University Logo
Apply
Current Students

Privacy Policy

Privacy Notice

Last updated: 25th June, 2026
Owner: Data Privacy Team

Global Institute of Sport respects your privacy and is committed to protecting your personal data. This Privacy Notice explains how we collect, use, store and share personal data, and explains your rights under data protection law.

This Privacy Notice applies to personal data collected through our websites, digital platforms, products, services and other activities, and relates to past, current and prospective students, applicants, enquirers, website users, event attendees, alumni, parents, guardians, emergency contacts, staff contacts at partner organisations and other people who interact with us.

This Privacy Notice should be read alongside any privacy information provided by our awarding or academic partners, including the University of East London and other partners where applicable.

1. Who we are

Global Institute of Sport Limited, company number 14951229, has its registered office at Arch View House, 16 First Way, Wembley, England, HA9 0AF.

References in this Privacy Notice to “GIS”, “we”, “us” or “our” may also include our group companies where they are involved in providing or supporting GIS services. These include:

  • • UK Global Institute of Sport Limited, company number 12211907, registered office Arch View House, 16 First Way, Wembley, England, HA9 0AF.
  • • Global Institute of Sport Americas LLC, FEI/EIN number 86-3626979, registered office 1350 NW 55th Street, Fort Lauderdale, FL 33309, USA.
  • • Global Institute of Sport Australia PTY LTD, ABN 26 658 854 374, registered office Docklands, 3008 Victoria, Australia.

Different organisations may have different roles under data protection law, depending on the activity.

2. When GIS is a controller

GIS acts as a controller where we decide why and how personal data is used. This may include personal data processed for:

  • • Website enquiries, prospectus requests, webinars, open days and events.
  • • Marketing communications, where you have chosen to receive them or where we are otherwise legally permitted to contact you.
  • • Certain applicant and admissions communications, where GIS determines the purpose and means of processing.
  • • Non-UEL provision or activities where GIS determines how personal data is used.
  • • Scholarships, sponsorships, alumni engagement, careers activity, surveys and service improvement.
  • • Complaints, concerns or feedback about GIS services.
  • • Safeguarding, welfare, serious-risk, accessibility or inclusion matters handled by GIS.
  • • Corporate administration, governance, legal, regulatory, audit, risk management and business operations.
  • • AI-assisted services, analytics, learning support, communications, assessment support, service improvement and other operational activities where GIS determines the purpose and means of processing.

Where GIS acts as controller, we are responsible for explaining how we use your data and for responding to your data protection rights.

3. When GIS is a processor for UEL or another partner

For students registered with the University of East London and studying UEL awards delivered with support from GIS, UEL is normally the controller of the core student record and related academic data. GIS processes that personal data on UEL’s documented instructions.

This may include processing for teaching delivery, academic administration, student support, engagement monitoring, learning support, complaints, appeals, academic conduct, safeguarding, wellbeing and other student services connected with delivery of the relevant programme.

For programmes, events or activities involving other partners, the data protection role will depend on the relevant arrangement. In some cases, the partner may be the controller and GIS may act as processor. In other cases, GIS may act as an independent controller for its own related activities.

Where GIS acts as processor, we process personal data only in accordance with the relevant controller’s documented instructions, unless we are required by law to do otherwise.

4. How to contact us

We have appointed a data privacy team responsible for overseeing questions about this Privacy Notice and data protection matters.

Email: dataprivacy@gis.sport
Postal address: Data Privacy, Global Institute of Sport Limited, Arch View House, 16 First Way, Wembley, England, HA9 0AF

You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues. We would appreciate the opportunity to deal with your concerns first, so please contact us before making a complaint to the ICO where possible.

5. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any updated version will be published on our website. Where appropriate, we may also notify you by email or through other communication channels.

It is important that the personal data we hold about you is accurate and up to date. Please tell us if your personal data changes during your relationship with us.

6. The personal data we collect

The personal data we collect depends on your relationship with GIS and the services or activities involved. We may collect, use, store and share the following types of personal data.

Identity Data may include your name, title, date of birth, gender, nationality, student or applicant number, username or similar identifier, passport details, photographic identification and images.

Contact Data may include your email address, telephone number, postal address, country of residence, emergency contact details and communication preferences.

We may also keep records of communications with you, including emails, telephone calls, live chat conversations, messaging services, video meetings and other communications where relevant to the services we provide.

