Data Protection
Privacy Policy & Data Protection Notice
Last updated: 01/03/2026
Our Commitment to Your Privacy
MED-EUROPE CAREERS is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable EU data protection laws.
1. Data Controller
Europe Careers Group as the legal entity Data Controller
If you have any questions regarding this Policy or your data rights, you may contact us at:
support@medeuropecareers.com
1a. Data Protection Officer (DPO) — Assessment Statement
DPO Obligation Assessed — Not Currently Mandatory
MED-EUROPE CAREERS has formally assessed its obligation to appoint a Data Protection Officer (DPO) under Article 37 GDPR. The assessment was conducted with reference to the criteria set out in Article 37(1)(a)–(c) GDPR and the guidance of the European Data Protection Board (EDPB).
Assessment Findings
| Article 37(1) Criterion | Applies? | Reasoning |
|---|---|---|
| (a) Public authority or body | No | MED-EUROPE CAREERS is a private educational consultancy |
| (b) Large-scale systematic monitoring of individuals | No | Processing is limited to applicants and enquirers; no systematic tracking or profiling |
| (c) Large-scale processing of special category data | Limited | Health data processed only in isolated cases for specific university admissions — not at large scale. Explicit consent obtained each time (see Section 3) |
Current Position
Based on the assessment above, the formal appointment of a DPO is not currently mandatory under Article 37(1) GDPR. This position is reviewed annually or whenever our processing activities change materially.
Privacy Point of Contact
While a formal DPO is not required, all data protection queries and subject access requests are handled by our designated privacy contact:
Email: support@medeuropecareers.com
Subject: PRIVACY / DATA PROTECTION
Review Commitment: Should our processing activities expand — including any large-scale processing of health or other special category data — we will appoint a qualified DPO and register them with the Landesbeauftragte für den Datenschutz Niedersachsen (LfD Niedersachsen) without delay.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
a) Identity & Contact Information
- Full name
- Date of birth
- Nationality
- Address
- Email address
- Phone number
b) Education & Application Data
- Academic records
- Certificates, transcripts, diplomas
- Personal statements and CVs
- University and programme preferences
c) Identification & Supporting Documents
- Passport or ID copies
- Language certificates
- Medical certificates (where required for admission)
d) Communication Data
- Emails, phone calls, messages
- Application correspondence
- Notes relating to admissions or support services
e) Technical Data
- IP address
- Browser type
- Website usage data (cookies, analytics)
3. Special Category Data
Sensitive Data — Explicit Consent Required
Special category data (Article 9 GDPR) — including health information, disability status, or medical history — receives the highest level of protection under GDPR. We will never collect or process such data without first obtaining your freely given, specific, informed, and unambiguous written consent.
When We May Process Special Category Data
We process special category data only where all of the following conditions are met:
- The data is strictly required for a specific university admission process (e.g., a medical fitness certificate required by the institution), and
- You have provided explicit written consent prior to any collection (see consent procedure below), or
- Processing is necessary for reasons of substantial public interest or a legal obligation under EU or German law (Article 9(2)(g) GDPR), in which case you will be notified in advance.
Explicit Written Consent Procedure
Before any special category health data is collected, we follow this documented procedure:
Step 1
Written Notice
You receive a clear written notice specifying exactly what health data is needed, why it is required, who it will be shared with, and how long it will be retained.
Step 2
Explicit Consent Form
You sign or digitally confirm a separate, specific consent form for this data category. Consent for special category data is never bundled with general terms or pre-ticked.
Step 3
Right to Withdraw
You may withdraw consent at any time by contacting support@medeuropecareers.com. Withdrawal will not affect the lawfulness of processing before withdrawal.
No consent = no collection. If you do not provide explicit consent for special category data, we will not collect it. Where such data is mandatory for a particular university application, we will inform you and help you explore alternative options.
4. How We Use Your Personal Data
We process personal data only where lawful under GDPR. Our legal bases include consent, contractual necessity, legal obligation, and legitimate interest. Your data may be used to:
| Purpose | Legal Basis |
|---|---|
| Process applications and admissions | Contract |
| Communicate with universities and institutions | Contract / Consent |
| Provide advisory and support services | Contract |
| Liaise with partners on your behalf | Consent |
| Contact guardians/representatives (where relevant) | Legitimate interest |
| Improve website and services | Legitimate interest |
| Comply with legal obligations | Legal obligation |
5. Sharing of Personal Data
We do not sell or rent personal data.
Your personal data may be shared only with:
- Universities, colleges, medical schools, veterinary schools
- Education and training institutions you apply to
- Official bodies and authorities (if required or instructed)
- Trusted service providers acting under confidentiality agreements
All recipients are required to process data in compliance with GDPR.
6. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Adequacy decisions by the European Commission, or
- Standard Contractual Clauses (SCCs)
7. Data Retention
We retain personal data only for as long as necessary and in accordance with the specific periods set out below. After the applicable period expires, data is securely deleted or anonymised unless a legal obligation requires longer retention.
| Data Category | Retention Period | Legal Basis / Reason |
|---|---|---|
| Enquiry & contact form data | 12 months | Legitimate interest — follow-up support |
| Application & admission documents | 5 years | Contractual obligation; legal requirement (§ 257 HGB) |
| Special category health data | Until admission confirmed, max. 6 months thereafter | Explicit consent; deleted immediately on withdrawal |
| Financial & invoice records | 10 years | Statutory obligation (§ 147 AO — German Tax Code) |
| Marketing & newsletter consent records | Until opt-out, then 3 years (proof of consent) | Consent; legal obligation to document opt-in |
| Website analytics / cookies | 13 months (analytics cookies) | Consent; CNIL/GDPR standard maximum |
| Support & communication records | 3 years from last contact | Legitimate interest; limitation period (§ 195 BGB) |
You may request early deletion of your personal data at any time by emailing support@medeuropecareers.com with subject line ERASURE REQUEST. We will action eligible requests within 30 days, subject to any overriding legal retention obligation.
8. Data Security
MED-EUROPE CAREERS implements appropriate technical and organisational security measures, including:
- Access controls
- Secure storage systems
- Confidentiality obligations
- Data minimisation principles
Despite best efforts, no online system can be guaranteed 100% secure.
9. Your Rights Under GDPR
You have the following rights under GDPR:
Right of access
Obtain a copy of your data
Right to rectification
Correct inaccurate data
Right to erasure
("right to be forgotten")
Right to restrict processing
Limit how we use your data
Right to data portability
Transfer your data elsewhere
Right to object
Object to processing
Right to withdraw consent
Withdraw consent at any time
Right to lodge a complaint
You have the right to lodge a complaint with your national supervisory authority. In Germany: Die Landesbeauftragte für den Datenschutz Niedersachsen (LfD Niedersachsen), Prinzenstraße 5, 30159 Hannover.
Requests can be made by contacting us at support@medeuropecareers.com
We will respond within one month, as required by law.
10. Cookies & Website Analytics
Our website may use cookies and similar technologies to:
- Improve functionality
- Analyse traffic
- Enhance user experience
You can manage cookie preferences through your browser settings or cookie banner.
11. Communication & Marketing
We may contact you regarding:
- Applications and admissions
- Educational and support services
- Relevant opportunities linked to your engagement
You may opt out of non-essential communications at any time.
12. Changes to This Privacy Policy
MED-EUROPE CAREERS may update this Privacy Policy periodically.
Any changes will be published on our website and will not apply retroactively unless required by law.
13. Contact & Opt-Out
To unsubscribe from communications or exercise your data rights, please email:
support@medeuropecareers.com
Subject line: PRIVACY REQUEST or UNSUBSCRIBE