The application process
The application process

Privacy

Policy

Policy

1. Introduction

1.1 About This Notice. This Privacy Notice explains how BVU Ventures Ltd, trading as T4 Education (“T4 Education”, “we”, “us” or “our”), collects, uses, discloses and protects personal data in connection with the Global Youth Council (“GYC” or the “Programme”). This includes when you visit GYC webpages hosted on or through www.globalyouthcouncil.com or any related GYC webpage, submit an application, communicate with us, participate in the digital fellowship or online community, take part in interviews, attend online sessions, engage with mentors or speakers, or attend the in-person Global Summit. We are committed to protecting your privacy and handling personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, the ICO Children’s Code, and other applicable data protection laws.

2. Personal Data We Collect

2.1 Data You Provide Directly. When you interact with us, apply to the Programme, participate in the Programme or communicate with us, we may collect the following categories of personal data:

(a) Identity and eligibility data: name, preferred name, date of birth, age, nationality, country of residence, school or educational institution, cohort, language ability, and eligibility information showing that an applicant is aged 16 to 18 and available to participate in the Programme.

(b) Parent / guardian and emergency contact data: parent or guardian name, relationship to the Fellow, parental responsibility confirmation, address, email address, telephone number, consent records, emergency contact details and related communications.

(c) Contact and communications data: email address, telephone number, postal address, country, school contact details, contact preferences, enquiries, support requests, complaints and records of correspondence.

(d) Application and admissions data: all information submitted through, generated by, or recorded in connection with the GYC admission form and admissions process, including application-form responses; eligibility and participation information; applicant profile information such as first name, last name, age, date of birth, gender, country and city/town of residence, school/high school name, school type, school modality, email address, LinkedIn profile, languages spoken and proficiency level, and how the applicant heard about the Programme; parent/guardian application information, including parent/legal guardian status, parent/guardian name, gender, email address, alternative email address, awareness and consent confirmation, and preference for receiving GYC information; referee information, including referee name, relationship to applicant, institution, role and email address; written responses, including elevator pitch, future vision, intended impact, main talent or expertise, top roles, projects, achievements and extracurricular activities; video-submission link and related content; funding pathway; privacy-policy acknowledgement, communications opt-in, application status, reviewer notes, assessment scores or comments, shortlist decisions, interview outcomes and offer status.

(e) Video and interview data: application video submissions, live or recorded interview materials, interview responses, interview notes, assessment comments and communications about the admissions process.

(f) Programme participation data: attendance, engagement records, session participation, peer-circle contributions, case-study work, debate and simulation participation, hands-on challenge outputs, civic engagement project information, portfolio materials, mentorship preferences, certification records, letter-of-recommendation records and alumni status.

(g) Online community and account data: Programme account details, login records, posts, comments, messages, content shared in Programme spaces, moderation records, administrator logs, platform activity, access records and security events.

(h) Travel and Global Summit data: travel preferences, passport or national ID details where required, visa-supporting information, flight and itinerary details, accommodation and rooming information, ground-transport details, chaperoning records, insurance information, attendance records, incident records and Summit logistics communications.

(i) Health, wellbeing, dietary and additional-needs data: medical conditions, allergies, medications, mental-health support history, accessibility needs, mobility requirements, dietary requirements, voluntarily disclosed religious or philosophical observance information, welfare concerns, safeguarding concerns and emergency medical information.

(j) Image, audio, recording and quote data: photographs, video recordings, audio recordings, online session recordings, quotes, written contributions, name, voice, image, country of origin and other identifiable content captured during Programme activities.

(k) Payment, billing, scholarship and financial aid data: fee status, invoices, payment records, deposit and instalment records, refunds, scholarship status and, where financial aid is assessed, supporting information such as income, family circumstances, school references, sponsor information or other documents required to assess financial aid provision.

(l) School, partner and sponsor contact data: name, job title, organisation, email address, telephone number, role, communications and partnership, ambassador school or sponsorship enquiry information.