Applicant and Education Data may include your previous education, qualifications, predicted or achieved grades, personal statement, references, application information, UCAS information where relevant, English language information, visa or immigration information where relevant, programme choice, study location and other information connected with admission or enrolment.

Student and Academic Data may include enrolment information, module registrations, attendance or engagement records, assessment information, marks, progression, academic support, academic conduct, complaints, appeals, learning support, placement or careers information and records of communications with you.

Financial Data may include limited information relating to scholarships, sponsorship, funding arrangements, fee status, invoices or financial queries where this is relevant to our role. GIS does not normally collect payment card details from students and does not normally process student refunds.

Technical Data may include your IP address, login data, browser type and version, time zone setting and location, device information, operating system and platform, cookies and similar technologies.

Usage Data may include information about how you use our website, online systems, learning platforms, forms, services and communications.

Marketing and Communications Data may include your preferences in receiving marketing from us, records of consent, opt-out preferences, events attended, enquiries made and communications with us.

Recruitment and Staff Contact Data may include information relating to people who apply to work with us, work with us, or interact with us through partner organisations, agents, suppliers or professional networks.

Third-Party Data may include information you provide about another person, such as a parent, guardian, emergency contact, referee, sponsor or representative. You should only provide another person’s information where you have a proper reason to do so.

We may also use aggregated or anonymised data for reporting, planning, research, quality improvement or statistical purposes. This is not personal data where individuals can no longer be identified.

7. Special category and criminal offence data

Some of the information we process may be more sensitive. This is known as special category data. It may include information about health, disability, learning support needs, safeguarding, wellbeing, ethnicity, equality monitoring, religion or philosophical beliefs, or other sensitive personal circumstances.

We may also process information relating to criminal offences, allegations, disciplinary matters or conduct concerns where this is necessary and lawful.

We only process this information where we have a lawful basis under data protection law and, where required, a separate condition for processing special category or criminal offence data. This may include processing that is necessary for student support, accessibility, safeguarding, legal obligations, equality monitoring, substantial public interest, the establishment or defence of legal claims, or reasons of vital interest.

Access to this information is restricted to colleagues, partner organisations and third parties who need it for a legitimate operational, student-support, safeguarding, legal, regulatory or welfare purpose. Where GIS acts as processor, we process this information in accordance with the relevant controller’s documented instructions.

8. Children and under-18s

GIS may process personal data relating to applicants, prospective students, event participants or other individuals who are under 18. Where we do so, we only collect and use information that is necessary for the relevant purpose.

This may include admissions, enquiries, events, safeguarding, welfare, accessibility support, emergency contact arrangements, or communications with parents, guardians or schools where appropriate.

Where information is aimed at children or young people, we aim to make it clear and accessible.

9. How we collect personal data

We collect personal data in different ways.

You may give us personal data directly when you complete a form, make an enquiry, request a prospectus, apply for a programme, attend an event, use our website, communicate with us by email, phone, social media or online form, or use our services.

You may also provide personal data when interacting with AI-assisted services, such as virtual assistants or chat services, where these are made available by GIS.

We may collect personal data through automated technologies when you use our website or online systems. This may include cookies, analytics, server logs and similar technologies. More information is available in our Cookies Policy.

We may receive personal data from third parties, including awarding or academic partners, schools, colleges, universities, UCAS, referees, agents, sponsors, employers, student support services, government bodies, regulators, analytics providers and service providers.

We may also receive personal data from publicly available sources where this is relevant and lawful.

10. How we use personal data and our lawful bases

We only use personal data where data protection law allows us to do so. The lawful basis depends on the activity and on whether GIS is acting as controller or processor.

Where GIS acts as processor, we process personal data on the relevant controller’s documented instructions.

Where GIS acts as controller, we may rely on one or more of the following lawful bases:

  • Contract: where processing is necessary to take steps before entering into a contract with you or to perform a contract with you.
  • Legal obligation: where processing is necessary to comply with a legal or regulatory obligation.
  • Legitimate interests: where processing is necessary for our legitimate interests or those of a third party, and your rights and interests do not override those interests.
  • Consent: where you have given clear consent for a specific purpose, such as certain marketing communications.
  • Vital interests: where processing is necessary to protect someone’s life.
  • Public task: where this applies to a specific activity carried out in the public interest or under official authority.

