1. Who we are
AdmissionLabs is an educational consultancy based in Germany that helps students from India and around the world pursue higher education and career opportunities in Germany. We provide guidance on university applications, visa processes, language preparation, and post-arrival settlement support.
For the purposes of the EU General Data Protection Regulation (GDPR), AdmissionLabs is the data controller for the personal data we collect through admissionlabs.eu (the “Website”) and through our consulting services.
This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and what choices you have. It applies whenever you visit our Website, contact us, sign up for a consultation, or engage us as a client.
You can reach us anytime at info@admissionlabs.eu or kanishka.loya@admissionlabs.eu. For more about our team, visit our About page.
2. Information we collect
We collect information that you provide to us directly, information generated automatically when you use our Website, and information we receive from third parties acting on your behalf.
2.1 Information you provide directly
- Identity and contact details — full name, email address, phone or WhatsApp number, country of residence, date of birth.
- Academic information — transcripts, certificates, degrees, grades (CGPA / percentage), language test scores (IELTS, TOEFL, TestDaF, Duolingo, Goethe), gap years, prior applications.
- Professional information — work experience, current employer, role, LinkedIn profile, CV/resume contents.
- Application materials — Statement of Purpose (SOP), Letters of Recommendation (LOR), motivation letters, project descriptions.
- Identification and travel documents — passport copies, photographs, address proofs (collected only when required for visa or university application stages).
- Financial information — proof of funds, blocked-account details, payment-related information (note: actual card or bank details are processed by our payment partners, not stored by us).
- Communications with us — emails, WhatsApp messages, call notes, consultation transcripts, form submissions.
2.2 Information collected automatically
- Device and technical data — IP address, browser type, operating system, device identifiers, referring URL.
- Usage data — pages visited, time spent on pages, click paths, search queries within the Website, features used.
- Cookies and similar technologies — see our Cookie Policy for full details.
2.3 Information from third parties
- Verified contact details from referrers, partner institutes, or universities you have authorised to share your data with us.
- Profile information from social platforms (LinkedIn, Instagram) where you have publicly shared it or contacted us through them.
- Aggregated, anonymised analytics data from advertising and analytics providers.
3. How we use your information
We use your personal data for the following purposes:
- Service delivery — to evaluate your profile, shortlist universities, prepare and submit applications, guide visa preparation, and provide post-admission support.
- Communication — to respond to enquiries, send service updates, share deadlines and reminders, and answer questions you raise.
- Account and engagement management — to manage your client engagement, send invoices, process payments, and maintain records of services delivered.
- Marketing and education content — to send newsletters, programme updates, success stories, and webinar invitations only if you have opted in. You can unsubscribe at any time.
- Website improvement — to understand how visitors use our Website and improve content, layout, and user experience.
- Legal compliance — to meet our obligations under tax law, data protection law, and other applicable regulations.
- Fraud prevention and security — to detect, prevent, and address fraudulent activity, spam, abuse, or security incidents.
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
4. Legal basis for processing
Under the EU GDPR, we may only process your personal data when we have a valid lawful basis to do so. We rely on the following bases:
| Contract | To provide the consulting services you have engaged us for, including profile evaluation, application support, and visa guidance. |
|---|---|
| Consent | For sending you marketing emails, placing non-essential cookies, and processing sensitive data such as document copies for visa applications. You can withdraw consent at any time. |
| Legitimate interest | For fraud prevention, securing our Website, basic analytics, and improving our services — balanced against your privacy interests. |
| Legal obligation | For tax records, financial accounting, and complying with lawful requests from authorities. |
6. Third-party services
The following third-party providers process personal data on our behalf or in connection with our Website. Each provider has its own privacy policy and is responsible for its own data handling practices.
| Service | Provider | Purpose | Privacy policy |
|---|---|---|---|
| Google Workspace | Google LLC (USA) | Email, document storage, internal collaboration | policies.google.com/privacy |
| Google Analytics | Google LLC (USA) | Website analytics | policies.google.com/privacy |
| Google Fonts | Google LLC (USA) | Web typography | policies.google.com/privacy |
| Zoho | Zoho Corporation | CRM, lead management, email automation, internal communication | zoho.com/privacy.html |
| WhatsApp Business | Meta Platforms, Inc. | Client communication and messaging | whatsapp.com/legal/privacy-policy |
| Instagram embeds | Meta Platforms, Inc. | Reel and post embeds on testimonial pages | privacycenter.instagram.com |
| Zapier & Zapier Chatbot | Zapier Inc. (USA) | Workflow automation and AI chatbot widget on the Website | zapier.com/privacy |
| Formspree | Formspree Inc. (USA) | Contact and consultation form processing | formspree.io/legal/privacy-policy |
| WordPress hosting | Hosting provider | Website hosting and delivery | Per provider |
We sign Data Processing Agreements (DPAs) with our key processors and rely on Standard Contractual Clauses (SCCs) where data is transferred outside the European Economic Area. We review our processors regularly to ensure they meet appropriate data-protection standards.