2.2 Data Collected Automatically. When you visit our Website or use online Programme environments, we may automatically collect certain technical data through logs and similar technologies:

(a) Technical data: IP address, browser type and version, device type, operating system, time zone setting, general location at country or city level, language settings and device identifiers.

(b) Usage data: pages visited, time spent on pages, navigation paths, referring website, clicks, session times, application-form interactions, online learning activity and information about how you use our Website or digital Programme environment.

(c) Security data: login timestamps, account access records, authentication events, administrator logs, moderation logs, suspicious activity indicators and records used to protect the Website, online community and Programme participants.

2.3 Data from Third Parties. We may receive personal data about you from third parties, including:

(a) Parents or guardians: where a parent or guardian applies on behalf of, consents for, communicates about or provides information concerning a Fellow.

(b) Schools and education partners: where a school, teacher, counsellor, partner organisation or ambassador school recommends, refers, supports or communicates about an applicant or Fellow.

(c) Application, learning and community platform providers: where we use technology providers to operate applications, interviews, online learning, community features, communications or Programme administration. Examples may include online community or classroom tools such as Circle.so or Google Classroom, but the specific providers may change over time.

(d) Travel and Summit partners: including student-travel providers, airlines, hotels, ground-transport providers, insurers, visa-supporting providers, medical providers and emergency services.

(e) Speakers, mentors and Programme contributors: where they provide notes, feedback, participation records, safeguarding reports or other information relevant to Programme delivery.

(f) Website, analytics and technology providers: where they provide information about Website traffic, performance, system use, security and technical operation.

(g) Professional networks and social media platforms: if you contact us or interact with our content via social media or similar platforms.

(h) Professional advisers, regulators and authorities: where needed for safeguarding, legal compliance, disputes, insurance, audit or professional advice.

2.4 Children’s Data and Special Category Data. The Global Youth Council is designed for young people aged 16 to 18. We therefore intentionally process children’s personal data. We apply child-appropriate privacy standards, including high privacy default settings, data minimisation, moderation, safeguarding controls and transparency for both Fellows and parents or guardians. We may also process special category data where necessary for safe, inclusive and effective Programme delivery, including health, medical, allergy, medication, mental-health, neurodivergence, accessibility, dietary and, where voluntarily disclosed, religious or philosophical observance information. We process this data only where we have an appropriate Article 6 UK GDPR lawful basis and an Article 9 UK GDPR condition, usually explicit consent, vital interests, safeguarding, legal claims or substantial public interest, depending on the circumstances.

3. How and Why We Use Your Personal Data

3.1 Overview. We only process personal data when we have a lawful basis to do so under the UK GDPR. The table below sets out the main purposes for which we process personal data and the corresponding lawful basis. Where we process special category data, we also rely on an Article 9 UK GDPR condition as described in Section 3.4.

