Privacy Policy

Last updated: 15th January 2026

Data Controller Information

rapidmatrixora Ltd is the data controller for the personal data we collect. We are a company registered in Cyprus with registration number HE917358. Our registered address is Spyrou Kyprianou Street 117, 1080 Nicosia, Cyprus.

Data We Collect

We collect and process various types of personal data to provide our university admission consulting services effectively. The data we collect includes:

Information You Provide Directly

• Personal details: name, email address, phone number, postal address
• Academic information: educational background, qualifications, transcripts
• Application materials: personal statements, essays, CVs, portfolios
• Communication records: emails, meeting notes, consultation records
• Payment information: billing details and transaction records

Information We Collect Automatically

• Website usage data: IP address, browser type, pages visited, time spent
• Device information: operating system, device type, screen resolution
• Analytics data: user behaviour patterns, traffic sources, conversion metrics
• Cookie data: preferences, session information, marketing interactions

How We Use Your Information

We use your personal data for various purposes related to our university admission consulting services. How we use your information includes:

• Providing consultation services and academic guidance
• Preparing university applications and supporting documents
• Communicating about your application progress and deadlines
• Processing payments and maintaining financial records
• Improving our services based on your feedback and needs
• Complying with legal and regulatory requirements
• Marketing our services (with your consent where required)

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract performance: Processing necessary to fulfil our consulting services agreement
• Legitimate interests: Improving our services, business communications, and fraud prevention
• Consent: Marketing communications and non-essential cookies
• Legal obligation: Compliance with financial and regulatory requirements

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner or by visiting our Cookie Policy page.

Data Sharing and Disclosure

We may share your personal data with the following parties when necessary for our services:

• Universities and educational institutions for application purposes
• Third-party service providers (payment processors, IT support, analytics)
• Professional advisors (lawyers, accountants, consultants)
• Regulatory authorities when legally required

We do not sell your personal data to third parties for marketing purposes.

Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Our data retention periods are:

• Active client records: Duration of service plus 7 years for business records
• Application materials: Until university application process completion plus 2 years
• Website analytics: 26 months (Google Analytics default)
• Marketing communications: Until consent is withdrawn
• Financial records: 7 years as required by law

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of access: Request copies of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data in certain circumstances
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for consent-based processing

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure backup and recovery procedures
• Regular monitoring for security breaches

International Data Transfers

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the European Commission
• Standard contractual clauses approved by the European Commission
• Certification schemes and codes of conduct

Children's Privacy

Our services are primarily directed at individuals aged 16 and over. When we work with younger students, we obtain appropriate parental or guardian consent and implement additional safeguards to protect their data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Complaints

If you believe we have not handled your personal data in accordance with data protection laws, you have the right to lodge a complaint with the relevant supervisory authority. In Cyprus, this is the Commissioner for Personal Data Protection.