1. Who is responsible for your data
The data controller for this public website is Mohamed Yusuff, trading as StudCare. You can contact the controller at [email protected] or by phone/WhatsApp at +971 56 570 0477.
This notice covers studcare.com. It does not describe how a customer education institute processes student, parent, staff, or other records within the separate StudCare product service; those roles and responsibilities are governed by the applicable customer agreement and product privacy documentation.
2. Personal data we collect
Information you provide
When you request a demo, quote, or brochure, we may collect your name, organisation, work email, phone number, organisation type and size, product interests, deployment or billing preferences, requested brochure language, and anything you include in your message.
Information collected automatically
Our systems receive limited technical information needed to deliver and secure the website, such as your IP address, browser or user-agent, request time, referring page, session identifiers, and campaign parameters. For form security and rate limiting, we store a one-way keyed hash of the IP address rather than the address itself in the enquiry record.
If you consent to analytics, Google Analytics also receives information about your visit and interactions. Please do not submit sensitive personal data or information about children through our public enquiry forms.
3. Why we use personal data and our legal bases
- Responding to your request: to send the brochure, arrange a demonstration, prepare a quotation, and discuss your requirements. We rely on steps you ask us to take before entering a contract (GDPR Article 6(1)(b)) and, where appropriate, our legitimate interest in responding to business enquiries (Article 6(1)(f)).
- Website security and abuse prevention: to maintain sessions, validate forms, prevent duplicate or automated submissions, rate-limit requests, and investigate faults. We rely on our legitimate interest in protecting the website and its users (Article 6(1)(f)).
- Analytics: to understand website use and improve performance. We use optional analytics only with your consent (Article 6(1)(a)), which you may withdraw at any time.
- Legal compliance: to keep or disclose information where the law requires it (Article 6(1)(c)).
You are not legally required to provide enquiry information, but required form fields are necessary for us to process and respond to the request. We do not use website enquiry data for solely automated decisions or profiling that produces legal or similarly significant effects.
5. International transfers
StudCare operates from the United Arab Emirates, so information sent by visitors in the European Economic Area or United Kingdom may be processed outside their country. Some service providers may also process data in other countries. Where GDPR transfer restrictions apply, we use an applicable lawful transfer mechanism, such as an adequacy decision or approved standard contractual clauses, together with supplementary safeguards where required. You may contact us for information about the safeguards relevant to your data.
6. How long we keep personal data
We keep enquiry and brochure-request records only while they are needed to respond, manage the potential business relationship, resolve disputes, and meet legal obligations. Retention depends on whether the enquiry progresses, the nature of the correspondence, limitation periods, and applicable accounting or legal requirements. Records that are no longer needed are deleted or anonymised during periodic reviews.
Short-lived session data expires when the session ends or after the server’s configured session lifetime. Your cookie preference remains in your browser until you clear site data or change the preference. Google controls the lifespan of analytics cookies as described in its documentation.
8. Security
We use proportionate technical and organisational safeguards, including encrypted transport, access controls, input validation, anti-automation measures, and pseudonymisation of IP addresses in enquiry records. No internet service can guarantee absolute security.
9. Your GDPR rights
Subject to the conditions in data-protection law, you may request access to your personal data, correction, deletion, restriction, portability, or object to processing based on legitimate interests. Where processing relies on consent, you may withdraw it at any time without affecting earlier lawful processing. You may also lodge a complaint with the supervisory authority in the EEA country where you live or work, or where you believe an infringement occurred.
We may need to verify your identity before completing a request. Ordinarily, GDPR requests are answered within one month, subject to permitted extensions for complex or multiple requests.
10. Contact and updates
To exercise a right or ask a privacy question, email [email protected] with “Privacy request” in the subject line. Please describe your request and the email address you used to contact us.
We may update this notice when our practices or legal obligations change. The effective date at the top shows when the current version took effect.