PrivacyPolicy

Unireach Consultancy ("we", "us", "our") is the data controller responsible for your personal information.

Registered Office: Dhaka, Bangladesh

Email: contact@Unireachbd.com

WhatsApp: +880 189 879 6091

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and the Digital Security Act 2018 of Bangladesh.

We collect and process the following categories of personal data:

a) Identity Data: Full name, date of birth, gender, nationality, passport details, national ID/birth certificate

b) Contact Data: Email address, phone number, WhatsApp number, residential address, emergency contact information

c) Educational Data: Academic transcripts, certificates, diplomas, language test scores (IELTS, TOEFL, etc.), letters of recommendation, statement of purpose

d) Financial Data: Bank statements, proof of funds, scholarship information, payment details for our services

e) Immigration Data: Visa application documents, travel history, previous visa refusals, criminal record checks (if required)

f) Technical Data: IP address, browser type, device information, cookies, usage data, website analytics

g) Communication Data: Correspondence via email, phone, WhatsApp, in-person consultations, feedback and survey responses

We process your personal data based on the following legal grounds:

a) Consent (Article 6(1)(a)): You have given explicit consent for processing your data for specific purposes

b) Contract Performance (Article 6(1)(b)): Processing is necessary to fulfill our contractual obligations to provide education consultancy and immigration services

c) Legal Obligation (Article 6(1)(c)): We must process data to comply with legal requirements under Bangladesh law, immigration regulations, and international education standards

d) Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, such as fraud prevention, service improvement, and business analytics

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

We use your personal data for the following purposes:

• Application Processing: Preparing and submitting applications to universities, colleges, and immigration authorities

• Consultation Services: Providing personalized guidance on study abroad and immigration options

• Document Verification: Verifying the authenticity of submitted documents

• Communication: Sending updates about your application status, important deadlines, and service-related information

• Legal Compliance: Meeting regulatory requirements in Bangladesh and destination countries

• Service Improvement: Analyzing usage patterns to enhance our services

• Marketing: Sending promotional materials (only with your explicit consent, which can be withdrawn anytime)

• Record Keeping: Maintaining records as required by law and professional standards

We share your personal data with the following categories of recipients:

a) Educational Institutions: Universities, colleges, and schools in destination countries for admission processing

b) Immigration Authorities: Visa application centers, embassies, high commissions, and immigration departments

c) Government Agencies: Bangladesh authorities as required under the Digital Security Act 2018 and other applicable laws

d) Service Providers: Document translation services, courier companies, payment processors (operating under strict data processing agreements)

e) Professional Advisors: Lawyers, accountants, and consultants bound by confidentiality obligations

f) Legal Requirements: Law enforcement, regulatory bodies, or courts when legally obligated

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. All third-party processors are contractually bound to protect your data in accordance with GDPR standards.

Your personal data may be transferred to and processed in countries outside Bangladesh, including:

• European Union member states

• United States

• Canada

• Australia

• United Kingdom

• Other countries where educational institutions or immigration authorities are located

When transferring data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Adequacy decisions recognizing equivalent data protection standards

• Explicit consent for transfers where required

You have the right to obtain information about the safeguards we use for international transfers.

We implement comprehensive technical and organizational security measures in compliance with GDPR Article 32:

Technical Measures:

• End-to-end encryption (TLS 1.3) for data transmission

• AES-256 encryption for data at rest

• Secure cloud storage with access controls

• Regular security audits and penetration testing

• Multi-factor authentication for staff access

• Automated backup systems with encryption

Organizational Measures:

• Staff training on data protection and GDPR compliance

• Confidentiality agreements with all employees

• Access controls based on need-to-know principle

• Incident response and data breach notification procedures

• Regular review and update of security policies

While we implement robust security measures, no system is completely secure. We will notify you and relevant authorities within 72 hours of discovering any data breach that poses a risk to your rights and freedoms.

Under GDPR and Bangladesh law, you have the following rights:

a) Right to Access (Article 15): Request copies of your personal data

b) Right to Rectification (Article 16): Correct inaccurate or incomplete data

c) Right to Erasure/"Right to be Forgotten" (Article 17): Request deletion of your data (subject to legal retention requirements)

d) Right to Restriction of Processing (Article 18): Limit how we use your data

e) Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format

f) Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing

g) Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing

h) Right to Withdraw Consent: Withdraw consent at any time (without affecting prior lawful processing)

To exercise these rights, contact us at contact@Unireachbd.com. We will respond within 30 days. You may also lodge a complaint with the Bangladesh Telecommunication Regulatory Commission (BTRC) or your local data protection authority.

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Active Client Data: Duration of service provision plus 2 years

• Application Documents: 7 years after application completion (for reference and legal compliance)

• Financial Records: 10 years (as required by Bangladesh tax and accounting laws)

• Marketing Consent Records: Until consent is withdrawn plus 3 years

• Communication Records: 5 years for quality assurance and dispute resolution

• Website Analytics: 26 months

After retention periods expire, we securely delete or anonymize your data. You may request earlier deletion subject to legal and contractual obligations.

We use cookies and similar technologies in compliance with GDPR Article 5(3) and ePrivacy Directive:

Strictly Necessary Cookies: Essential for website functionality (no consent required)

Performance Cookies: Analyze website usage and improve performance (requires consent)

Functional Cookies: Remember your preferences and settings (requires consent)

Marketing Cookies: Track your activity for targeted advertising (requires explicit consent)

You can manage cookie preferences through our cookie consent banner or browser settings. Blocking certain cookies may impact website functionality.

We use Google Analytics with IP anonymization enabled. You can opt-out using the Google Analytics Opt-out Browser Add-on.

In accordance with the Digital Security Act 2018 of Bangladesh:

• We maintain secure systems to protect against unauthorized access (Section 21)

• We do not unlawfully collect, sell, or distribute personal information (Section 26)

• We comply with government requests for information when legally required (Section 32)

• We maintain data integrity and prevent unauthorized modification (Section 3)

• We report cybersecurity incidents to relevant Bangladesh authorities as required

We also comply with:

• Information and Communication Technology Act 2006 (amended 2013)

• Bangladesh Telecommunication Regulation Act 2001

• Any other applicable data protection regulations in Bangladesh

Our services are intended for individuals aged 16 and above. If you are under 16, we require verifiable parental or guardian consent before processing your data.

If we discover we have collected data from a child under 16 without proper consent, we will delete it immediately.

Parents/guardians have the right to access, correct, or delete their child's personal information by contacting us.

For data protection inquiries, you can contact our Data Protection Officer:

Email: contact@Unireachbd.com

Subject Line: "Data Protection Inquiry"

WhatsApp: +880 189 879 6091

We will respond to all data protection requests within 30 days.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Bangladesh:

• Bangladesh Telecommunication Regulatory Commission (BTRC)

• Address: IEB Bhaban, Ramna, Dhaka-1000, Bangladesh

• Website: www.btrc.gov.bd

European Union (if applicable):

• Your local Data Protection Authority

• EU Data Protection Supervisor

You also have the right to seek judicial remedy through Bangladesh courts or courts in your jurisdiction.

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or business operations.

Material changes will be communicated through:

• Prominent notice on our website

• Email notification to registered users

• Updated "Last Updated" date at the top of this policy

Continued use of our services after changes constitutes acceptance of the updated policy. If you disagree with changes, you may terminate your relationship with us and request data deletion (subject to legal retention requirements).

We encourage you to review this policy periodically to stay informed about how we protect your information.