PurposeCategories of Personal DataLawful Basis (UK GDPR Article 6)
Responding to enquiriesIdentity data; Contact and communications data; School, partner and sponsor contact dataLegitimate interests (Article 6(1)(f)) – to respond to enquiries and provide information about the Programme. Where you ask us to consider participation, this may also be steps taken prior to a contract (Article 6(1)(b)).
Website operationTechnical data; Usage data; Security dataLegitimate interests (Article 6(1)(f)) – to operate a secure, functional and effective Website.
Application administrationIdentity and eligibility data; Parent / guardian data; Contact data; Application and admissions data; Video and interview data; Communications dataLegitimate interests (Article 6(1)(f)) – to receive, review and administer applications for a selective educational fellowship. Where enrolment is being considered, this may also support steps prior to entering into the Parent / Guardian Participation Agreement (Article 6(1)(b)).
Eligibility, shortlisting, interviews and admissions decisionsIdentity and eligibility data; Application and admissions data; Video and interview data; Interview notes; School or partner information; Communications dataLegitimate interests (Article 6(1)(f)) – to select Fellows fairly and effectively against published criteria. We do not make admissions decisions based solely on automated processing.
Parent / guardian contracting and consentParent / guardian data; Identity data; Contact data; Consent records; Offer and enrolment records; Payment and billing dataPerformance of contract (Article 6(1)(b)) – to enter into and perform the Parent / Guardian Programme Participation Agreement. Legal obligation (Article 6(1)(c)) may apply to records required by law.
Programme deliveryIdentity data; Contact data; Programme participation data; Communications data; Online community data; Video and interview data; Image and recording dataPerformance of contract (Article 6(1)(b)) – to deliver the 12-month fellowship. Legitimate interests (Article 6(1)(f)) – to administer and improve the educational experience.
Digital fellowship and online communityIdentity data; Contact data; Online community and account data; Programme participation data; Technical data; Usage data; Security data; Communications dataPerformance of contract (Article 6(1)(b)) – to provide the online Programme. Legitimate interests (Article 6(1)(f)) – to operate a safe, moderated and effective online community.
Online moderation, rules and safetyOnline posts and messages; Moderation logs; Administrator logs; Security data; Communications data; Safeguarding and wellbeing dataLegitimate interests (Article 6(1)(f)) – to protect Fellows and enforce Programme rules. Legal obligation (Article 6(1)(c)) and vital interests (Article 6(1)(d)) may apply where safeguarding or emergency action is required.
Speakers, mentors and peer learningIdentity data; Programme participation data; Interests; Mentorship preferences; Session participation data; Communications dataPerformance of contract (Article 6(1)(b)) – to deliver Programme content and mentorship. Legitimate interests (Article 6(1)(f)) – to match Fellows with appropriate learning experiences and maintain a safe educational environment.
Capstone, civic engagement, certification and recommendationsProgramme participation data; Capstone or portfolio materials; Civic engagement project information; Certification records; Recommendation-letter records; Communications dataPerformance of contract (Article 6(1)(b)) – to deliver Programme outputs, certification and related benefits. Legitimate interests (Article 6(1)(f)) – to evidence participation and support future opportunities.
In-person Global SummitIdentity data; Parent / guardian data; Travel and Summit data; Programme participation data; Communications data; Health and wellbeing data; Emergency contact dataPerformance of contract (Article 6(1)(b)) – to deliver the in-person Global Summit element of the Programme. Legitimate interests (Article 6(1)(f)) – to coordinate safe operations. Vital interests (Article 6(1)(d)) may apply in emergencies.
Travel, immigration, accommodation and insurance supportIdentity data; Passport or national ID data; Travel and Summit data; Parent / guardian data; Emergency contact data; Relevant health, dietary and welfare dataPerformance of contract (Article 6(1)(b)) – to organise travel, accommodation, insurance and related logistics. Legal obligation (Article 6(1)(c)) may apply where travel or immigration rules require processing. Vital interests (Article 6(1)(d)) may apply in emergencies.
