EdCo LATAM Consulting is committed to full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK Data Protection Act 2018, and applicable international privacy laws. This policy sets out how we protect the personal data of students, partners, clients, and stakeholders in the course of our education consultancy and marketing services.
This policy applies to all personal data processed by EdCo LATAM Consulting and to all employees, contractors, and third-party service providers with access to personal data.
EdCo LATAM Consulting acts as the Data Controller for the personal data it collects and processes.
All data protection queries can be directed to: information@edcolatam.com
We process personal data based on the following lawful grounds:
Consent – when individuals opt in to receive information or services
Contractual obligation – when processing is necessary to fulfil our role in supporting student applications
Legitimate interest – in providing relevant services to prospective students and maintaining partner relationships
Legal obligation – where required to comply with applicable laws
We collect and process the following types of personal data:
Name, email address, phone number, postal address, date of birth, nationality, residency status
Education background, programme of interest, application materials (e.g., CV, references)
Passport details, visa status, test results (such as SAT), and academic or language qualifications
Interaction history via email, WhatsApp, or phone, including notes on recruitment activities
Personal data is collected when:
Individuals communicate with EdCo via email, WhatsApp, telephone, or in person
Data is provided at events, fairs, or webinars
Responses are made to social media campaigns or online lead forms
Applications are submitted via agents or directly to EdCo
We use personal data for the following purposes:
To provide guidance and support with applications to our partner institutions
To send relevant updates, event invitations, and reminders to individuals who have expressed interest
To communicate admission requirements, scholarship opportunities, and visa guidance
To deliver digital marketing and social media engagement campaigns
We only share personal data with:
Our partner institutions to which the student is applying
Authorised agents or collaborators involved in the student’s application process
We do not sell or share personal data with any other third parties.
Some of our operations are based outside the EEA (e.g., Colombia). In such cases, personal data is transferred using:
Standard Contractual Clauses (SCCs) such as the Colombian data protection law 1581 of 2012
Appropriate technical and organisational safeguards in line with GDPR
If contact is not maintained, personal data will be deleted within 12 months
Some records may be retained for up to 12 months for archival or professional relationship management
Marketing communications can be opted out of at any time. We process such requests within 7 days
Backups and replication systems follow secure retention and deletion policies
You have the following rights regarding your personal data:
Right of access – to request copies of your personal data
Right to rectification – to request correction of inaccurate data
Right to erasure – to request deletion where appropriate
Right to restrict processing – to pause processing in certain cases
Right to data portability – to request your data in a usable format
Right to object – to stop us processing your data
Right to withdraw consent – at any time, where processing is based on consent
All requests can be submitted to privacy@edcolatam.com and will be handled within GDPR timelines.
We have implemented the following controls:
Access to personal data is restricted to trained staff who have signed confidentiality agreements
Salesforce CRM and secure platforms are used to store data with role-based permissions
Staff complete annual data protection training
Internal audits are conducted to verify compliance
Devices used to access data are encrypted and password protected
Only authorised personnel are granted access to personal data
Permissions are reviewed quarterly by our operations team
Internal systems log all access and usage for traceability
All users undergo GDPR training before receiving access
This policy is reviewed annually or upon significant changes in law or practice. Any material changes will be communicated to users through the channels they have opted into.
We help educational institutions achieve their student recruitment goals from Latin America
Brazil
Colombia
Mexico
United Kingdom
