Privacy Policy

Last Updated: 03/05/2024

GoBritanya (referred to as “we”, “us”, or “our”) places a high priority on our student’s or any representing party’s (referred to as “you” or “your”) data security and acknowledge the significance of privacy protection. We are committed to handling the personal information of those we engage with, whether customers, suppliers or colleagues responsibly and in a way that meets the legal requirements of the countries in which we operate.

This Privacy Policy is an overview of the types of personal information we collect, how we collect, use, keep, and protect it, as well as your rights in relation to the information we have collected. Please read this Privacy Policy carefully, as it becomes legally binding when you use our services and communication with you.

In providing the personal data of any individual (other than yourself) during your use of our services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Privacy Policy.

1. Our Contact Details

Name: Education Travel & Leisure Limited, trading as GoBritanya
Address: 36-43 Kirby Street, London, England, EC1N 8TE
Phone Number: 020 7831 8247
UK ICO Registered Number: ZA506462

2. The Type of Personal Information We Collect

We may collect and process the following personal data:

Identity Information and Contact details

Full name, email address, phone number, gender, date of birth, home address, residential address, nationality, national id number*, social security number*, taxpayer identification number*, driver’s license number*, passport number*, passport scan, visa and residence permit scan*, picture*, signature, relationship to student. In some cases, such as where we need to comply with anti-money laundering regulations, we may also collect more commercial or identification information from you. Please note, identity information and contact details can relate to the student, agent, student’s guarantor, and student’s emergency contract;

Education Information

Education type, university name / school name, university course / subject name, student number*, student letter scan*, CAS number*.

Medical Information

Medical conditions*, medical reports*, welfare check reports*, physical disability details*, special physical requirements*.

Financial information

Finance: proof of finance*, proof of student loan*, student loan details*, credit history*, rent insurance details*, tax documentation*; Payments: invoice payment details, payer name, location, payment date, payment amount, payment method, payment currency, payment reference, transaction reference, payment status, proof of payment.
Refunds: payee full name, bank name, bank address, SWIFT code, IBAN, account number, sort code, refund currency, refund amount, refund date; Payment Schedule: instalment plan amounts, due dates, rent components, rent arrears, non-payment escalation details (e.g. court claims details).

Importantly, we do not collect, process or store cardholder data (e.g. debit or credit card details), all online payments are processed by third-party payment processing companies (e.g. WorldPay), which have their own privacy and security policies and we do not accept any responsibility for them.

Technical Data

Internet protocol (IP) address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, Uniform Resource Locators (URL) details, products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information, methods used to browse away from the page, Cookies.

Security Data

Residences’ CCTV Surveillance Camera and Audio Recording, security entry system records, Incident Reporting Details, Formal Complaint Details, details from formal incident investigations.

Marketing Data

Preferences for being contacted by us, survey information, marketing information.

*Collected only in some cases

3. How We Get the Personal Information and Why We Have It

We will only use your personal data when the law allows us to do so. Most of the personal information we process is provided to us directly by you for one of the following purposes:



Enquiry Processing

We may collect and process information you provide us when enquiring about a residence, a room, or about any of our products. This information may include your identity information, contact details, education information, medical information, financial information, technical data, and marketing data. We may also collect and process enquiry information, booking information, any additional information you provide or special request you make, your agent’s identity information and your agent’s contact information or anyone acting on your behalf.

Booking Processing

We may process information you provide us when accepting our offer and completing forms, contracts or other agreements with us or another accommodation provider we represent. This information may include booking details, your identity information, contact details, education information, medical information, financial information, technical data, marketing data, your guarantor identity information and contract information, your emergency contact identity information and contract information.

Health and Safety

We may process medical information you provide us when accepting our offer and completing forms, contracts or other agreements with us or another accommodation provider we represent. Medical Information includes the details of the medical condition(s) and or physical disability you would like us to be aware of when allocating your accommodation, and information about any special physical requirements you have for the purpose assistance with evacuation from a building in an emergency.

Complaint and Incidents

We may collect and process information you provide us when you lodge a complaint or when you report an incident to us. This information may include identity information, contact details, complaint details, any evidence submitted, such as medical data, police report or any other details submitted.