We may use your personal data for the following purposes.

PurposeTypes of dataLawful basis where GIS is controller
To respond to enquiries, prospectus requests, event registrations and information requestsIdentity, Contact, Applicant and Education, Marketing and CommunicationsLegitimate interests, Consent where required
To support applications and admissions activityIdentity, Contact, Applicant and Education, Special Category Data where relevantContract, Legitimate interests, Legal obligation
To support delivery of programmes, teaching, learning and student servicesIdentity, Contact, Student and Academic, Special Category Data where relevantContract, Legitimate interests, Legal obligation. Where UEL is controller, GIS acts as processor
To provide learning support, disability support, accessibility arrangements, safeguarding, wellbeing and serious-risk supportIdentity, Contact, Student and Academic, Special Category Data, Third-Party DataLegal obligation, Legitimate interests, Vital interests, Special category conditions where applicable
To manage complaints, appeals, conduct matters, academic administration and student communicationsIdentity, Contact, Student and Academic, Special Category Data where relevantContract, Legal obligation, Legitimate interests. Where UEL is controller, GIS acts as processor
To manage scholarships, sponsorships, funding information or financial queries relevant to our roleIdentity, Contact, Applicant and Education, FinancialContract, Legitimate interests, Legal obligation
To send marketing communications and manage communication preferencesIdentity, Contact, Marketing and Communications, Technical, UsageConsent where required, Legitimate interests where permitted
To manage alumni, careers, surveys, events and service improvementIdentity, Contact, Student and Academic, Marketing and CommunicationsLegitimate interests, Consent where required
To administer and protect our website, systems, services and business operationsIdentity, Contact, Technical, UsageLegitimate interests, Legal obligation
To comply with legal, regulatory, audit, risk, safeguarding and reporting obligationsIdentity, Contact, Student and Academic, Special Category Data where relevantLegal obligation, Legitimate interests, Substantial public interest where applicable
To use analytics to improve our website, services, communications and user experienceTechnical, Usage, Marketing and CommunicationsLegitimate interests, Consent where required for cookies or similar technologies
To use AI-assisted technologies to support teaching, learning, assessment, student support, communications, marketing, service improvement and business operations, with appropriate human oversight where required.Identity, Contact, Student and Academic, Technical, Usage, Marketing and CommunicationsLegitimate interests, Contract where applicable, Consent where required

We do not use personal data for solely automated decisions that have legal or similarly significant effects on you. We may use systems to help organise information, support communications, monitor engagement or improve services, but decisions involving significant consequences are not made solely by automated means.
AI and automated technologies may be used to assist our staff with certain activities. However, decisions with legal or similarly significant effects on individuals are not made solely by automated means and are subject to appropriate human oversight.

11. Marketing

We may contact you with information about GIS programmes, events, services or opportunities where we have a lawful basis to do so.

You can ask us to stop sending marketing messages at any time by using the unsubscribe link in our emails or by contacting us.

Withdrawing consent or opting out of marketing will not affect service, academic or administrative communications that we need to send for another lawful reason.

12. Cookies and website technologies

Our website uses cookies and similar technologies. Some are necessary for the website to work. Others may support analytics, website improvement, personalisation or marketing.

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You can manage your cookie preferences through our website cookie tool or through your browser settings.

More information is available in our Cookies Policy.

13. Third-party systems and service providers

GIS uses a range of trusted third-party systems and service providers to support the delivery of our services and business operations. These may include providers of customer relationship management (CRM), admissions, communications, learning platforms, website hosting, IT administration, cloud storage, analytics, telephony, marketing, payment processing and other business support services.

Where third-party providers process personal data on our behalf, they act only on our instructions where required, are subject to appropriate contractual obligations, and must implement suitable technical and organisational measures to protect personal data in accordance with applicable data protection law.

We regularly review our service providers to ensure they continue to meet our security, privacy and compliance requirements.

14. Sharing personal data

We may share personal data where this is necessary and lawful. This may include sharing with:

  • • Academic and awarding partners, including the University of East London and other relevant partners.
  • • Other companies in the GIS group, where they are involved in providing or supporting GIS services.
  • • Service providers, including IT, CRM, website, marketing, analytics, communications, AI services, professional services, cloud hosting and system administration providers.
  • • UCAS, schools, colleges, universities, referees, sponsors, employers, agents and student support providers, where relevant.
  • • Regulators, public authorities, government bodies, law enforcement, courts, auditors, insurers and professional advisers where required or appropriate.
  • • Parents, guardians, emergency contacts or next of kin where there is a lawful and appropriate reason, such as safeguarding, emergency, serious risk, consent, vital interests or another legitimate basis.
  • • Third parties involved in a business transfer, merger, restructuring or similar corporate transaction.

