Privacy Policy
Last updated: 12/12/25
This Privacy Policy explains how A Star Tech Agency Ltd ("A-Star", "we", "us", "our") collects, stores, and uses your personal data when you apply to a UK university through our platform or interact with our services.
We are committed to protecting your privacy and handling your data with transparency, care, and legal compliance. We operate under the UK General Data Protection Regulation (UK GDPR), and this page outlines your rights and how we uphold them.
Who We Are
A Star Tech Agency Ltd is a UK-registered education platform that helps students apply to UK universities and manage the application process. We work with verified agents, universities, and government bodies including Student Finance England.
Company name: A Star Tech Agency Ltd
Registered address: 30 Churchill Place, London E14 5EU. United Kingdom
Data Protection Contact: privacy@astartech.io
What Data We Collect
We collect personal information to process your application accurately, verify your eligibility, and support you throughout the student journey.
Information you provide:
- Full name, date of birth, nationality
- Contact information (email, phone, address)
- Academic documents (transcripts, certificates)
- Proof of UK residency or immigration status
- Personal statement and CV
- Supporting documents (e.g. references, passport, ID)
- Messages sent via chat or uploaded through the platform
Information we generate:
- Application ID and student portal account
- Notes made by A-Star staff or your recruitment agent
- Chat records for support and compliance
- Interview schedules and Student Finance timelines
- Eligibility status, course matches, document status
Technical and usage data:
- IP address and device/browser details
- Usage logs (when you log in, upload, or message)
- Website behaviour (pages visited, actions taken)
- Cookies and session data
We do not collect sensitive data (e.g. health, biometric, political opinions) unless strictly necessary and with your consent.
How We Use Your Data
We only use your data to help you apply to university and access student finance. We do not sell or share your data with third parties for advertising.
Legal bases for using your data:
| Purpose | Legal Basis |
|---|---|
| Processing university applications | Contract |
| Matching you with a course or institution | Legitimate interest |
| Supporting your Student Finance application | Legal obligation |
| Verifying your eligibility (e.g. via residency documents) | Contract / Legal obligation |
| Sharing data with your assigned agent (if applicable) | Consent / Contract |
| Sending reminders, updates, and interview prep | Legitimate interest |
| Responding to support requests or compliance reports | Legal obligation / Legitimate interest |
| Providing your data to a university | Contract / Legal obligation |
| Providing anonymised performance data to universities | Legitimate interest |
| Deleting or restricting your data | Legal obligation |
Use of AI and Document Automation
We use automation and AI tools to assist with document verification and eligibility screening. These tools check for:
- Document expiry
- File corruption or unreadable formats
- Matching details across uploads (e.g. name consistency)
- Basic fraud detection
These tools do not make final decisions. A-Star staff always review outcomes before submission.
How We Store and Protect Your Data
- All personal data is stored in secure UK or EEA data centres
- Access to your data is restricted to authorised staff or your agent
- All documents and messages are encrypted
- Logs and audit trails are generated for every action
- We use secure cloud infrastructure, 2FA, and firewall protection
- In-app chats and document activity are recorded for audit, training, and fraud prevention
Sharing Your Data
We only share your information with:
- UK universities and colleges you apply to
- Student Finance England (with your consent or input)
- Verified recruitment agents (if you're working with one)
- Technology providers who help us deliver our services (e.g. cloud storage, CRM)
- Regulatory bodies if legally required (e.g. UKVI, ICO)
We do not allow agents or universities to access your data outside their agreed permissions. All access is monitored and logged.
If we ever transfer data outside the UK/EEA, we will use Standard Contractual Clauses (SCCs) or other legal safeguards.
Your Rights Under UK GDPR
You can request at any time:
- A copy of your data
- Correction of incorrect or outdated information
- Deletion (right to be forgotten)
- Transfer to another platform
- Restriction of how we process your data
- Objection to certain uses (e.g. marketing)
Contact: privacy@astartech.io
We aim to respond to all data requests within 5 working days, and always within the legal maximum of 30 calendar days.
Data Retention Policy
| Data Type | Retention Period |
|---|---|
| Application files | 5 years after last activity |
| Financial aid-related data | 6 years (to comply with Student Finance England) |
| Agent or university correspondence | 6 years |
| Chat logs and support messages | 2 years |
| Cookies and analytics | 12 months |
You can request early deletion of your personal data unless we are legally required to retain it.
Agents and Data Responsibility
If you are working with a recruitment agent:
- They are a separate data controller or joint controller, depending on how you were referred
- They are responsible for complying with UK GDPR as part of our agreement
- All actions they take are logged in our system for transparency and audit
A-Star does not permit side payments, data misuse, or misconduct by agents. All agent behaviour is reviewed regularly.
Children's Data
We do not knowingly collect data from individuals under the age of 16. If you are under 16, you must obtain consent from a parent or guardian before using our platform.
Cookies and Tracking
We use cookies and analytics tools to:
- Keep you logged in securely
- Monitor platform performance
- Improve your experience
You can opt out of non-essential cookies at any time using your browser settings or the banner shown when you first visit our website.
Data Breach Protocol
If we become aware of a personal data breach that affects your information, we will:
- Notify the ICO within 72 hours where legally required
- Inform you if the breach is likely to result in high risk to your rights or freedoms
- Take immediate steps to limit and fix the issue
Complaints and Contact
If you have a concern or complaint about how your data is handled, we encourage you to contact us directly. If you're not satisfied with our response, you can complain to the UK's data regulator: privacy@astartech.io
Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint
Policy Updates
This policy may change from time to time. If we make significant updates, we'll notify you on your dashboard or by email.