WhatsApp

Privacy Policy

Effective Date: 13 March 2026

Statements-Bridge.co.uk (“the Platform”, “the Website”,“we”, “us”, or “our”) is committed to protecting the privacy and personal data of individuals who use our learning-support platform. This Privacy Policy explains how we collect, use, store, and protect personal data when you access or use our Website and related services.

This Privacy Policy should be read together with our Terms and Conditions and Cookie Policy, which explain additional aspects of how the Platform operates. By accessing or using Statements-Bridge.co.uk, you confirm that you have read and understood this Privacy Policy.

1. Data Controller

For the purposes of UK data protection law, the data controller responsible for your personal data is CoStudy OÜ (registered in Estonia). CoStudy OÜ determines the purposes and means of processing personal data collected through the Platform.

Because the Platform operates internationally and is based in Estonia, personal data may be processed outside the UK in accordance with applicable safeguards described in this Policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed when:

  • You access or browse Statements-Bridge.co.uk
  • You submit service requests through the Platform
  • You communicate with Tutors or support staff
  • You interact with our customer support or administrative services

The Platform is intended for adult Users aged 18 years or older. It may be used by:

  • Individual consumers seeking learning-support services
  • Business or institutional Users engaging with the Platform

Our services are accessible to Users located in the United Kingdom and other international jurisdictions. This Policy explains how personal data is handled in those contexts.

3. Personal Data We Collect

We collect personal data necessary to operate the Platform and provide learning-support services.

Personal data may be collected directly from you, automatically through your use of the Website, or indirectly from authorised third-party sources.

3.1 Information You Provide Directly

When you use the Platform, you may provide personal information such as:

  • Contact Information: name, telephone number, email address
  • User-Submitted Materials: instructions for learning-support services, files submitted through the Platform, supporting research materials or academic guidelines
  • Communications: messages exchanged with Tutors, correspondence with customer support, feedback or service reviews

Payments are processed securely through external payment providers (e.g., payment gateways or digital payment services). The Platform does not store full card details. We may receive limited transactional information such as:

  • Payment confirmation
  • Billing reference numbers
  • Transaction status

3.2 Information Collected Automatically

When you access the Platform, certain technical and usage information may be collected automatically, including:

  • Internet Protocol (IP) address
  • Browser type and version
  • Device identifiers and operating system
  • Website navigation behaviour (pages viewed, time spent on pages)
  • Referring URLs or traffic sources
  • Approximate geographic location derived from IP data
  • System logs used for security monitoring and diagnostics

This information helps us maintain website functionality, monitor security, and improve service performance.

3.3 Information Collected Indirectly

In limited circumstances, we may obtain personal data from third parties, including:

  • Payment service providers confirming transactions
  • Fraud-prevention or identity-verification services
  • Technical service providers assisting with analytics or website performance monitoring

Any such data is processed only where legally permitted and for purposes consistent with this Privacy Policy.

4. Legal Bases for Processing Personal Data

Under the UK General Data Protection Regulation (UK GDPR), we process personal data only where a valid legal basis applies.

Depending on the circumstances, personal data may be processed on the following legal bases:

4.1 Performance of a Contract

Processing is necessary to provide the services requested through the Platform, including:

  • Processing requests and submitted materials
  • Facilitating communication between Users and Tutors
  • Providing customer support
  • Managing payments and service delivery

Without processing this information, the Platform would not be able to deliver its services.

4.2 Legitimate Interests

We may process personal data where it is necessary for our legitimate business interests, provided that such interests are not overridden by the rights and freedoms of Users.

These interests include:

  • Maintaining and improving the functionality of the Platform
  • Detecting and preventing fraud or misuse of services
  • Monitoring system performance and website security
  • Responding to User inquiries or complaints
  • Administering internal business operations

Where legitimate interests are relied upon, appropriate safeguards are applied to protect User rights.

4.3 Compliance with Legal Obligations

In certain situations, we may be required to process personal data in order to comply with applicable legal or regulatory obligations, including:

  • Financial recordkeeping and tax obligations
  • Compliance with lawful requests from authorities
  • Enforcement of legal claims or dispute resolution

4.4 Consent

In limited circumstances, personal data may be processed on the basis of User consent.
Examples may include:

  • Optional marketing communications
  • Non-essential cookies or analytics technologies

Where consent is used as the legal basis, Users have the right to withdraw consent at any time.

5. Purposes of Data Processing

Personal data collected through the Platform may be used for the following purposes:

  • Service Provision: processing requests for learning-support services, delivering requested support materials and communications
  • Payment Processing: confirming payments through third-party providers, maintaining transaction records for accounting and compliance purposes
  • Communication: responding to inquiries or customer service requests, sending important service-related notifications, managing communications between Users and Tutors
  • Platform Improvement: analysing how Users interact with the Platform, monitoring system performance and reliability, improving website functionality
  • Security and Fraud Prevention: detecting suspicious activity or misuse, protecting the integrity of the Platform and its Users
  • Legal and Regulatory Compliance: enforcing contractual rights, managing disputes or claims involving the Platform

6. What Personal Data Is Mandatory

Certain personal data is required in order to use the services offered through the Platform. This may include:

  • Contact information needed to place a service request
  • Information required to process requests
  • Payment confirmation data necessary to complete transactions

If required information is not provided, it may not be possible to create a request or deliver services. Providing other information, such as optional feedback or communications, is voluntary.

