The terms “the Company,” “we,” “us,” “our,” and “ours” refer to Global Star Ltd (GSL) . The terms “you,” “your,” and “yours” refer to the user or viewer of the Website or user of the Services, as applicable.
Who is Global Star LTD(GSL)
Global Star Ltd (GSL) is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. Where we act as a data controller, we are required under data protection legislation to notify anyone who provides personal data to us, either directly or through a third party, of the information contained in this Privacy Notice.
Registered as a limited company in the Bangladesh, Global Star Ltd (GSL) is an Education Agent for overseas university admission. Our head office is located in Dhaka Bangladesh at the following address:
The address for our branch office in Dhaka, Bangladesh is:
Legal basis for processing your personal data
The Company is a global company and understands that the laws on data protection may be different in different countries; however, the Company has set out below a number of different reasons for which we may collect and process your personal data, including:
- In specific situations, we can collect and process your data with your consent for example, when you tick a box to receive marketing material from us.
- When collecting your personal data, we’ll endeavour to collect the minimum necessary for us to provide our services.
- Depending upon national and sometimes state law you may be called a “minor or child” when it comes to signing a contract or consenting for us to collect and process your personal data. This means you have not reached the legal age of consent.
- In many countries including Australia, New Zealand, Canada, Singapore and the USA, it is usual to require a person to be 18 years of age to have reached the legal age of consent.
- In Europe it is usual that a person is 16 years of age, 13 in the UK to consent to receive marketing information. As part of protecting you and your rights, if the law says you are still a “minor or child”, we require your parents/guardians consent to directly collect and process your data via online services.
- Explicit Consent means that you have been presented with an option to agree or disagree with the collection, use, or disclosure of personal information.
- If we need to collect special categories of data from you in order to provide you with the services you require or meet our legal obligations, we will collect this data on the basis of your explicit consent, national/regional social protection laws or for statistical reporting purposes requested by official bodies.
- The special category data that we may request from you includes details such as your racial or ethnic origin and passport or birth certificate because they are necessary to satisfy enrolment or visa requirements. We may also need to collect data concerning your health (e.g. medical check reports and immunisation history) to provide additional support to you.
- In certain circumstances we will need to collect your personal data to meet our contractual obligations to you.
- We will collect this data so that we can make an offer to you to study or enrol with us or to work with us.
- We will use this data to establish a contract that sets out your obligations as a student or employee and our obligations as the provider of the study services or employment to you.
- If the law requires us to, we may need to collect and process your data for a number of reasons, for example to:
- Prevent fraud
- Meet the needs of immigration authorities
- Meet the requirements of universities
- Comply with Consumer Protection law
- In specific situations, we collect your personal data as part of undertaking our legitimate interests in a way which might reasonably be expected as part of running our business and, which does not materially impact your rights, freedom or interests. It might include:
- Staying in touch with you for purposes of staying in touch with ex-students as part of an alumni programme
- Keeping you informed regarding Company highlights and news
When do we collect your Personal Data?
- When you visit any of our website pages, (here we just collect transaction-based data).
- When you apply to register or open an online account via our website or marketing campaigns.
- When you complete our online or paper/PDF application forms.
- When you engage with us on social media.
- When you contact us by any means with queries, comments etc.
- When you book any kind of appointment with us.
- When you book to attend an event.
- When you’ve given a third-party permission to share with us the information they hold about you.
- When you attend a university, campus or office, which may have CCTV systems operating for the security of Students, Visitors and Staff. These systems may record your image during your visit.
- When you engage with our online marketing tools, and attend our online admission sessions through tools such as Zoom etc.
- For employees we collect your personal data throughout the period of your employment with the Company
Categories of Personal Data we collect
a. Your contact and other details i.e. your:
- Date of birth
- Sexual orientation
- Marital status
- Medical information
- Disability information
- Postal address (can be a postal box number and/or a street address)
- Social media contacts
- Telephone number/s (mobile and landline)
- Email address
- Skype ID
- Next of kin’s details
b. Identity and Immigration documentation i.e. your:
- Driver’s licence
- National Insurance Number
- Identity card
- Visa details
- Birth certificate
- Marriage certificate
- TB Certificate
- COVID-19 status
- Criminal Convictions and offences
c. Your financial details i.e. your:
- Funds details
- Sources of funds
- Bank details
- Bank Statement
d. Your educational and work history inclusive of but not limited to your:
- Current and past qualifications
- Institution/s you studied at
- Most recent study experience
- Work experience details
e. Details of your interactions with us, such as:
- We collect details of enquiries and comments you make in the web pages you visit or when you contact us by email, telephone or in person
- Information gathered by the use of ‘cookies’ in your web browser. (Learn more about our ‘Cookies Policy’.
f. Additionally, for employment purposes:
- Social security (or equivalent) details
- Next of Kin details
- Health information
- Your image, voice and written contributions
- As you interact with our website and other platforms made available by the company, we may automatically collect technical data about your equipment, browsing actions and patterns.
Why we use your Personal Data?
- To ensure that we provide you with the information and service you need we sometimes combine the data we have about you. This is allowed as part of our legitimate interest to provide you with the right and optimum service.