Health, dietary, accessibility and reasonable adjustmentsHealth, wellbeing, dietary and additional-needs data; Accessibility data; Voluntarily disclosed religious or philosophical observance dataPerformance of contract (Article 6(1)(b)), legitimate interests (Article 6(1)(f)) and/or vital interests (Article 6(1)(d)), depending on the context. Special category data is processed under an Article 9 condition, usually explicit consent, vital interests, safeguarding or substantial public interest.
Emergency responseIdentity data; Parent / guardian data; Emergency contact data; Health and wellbeing data; Travel and Summit data; Incident recordsVital interests (Article 6(1)(d)) – where necessary to protect life or physical wellbeing. Legal obligation (Article 6(1)(c)) may apply where reporting is required.
Safeguarding and child protectionSafeguarding and wellbeing data; Incident records; Communications data; Identity data; Parent / guardian data; Programme participation data; Online community dataLegal obligation (Article 6(1)(c)), legitimate interests (Article 6(1)(f)) and/or vital interests (Article 6(1)(d)), depending on the concern. Special category data may be processed where necessary for safeguarding, substantial public interest, legal claims or explicit consent.
Images, recordings and quoted contributions – internal Programme useImage, audio, recording and quote data; Programme participation data; Identity data; Communications dataConsent (Article 6(1)(a)) where collected through the Consent Pack. Legitimate interests (Article 6(1)(f)) may apply to limited operational records where proportionate and expected, such as safeguarding review and Programme administration.
Images, recordings and quoted contributions – external promotionImage, audio, recording and quote data; Identity data; Country of origin; Programme participation data; Quoted contributionsConsent (Article 6(1)(a)). Where the Fellow is under 18, consent is collected through the parent / guardian Consent Pack. Sponsor use requires separate, specific, case-by-case consent where required.
Advertisement and promotionImage, audio, recording and quote data; Identity data; Programme participation dataConsent (Article 6(1)(a)) where identifiable Fellow information is shared.
Scholarships and financial aidApplication data; Funding pathway data; Parent / guardian data; Payment and billing data; Scholarship data; supporting financial aid information such as income, family circumstances, school references, sponsor information or other documents required to assess provisionLegitimate interests (Article 6(1)(f)) – to administer access, financial aid and scholarships fairly. Performance of contract (Article 6(1)(b)) may apply where funding forms part of participation terms.
Payments and billingParent / guardian data; Payment and billing data; Identity data; Contact dataPerformance of contract (Article 6(1)(b)) and legal obligation (Article 6(1)(c)) for accounting, tax and financial records.
Programme communicationsIdentity data; Contact data; Parent / guardian data; Programme participation data; Travel and Summit data; Communications dataPerformance of contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)) – to operate and administer the Programme.
Marketing communicationsIdentity data; Contact data; Parent / guardian data; School / partner contact data; Marketing preference dataConsent (Article 6(1)(a)) where required, especially for Fellows and parents. For B2B school and partner contacts, legitimate interests (Article 6(1)(f)) may apply where legally permitted. You can opt out of marketing at any time.
Alumni communicationsIdentity data; Contact data; Programme participation data; Alumni status; Consent recordsConsent (Article 6(1)(a)) where collected. When a Fellow turns 18, we may ask them to confirm their own data terms and communication preferences directly.
Sponsor reporting and sponsor-related communicationsAggregated or anonymised Programme data; limited identifiable Fellow data, images, recordings, quotes or contributions where consent is obtainedLegitimate interests (Article 6(1)(f)) for sponsorship administration and aggregate reporting. Consent (Article 6(1)(a)) for identifiable sponsor-related use.
Programme evaluation and improvementProgramme participation data; Usage data; Feedback; Survey responses; Attendance data; Anonymised or aggregated dataLegitimate interests (Article 6(1)(f)) – to improve the Programme and understand its impact. Where optional identifiable survey responses are collected, we may rely on consent (Article 6(1)(a)).
Security and fraud preventionTechnical data; Usage data; Security data; Communications dataLegitimate interests (Article 6(1)(f)) – to maintain secure systems and protect Fellows, staff and users.
Complaints, disputes and legal complianceAll categories as relevantLegal obligation (Article 6(1)(c)) where required by law. Legitimate interests (Article 6(1)(f)) where necessary to resolve disputes, respond to complaints or establish, exercise or defend legal claims.

