed to an Admissions Counselor for manual verification. Students retain the right to contest any automated classification, express their point of view, and demand a comprehensive human review by emailing info@bajajeduworld.com.

12. Data Governance & Accountability Structure

1 Data Protection Responsibility

While Bajaj Study Abroad Education LLP does not legally require a formally registered, independent Data Protection Officer (DPO) under Article 37 of the UK GDPR, we maintain a dedicated governance framework to ensure absolute compliance.

Data Protection Lead: Sunil Kumar Bhattad (Company Director)
Co-Director Oversight: Shilpa Bajaj
Contact Information: info@bajajeduworld.com

2 Internal Accountability Hierarchy

To safeguard sensitive data across all operational branches (including Pune, Jodhpur, and Hyderabad), our internal accountability structure operates as follows:

Board of Directors (Sunil Bhattad & Shilpa Bajaj): Holds ultimate corporate liability for data protection compliance, approving financial resources for robust IT architecture, encrypted CRM platforms, and secure lead automation tools.
Data Protection Lead: Manages day-to-day policy enforcement, coordinates responses to Data Subject Access Requests (DSARs), and conducts regular compliance audits of university data-sharing pathways.
IT & Systems Administrators: Responsible for maintaining data encryption, secure web environments, role-based access controls, and overseeing technical “Privacy by Design” infrastructure upgrades.
Branch Admissions Counselors: Accountable for securely entering, handling, and verifying student documentation under strict confidentiality protocols, preventing unauthorized internal or external data exposure.

CHANGES TO THIS POLICY

We reserve the right to review and update our privacy policy from time to time. We recommend you regularly check for changes to our policy when you visit our site, platform.

CONTACT INFORMATION :

You can contact us with any queries, concerns or complaints at any time: BAJAJ STUDY ABROAD EDUCATION LLP. Address : 1st Floor, Vasavi MPM Grand, Metro Station, L3, beside Ameerpet,Hyderabad, Telangana 500038 Email: info@bajajeduworld.com