NUMAWAY Education

    Privacy Policy

    Effective: 2026-04-27

    COUNSEL REVIEW REQUIRED

    Draft policy pending legal counsel and DPO sign-off before production deployment.

    Numaway Education Services Limited ("Numaway", "we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website, services, applications, and platforms.

    1. Who We Are

    Numaway Education Services Limited is an international education advisory and technology-enabled platform supporting students, parents, institutions, and partners in global education pathways.

    2. Scope of This Policy

    This policy applies to:

    • Website visitors
    • Students and applicants
    • Parents or guardians
    • Partner institutions and agents
    • Event participants
    • Users of NUMAWAY digital tools, platforms, and AI services

    3. Personal Data We Collect

    3.1 Information You Provide Directly

    • Full name
    • Email address
    • Phone number
    • Nationality and country of residence
    • Academic history and qualifications
    • Test scores (IELTS, TOEFL, GRE, etc.)
    • Study preferences and career interests
    • Uploaded documents (transcripts, passports, CVs, SOPs)
    • Communication content (emails, chats, forms)

    3.2 Automatically Collected Data

    • IP address
    • Browser and device information
    • Pages visited and interaction data
    • Cookies and similar tracking technologies

    3.3 Third-Party Data

    • Information received from partner institutions (offers, decisions)
    • Information provided by authorized agents or representatives
    • Analytics and performance data from approved tools

    4. How We Use Your Data

    We process personal data only where legally permitted and necessary to:

    • Assess eligibility and program fit
    • Provide education advisory services
    • Manage applications and documentation
    • Communicate with institutions and partners on your behalf
    • Support visa and compliance guidance (non-legal)
    • Improve our services, platforms, and user experience
    • Meet legal, regulatory, and audit obligations
    • Prevent fraud, misuse, and unethical activity

    5. Legal Basis for Processing (GDPR)

    Where applicable, we rely on one or more of the following:

    • Your explicit consent
    • Performance of a contract or pre-contractual steps
    • Legal or regulatory obligations
    • Legitimate interests (balanced against your rights)

    6. Data Sharing & Disclosure

    We may share your data with:

    • Universities and educational institutions
    • Official test providers (where required)
    • Visa support partners (where authorized)
    • Technology service providers (CRM, analytics, hosting)
    • Legal or regulatory authorities (where required by law)

    We do not sell personal data.

    7. International Data Transfers

    Your data may be transferred outside your country of residence. Where this occurs, we ensure appropriate safeguards such as:

    • Standard Contractual Clauses (SCCs)
    • Data processing agreements
    • Secure infrastructure and access controls

    8. Data Retention

    We retain personal data only as long as necessary to:

    • Fulfil the purpose for which it was collected
    • Meet legal, regulatory, or contractual requirements

    When no longer required, data is securely deleted or anonymized.

    9. Your Rights

    Depending on your location, you may have the right to:

    • Access your data
    • Correct inaccurate information
    • Request deletion
    • Restrict or object to processing
    • Withdraw consent
    • Request data portability
    • Lodge a complaint with a supervisory authority

    Requests can be made via: connect@numaway.com

    10. Cookies & Tracking

    We use cookies to:

    • Ensure website functionality
    • Improve performance and analytics
    • Enhance user experience

    For details, see our Cookie Policy.

    11. Data Security

    We implement technical and organizational safeguards including:

    • Secure hosting environments
    • Role-based access controls
    • Encryption where appropriate
    • Regular system and process reviews

    12. Children's Privacy

    Our services are not intended for children under 16 without parental or guardian involvement. Where applicable, consent must be provided by a parent or legal guardian.

    13. Changes to This Policy

    We may update this policy periodically. Updates will be published on this page with a revised "Last Updated" date.

    14. Contact Us

    For privacy-related questions or concerns:

    Chat with us