universityhacks.co.uk

Privacy Policy

Privacy Policy
UniversityHacks.co.uk

UniversityHacks.co.uk is committed to protecting your privacy and ensuring your personal data is handled lawfully, transparently, and securely. This Privacy Policy explains how we collect, use, store, and share personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). By using our website, you agree to the practices described in this policy.

Who we are
UniversityHacks.co.uk is operated by Nested Learning Ltd, a UK-registered company. Nested Learning Ltd acts as the Data Controller for all activities described in this policy.

Website: https://universityhacks.co.uk
Contact email: admissions@universityhacks.co.uk

Personal data we collect
We may collect the following categories of personal data:

  1. Personal identifiers
    Name, email address, telephone number, and other details provided in forms or communications.
  2. Educational interests
    Course preferences, subject areas, university aspirations, and related information supplied through our enquiry tools.
  3. Location information
    Town, region, or postcode when submitted in forms or inferred from IP addresses for service-customisation purposes.
  4. Purchase and enrolment data
    Records of payments, enrolments, course selections, and access to Moodle-hosted UniHack courses.
  5. Technical and usage data
    IP address, browser type, device identifiers, log data, and site usage patterns.
  6. Cookies and tracking technologies
    Essential and non-essential cookies may collect usage data, preferences, and interaction metrics. Non-essential cookies require explicit consent under PECR.
  7. Voluntary responses
    Survey responses, questionnaire entries, and form submissions.

How we collect personal data
We collect personal data through:
• Web forms and sign-up pages
• UniHack course enrolment processes
• Student tools such as course matchers and guides
• Cookies and tracking technologies (with PECR-compliant consent)
• Email communications with our team
• Purchases made on the site

Purposes for which we use personal data
We process personal data for the following purposes:

• Delivering UniHacks educational content, guides, and digital services
• Providing access to course materials
• Matching users to suitable university or course options
• Sending newsletters, updates, or marketing communications (only with consent)
• Running advertising campaigns where you have opted in to receive third-party opportunities
• Enhancing site experience and personalising content
• Conducting analytics to improve services (non-essential analytics require consent)
• Processing payments and maintaining enrolment records
• Ensuring website security, fraud prevention, and service reliability
• Complying with applicable legal obligations

Lawful bases for processing
We rely on the following lawful bases under UK GDPR:

• Consent: for marketing communications, analytics cookies, and any sharing of personal data with advertisers or partners.
• Contract or steps necessary to enter into a contract: for delivering UniHack courses and enabling access to digital learning environments.
• Legitimate interests: to maintain site security, analyse service usage, prevent misuse, and improve platform performance.
• Legal obligations: for complying with UK statutory or regulatory duties.

Marketing and PECR compliance
Email marketing and promotional activities follow PECR rules. We only send such communications where:

• you have explicitly consented; or
• the “soft opt-in” applies (meaning you purchased or requested a service and we are offering similar opportunities).

You may withdraw consent or unsubscribe at any time.

Cookies and PECR compliance
We use both essential and non-essential cookies.

  1. Essential cookies
    These are required for core site functions such as logging in, managing sessions, maintaining security, and remembering display settings. These do not require consent.
  2. Non-essential cookies
    These include analytics, performance, personalisation, and advertising cookies. These require explicit consent under PECR. They will not load unless you actively select them in the cookie banner.

Cookie banner
Our cookie banner enables users to:
• Accept all cookies
• Reject all non-essential cookies
• Customise preferences
• Change or withdraw consent at any time

International transfers
Where personal data is transferred outside the UK, we ensure adequate protection using:
• UK adequacy regulations, or
• International Data Transfer Agreements (IDTAs), or
• Standard Contractual Clauses (SCCs) with additional safeguards where required.

Sharing your personal data
We may share personal data with:

• Third-party service providers (hosting, analytics, email platforms, payment processors, security tools)
• Moodle or learning-platform providers hosting UniHack courses
• Advertisers or referral partners, but only with your explicit consent
• Regulatory authorities where legally required
• Technical partners providing website maintenance and improvements

Data retention
We retain personal data only for as long as necessary for the purposes set out above.

Typical retention periods:
• Enrolment and course-access records: up to six years (to meet financial and legal obligations)
• Marketing consent: until withdrawn or after prolonged inactivity
• Technical logs: according to security requirements
• Survey and voluntary data: until no longer required for analysis
• Cookie data: retained according to user preferences and provider policies

Your rights
Under the UK GDPR, you have the following rights:

• Access your personal data
• Rectify inaccurate information
• Request erasure (“right to be forgotten”)
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk)

If you have created an account, made a purchase, or submitted forms, you may request an exported copy of your personal data. You may also ask us to erase personal data, except where we are legally required to retain it.

Automated decision-making
We do not engage in automated decision-making that produces legal or similarly significant effects under Article 22 UK GDPR.

Security measures
We use technical and organisational steps to protect personal data, including:
• Encrypted connections
• Secure servers
• Access controls
• Malware and intrusion protection
• Regular security reviews

Changes to this policy
We may update this Privacy Policy to reflect changes in legislation or our operations. The latest version will always appear on this page. Where changes are material, we will notify users where appropriate.

Contact
Data Protection Lead
UniversityHacks.co.uk
Email: admissions@universityhacks.co.uk