BriteEducation
Apply
Privacy Policy

Privacy Policy

How we handle personal information when you use BriteEducation websites, portals, and related services—including protections for our school community and your choices under applicable law.

Introduction

This Online Privacy Notice (“Notice”) describes how BriteEducation School of Technology (“BriteEducation,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you use our websites, student and staff portals, application flows, online learning tools, and related services that reference this Notice (together, the “Services”), including when accessed through domains we operate such as school.britelink.io and related BriteEducation properties.

We are committed to protecting the privacy of students, applicants, parents/guardians, alumni, staff, and visitors while enabling the school to deliver education, administration, safety, and legitimate institutional purposes. This Notice explains what we collect, why we use it, who may receive it, how we safeguard it, and the choices available to you.

Where local law (for example in Zimbabwe or, for certain individuals, the European Economic Area or United Kingdom) grants additional rights, we will honour those rights to the extent required. Nothing in this Notice is intended to reduce protections that apply to you under mandatory law.

Who we are

BriteEducation School of Technology provides technology and health-oriented programmes, student services, and digital platforms in support of teaching, learning, admissions, finance, and school operations. Depending on context, we may act as a data controller (deciding why and how personal information is processed) or, where we process information strictly on behalf of another party under contract, as a processor. When in doubt, contact us using the details in Contact us.

Scope of this notice

This Notice applies to personal information we collect through:

  • Our public marketing and programme pages;
  • Application, enrollment, and registration workflows;
  • Authenticated student, staff, and registry or administrative interfaces;
  • Email, SMS, or messaging we send in connection with the Services;
  • Support channels, surveys, and events we organise.

It does not apply to information processed solely by independent third parties (such as a social network you use outside our control) under their own policies, except where we receive that information as described below. It also may not cover certain worker or employment contexts governed by separate agreements or policies, where those agreements expressly take precedence.

Personal information we collect

Personal information means information that identifies or can reasonably be linked to an identifiable individual. We may collect:

Identification and contact details

Name, date of birth, national ID or passport details where permitted, postal address, email addresses, phone numbers, photographs for ID or directory purposes where applicable, and emergency contacts.

Application and academic records

Prior education, transcripts, qualifications, personal statements, references, test or assessment results, attendance, grades, programme and level, disciplinary records where relevant and lawful, and graduation status.

Financial information

Fee balances, invoices, payment method metadata (we generally do not store full card numbers—payment processors handle card data), bank or mobile money references, bursary or aid eligibility information where you apply.

Account and authentication data

Usernames, encrypted credentials, security questions where used, session tokens, and identity verification data when you sign in (including through providers such as Clerk or similar authentication services we may use).

Communications

Content of emails, tickets, chat, or calls with us, including metadata such as date, time, and subject.

Information from third parties

We may receive information from examining bodies, previous schools, referees, payment processors, government or visa authorities where legally required, and partners who assist with placements or verification, only where permitted by law and our agreements.

Automatically collected information

When you use the Services, we may automatically collect technical and usage information, including:

  • Device and connection data: IP address, browser type and version, operating system, device identifiers, and general location derived from IP (not precise GPS unless you grant it for a specific feature).
  • Usage data: pages viewed, time and duration, referring URLs, clickstream, crash logs, and performance metrics.
  • Security data: logs relating to authentication, fraud prevention, and abuse detection.

We use this information to operate, secure, and improve the Services, diagnose problems, and understand aggregate usage patterns.

Cookies & similar technologies

We use cookies, local storage, pixels, and similar technologies to remember preferences, keep you signed in where appropriate, measure effectiveness of content, and protect against abuse. You can control cookies through your browser settings; disabling certain cookies may limit functionality (for example staying logged in).

Where required by law, we will obtain consent before using non-essential cookies and provide granular choices where feasible.

Sensitive information

Some laws treat certain categories—such as health information, biometric data, race or ethnicity, religious belief, or trade union membership—as sensitive and subject to stricter rules. We collect sensitive information only where necessary for legitimate educational, safeguarding, occupational health, or legal purposes, and where permitted by law. Examples may include health disclosures relevant to placements, accessibility needs, or emergency response.

We do not use sensitive personal information for unrelated marketing. Where consent is required, we will request it clearly and separately when appropriate.

