Privacy Policy
This Privacy Policy explains how Student CRM (“we”, “us”, “our”) collects, uses, shares, and protects your personal information. It also explains your rights under applicable data protection laws (UK GDPR, EU GDPR).
Note on cookies: Our cookies and similar technologies information is now included in Section 13 below (“Cookies & Similar Technologies”).
1. Who We Are
Student CRM is operated by Global Data Management UK Ltd trading as Data Harvesting, registered at: Bourne Gardens, Exeter Park Road, Bournemouth, BH2 5BD, United Kingdom.
For the purposes of GDPR, we are the Data Controller of your personal data.
2. What Data We Collect
- Personal details: name, email, phone number, job title, postal address.
- Account details: login credentials and user preferences.
- Usage data: IP address, browser type, pages visited, session duration.
- Cookies and tracking data (see Cookies & Similar Technologies).
- Support or enquiry data you provide when contacting us.
We do not knowingly collect data from children under 13. If you believe we have, please contact us.
3. How We Use Your Data
- To provide and maintain our services.
- To manage your account and user access.
- To communicate service updates and security notices.
- To send marketing (with your consent or where permitted).
- To analyse and improve our platform and user experience.
- To comply with legal obligations.
4. Legal Bases for Processing
- Consent
- Contract
- Legal obligation
- Legitimate interests
5. Sharing Your Data
We may share your data with service providers, affiliates, legal authorities, or business successors. We never sell your personal data.
6. International Data Transfers
Your data may be transferred outside the UK/EEA. Where this happens, we use appropriate safeguards such as Standard Contractual Clauses.
7. Data Retention
We keep your data only as long as necessary for the purposes outlined in this policy, or as required by law.
8. Your Rights
You have the right to:
- Access the data we hold about you.
- Correct inaccuracies.
- Request deletion of your data.
- Restrict or object to processing.
- Request data portability.
- Withdraw consent at any time.
To exercise these rights, please contact us.
9. Security
We use technical and organisational measures to protect your data, though no online system is 100% secure.
10. Third-Party Services
Our site may contain links to third-party websites. We are not responsible for their practices, so please review their privacy policies.
11. Direct Marketing
Where permitted or with your consent, we may send you marketing communications. You can opt out at any time via the unsubscribe link or by contacting us.
12. Updates to This Policy
We may update this Privacy Policy from time to time. Changes will be posted here with a new “Last updated” date. Significant updates may also be emailed or shown in-app.
13. Cookies & Similar Technologies
This section explains how we use cookies and similar technologies on our website and services. We comply with UK/EU GDPR and PECR for consent to non-essential cookies.
13.1 What are cookies?
Cookies are small text files stored on your device. Similar technologies include local storage, SDKs, pixels and tags (we call them collectively “cookies”). They help the site function, remember preferences, analyse usage, and measure campaigns.
13.2 How we use cookies
- Strictly necessary – core functionality, security, network management, consent recording.
- Preferences – remember choices such as language or region.
- Performance & analytics – understand site usage to improve experience.
- Advertising & social – measure campaigns and enable social features.
- Testing & reliability – A/B tests, error monitoring, load balancing.
13.3 Your consent & controls
We request your consent for non-essential cookies on first visit. You can change your choices any time:
We honour Global Privacy Control (GPC) where supported.
13.4 Cookies we use (by category)
- 13.4.1 Strictly necessary (no consent required) Core functionality, security and load balancing.
- 13.4.2 Preferences / Functional Remembers choices such as language, region and login state.
- 13.4.3 Performance & Analytics Helps us understand usage to improve content and navigation.
- 13.4.4 Advertising & Social Used with consent to show relevant campaigns and measure effectiveness.
- 13.4.5 Testing, Reliability & Error Monitoring Supports A/B testing, uptime and diagnostics.
Note: Remove rows for vendors not installed. These are the most likely vendors currently used on Student CRM.
13.4.1 Strictly necessary (no consent required)
| Cookie | Purpose | Provider | Type | Duration |
|---|---|---|---|---|
| app_session | Maintains logged-in session; CSRF/security | Student CRM | First-party | Session |
| cookieconsent_status / OptanonConsent / CookieConsent | Stores your consent choices (CMP) | Student CRM / Cookiebot / OneTrust | First/Third-party | 6–12 months |
| __cf_bm / cf_chl_* if using Cloudflare | Security, bot management, DDoS protection | Cloudflare | Third-party | 30 minutes / as set |
13.4.2 Preferences / Functional
| Cookie | Purpose | Provider | Type | Duration |
|---|---|---|---|---|
| locale_choice | Remembers language/region | Student CRM | First-party | 6 months |
| trustpilot_* Trustpilot widget | Displays embedded reviews and remembers widget preferences | Trustpilot | Third-party | Session–1 year |
13.4.3 Performance & Analytics
| Cookie | Purpose | Provider | Type | Duration |
|---|---|---|---|---|
| _ga, _ga_* GA4 | Measures usage/events to improve site | Google Analytics | First/Third-party | 1–24 months |
| _gid | Short-term user differentiation | Google Analytics | First/Third-party | 24 hours |
| _gat_* / _ga_opt_out via GTM | Rate limiting / consent signalling | Google / GTM | First/Third-party | 1 minute / as set |
| _clck, _clsk optional | Session replay/behavior analytics | Microsoft Clarity | Third-party | Session / 1 year |
| _hjSession_*, _hjFirstSeen optional | Analytics & UX insights | Hotjar | Third-party | Session / 1 year |
13.4.4 Advertising & Social
| Cookie | Purpose | Provider | Type | Duration |
|---|---|---|---|---|
| _fbp | Ad measurement and audience building | Meta (Facebook) | Third-party | 3 months |
| _fbc if query click id present | Attribution of ad clicks | Meta | Third-party | 2 years |
| li_fat_id / li_sugr / bcookie | LinkedIn Ads & analytics (Insight Tag) | Third-party | 3–24 months |
13.4.5 Testing, Reliability & Error Monitoring
| Cookie | Purpose | Provider | Type | Duration |
|---|---|---|---|---|
| optimizelyEndUserId / ab_test_id if used | A/B testing and feature flags | Optimizely / LaunchDarkly | Third-party | 6 months–2 years |
| sentry_session if used | Error tracking and stability | Sentry | Third-party | Session |
13.5 Managing cookies in your browser
You can block or delete cookies in your browser settings (Chrome, Edge, Safari, Firefox). Blocking all cookies may affect site functionality.
13.6 Changes to this cookies section
We may update this section when our vendors or purposes change. We’ll update the Privacy Policy “Last updated” date above and re-ask for consent where required.
13.7 Contact
Questions? Contact us via student-crm.co.uk/contact-us or write to: Global Data Management UK Ltd, Bourne Gardens, Exeter Park Road, Bournemouth, BH2 5BD, United Kingdom.