3.3 Legitimate Interests Assessment. Where we rely on legitimate interests as a lawful basis, we have conducted or will conduct a balancing assessment to ensure that our interests do not override your fundamental rights and freedoms. Because the Programme is directed at young people aged 16 to 18, we apply particular care when balancing our interests against the rights and interests of Fellows. You have the right to object to processing based on legitimate interests (see Section 8).

3.4 Special Category Data. Where we process special category data, such as health, medical, dietary, accessibility, religious or philosophical observance information, or safeguarding-related information, we will rely on an Article 9 UK GDPR condition. This will usually be explicit consent, vital interests, legal claims, safeguarding, substantial public interest, or another condition permitted by data protection law, depending on the circumstances.

4. Disclosure of Your Personal Data

4.1 Overview. We may share personal data with certain third parties. The table below sets out each category of recipient, the purpose of disclosure and the lawful basis. We share only what is necessary for the relevant purpose and apply appropriate safeguards.

Category of RecipientPurpose of DisclosureCategories of Personal Data DisclosedLawful Basis for Disclosure
Website, form and technology service providersTo host and operate the Website, process applications and enquiries, manage forms, provide analytics, manage communications, support CRM and maintain systems.Technical data; Usage data; Identity data; Contact data; Communications data; Application dataLegitimate interests (Article 6(1)(f)) – necessary to operate, administer and improve the Website and Programme.
Application platform providersTo collect and manage application form submissions, supporting materials, video links, interview records and admissions workflows.Identity data; Contact data; Application and admissions data; Video and interview data; Parent / guardian dataLegitimate interests (Article 6(1)(f)) and, where enrolment is being considered, steps prior to contract (Article 6(1)(b)).
Learning, classroom and online community providersTo create accounts, host online sessions, support peer discussion, moderate activity, manage access and maintain online safety. Examples may include Circle.so, Google Classroom or similar tools.Identity data; Contact data; Programme participation data; Online posts and messages; Technical data; Usage data; Security dataPerformance of contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).
Video-conferencing and recording providersTo host live sessions, interviews, masterclasses, small-group discussions, recordings and online events.Identity data; Contact data; Image and recording data; Programme participation data; Usage dataPerformance of contract (Article 6(1)(b)); consent (Article 6(1)(a)) where recording consent is required.
Student-travel and Global Summit providersTo plan and deliver the in-person Global Summit, including flights, transfers, hotels, insurance, chaperoning, emergency response and travel operations.Identity data; Passport / national ID data; Travel and Summit data; Parent / guardian data; Emergency contact data; Relevant health, dietary and welfare dataPerformance of contract (Article 6(1)(b)); explicit consent or another Article 9 condition for special category data; vital interests in emergencies.
Airlines, hotels, ground-transport providers and insurersTo book and operate travel, accommodation, transfers, insurance and Summit logistics.Identity data; Passport / national ID data; Travel details; Dietary and accessibility information; Emergency contact data where necessaryPerformance of contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).
Medical providers, emergency services and emergency contactsTo respond to medical incidents, emergencies, safeguarding concerns or wellbeing issues.Identity data; Emergency contact data; Health and wellbeing data; Travel and Summit data; Incident recordsVital interests (Article 6(1)(d)); legal obligation (Article 6(1)(c)); explicit consent or another Article 9 condition where relevant.
Safeguarding authorities, regulators and law enforcementTo comply with safeguarding obligations, make referrals, respond to lawful requests, protect Fellows and manage serious incidents.Identity data; Parent / guardian data; Safeguarding and wellbeing data; Incident records; Communications dataLegal obligation (Article 6(1)(c)), vital interests (Article 6(1)(d)) and legitimate interests (Article 6(1)(f)).
Speakers, mentors and Programme contributorsTo deliver Programme content, mentorship, feedback and learning activities.Limited Identity data; Programme participation data; interests; mentorship preferences; session participation dataPerformance of contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)). We restrict access to what is necessary and prohibit inappropriate direct contact.
Schools and education partnersTo communicate about applications, referrals, Programme participation, ambassador school arrangements and partner enquiries where relevant.School / partner contact data; limited applicant or Fellow information where appropriate and lawfulLegitimate interests (Article 6(1)(f)); consent where required for disclosure of identifiable Fellow information beyond normal Programme administration.
Sponsors and fundersTo administer scholarships, report on Programme impact, recognise support and manage sponsorship arrangements.Aggregated or anonymised information; identifiable Fellow information only where necessary and lawful, and subject to consent where requiredLegitimate interests (Article 6(1)(f)) for sponsorship administration and aggregated reporting. Consent (Article 6(1)(a)) for identifiable sponsor-related use.
Press and media partnersTo support press or media coverage of the Programme where consent has been given.Image and recording data; Identity data; Quoted contributions; Programme participation dataConsent (Article 6(1)(a)).
Payment processors, banks and accounting providersTo process payments, refunds, invoices, financial records and accounting.Parent / guardian data; Payment and billing data; Identity data; Contact dataPerformance of contract (Article 6(1)(b)) and legal obligation (Article 6(1)(c)).
IT and security service providersTo maintain the security of our systems, provide technical support, monitor suspicious activity and protect against cyber threats.Technical data; Usage data; Security data; limited account and communications data where necessaryLegitimate interests (Article 6(1)(f)) – to maintain secure IT infrastructure.
Professional advisersTo obtain legal, accounting, safeguarding, insurance, audit or other professional advice.All categories as relevant to the advice soughtLegitimate interests (Article 6(1)(f)); legal obligation (Article 6(1)(c)) where disclosure is required by law.
Regulatory authorities and law enforcementTo comply with legal obligations, respond to lawful requests, report incidents or protect legal rights.All categories as relevantLegal obligation (Article 6(1)(c)); legitimate interests (Article 6(1)(f)) where necessary to establish, exercise or defend legal claims.
Business successorsIn connection with a merger, acquisition, reorganisation, transfer or sale of our business or assets.All categories where relevantLegitimate interests (Article 6(1)(f)) – subject to appropriate safeguards.