We do not allow service providers to use personal data for their own purposes where they are acting as our processors. They may only process personal data for specified purposes and in accordance with our instructions.

Where GIS acts as processor for a partner, sharing will be carried out in accordance with the relevant partner’s documented instructions, unless the law requires otherwise.

15. International transfers

GIS operates internationally and may use systems or authorised staff located outside the UK. This means that personal data may sometimes be accessed from, stored in, or transferred to countries outside the UK.

This may include access by authorised GIS group staff or service providers in countries such as the United States, Australia or other locations where this is necessary for the provision, administration or support of GIS services.

Where UK data protection law requires safeguards for an international transfer, we will use an appropriate transfer mechanism. This may include adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement, the UK Addendum to EU standard contractual clauses, or another lawful mechanism.

Where GIS acts as processor for a partner, international transfers will be managed in accordance with the relevant controller’s documented instructions and applicable data processing agreement.

16. Data security

We have put in place appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, use, alteration or disclosure.

We limit access to personal data to people who need it for their work. This may include employees, contractors, group staff, partner organisations and service providers. They are subject to confidentiality obligations and must handle personal data appropriately.

We have procedures for dealing with suspected personal data breaches. Where required by law, we will notify the relevant regulator and affected individuals.

17. How long we keep personal data

We keep personal data only for as long as necessary for the purpose for which it was collected, including legal, regulatory, academic, safeguarding, accounting, audit or reporting requirements.

Retention periods vary depending on the type of record. For example:

  • • Enquiry and marketing records are kept only for as long as needed for the relevant communication purpose, unless you ask us to stop contacting you sooner.
  • • Applicant records are kept for a period needed to manage admissions, queries, reporting and appeals.
  • • Student records may be kept for longer where required for academic, regulatory, legal or partner requirements.
  • • Complaints, appeals, conduct, safeguarding and welfare records may be kept for longer where this is necessary because of the nature of the matter.
  • • Financial, audit, legal and corporate records are kept in line with applicable legal and accounting requirements.

Further details are available in our records retention arrangements. You can contact us if you would like more information about retention periods for a particular type of personal data.

In some circumstances, we may anonymise personal data so that it can no longer identify you. We may use anonymised information indefinitely for research, planning, statistics, reporting or service improvement.

18. Your data protection rights

Depending on the circumstances, you may have the following rights under data protection law:

  • • The right to request access to your personal data.
  • • The right to request correction of inaccurate or incomplete personal data.
  • • The right to request erasure of your personal data.
  • • The right to object to processing based on legitimate interests.
  • • The right to request restriction of processing.
  • • The right to request transfer of your personal data to you or another organisation.
  • • The right to withdraw consent where processing is based on consent.
  • • Rights relating to automated decision-making, where applicable.

These rights are not absolute and may not apply in every case. For example, we may need to keep certain information to comply with legal, regulatory, academic, safeguarding or contractual requirements.

If GIS is acting as processor for another controller, such as UEL, we may need to refer your request to that controller or support them in responding to it.

To exercise your rights, please contact dataprivacy@gis.sport.

19. What we may need from you

We may ask you for information to confirm your identity before responding to a request. This is to protect personal data and make sure it is not disclosed to someone who is not entitled to receive it.

We may also ask for further information to help us understand your request.

We aim to respond to valid requests within one month. If your request is complex or you have made several requests, we may need longer. If so, we will tell you.

You will not usually have to pay a fee. We may charge a reasonable fee or refuse to comply where a request is clearly unfounded, repetitive or excessive.

20. Third-party websites

Our website may contain links to third-party websites, plug-ins or applications. We do not control those websites and are not responsible for their privacy information. When you leave our website, we encourage you to read the privacy information provided by the website or service you visit.

Logo
Location
Level of Study
Subject Area
Keyword

Where are you looking to study?

What level of course are you interested in?

What areas of study are you interested in?

Keyword Search

Search Icon
Next Step