The Education Story (TES) — Privacy Policy (Draft)

Effective date: October 04, 2025

Prepared for: Team The Education Story (an initiative of Scrollwell / Scrollwell EduTech LLP)

1. Introduction

This Privacy Policy explains how The Education Story (“TES” / “we” / “us” / “our”) collects, uses, stores, discloses and protects information collected through our website, newsletters, mobile apps, social media channels, events, partner pages and other interactions (collectively, the “Services”). It also explains your rights and choices regarding your personal information. By using our Services, you agree to the terms of this Privacy Policy.

2. Who we are (Data Controller)

Data controller: The Education Story (an initiative of Scrollwell / Scrollwell EduTech LLP)

Contact email: info@theeducationstory.com

Where required by law, we will identify the local legal entity that acts as the controller of your personal data in communications and contractual documents.

3. Scope and application

This Policy applies to all personal information collected by TES as part of operating the Services. It does not apply to information collected by third parties that we do not control (for example, websites linked from our Services). We may provide supplemental notices or consent forms for specific products or features.

4. Definitions

Personal information / personal data: Any information relating to an identified or identifiable person.
Processing: Any operation performed on personal data (collecting, storing, using, disclosing, deleting, etc.).
Controller: The entity that determines the purposes and means of processing personal data.
Processor: An entity that processes personal data on behalf of the controller.

5. Information we collect

a. Information you give us

We collect information you provide directly when you use our Services, including but not limited to:

Account information: name, email address, phone number, password and profile details.
Application data: resumes, CVs, cover letters, education, employment history, portfolios and other documents submitted for jobs, internships or scholarships.
Payment & billing information: where applicable, billing address and payment transaction metadata (we do not store full payment card numbers; payment is processed by third-party payment providers).
Communications: messages, support requests, feedback, survey responses, and any content you post or submit (e.g., comments, forum posts).
User-generated content: materials you upload to our platform such as essays, articles, images, or media for publishing or competitions (subject to contributor agreements).

b. Information we collect automatically

When you access or use our Services we automatically collect technical and usage information, including:

Device & connection information: device type, browser type and version, operating system, device identifiers, mobile network information.
Usage information: pages visited, time spent on pages, clickstream data, search queries, features used, and other activity within the Services.
Log data: IP address, access times, referring / exit pages and URLs, error logs.
Location data: coarse geolocation (e.g., city, country derived from IP). Exact GPS location is collected only where you expressly provide it (for example, when using location-enabled features) and only with your consent.

c. Information from third parties

We may receive information about you from third parties, including:

Service providers: identity verification, background check providers, payment processors.
Recruitment platforms / partners: when you apply via third-party job boards or partner platforms.
Public sources: publicly available information such as professional profiles or institutional directories.

d. Aggregated / de-identified information

We may aggregate or de-identify information so it can no longer be associated with an individual. Aggregated information is not personal data and may be used for analytics, research, product improvement and reporting.

6. How we use your information (purposes)

We use personal data for the following purposes:

Provide and operate Services: to create and manage user accounts, enable job/internship/scholarship applications, publish content, deliver newsletters, and process transactions.
Communication: to respond to inquiries and provide customer support, notifications, updates, security alerts and administrative messages.
Personalization: to tailor content, recommendations, and communications (e.g., scholarship suggestions, job matches) based on your profile and activity.
Analytics & product improvement: to monitor, analyze and improve our Services, content performance, features and user experience.
Marketing & engagement: to send promotional messages, newsletters, events invites and surveys where permitted and in accordance with your preferences.
Compliance & legal: to comply with laws, prevent fraud, enforce our Terms of Use, and protect the rights, property, safety of our users and third parties.
Recruitment & verification: to evaluate job applicants, verify qualifications and conduct background checks if applicable and permitted by law.

7. Lawful bases for processing

Where applicable, we rely on one or more of the following legal bases to process personal data:

Consent: where you have provided consent for specific uses (e.g., marketing communications, location data).
Contract performance: to perform or take steps prior to entering into a contract with you (e.g., manage your account, process applications).
Legal obligation: to comply with applicable legal requirements.
Legitimate interests: for our legitimate business interests, such as product improvement, fraud prevention, security and marketing (balanced against individual rights).

If you are an EU or UK resident, you will be provided information about the specific legal basis relied upon for each processing activity.

8. Sharing and disclosure of information

We do not sell your personal information. We share personal information in the following limited circumstances:

a. Service providers and subprocessors

We engage trusted third-party service providers to support our operations (hosting, payments, email delivery, analytics, recruitment platforms, CRM, customer support). These providers process personal data only on our instructions and under contractual obligations to protect it.

b. Legal requirements and safety

We may disclose personal data when required by law or in response to valid legal process, to investigate or prevent fraud or other illegal activity, or to protect the rights, property, or safety of others.

c. Business transfers

If TES is involved in a merger, acquisition, financing, restructuring, sale of assets, or bankruptcy, personal information may be transferred as part of that transaction. We will notify users where required by law.

d. Public information

Content you publish publicly (including comments, profile information and public-facing posts) will be visible to others and may be indexed by search engines. Do not post information that you do not want made public.

