Privacy and Data Protection Policy

(GDPR-Compliant – Pioneer Educations / pioneereducations.com)

1. Introduction

At Pioneer Educations (“we”, “us”, “our”), we are committed to safeguarding your privacy and protecting your personal data. This Privacy and Data Protection Policy explains how we collect, use, disclose, and protect information in accordance with the General Data Protection Regulation (GDPR – EU 2016/679), the UK Data Protection Act 2018, and applicable Sri Lankan data protection principles.

By using our website [www.pioneereducations.com] or engaging with our educational and migration services, you acknowledge and agree to the terms of this policy.

2. Who We Are (Data Controller)

Pioneer Educations is the controller responsible for your personal data.

• Organisation Name: Pioneer Educations

• Registered Address: 333/1 William Gopallawa Mawatha, Kandy, Sri Lanka

• Email: info@pioneereducations.com

• Telephone: +94 77 778 4784

If appointed, the contact details of our Data Protection Officer (DPO) will be:
Data Protection Officer (DPO): [Name]
Email: dpo@pioneereducations.com

3. Data Protection Principles

We process personal data in accordance with the following GDPR principles:

1. Lawfulness, Fairness & Transparency – Processing is conducted lawfully and openly.

2. Purpose Limitation – Data is used only for specified, legitimate purposes.

3. Data Minimisation – We collect only data that is strictly necessary.

4. Accuracy – Data is kept up to date and corrected when necessary.

5. Storage Limitation – Data is retained only for as long as needed.

6. Integrity & Confidentiality – Data is secured against unauthorised access, loss, or alteration.

7. Accountability – We take responsibility for demonstrating compliance.

4. Personal Data We Collect

We collect and process personal data including:

• Full name, date of birth, nationality, and gender

• Contact details – email, telephone, and postal address

• Educational background and qualifications

• Passport or identification details (for migration services)

• Employment history (if relevant)

• Financial information (tuition fees, refunds, receipts)

• Website usage data (IP address, browser type, cookies)

We may receive data from third parties such as awarding bodies, academic partners, or government agencies when necessary.

5. Purpose and Lawful Basis for Processing

Your data is processed for the following purposes and lawful bases:

• Service delivery: to provide educational and migration services (contract performance)

• Admissions and records: to manage enrolments and communications (legitimate interest)

• Financial management: to process payments and refunds (legal obligation)

• Compliance: to meet visa, immigration, or regulatory requirements (legal obligation)

• Marketing: to send promotional information with your consent (consent)

• Analytics: to improve our website and services (legitimate interest)

6. Data Protection Measures

We employ strong technical and organisational measures to protect personal data, including:

• Encrypted servers and SSL secured web traffic

• Role-based access control and staff confidentiality agreements

• Regular data protection training for staff

• Secure backups and disaster recovery protocols

• Pseudonymisation and data minimisation practices

We review these controls regularly to maintain a high level of data protection.

7. Sharing and Disclosure of Personal Data

We may share your data with:

• Pioneer Education Group affiliates and partner campuses

• Awarding bodies and accreditation partners

• IT and cloud service providers (under GDPR-compliant contracts)

• Payment processors and financial institutions

• Immigration and government authorities (where required by law)

All third parties are contractually obliged to keep your data confidential and secure.

8. International Data Transfers

If we transfer your personal data outside the EEA or UK, we ensure that adequate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Adequacy decisions for specific countries recognised by the EU/UK

• Binding data processing agreements with international partners

9. Data Retention

Your personal data will be kept only as long as necessary:

• Student records – up to 7 years after completion

• Financial data – up to 10 years (for auditing purposes)

• Marketing information – until you withdraw consent

After these periods, data is securely deleted or anonymised.

10. Your Rights Under GDPR

You have the right to:

• Access your personal data

• Request correction of inaccurate information

• Request erasure (“right to be forgotten”)

• Restrict or object to processing

• Data portability

• Withdraw consent at any time

• Lodge a complaint with a supervisory authority

To exercise these rights, please email privacy@pioneereducations.com or call +94 77 778 4784.

11. Cookies and Analytics

Our website uses cookies to improve functionality and analyse usage.
You may accept or decline cookies through your browser settings or via our cookie banner.
See our [Cookie Policy] for more details.

12. Data Breaches and Incident Response

In the unlikely event of a data breach:

• We will investigate and take corrective action immediately.

• If there is a high risk to your rights, we will notify you and the relevant authorities within 72 hours.

• All incidents are recorded in our Data Breach Register and reviewed for future prevention.

13. Changes to This Policy

We may update this Privacy and Data Protection Policy periodically.
Any changes will be posted on [www.pioneereducations.com/privacy-policy] and dated accordingly.

Last Updated: [Insert Date]

14. Contact Us

If you have questions about this policy or your personal data, please contact:

Pioneer Educations – Data Protection Department
📍 333/1 William Gopallawa Mawatha, Kandy, Sri Lanka
📞 +94 77 778 4784
✉️ privacy@pioneereducations.com