Trackr Registration - Privacy Policy

Effective Date: 6 May 2025

Last updated: 06 May 2025

These terms govern your creation and use of an account on any platform operated by Bristol Tracker Limited, including but not limited to www.the-trackr.com and related services (the “Platform”). By registering for an account, you confirm that you have read, understood, and agree to be bound by these terms.

If you do not agree to these terms in full, you must not create an account or continue to use your account.

1. Introduction

Bristol Tracker Limited (“we”, “our”, “us”), a company registered in England and Wales under company number 15763725 with its registered office at 24 Tabor Gardens, Sutton, London, SM3 8RX, is committed to protecting the privacy and security of individuals who interact with the Trackr platform, including but not limited to students and recent graduates registering for user accounts (“you”, “your”, “data subjects”).

 

This Privacy Policy outlines our approach to the collection, use, disclosure, retention, and safeguarding of personal data in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and, where applicable, the EU General Data Protection Regulation (EU GDPR). It applies solely to data obtained through your engagement with the Trackr website and related digital interfaces.

 

By creating an account, browsing our website, or otherwise engaging with Trackr services, you acknowledge that you have read and understood this Privacy Policy and that you accept its application to your personal data, including data of a sensitive nature where appropriate lawful bases for processing exist.

 

2. Identity and Capacity of the Data Controller

The data controller for purposes of applicable data protection legislation is:

Bristol Tracker Limited

Company Number: 15763725

Registered Office: 24 Tabor Gardens, Sutton, London, SM3 8RX

Email: [email protected]

The individual appointed as Data Protection Officer (DPO) is:

Samuel Leong

Email: [email protected]

The DPO is responsible for overseeing questions in relation to this Privacy Policy and for ensuring that this document reflects our legal obligations.

3. Categories of Personal Data Collected

We may collect, store, and otherwise process various categories of personal data, including but not limited to the following:

  • Identity and Contact Data: Full name, email address, and where voluntarily provided, academic institution or programme affiliation.
  • Technical Data: IP address, browser type and version, operating system, time zone setting, device identifiers, and other diagnostic information generated through the use of our platform.
  • Usage Data: Interactions with the platform, clickstream patterns, login frequency, and job engagement behaviour.
  • Demographic and Educational Data (Special Category Data): Ethnicity, gender, eligibility for free school meals, languages spoken, academic discipline, and country of residence.
  • Preference and Communication Data: Your preferences in receiving notifications or marketing from us and your communication history.

We do not actively collect financial or government identification data, nor do we conduct identity verification processes.

4. Lawful Basis and Purposes of Processing

We process personal data in order to pursue legitimate and proportionate business, operational, analytical, and developmental objectives. The lawful bases upon which we rely include:

 

  • Performance of a contract: To establish and maintain your user account, and to facilitate delivery of Trackr’s services.
  • Compliance with legal obligations: To satisfy statutory or regulatory requirements.
  • Legitimate interests: To improve the functionality, security, and efficiency of the platform; to develop aggregated user insights; to understand platform demographics; and to enable refined communications.
  • Substantial public interest (Data Protection Act 2018, Schedule 1): Insofar as we process data that may be considered “special category” data (e.g., ethnicity, gender), such processing is undertaken to advance aims relating to equality of opportunity, academic inclusion, and access to employment support.

 

We may use your personal data to:

 

  • Operate and administer user accounts and associated functionalities.
  • Facilitate delivery of job-related insights and tailored notifications.
  • Monitor usage trends and compile internal performance metrics.
  • Engage with third-party vendors and partners for the operational delivery of services (e.g., cloud hosting, analytics, communications).
  • Generate non-identifiable statistical outputs, including aggregate reports and segment-level summaries.
  • Permit limited, criteria-based outreach by select partners to user subgroups (see Section 5), without disclosure of personal identity or contact information.

We do not undertake automated decision-making as defined by Article 22 of the UK GDPR, although algorithmic processes may be used to classify and filter users for notification relevance.

5. Disclosures and Data Sharing Practices

Personal data may be disclosed in limited contexts, subject to appropriate technical and organisational safeguards, to the following categories of recipients:

 

  • External service providers involved in the development, support, and maintenance of the platform, including cloud infrastructure, analytics, and communication services.
  • Analytics providers (e.g., Google Analytics) for the purpose of performance monitoring and user engagement analysis.
  • Communication tools (e.g., Brevo, formerly Sendinblue) for operational messaging, platform alerts, and selected marketing communications.
  • Partners and sponsors, such as prospective employers or academic institutions, who may be provided access to anonymised and aggregated datasets for the purposes of strategic analysis, impact evaluation, or research. These datasets do not contain direct identifiers and cannot be used to determine the identity of any individual.
  • Where partners wish to disseminate messages to users on the basis of non-identifying demographic or academic criteria, such outreach may be facilitated by us without disclosing recipient identities to the partner.

 

We do not rent, sell, or otherwise monetise identifiable personal data. Aggregate and non-identifiable data outputs, however, may be utilised or licensed for commercial, research, or strategic purposes.

6. International Data Transfers

Personal data is stored on servers located in the United Kingdom via secure cloud infrastructure providers. We do not currently transfer personal data outside of the UK or European Economic Area (EEA). In the event of future transfers, we shall ensure that appropriate transfer mechanisms (e.g., adequacy decisions or Standard Contractual Clauses) are in place to maintain the level of protection required by law.

7. Data Security Measures

We implement appropriate administrative, physical, and technical safeguards intended to preserve the confidentiality, integrity, and availability of personal data. These include but are not limited to encryption protocols, access control mechanisms, network monitoring, and internal procedural controls.

Notwithstanding the measures employed, no system or transmission of data over the internet can be guaranteed to be entirely secure. Users are encouraged to take their own precautions in maintaining the security of their devices and credentials.

8. Data Retention

We retain personal data for as long as is necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. In general:

  • Active account data will be retained until the user deletes their account or ceases to engage with the platform for an extended period (determined at our discretion).
  • Upon account deletion, data will be securely erased or anonymised within thirty (30) days unless legal obligations require longer retention.
  • Anonymised data, having been irreversibly de-identified, may be retained indefinitely for analytical and research purposes.

9. Your Rights

As a data subject, you have the following rights, subject to limitations and conditions prescribed by law:

 

  • Right of access: To obtain confirmation of whether we process your personal data and to access such data.
  • Right to rectification: To request correction of any incomplete or inaccurate data we hold.
  • Right to erasure (“right to be forgotten”): To request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing: To request suspension of the processing of your data in certain circumstances.
  • Right to object: To object to processing based on legitimate interests, including profiling.
  • Right to data portability: To request that we transfer personal data you provided to another controller, where processing is based on consent or contract and carried out by automated means.
  • Right to withdraw consent: Where consent has been given for specific processing activities, you may withdraw it at any time without affecting the lawfulness of prior processing.

 

Requests to exercise any of the above rights should be directed to: [email protected]. We may request verification of identity before fulfilling any such request.

10. Contact and Complaints

If you have questions, concerns, or complaints regarding this policy or the manner in which your personal data is handled, you may contact:

Data Protection Officer

Samuel Leong

Email: [email protected]

Bristol Tracker Limited

24 Tabor Gardens, Sutton, London, SM3 8RX

 

If you remain dissatisfied, you are entitled to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues:

www.ico.org.uk

 

This Privacy Policy may be updated from time to time to reflect changes in legal, operational, or technological circumstances. You are advised to review it periodically.