4.3 No Selling of Personal Data. We do not sell personal data to third parties.

4.4 Processors. Where third parties process personal data on our behalf as processors, we ensure that appropriate contracts are in place requiring them to protect personal data and only process it in accordance with our instructions.

5. International Transfers

5.1 Transfers Outside the UK. GYC is a global Programme. Applicants and Fellows may be based in different countries, and our service providers, platforms, speakers, mentors, travel providers, schools, partners and support teams may operate in the United Kingdom or other countries. This means personal data may be transferred outside the United Kingdom.

Examples may include transfers connected with Website, form, application, CRM, email, analytics, learning, community, video-conferencing or cloud providers; travel and Global Summit operations; communications with parents, schools, partners, mentors, speakers or Fellows outside the UK; and transfer of travel, identity, medical or emergency-contact information where necessary to support international participation.

5.2 Safeguards. Where personal data is transferred outside the UK to a country not covered by a UK adequacy regulation, we ensure appropriate safeguards are in place, including adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, another lawful transfer mechanism, transfer risk assessments where required, and contractual, technical and organisational protections designed to protect children’s personal data.

6. Data Retention

6.1 Retention Principles. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to deliver the Programme, protect Fellows, comply with legal, accounting, reporting, safeguarding, insurance or archiving requirements, resolve disputes, and establish, exercise or defend legal rights.

6.2 Retention Periods. The following retention periods apply unless a longer period is required by law, safeguarding requirements, insurance requirements, legal claims, regulatory requirements or an ongoing dispute.

