My Framer Site

GDPR Policy – A-Star Student Recruits

Last updated: 12/12/25

Registered address: [Insert Company Address]

Data Controller: A-Star Student Recruits

Contact: compliance@a-star-recruits.com

A-Star Student Recruits ("A-Star", "we", "our") is committed to protecting the personal data of students, agents, institutional partners, and all users of our platform in full compliance with the UK General Data Protection Regulation (UK GDPR) and associated data protection laws.

This policy explains:

What personal data we collect
Why we collect it
How it is processed and protected
What rights you have under GDPR
How you can exercise those rights

Lawful Basis for Processing

We only process personal data where at least one lawful basis applies. This includes:

Consent – Where you give us permission to process your data for a specific purpose (e.g. marketing, document AI).
Contract – Where processing is necessary to fulfil our service to you (e.g. university application support).
Legal Obligation – For compliance with UKVI, OISC, and UK GDPR obligations.
Legitimate Interest – For operational efficiency, fraud prevention, or improving the platform experience, unless your rights override these interests.

What Data We Collect

We collect personal data from:

a) Students

Name, email, phone number
Date of birth, nationality, gender
Residency and immigration status
Education history and qualifications
Documents (passport, share code, proof of address, etc.)
Student Finance England eligibility and application details
Interview scheduling preferences
Communication history via WhatsApp, CRM, email
Any special category data (e.g. health, asylum) where relevant to eligibility

b) Recruitment Agents

Personal and business contact information
Uploaded student data (subject to consent)
Compliance training records
Safeguarding certification
CRM usage logs
WhatsApp/Nexmo contact interactions

c) Institutions

Contact names, job roles, email addresses
Contractual documentation
Application data flows
System usage for tracking and audit purposes

Special Category Data

In some cases, we collect special category data such as:

Immigration or asylum status
Criminal record information (where required for safeguarding or eligibility)
Health declarations (for disability-related support or visa conditions).

We only collect this data where:

It is essential to assess university eligibility or compliance
You provide explicit consent
It is legally required or permitted under UK GDPR (e.g. for safeguarding).

How We Collect Data

Forms completed via our website or student portal
Data submitted by your assigned agent (with consent)
WhatsApp/Nexmo interactions recorded via our CRM
Automated uploads (e.g. passport scans, academic certificates)
Tracking interactions on our website (analytics cookies, page visits)

How We Use Your Data

We use your personal data to:

Verify eligibility for UK university applications and Student Finance
Prepare and submit university applications
Schedule interviews and track outcomes
Submit and support Student Finance applications
Store and validate documentation (via Document AI and manual review)
Track communications for compliance
Report on success rates to institutional partners
Provide agent support and commission visibility
Prevent fraud and protect data integrity

Document AI Transparency

Our platform includes a Document AI module that performs automatic verification of uploaded documents.

We check file type, expiry date, name matching, and document completeness.
Human staff still review all final submissions.
You may request human-only review at any time.
All AI processing logs are securely stored and auditable.

Who Has Access to Your Data

Access is restricted based on user role and purpose. We only share your data with:

Universities or colleges you apply to
Student Finance England (SFE)
Your assigned and verified recruitment agent
Internal A-Star compliance and support staff
Government bodies or regulators where legally required (e.g. UKVI)

We do not sell or share your data with any unauthorised third parties.

How We Store and Protect Your Data

Data is stored on encrypted UK/EU-based servers
All systems use role-based access and multi-factor authentication
Communications via WhatsApp are routed securely via our Nexmo integration
CRM activity is logged and auditable
Data backups are encrypted and stored separately

Data Retention

Student records: up to 7 years post-enrolment (for audit and compliance)
Agent records: duration of relationship + 5 years
Communications: minimum 3 years, unless otherwise required
CVs, references, and academic files: 3 years unless deleted upon request
Financial and application logs: 6 years minimum (for regulatory compliance)

You may request early deletion, subject to regulatory constraints.

Children and Under-18s

If you are under 18, we require additional consent from a parent or legal guardian before collecting or using your data. A-Star applies strict safeguards and reduced access for underage student records.

Your Rights Under GDPR

You have the right to:

Access your personal data
Request correction of inaccurate data
Request deletion ("right to be forgotten")
Object to processing or restrict use
Request data portability (machine-readable export)
Withdraw consent at any time
Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise your rights, email: compliance@a-star-recruits.com

We aim to respond to all requests within 5 working days.

Data Processors & Sub-Processors

A-Star uses approved data processors for essential services:

Processor	Purpose	Location	Safeguards
AWS	Cloud storage	EU	UK GDPR compliant, encrypted
Nexmo (Vonage)	WhatsApp messaging	EU/UK	DPA in place
OpenAI API	Document AI	EU servers	No personal data stored
CRM Hosting (Judith)	Internal systems	UK	Encrypted, access-controlled
Google Analytics	Website tracking	US/EU	Anonymised IPs, cookie consent in place