GDPR (Acknowledgement regarding protection of student personal data). Last updated: May 20th, 2021

By checking the box during the onboarding process, a representative of the onboarding company, a manager or persons of authorization, agrees to the following GDPR protocols.

Pursuant to the terms and conditions of GDPR, we hereby inform you that Everywhere English (in its capacity as “Data Controller”) is required to provide you with the following information: 

6(a). All personal data shared with Everywhere English (as well as any further information provided so as to receive all necessary services) will be processed and handled by Everywhere English in accordance with its own policies, GDPR, and Privacy Shield principles. To guarantee privacy protection; sensitive information processing will only occur in relation to student details deemed necessary for course enrolment, including but not limited to Name, date of birth, email address, and home address. 

6(b). Everywhere English will process collected information solely for institutional functions connected or related to its own ordinary activities, such as administrative practices for lessons, marketing activities, and our contractual obligations. All such customary activities are necessary for participant programmes. The data supplied and collected will be processed for the following purposes:

  • To fulfill the responsibilities established by any relevant law, including European Union regulations such as the GDPR; 
  • To execute contractual responsibilities pertaining to enrolments with educational companies (included but not limited to; academic credits, participants, health, and safety); 

6(c). Submittal and processing of personal data is necessary to achieve the purposes specified above. 

6(d). The collecting and processing of common or sensitive data will be performed automatically and/or manually in compliance with GDPR Articles 1, 3, 5, 6, 25, 26, 28, 29, 30, 32. To this purpose, Everywhere English will adopt the necessary safety measures, thus securing strictly monitored access. 

6(e). Data processing will take place according to the aforementioned criteria only in Everywhere English offices that are exclusively dedicated to education, intern or volunteer abroad activities. Only Everywhere English administrators and/or staff members specifically designated to perform such tasks will process the data mentioned above. With the exception of sensitive data, personal information provided by the participants may be transferred overseas in accordance with the terms, conditions, and limits specified by GDPR Articles 40, 44, 45, 46, 47, 50 and Privacy Shield framework principles of accountability for onward transfer, security, and Data Integrity and Purpose Limitation.

6(f). Participants’ data may be communicated (in accordance with the above-indicated rules) to public or private organizations that need to acquire such information in order to comply with contractual, legal, and GDPR obligations. Sensitive data may be communicated to public entities and authorities (e.g., hospitals, police officers, courts, government bodies, etc) and to private subjects (e.g., clinics, security supervisors and insurance companies) only for purposes related to health, safety, emergencies and obligations set forth by GDPR.

6(g). Everywhere English will serve as “Data Controller” in compliance with all laws listed above. This also applies to safety obligations related to the automatic processing of participant data. 

6(h). In its capacity as “Data Controller,” Everywhere English will process all personal and sensitive data. More specifically, our Data Protection Consultant Chris Alexander, and EU Representative DPR acting in compliance with GDPR Articles 27, .31, 37 – 39. Our EU Representative DPR may be reached at 

6(i). You will be able to exercise any and all other rights foreseen by GDPR Articles 12 – 23 Having read this notice provided by Everywhere English in its capacity as “Data Controller” pursuant to GDPR Article 1 – 4, 24, 40. 

GDPR documentation available in its entirety at 

Privacy Shield framework is available in its entirety at

To the use/providing/processing of personal data (including sensitive data) for and limited by the purposes outlined in this notice (in compliance with GDPR Articles 5, 6, 7, 40).