Category of DataRetention PeriodRationale
Website enquiries where no application or engagement followsUp to 2 years from date of last contactTo allow reasonable follow-up and maintain records of communications.
School, partner and sponsor enquiriesUp to 6 years from date of last substantive contactTo maintain business, partnership and sponsorship records.
Unsuccessful application recordsUp to 2 years from admissions decisionTo manage admissions queries, appeals, audit and fairness checks.
Application records for admitted FellowsUp to 7 years after Cohort endTo maintain Programme, audit, contractual and safeguarding records.
Parent / guardian contract and consent recordsUp to 7 years after Cohort end, or longer if required by law or legal claimsTo evidence contractual terms, consents, parental authority and Programme administration.
Fellow Programme recordsUp to 7 years after Cohort endTo evidence Programme delivery, certification, audit and safeguarding.
Online community recordsUp to 7 years after Cohort end for safeguarding-relevant records; and shorter operational retention for routine logs where appropriateTo maintain online safety, investigate incidents and evidence Programme operation.
Safeguarding, welfare and incident recordsUp to 7 years after Cohort end, or longer where required for safeguarding, legal, insurance or regulatory reasonsTo protect Fellows, evidence safeguarding decisions and manage legal or regulatory obligations.
Health, dietary, accessibility and medical recordsUp to 7 years after Cohort end, unless earlier deletion is appropriate and lawfulTo support safe participation, incident response, insurance, audit and safeguarding.
Travel and Global Summit recordsUp to 7 years after Cohort end, unless earlier deletion is appropriate and lawfulTo evidence travel arrangements, insurance, safeguarding and Summit operations.
Images, recordings and quoted contributions – internal useUp until consent is withdrawnTo support Programme archive, evaluation, safeguarding review and accreditation.
Online session recordingsUp to 1 year post recordingTo support catch-up access, safeguarding review, evaluation and improvement.
External promotional materialsUp until consent is withdrawn or the material is retired, subject to practical limitations for historic, printed or already-distributed materialsTo manage consent-based promotional use.
Marketing consent recordsUp until consent is withdrawn, plus 2 yearsTo evidence consent and manage opt-out requests.
Alumni communications recordsUntil the Fellow opts out, plus up to 2 yearsTo manage alumni communications and preferences.
Payment, invoicing and accounting recordsUp to 7 years from the relevant financial year endTo comply with accounting, tax and audit requirements.
Website analytics dataAggregated and anonymised data may be retained indefinitely; identifiable analytics data retained for up to 12 monthsTo understand Website usage and improve the user experience.
Correspondence and communicationsUp to 6 years from date of communication, unless part of a Fellow, safeguarding, contract or legal record retained longerTo maintain administrative records and evidence interactions.

6.3 Deletion. When personal data is no longer required, we will securely delete or anonymise it.

6.4 Withdrawal of Consent. If you withdraw consent, we will stop the relevant processing for the future. Withdrawal does not affect processing carried out before withdrawal. For promotional materials, we will use reasonable efforts to remove identifiable images or content from current and future materials, but we may not be able to recall materials already printed, published, distributed or archived.

7. Cookies and Similar Technologies - GYC Privacy Notice

7.1 Separate Cookie Information. Cookies and similar technologies used on the Website are addressed separately in our Manage Cookie Consent tool. You can manage cookie preferences through the cookie-consent tool where available.

8. Your Rights

8.1 Overview. Under the UK GDPR, you have the following rights in relation to your personal data. These rights are subject to certain conditions and exemptions. Where a Fellow is under 18, we may involve the Fellow’s parent or guardian where appropriate, especially where consent was given by the parent or guardian. However, Fellows also have their own data protection rights. From age 16, we will normally engage with the Fellow directly for rights requests where appropriate. When a Fellow turns 18, we may ask them to confirm their own data terms, consents and communication preferences directly.

RightDescription
Right of accessYou have the right to request a copy of the personal data we hold about you and information about how we process it.
Right to rectificationYou have the right to request correction of inaccurate personal data or completion of incomplete data.
Right to erasureYou have the right to request deletion of your personal data in certain circumstances, for example where it is no longer necessary for the purpose for which it was collected.
Right to restrictionYou have the right to request that we restrict processing of your personal data in certain circumstances, for example while we verify accuracy following a dispute.
Right to data portabilityWhere processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to objectYou have the right to object to processing based on legitimate interests. You have an absolute right to object to direct marketing at any time.
Right to withdraw consentWhere we process personal data based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Right not to be subject to automated decision-makingYou have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently make admissions or Programme decisions based solely on automated processing.