Purposes & legal bases

We process personal information for purposes that may include, as permitted by applicable law:

  1. Providing the Services — managing applications, enrollment, timetables, assessments, communications, and alumni relations.
  2. Contract performance — carrying out our agreement with students and fee payers, including billing and support.
  3. Legitimate interests — improving platforms, analytics in aggregate form, network security, preventing fraud, and institutional planning, balanced against your rights.
  4. Legal obligations — regulatory, tax, immigration, accreditation, and reporting duties.
  5. Vital interests — emergencies involving health or safety.
  6. Consent — where we rely on consent (for example certain marketing or optional surveys), you may withdraw it without affecting prior lawful processing.

Marketing communications

We may send information about programmes, events, or fundraising where permitted. You can opt out of promotional emails using the unsubscribe link or by contacting us. We may still send transactional or legally required notices (for example fee statements or safety alerts) even if you opt out of marketing.

How we share information

We may share personal information with:

  • Service providers who assist with hosting, databases, email, analytics, video conferencing, learning management, payments, and IT support, under contracts that require appropriate confidentiality and security.
  • Professional advisers such as auditors, lawyers, or insurers, where necessary.
  • Examining bodies, regulators, or accreditors as required for qualifications and compliance.
  • Law enforcement or courts when required by law or to protect rights, safety, and security.
  • Parents or guardians where appropriate for minors or under institutional policy and law.

We do not sell personal information to third parties for money. Where we use advertising or analytics tools that could constitute “sale” or “sharing” under certain laws, we will configure them to comply with those laws and offer opt-outs where required.

International transfers

Our systems and partners may be located in Zimbabwe and other countries. If we transfer personal information across borders, we implement safeguards appropriate under applicable law (such as standard contractual clauses, adequacy decisions, or other approved mechanisms) and assess risks to your rights.

Retention

We retain personal information only as long as necessary for the purposes described, including legal, accounting, and accreditation requirements. Academic records may be kept for extended periods in line with education sector norms. When retention ends, we delete or anonymise data where feasible.

Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, loss, or alteration. No online system is perfectly secure; we encourage you to use strong passwords, enable multi-factor authentication where offered, and report suspected incidents promptly.

Your privacy rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, to data portability, and to lodge a complaint with a supervisory authority. To exercise rights, contact us at team@britelink.io. We may need to verify your identity before responding. We will respond within the timeframes required by law where applicable.

Student fairness: We handle academic and disciplinary information consistently with our policies and applicable education law. Privacy rights are balanced against other students' rights, freedom of expression in scholarly contexts, and the school's need to maintain accurate records.

Minors & student records

Where services are directed at minors, we may require parental or guardian consent for certain processing. Directory information and disclosures to parents may be handled according to institutional policy and law. We take safeguarding seriously and limit access to student data to those with a legitimate need.

Third-party sites

The Services may link to external websites. This Notice does not cover those sites. We encourage you to read their privacy policies before providing information.

Research, analytics & institutional improvement

We may use aggregated or de-identified data for quality assurance, curriculum development, accreditation reporting, and research that benefits teaching and learning, where permitted by law and institutional ethics review where applicable. We do not publish identifiable student coursework or grades in research outputs without appropriate consent or authority.

Analytics tools may help us understand feature usage, device types, and error rates. Where those tools process personal information on our behalf, we configure them to minimise identifiers and, where required, enter data processing agreements. You may have rights to object to certain analytics under local law; contact us to discuss options.

Subprocessors

Like most schools, we rely on vetted vendors for hosting, email, authentication, payments, video, and learning tools. Those providers access personal information only to deliver services we instruct them to perform and must protect it consistently with this Notice and our agreements. A current list of categories of subprocessors may be provided on request.

Security incidents & notification

If we become aware of a breach of security leading to accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of personal information, we will investigate promptly, mitigate harm, and notify affected individuals and regulators when required by applicable law. We may also communicate with you through official channels (including email or in-portal notices) about steps you should take, such as resetting passwords.

Changes to this notice

We may update this Notice to reflect changes in law, technology, or our practices. We will post the revised version on this page and update the “Last updated” date. Where changes are material, we will provide additional notice as required by law (for example by email or prominent banner).

Contact us

Questions or requests regarding this Notice or your personal information may be sent to:

BriteEducation School of Technology
Email: team@britelink.io
Web: school.britelink.io

Effective date

This Notice is effective as of the “Last updated” date shown at the top of this page and applies to all users of the Services from that date forward unless stated otherwise.