Privacy Policy

This policy applies to personal information we process about visitors to our website, Authorised Users who administer the Service on behalf of an institution, and applicants whose information is processed through the Service. It does not apply to third-party websites or services that we do not control.

For personal information relating to our website, our marketing, and the accounts of our customers and their Authorised Users, Admissio acts as the controller - meaning we determine why and how that information is processed.

When an institution uses the Service to manage its admissions, that institution determines why and how applicant information is processed and acts as the controller of that information. In that case, Admissio acts as a processor, processing applicant information on the institution's behalf and in accordance with its instructions. If you are an applicant, you should direct questions about how your information is used in admissions decisions to the institution you applied to.

We collect the following categories of personal information in order to provide and improve the Service:

• Account information, such as name, email address, role, and the institution you represent;
• Applicant and admissions information submitted by institutions and applicants, which may include contact details, personal details, academic history, and uploaded documents;
• Communications, such as support requests, enquiries, and feedback you send to us;
• Payment-related information needed to manage subscriptions (payment card details are handled by our third-party payment providers, not stored by us);
• Usage and device information, such as pages viewed, actions taken, browser and device type, and approximate location derived from your internet connection; and
• Cookie and similar identifiers, as described in the section on cookies below.

We collect personal information in three main ways: directly from you (for example, when you create an account, contact us, or use the Service); automatically (for example, through cookies and similar technologies when you use the Service); and from institutions and other third parties (for example, when an institution adds you as an Authorised User or submits applicant information to the Service).

We use personal information for the following purposes:

• to provide, operate, maintain, and improve the Service;
• to create and administer accounts, authenticate users, and keep the Service secure;
• to provide customer support and respond to your enquiries;
• to process subscriptions and payments;
• to communicate with you about the Service, including service-related notices and updates;
• to monitor and analyse usage and trends so we can improve functionality and user experience;
• to detect, prevent, and address security incidents, fraud, and misuse; and
• to comply with our legal obligations and to establish, exercise, or defend legal claims.

Where the GDPR or other applicable law requires a legal basis to process personal information, we rely on one or more of the following:

• Performance of a contract - to provide the Service to you and to administer our agreement with you;
• Legitimate interests - to operate, secure, and improve the Service and our business, where those interests are not overridden by your rights and freedoms;
• Consent - where we ask for it, for example for certain cookies or optional communications; you can withdraw consent at any time; and
• Legal obligation - to comply with applicable laws and regulatory requirements.

Where we process applicant information as a processor on an institution's behalf, the institution is responsible for establishing the appropriate legal basis for that processing.

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the Service, and understand how the Service is used. Some are necessary for the Service to function, while others help us analyse and improve it.

You can control cookies through your browser settings and, where applicable, through any cookie preferences we make available. Blocking some cookies may affect the availability or functionality of parts of the Service.

We do not sell personal information. We may share personal information in the following circumstances:

• with service providers who process information on our behalf, as described below;
• with the institution you are associated with, where you are an Authorised User or applicant;
• where required by law, regulation, legal process, or enforceable governmental request;
• to protect the rights, property, or safety of Admissio, our users, or the public, and to detect or prevent fraud or security issues; and
• in connection with a merger, acquisition, reorganisation, or sale of assets, in which case we will require the recipient to honour this policy or notify you of any material change.

We work with trusted third-party service providers to help us deliver the Service, including hosting and storage, payment processing, communications, and analytics. These providers may process personal information only as necessary to perform services for us, under contracts that require appropriate confidentiality and data protection safeguards.

Your personal information may be processed in, or transferred to, countries other than your own, including countries outside the European Economic Area whose data protection laws may differ from those in your country.

Where we transfer personal information outside the European Economic Area, we take steps to ensure it receives an appropriate level of protection in accordance with applicable law, such as relying on an adequacy decision or putting in place appropriate safeguards (for example, standard contractual clauses).

We retain personal information for as long as necessary to fulfil the purposes described in this policy, including to provide the Service, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. When personal information is no longer needed, we delete or de-identify it, subject to standard back-up cycles and legal retention requirements.

Where we process applicant information on an institution's behalf, the institution determines how long that information is retained, subject to applicable law and our agreement with it.

We use appropriate technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure. No method of transmission or storage is completely secure, however, so we cannot guarantee absolute security. You also play an important role in keeping your information secure by safeguarding your account credentials.

Depending on your location and the applicable law, you may have some or all of the following rights in relation to your personal information:

• the right to access the personal information we hold about you;
• the right to request correction of inaccurate or incomplete information;
• the right to request erasure of your information in certain circumstances;
• the right to request restriction of, or to object to, certain processing;
• the right to data portability, where applicable; and
• the right to withdraw consent at any time, where we rely on consent.

Where we process your information as a processor on an institution's behalf, we will refer your request to the relevant institution or assist it in responding, as appropriate.

To exercise any of your rights, contact us at privacy@admissio.app , or contact the institution responsible for your information where it acts as the controller. We may need to verify your identity before responding. We will respond within the time required by applicable law, and there is normally no charge unless your request is manifestly unfounded or excessive.

If you have concerns about how we handle your personal information, we encourage you to contact us first so we can try to resolve them. You also have the right to lodge a complaint with a data protection supervisory authority. In Portugal, this is the Comissao Nacional de Proteccao de Dados (CNPD). You may also contact the supervisory authority in your country of residence or place of work.

The Service is used by institutions to manage admissions, which may involve information about applicants who are children or minors. Where this is the case, the institution is the controller of that information and is responsible for obtaining any consent required by law and for providing any required notices. Admissio processes such information only to provide the Service to the institution.

We do not use your personal information to make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you. Admissions decisions are made by institutions; any use of automated tools within the Service is determined and controlled by the institution.

Where permitted by law, we may send you communications about the Service and related offerings. You can opt out of marketing communications at any time by using the unsubscribe link in those messages or by contacting us. Opting out of marketing does not affect service-related communications that are necessary to administer your account.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice through the Service or by other reasonable means. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or how we handle personal information, please contact us at privacy@admissio.app .