We may collect the necessary information to process corresponding by phone, email, letter or otherwise speaking face to face, or via our website. In some cases, you may choose to provide unsolicited personal information (information we have not asked for) to us such as a CV, or medical records you wish to discuss with a member of staff. Where this is the case, this personal data will be handled with the same care as any other personal data we process and in accordance with data protection legislation as laid out in this notice.


We may collect and process marketing data when you inform us about your preferences for being contacted by us when you take part in any of our online surveys.

We also receive personal information indirectly, from the following sources in the following scenarios:



Property Management, Contractual Obligations

We may collect and process information provided to us by our partners involved in operation and management of residences. We may also collect and process information provided to us by our partners in order to perform our contractual obligations to you.


We may collect and process data obtained through CCTV surveillance camera and audio recording, or through electronic means such as security entry system records at premises you occupy under a contract with us. We may also collect, and process information related to reported incidents and formal complaints we were made aware of.


We may collect and process technical information collected about our website use.

4. How We Use This Personal Information

We use the information that you have given us in order to:

1) Carry our obligations under your accommodation contract.
2) Comply with our obligations under health and safety and other laws, including by keeping records of incidents.
3) Ensure that you comply with your obligations under the accommodation contract.
4) Notify your guarantor about any beaches of the accommodation contract which might affect them, and to secure their compliance with their obligations.
5) Promote the safety of the building you occupy, by monitoring compliance with building rules and ensure suitable plans are in place for evacuation from the building.
6) Manage your booking with us.
7) Manage the accommodation you are booking with us.
8) Provide you with additional services you book with us or to notify you about changes to our services.
9) Administer our services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
10) Provide you with the best experience of living in student accommodation.
11) Improve our services and communications with you and to ensure that they are presented in the most effective manner;
12) Measure or understand the effectiveness of advertising we serve and to deliver relevant promotional material to you;
13) Allow you to participate in interactive features of our services, when you choose to do so;

5. Disclosure of Your information

We may share your information with selected third parties including

1) our group entities or subsidiaries.
2) affiliates, business partners, suppliers and subcontractors for the performance and execution of any contract we enter into with them or you.
3) analytics and search engine providers that assist us in the improvement and optimisation of our site.
4) advertisers and advertising networks solely to select and serve relevant adverts to you and others (with your consent).
5) your education provider, guarantor, and emergency contract in cases of ongoing emergency (with your consent).

A list of all third parties we share your data with would be dependent on your specific use of our services and your specific case. If you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by writing to

We may disclose your personal information for the following reasons:

Generally, we may disclose your personal information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, in order to enforce or apply our customer or client agreement and other applicable agreements, or to protect the rights, property, or safety of GoBritanya, our customers, or others.

More specifically, we may disclose your personal information: 1) for the reasons outlined in clause 3.
2) for the purposes of fraud protection.
3) to prevent and detect fraud or crime.
4) to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so.
5) in response to a subpoena, warrant, court order, or as otherwise required by law.
6) to assess financial and insurance risks.
7) for the purposes of credit risk reduction.
8) to recover debt or in relation to your insolvency.
9) to develop customer relationships, services, and systems.

6. Legal Basis For Processing Your Personal Information

In Europe or the EEA

The lawful basis we use for collecting and processing your information in Europe or within the EEA (as required by current legislation) are as follows: 1) Where it is necessary for entering into or performing a contract with you.
2) Where we have a legitimate interest to do so, provided your rights do not override those interests.
3) Where you have consented to its uses;
4) Where our colleagues believe it is in your vital interests to share your personal details;
5) Where required to comply with our legal obligations.

In the United Kingdom

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: 1) Your consent. You are able to remove your consent at any time. You can do this by contacting us using the details supplied above. Consent will apply to any marketing communications you have opted in to, or to us sharing information with a ‘next of kin’ where this is not absolutely necessary in the context of an ongoing emergency.
2) We have a contractual obligation. If we are providing you with accommodation services, this will be the main reason for us processing your personal information.
3) We have a legal obligation. This could arise in relation to council tax, a demand for information from an official body or in response to action by a public health body.
4) We have a vital interest. In an emergency we might for example need to share information with a medical professional.
5) We have a legitimate interest. This applies where processing your data is necessary for the purposes of the legitimate interests pursued by us or by a third party, and such interests are not overridden by your interests or fundamental rights and freedoms.