7. International data transfers
AdmissionLabs is based in Germany, but we serve students globally and work with university partners primarily in Germany and across the European Union. Some of our service providers (notably Google, Meta, Zapier, and Formspree) are based in the United States or process data in countries outside the European Economic Area (EEA).
When we transfer your personal data outside the EEA, we ensure appropriate safeguards through:
- Adequacy decisions issued by the European Commission, where available;
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Vendor certifications such as the EU–US Data Privacy Framework where the receiving organisation is certified;
- Additional technical and organisational measures (such as encryption in transit and at rest) where required.
You can request copies of the safeguards in place for transfers concerning your data by contacting us at info@admissionlabs.eu.
8. How long we keep your data
We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.
| Active client engagement | Throughout the engagement and for up to 3 years after the engagement ends, to support reapplications, references, or post-arrival queries. |
|---|---|
| Enquiries that do not become engagements | Up to 12 months from your last contact, after which records are deleted or anonymised. |
| Marketing and newsletter subscribers | Until you unsubscribe, or 24 months of inactivity (whichever comes first). |
| Financial and tax records | Up to 10 years, as required by German tax and commercial law. |
| Website analytics | Up to 24 months in anonymised or aggregated form. |
| Document copies (passports, transcripts, financial proofs) | Deleted within 6 months of engagement closure unless retention is legally required. |
When the retention period ends, we securely delete or anonymise your data so it can no longer be associated with you.
9. Data security
We take the security of your personal data seriously. We apply technical and organisational measures designed to protect your data against unauthorised access, accidental loss, disclosure, alteration, and destruction. These measures include:
- Encryption of data in transit (HTTPS/TLS) and, where applicable, at rest;
- Access controls — only authorised team members can access client data, and only when needed;
- Multi-factor authentication on internal accounts and sensitive systems;
- Secure cloud storage with reputable providers that meet recognised security standards;
- Regular review of access logs, vendor security postures, and our internal procedures;
- Confidentiality obligations on every team member, contractor, and partner who handles client data.
Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. If we ever experience a personal-data breach that affects your rights, we will notify you and the relevant supervisory authority without undue delay, as required by law.
10. Your rights
If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with comparable data-protection laws, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure — ask us to delete your personal data (also known as the “right to be forgotten”), subject to legal retention requirements.
- Right to restrict processing — ask us to limit how we use your data in certain situations.
- Right to data portability — receive your data in a structured, commonly used, machine-readable format, or have it transmitted to another controller.
- Right to object — object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent — where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.
- Right not to be subject to automated decisions — we do not make decisions that significantly affect you using only automated means.
How to exercise your rights: Send a written request to info@admissionlabs.eu. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.
Right to complain: If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data-protection supervisory authority. In Germany, this is the data-protection authority of the federal state where you reside.
Students located in India have similar rights under the Digital Personal Data Protection Act, 2023 (DPDPA), including rights of access, correction, and grievance redressal. To exercise these rights, contact us at the email above.
12. Children's privacy
Our services are intended for individuals aged 18 years and older. We do not knowingly collect personal data from children under 16 years of age without verifiable parental consent. If you are a parent or guardian and believe your child has provided us with personal data without consent, please contact us at info@admissionlabs.eu and we will take steps to delete the data promptly.
13. Links to other websites
Our Website may contain links to third-party websites — partner universities, government portals, language test bodies, and others. These websites operate independently of us and have their own privacy practices.
We are not responsible for the content, privacy policies, or practices of websites we link to. We recommend reviewing the privacy policy of any external site before submitting personal information to it.
14. Updates to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:
- Update the “Last updated” date at the top of this page;
- Notify active clients by email where the change is significant;
- Post a prominent notice on the Website where appropriate.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Continued use of our services after changes take effect indicates your acceptance of the revised policy.
15. Contact us
If you have questions about this Privacy Policy, our data practices, or your rights, please reach out to us: