Contact us

Privacy Notice

DATE OF ISSUE: August 2025

This notice will help you understand how INTO Qualifications Limited looks after your personal data and covers your use of this site and the services that are offered by us.

In this privacy notice, the terms "we", "our", and "us" refer to INTO Limited of 1 Gloucester Place, Brighton BN1 4AA, UK. We will the controller of your information and will ensure that your personal data is used fairly, lawfully and in a transparent manner, and in accordance with UK data protection laws.

1. What’s in this policy?

This privacy notice tells you:

  • what information we might collect about you
  • how we might use that information
  • when we might use your details to contact you
  • what information we might share with others
  • your choices about the personal information you give us.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide to you on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your information. This privacy notice supplements the other notices and is not intended to override them.

It is also important that the personal data we hold about you is accurate and current. Please contact us if your personal data which we hold changes during your relationship with us.

If you have any questions about this privacy notice or generally how your personal data is processed by us, please contact us at privacy@intoglobal.com

Third-party links - our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

2. The information we collect about you

Depending on which services you use, we collect, use, store and transfer different kinds of information about you which we have grouped together as follows:

  • Identity Information includes first name, last name, gender, nationality, username or similar identifier.
  • Contact Information includes home address, email address and telephone number.
  • Education Information includes current school or education institution, course application and related documents, programme enrolment details, performance reports, or course results.
  • Employment Information relates to the name of the organisation you represent and your role.
  • Device or other Technical Information includes your device ID, your login information, browser plug-in types and versions, or operating systems.
  • Identification and Validation Information may include date of birth, place of birth, photo ID, or copy of passport.
  • Location Information may depend on the type of device you’re using or its settings but can include IP address, time zone setting, and geographical location.
  • Special Category (Sensitive) Personal Data may include details of a disability or special educational needs - this information is only necessary when we are supporting an individual student’s access arrangements. You can read more about our handling of special category personal data here.
  • Usage Information includes information about how you use our website, services, and other resources.
  • Marketing and Communications Information includes your preferences for receiving marketing and other communications from us.

Applying for a job with us: We may process Employment Information about you when you apply for a job with us and will refer you to our Candidate Privacy Notice for more information in this regard.

3. How is your personal data collected?

We use different methods to collect information from and about you, including through:

  • Information you provide when completing a form, either in hard copy or online, making an enquiry or by corresponding with us by post, phone, email or otherwise.
  • From websites and apps that use our services. As you interact with our website, we may automatically collect technical information about the device you use, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies and to find out more about how we do this, please visit our Cookies Policy.
  • Third parties or publicly available sources. We may receive personal information about you from various third parties including analytics providers, search information providers or from other third party companies we may engage from time to time.

4. How do we use your personal data?

We have to have a valid reason to use your personal data it’s called a "lawful basis for processing". For example: it is in our legitimate interests to keep records of business enquiries received via our Contact Us form; or it would be reasonably expected that someone’s personal data will be used to produce a student transcript for a completed course.

Your personal information may also be used for any of these things, where it is relevant to your relationship with INTO Qualifications:

  1. to register your interest in our services when you submit an enquiry;
  2. to answer your enquiry and provide you with information regarding our services or to respond to a comment or complaint;
  3. to deliver our services to you and to provide you with information about them, and to enable us to personalise and tailor our communications to you;
  4. to review our student assessments for fairness, where performance will be reviewed across data points such as gender, nationality, and age ensuring the quality and parity of awards;
  5. to enable you to participate in our research surveys – these are issued from time to time and are always voluntary - or recommend things that we think could be of interest to you;
  6. to update you on any changes we think you should be aware of, for example when a relevant policy or the terms of use for this website are updated; and
  7. to deal with any requests from you regarding your rights under this notice to enable us to comply with a legal obligation.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If you wish to have more information about how we process your personal information, you can contact the Data Protection Officer at privacy@intoglobal.com

Automated decision making: We do not make decisions based solely on automated processing or profiling that produce legal effects or have similarly significant effects for you.

Marketing: We aim to provide you with choices regarding how we contact you, around the marketing and advertising of our services. You will receive marketing communications from us if you have requested information from us or purchased services from us, or if you provided us with your details when making an enquiry to us; and, in each case, you have not opted out of receiving communications from us.

5. Disclosures of your personal data

We may share your personal information with our parent company INTO University Partnerships Limited. We may also share your personal information with selected external third parties including:

  • business partners;
  • third party suppliers, service providers and sub-contractors who perform any services for us: for example, technology companies whose systems we use or agencies who provide services on our behalf;
  • analytics and search engine providers that assist us with the improvement and optimisation of our websites;
  • third parties with whom we have a duty to disclose, for example, where disclosure is necessary due to a legal process or an enforceable governmental request; and
  • third parties to whom we may choose to sell, transfer or merge part of our business to or with. Alternatively, we may seek to acquire other businesses or merge with them.

We require all third parties to respect the security of your personal data and to treat it in accordance with data protection laws. We also require third parties to process your personal data for specified purposes in accordance with our instructions.

6. Transferring personal data outside the UK

The information we collect from you may be transferred to, and stored at, destinations outside the UK and the European Economic Area (EEA). It may also be processed by staff operating outside the UK or by one of our suppliers. Such staff may be involved in providing support services as we require. When submitting your personal data to us, please keep in mind that it could be transferred, stored or processed in a location outside the UK and the EEA. Whenever we transfer your personal data outside the UK or EEA, we ensure an equivalent level of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We transfer your personal data to countries deemed by the UK government to provide an adequate level of protection for personal data, known as ‘adequacy regulations’.
  • We transfer your personal data to service providers who have agreed to contractual terms which gives your personal data the same protection it has in the UK: we use the contractual terms approved by the UK’s Information Commissioner’s Office for restricted transfers.

7. Protecting personal data

We place great importance on the steps we take, including use of different technologies and physical and organisational measures, to protect your information from unauthorised access and against unlawful processing, accidental loss, alteration, disclosure, destruction and damage.

We have in place information security procedures and technologies to maintain the security of personal data from the point of collection to the point of destruction. We will only transfer personal data to third parties if they agree to comply with those procedures, or we are satisfied that they have in place adequate security measures themselves.

At the same time, the security of any password that may allow you to access certain parts of our website or learning management system is your responsibility, whether we have given you the password or you have chosen it yourself. We ask you to please not share your password with anyone. We will not be liable for any unauthorised transactions entered into using your username, personal information and/or password.

8. Information retention

We will keep your personal data for as long as it is needed to fulfil the purposes for which we collected it for, including satisfying any legal, accounting, or reporting requirements. We may also keep it for a period after this time as may be necessary and relevant to our legitimate operations.

A number of factors help us decide how long to keep your personal data: the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and any legal requirements for example, any laws which require us to keep certain types of document for a specific time).

In some circumstances we may anonymise your personal data (so it can no longer be associated with you) for statistical purposes, in which case we may use this information indefinitely without further notice to you. We may also keep records of your stated objection to the processing of your personal data or your objection to receiving communications, for the sole purpose of ensuring that we can continue to respect your wishes to not contact you further.

9. Your legal rights

Your personal data matters and we hope the information below will help you understand your rights and exercise them as easily as possible. Under data protection law, you have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This allows you to ask for a copy of the personal data - to exercise this right, please contact us and explain the details of what you want to help us find it;

  • Request the correction of your personal data. If you think any of the information that we hold about you is wrong, please contact us for help and tell us what needs updating;
  • Request erasure of your personal data (also known as “right to be forgotten”). This means you can ask for your personal data to be deleted – sometimes we can delete your information, but other times it’s just not possible because the law tells us we can’t. If this happens, we will tell you but also let you know if we can limit the amount of data that we hold about you;
  • Object to the processing of your personal data. If we’re using your information for direct marketing purposes, then you can unsubscribe at any time by using the specific link in our communications. For other types of requests, please contact us and we’ll consider the reasons why you would like us to stop processing your data, although there are some instances where we may need to keep your data if we have a valid reason; and
  • Move your personal data (as known as “right to data portability”). This right allows you to ask for and download personal information so you can move, copy or keep it yourself. Please note this right only applies to automated information which you initially gave us electronically.

If you wish to exercise any of the rights set out above, or need further information about any of those rights, please contact us via: privacy@intoglobal.com - we may need to ask for specific information from you to be able to deal with your request. This is a security measure designed to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information for any request you make to speed up our response.

Time limit to respond: We aim to respond to all legitimate requests as soon as possible and within one calendar month of receipt. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

10. What happens if I choose not to provide any personal data?

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, our obligations under a partnership agreement). In this case, we may have to cancel the contract you have with us or the services you require from us, but we will notify you if this is the case at the time.

11. How to contact us

We work to high standards when processing your personal information. You can contact our Data Protection Officer with any questions about this privacy notice, or our data privacy practices more generally, by email to privacy@intoglobal.com or by post to: The Data Protection Officer, INTO Qualifications Limited, One Gloucester Place, Brighton, East Sussex, BN1 4AA.

We are regulated by the Information Commissioner’s Office (ICO). If you are unhappy with how we have used your data, you can also contact the ICO for advice and support, and their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. their address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

12. Changes to this policy

We regularly review and update this policy. If we make important changes, like how your personal information will be used by us, we will let you know. This might be in a notice posted on this site or an email.