- If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
- If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some or all of the services you’ve asked for. In this case we will contact you to confirm your request.
- The reasons we use your personal data include:
- To operate and administer our business to provide you with the best possible service for queries, admission and visa applications etc. This is done on the basis of our legitimate business interests.
- To respond to your queries and requests.
- We may keep a record of communication with you. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
- To protect our business and you from fraud and other illegal activities.
We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
- To protect our students, visitors and staff, premises and assets, we operate CCTV systems in some of our offices which record images for security. We do this on the basis of our legitimate business interests.
- To process payments and to prevent fraudulent transactions. This is done on the basis of our legitimate business interests and to help protect you from fraud.
- With your consent, we will use your personal data preferences, to keep you informed by email, web, text, social media and telephone about relevant services and events.
- To protect your vital interests if you become unable to provide consent.
- To hire and manage employees and contractors. We do this as part of our contract with you.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. (For example, updates to this Privacy Notice).
- These service messages will not include any marketing content and do not require prior consent when sent by email or text message. We need to keep you informed as part of complying with our legal obligations.
- To comply with our contractual or legal obligations to share data with law enforcement if necessary, for example:
If a court order is presented that requires us to share your personal data with law enforcement agencies or courts of law
How we look after your Personal Data?
- We know how much data security matters. We will treat your data with the utmost care and respect and take all appropriate steps to protect it.
- We secure access to all transactional areas of our websites and apps using ‘https’ technology.
- Access to your personal data is restricted and secure, and sensitive personal data such as health information is secured via password protection and encryption.
- Storage systems for paper copies are secured and access is managed through the Company’s access protocols.
How long do we retain your Personal Data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- We have a detailed records management programme in place and all records (paper and electronic) are required to be managed in accord with its security and disposal steps.
- Whenever we collect or process your personal data, we will store it safely and only for as long as is necessary for the original purpose for which it was collected or as required by law.
- At the end of the documented retention period, your data will either be deleted completely or anonymised.
Sharing your Personal Data
We share your Personal Data with trusted Third Parties
- We sometimes share your personal data with trusted third parties to provide services and business functions. An example of a third party would be a Global Star Ltd (GSL) contracted College/University Partner.
- We set very clear directions and expectations for those organisations regarding the safety and protection of your privacy and personal data.
- The directions and expectations are set out by us/third parties in our contract and include:
- Providing them only the information they need to perform their specific services
- Setting out the purpose for which the personal data is being shared
- Confirmation that they will make every reasonable effort to ensure that your privacy is respected and protected
- If we stop using their services, they will undertake to either securely delete or render anonymous any of your personal data held by them
- They will inform us immediately in the event of a suspected or actual breach being detected
The types of third parties we work with include:
- Educational Agent Groups
- IT companies supporting our websites
- Cloud storage companies
- Customer Relationship Management application providers
- Educational establishments
- Educational professionals
- Regulatory authorities
- Accommodation providers
- Estate services
- Online webinar providers
- Financial service providers
- Travel service providers
- British Council
How do third party partners use your Personal Data?
- When you use a service from one of our chosen partners, your data will be collected and used by them under the terms of their own separate privacy policies.
Why do we share your Personal Data?
- We need to share your personal data with trusted third parties in order to meet legal and regulatory obligations and fulfil our contractual promise to you.
- We will only share your data with third parties in very specific circumstances, for example:
- With your consent, given at the time you supplied your personal data, to us, we may pass that data to a third party for their direct marketing purposes.
- When working with academic professionals as part of ensuring the delivery of high quality services to you.
- We may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- If we receive a valid request from the police or other law enforcement agency, regulatory or Government authority in your country of origin or elsewhere, we may be required to disclose your personal data
- We may, from time to time, expand, reduce or sell the Company and this may involve the transfer of business entities or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
Processing and Transferring your Personal Data
- We have operations in different geographic regions; therefore, we will sometimes need to share your personal data across national boundaries and borders i.e. outside the European Economic Area (EEA).
- If we do transfer your personal data across an international border, we have procedures in place to ensure your data receives the same protection as if it were being processed inside your country of residence for instance an EEA member-country or Australia or Asia or Canada or the USA etc.
Your rights as a data subject
Under certain circumstances, by law you have the right to:
Request access to your personal data
You can request access to your personal data, this is commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data
You can send us a request to make corrections (if there is any error) of your personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data
Request for erasure is commonly known as “right to be forgotten” – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data
Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal data
This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party
This is also known as “right to data portability”. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Request to withdraw consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details in this Privacy Notice. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you wish to exercise any of the rights set out above, please contact us to the provided contact details at the end of this policy. For any of the request above:
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- If you require any further information we will be pleased to provide you with further detail.
- If you are contacting us to complain about an alleged breach of this Privacy Notice or our legal privacy obligations, please provide us with as much detail as possible in relation to your complaint so that we can deal with your concern quickly and effectively.
- We will take every privacy complaint seriously and assess it with the aim of resolving all issues quickly and efficiently.
- We’d be grateful for your cooperation with us during this process by providing us with any relevant information that we may need.