9. International data transfers

TES operates globally and personal data may be processed in countries other than your country of residence. Where personal data is transferred across borders, we implement appropriate safeguards such as standard contractual clauses, contractual commitments from subprocessors, or other lawful transfer mechanisms as required by applicable law.

10. Cookies, tracking technologies & analytics

We use cookies and similar technologies to operate and improve the Services, analyse use, and support personalization:

Essential cookies: required for core site functionality (login, security, session management).
Performance & analytics cookies: used to measure use and performance (e.g., Google Analytics or equivalent providers).
Functionality cookies: to remember settings and preferences.
Advertising & tracking cookies: to deliver or measure ads and build profiles for interests-based advertising (where used, only with consent where required).

You can manage cookie preferences via your browser settings and, where provided, our cookie consent tool. Disabling certain cookies may affect functionality.

11. Marketing communications and choices

We may send you newsletters, job alerts, event invites and promotional materials. You can opt out of marketing emails by following the unsubscribe link in any marketing message or by contacting us at info@theeducationstory.com. Transactional or service messages (e.g., account notifications, security alerts) are necessary for account operation and cannot be opted out of.

12. Data security

We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. These measures include:

Administrative safeguards: access controls, data minimization policies, staff training and confidentiality obligations.
Technical safeguards: encryption in transit (TLS/HTTPS), encryption at rest where appropriate, firewalls, secure backups, logging and monitoring.
Organizational safeguards: contractual commitments with subprocessors, regular security reviews and vulnerability management.

While we strive to protect your information, no system is completely secure. If you believe your account has been compromised, contact us immediately at info@theeducationstory.com.

13. Data retention

We retain personal information only as long as necessary for the purposes described in this Policy and to comply with legal, tax or accounting obligations. Example retention periods (subject to change based on local law and business needs):

Account information: retained for the lifetime of the account plus up to 2 years after account deletion for backup, fraud prevention and legal purposes.
Application materials (jobs/scholarships): retained for up to 2 years unless you request deletion or a longer period is required.
Transactional and billing records: retained for up to 7 years for compliance and tax purposes.
Support and communications records: retained for 2–5 years depending on legal or operational needs.
Aggregated/analytics data: retained in de-identified form indefinitely for research and product improvement.

If you want your data deleted earlier, please see Section 14.

14. Your rights and how to exercise them

Depending on applicable law, you may have the following rights regarding your personal data:

Access: receive a copy of the personal data we hold about you.
Correction: request correction of inaccurate or incomplete information.
Deletion (right to be forgotten): request deletion of your personal data in certain circumstances.
Restriction of processing: request limits on how we process your personal data.
Portability: receive your personal data in a structured, commonly used and machine-readable format.
Objection: object to processing based on legitimate interests or for direct marketing.
Withdraw consent: where processing is based on consent, withdraw it at any time.
Complain to a supervisory authority: lodge a complaint with the relevant data protection regulator.

How to make a request:
Send your request to info@theeducationstory.com. To protect your privacy, we may require information to verify your identity before responding. We aim to respond to requests within 30 days, or sooner where required by law. If we cannot comply with your request, we will explain the reasons and any available options.

15. Children and age-restricted services

Our Services are not directed to children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children without parental consent. If we learn that we have collected personal data from a child without appropriate consent, we will take steps to delete such information. If you believe we may have information about a child, contact us at info@theeducationstory.com.

16. Job applicants and recruitment

If you apply for roles through TES, we will process your application materials to evaluate your candidacy. We may keep your information on file for future openings where permitted. We will inform you about required checks (background, qualification verification) and obtain consents if legally required.

17. Links to third-party sites and embedded content

Our Services may contain links to third-party websites, plugins or embedded content (e.g., videos, social media content). These third parties have their own privacy practices and are not governed by this Policy. We encourage you to review their privacy policies before providing any personal information.

18. Data breaches and notifications

In the event of a personal data breach that creates a risk to your rights and freedoms, TES will follow applicable notification requirements. Where required by law, we will notify affected individuals and regulators without undue delay and provide information about the nature of the breach, the likely consequences and measures taken.

19. Data protection by design and default

We apply privacy-by-design and privacy-by-default principles when developing features and services, including data minimization, access controls and default privacy-friendly settings.

20. Vendor & partner obligations

We require vendors and partners who process personal data on our behalf to implement appropriate technical and organizational measures, sign contractual terms governing confidentiality and security and only process personal data on our documented instructions.

21. Changes to this policy

We may update this Policy to reflect changes in our practices, products, legal requirements or features. We will post the revised Policy with an updated effective date. For material changes, we will provide more prominent notice (for example, email notification or a notice on our Services).

22. How to contact us

For questions, requests or concerns about this Privacy Policy or our data practices, please contact:

Email: info@theeducationstory.com

Mail: Scrollwell / Scrollwell EduTech LLP (use contact form or email for current postal address)

If you are an EU/EEA/UK resident and have privacy concerns, you may also contact the relevant data protection authority in your jurisdiction.