8.3 How to Exercise Your Rights. To exercise any of your rights, please contact us at vikas@t4.education. We will respond to your request within one month. In complex cases or where we receive a large number of requests, we may extend this by up to two further months, and we will inform you if this is necessary.

8.4 Identity Verification. We may need to verify your identity before responding to your request. This is a security measure to ensure personal data is not disclosed to unauthorised persons. Where a parent or guardian makes a request on behalf of a Fellow, we may ask for evidence of parental responsibility and may consider the Fellow’s own wishes and interests.

8.5 No Fee Usually Required. You will not usually have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply with your request if it is manifestly unfounded or excessive.

9. Complaints

9.1 Complaints to Us. If you have any concerns about how we handle personal data, please contact us first using the details in Section 1.2. We will investigate and respond to your complaint.

9.2 Right to Complain to the ICO. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. We would, however, appreciate the opportunity to address your concerns before you contact the ICO.

Information Commissioner’s Office
Website: www.ico.org.uk
Telephone: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Security

10.1 Security Measures. We have implemented appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include:

  • use of secure hosting and cloud infrastructure;

  • encryption of data in transit, including HTTPS / TLS;

  • access controls limiting who can access personal data;

  • role-based access for staff, contractors and service providers;

  • confidentiality obligations for personnel and service providers;

  • moderation of online Programme spaces;

  • administrator-level controls for Programme accounts where appropriate;

  • restrictions on one-to-one direct messaging between Fellows and adults where required for safeguarding;

  • high privacy default settings for online spaces intended for Fellows;

  • no behavioural profiling of Fellows for marketing purposes;

  • geolocation off by default where applicable;

  • data-processing agreements with relevant processors;

  • safeguarding policies, staff conduct requirements and escalation procedures;

  • incident response and personal data breach procedures;

  • regular review of security and safeguarding practices.

10.2 Your Responsibilities. While we take steps to protect personal data, no method of transmission over the internet is completely secure. Please use only approved Programme channels, keep account credentials confidential, do not share passwords, and avoid sending sensitive medical, safeguarding or identity information through unapproved channels.

11. Third-Party Links

Our Website may contain links to third-party websites, platforms or services, including application forms, online learning or community tools, social media pages, partner websites, student-travel provider materials, payment providers, video tools and other external resources. This Privacy Notice applies only to GYC. We are not responsible for the privacy practices of third-party websites or services acting as independent controllers, and we encourage you to read their privacy policies before providing any personal data.

12. Children

The Global Youth Council is directed at young people aged 16 to 18. We therefore intentionally collect and process children’s personal data for the purposes described in this Notice. Because Fellows are under 18 for some or all of the Programme:

  • parent or guardian consent is required for participation where applicable;

  • the Parent / Guardian Programme Participation Agreement is entered into by the parent or guardian;

  • the Fellow may be asked to provide assent and comply with Programme rules;

  • we provide child-friendly privacy information for Fellows;

  • we apply high privacy default settings to online spaces intended for Fellows;

  • we moderate Programme interactions and restrict inappropriate direct adult-to-Fellow contact;

  • we do not use Fellows’ personal data for behavioural advertising or profiling;

  • we process health, medical, safeguarding and welfare data only where necessary and lawful;

  • we involve parents or guardians in appropriate consent, welfare, safeguarding, travel and emergency decisions;

  • when a Fellow turns 18, we may ask them to confirm their own data rights, consents and communication preferences directly.

If you believe that a child has provided us with personal data outside the Programme context, or without appropriate authority, please contact us immediately.

13. Contact Us

If you have any questions about this Privacy Notice or our data protection practices, please contact us:

BVU Ventures Ltd, trading as T4 Education
Address: 4 Grovelands, Boundary Way, Hemel Hempstead, Hertfordshire, England, HP2 7TE
Email: vikas@t4.education
Website: https://t4.education/

Global Youth Council
Global Youth Council