7. How We Retain And Store Your Personal Information

1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements which includes investigating any legal claims that may be made. This applies in every jurisdiction in which we operate.

2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Please contact us if you require further detail regarding our retention policy.

3. We may transfer and store your data at a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, our system maintenance, fulfilment of your booking order, and the provision of support services. By submitting your personal data, you agree to this transfer, storing and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.

4. In order to provide our services to you, it maybe sometimes necessary for us to transfer your data to the third parties outlined in Clause 5 that are based outside of the European Economic Area. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical and organisational security measures to protect your data. We also ensure we have appropriate contractual protections in place with these parties receiving the data outside the EEA.

8. How We Protect Your Personal Information

We take the safeguarding of your information very seriously, we and take a number of steps to ensure it stays secure.

1) Our technical security team proactively monitors our systems for abnormal and malicious activity. Additionally, we have ASV performed and completed by a PCI SSC Approved Scanning Vendoron a quarterly basis, where applicable.

2) We handle data information in a manner that fits with their sensitivity and classification; Additionally, we maintain physical, electronic, and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorised access.

3) We take all necessary steps to prevent unauthorized access to confidential data. All confidential data is stored electronically on our database, and access to it is controlled and approved by passwords only. We keep all passwords and accounts secure. Additionally, all PCs, laptops and workstations are secured with a password-protected screensaver.

4) Access to confidential, restricted and protected information is limited to authorised persons whose job responsibilities require it or employees that have a business reason for knowing such information or have a legitimate need to view such information. Additionally, access to sensitive information in both hard and soft media format is physically restricted to prevent unauthorised individuals from obtaining sensitive data.

5) Any sensitive data that is no longer required by for business or legal reasons is discarded in a secure and irrecoverable manner. Additionally, when our employees’ employment contract is terminated, all their system logons are revoked and account disabled and removed.

6) We require our partners to abide by data security rules outlined above and to immediately report any breaches. More specifically, we require that:
    a) Any suspicious behaviour where any tampering or substitution may be performed should be reported immediately, using our contact information above.
    b) Information security incidents must be reported, without delay, using our contact information above.

9. Your Data Protection Rights

In Europe or the EEA

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us using the contact details provided above if you wish to make a request.

1. Subject to applicable laws, you may have the right to access information we hold about you. Your right of access can be exercised in accordance with the relevant data protection legislation. If you have any questions in relation to our use of your personal information, contact us. Under certain conditions, you may have the right to require us to:

    a) provide you with further details on the use we make of your information;
    b) provide you with a copy of the information that you have provided to us;
    c) update any inaccurate, incorrect, or out of date personal information we hold;
    d) delete any personal information that is no longer necessary, or no longer subject to a legal obligation to which GoBritanya is subject to. GoBritanya has legal obligations so it may not be possible to delete your data at the time of request. Once the required time has passed then we will be able to comply with your request;
    e) where processing is based on consent, to withdraw your consent so that we stop that particular processing;
    f) cease direct marketing to you, by contacting us or adjusting your notification preferences in the settings section of your account;

2. Where we undertake wholly automated decision making which results in the creation of a legal obligation or a similar significant impact, you may request that we provide information about the decision-making methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias or if required by law to adjust the processing.

3. Object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.

4. Restrict how we use your information whilst a complaint is being investigated.

In the United Kingdom

Under data protection law, you have rights including:

1) Your right of access. You have the right to ask us for copies of your personal information.
2) Your right to rectification. You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
3) Your right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
4) Your right to restriction of processing. You have the right to ask us to restrict the processing of your personal information in certain circumstances.
5) Your right to object to processing. You have the the right to object to the processing of your personal information in certain circumstances.
6) Your right to data portability. You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

10. How To Complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details provided above.

Please send any questions, comments or requests regarding this privacy policy to GoBritanya, our Data Protection Officer, at You can also write to us at the following address – 36-43 Kirby Street, London, England, EC1N 8TE. We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.

If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws. In the United Kingdom this is the Information Commissioner’s Office, you can see their contact details via the ICO website.

11. Third-Party Links

Our services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.

12. Changes To Our Privacy Policy

To keep up with changing legislation, best practice and changes in how we process personal information, we may revise this Privacy Policy at any time without notice by posting a revised version on this website. To stay up to date on any changes, check back periodically.

Get in Touch

If you have any questions, feel free to contact us.