7. Data Sharing and Third-Party Recipients

We do not sell personal data to third parties. However, personal data may be shared with selected service providers and partners where necessary to operate the Platform. Such recipients may include:

7.1 Payment Service Providers

Payment processors are used to complete transactions securely. These providers process payment details directly and operate under their own privacy policies.

7.2 Technical and Hosting Providers

Third-party providers are responsible for:

  • Website hosting
  • Infrastructure and cloud services
  • Technical support and maintenance

These providers process data only in accordance with contractual agreements and appropriate confidentiality obligations.

7.3 Tutors and Service Providers

When Users submit requests for learning-support services, certain information may be shared with Tutors or service providers involved in fulfilling the request. Only the information necessary to complete the service is shared.

7.4 Professional Advisors

Where necessary, personal data may be shared with professional advisers such as accountants or auditors in connection with legitimate business operations.

7.5 Authorities and Legal Obligations

Personal data may be disclosed to regulatory bodies, law enforcement authorities, or courts where required by law or necessary to protect legal rights.

8. International Data Transfers

As Statements-Bridge.co.uk is based in Estonia, personal data processed through the Platform may be transferred to and processed within the European Economic Area (EEA).

Where personal data of UK Users is transferred outside the United Kingdom, such transfers will only occur where appropriate safeguards are in place, including where applicable:

  • Transfers to jurisdictions that benefit from an adequacy decision under UK data protection law
  • Use of standard contractual clauses or other recognised safeguards
  • Transfers necessary for the performance of a contract with the User

Where third-party service providers process data on our behalf outside the UK, contractual safeguards are implemented to ensure that personal data receives a level of protection consistent with UK data protection requirements.

9. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including legal, contractual, and operational requirements. Retention periods may vary depending on the nature of the data and the purpose of processing.

9.1 Service-Related Data Retention Period

Information related to service requests, communications with Tutors, and submitted materials may be retained for the duration of the service relationship and for up to 30 days afterward to address potential complaints or legal claims.

9.2 Financial and Transaction Records Retention Period

Payment and transaction records may be retained for up to 60 days where required for accounting, taxation, or regulatory compliance.

9.3 Customer Support Records Retention Period

Correspondence with customer support may be retained for a 30-day period necessary to manage disputes, maintain service quality, and improve operations. When personal data is no longer required for these purposes, it is securely deleted, anonymised, or aggregated where appropriate.

10. User Rights Under UK GDPR

Users located in the United Kingdom have certain rights regarding their personal data under the UK General Data Protection Regulation (UK GDPR). These rights may include:

  • Right of Access: Users may request confirmation of whether their personal data is being processed and obtain a copy of that information.
  • Right to Rectification: Users may request correction of inaccurate or incomplete personal data.
  • Right to Erasure: in certain circumstances, Users may request deletion of their personal data where there is no lawful basis for continued processing.
  • Right to Restriction of Processing: Users may request that the processing of their personal data be restricted under specific circumstances.
  • Right to Data Portability: where processing is based on consent or the performance of a contract and carried out by automated means, Users may request a copy of their personal data in a commonly used format.
  • Right to Object: Users may object to the processing of their personal data where such processing is based on legitimate interests or used for direct marketing.
  • Right to Withdraw Consent: where processing is based on consent, Users may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Requests relating to these rights may be submitted using the contact details provided in this Privacy Policy.

11. Security Measures

The Platform implements appropriate technical and organisational measures designed to protect personal data from unauthorised access, loss, misuse, or disclosure. Such measures may include:

  • Secure data storage systems
  • Encryption of data transmissions where appropriate
  • Access controls limiting data access to authorised personnel
  • Monitoring and detection systems for potential security threats
  • Regular review of security procedures and safeguards

While reasonable safeguards are implemented, no online platform can guarantee complete security of transmitted data. Users are encouraged to take appropriate precautions when accessing online services.

12. Automated Decision-Making

The Platform does not engage in automated decision-making or profiling that produces legal or similarly significant effects for Users.

Certain automated processes may be used for operational purposes, such as:

  • fraud detection
  • security monitoring
  • platform performance analysis
  • basic service automation (including request management or communication routing)

These processes are used solely to support platform operations and do not produce decisions that significantly affect Users’ legal rights or contractual status. Where automated tools assist in platform security or fraud detection, appropriate safeguards are implemented, including human oversight where necessary.

14. Children’s Data

Statesments-Bridge.co.uk is intended exclusively for individuals aged 18 years or older.

The Platform does not knowingly collect or process personal data relating to individuals under the age of 18. If the we become aware that personal data belonging to a minor has been collected through the Platform, reasonable steps will be taken to delete such information without undue delay.

Parents or guardians who believe that a minor may have provided personal information through the Platform may request removal by contacting us using the contact details provided in this Privacy Policy.

15. Updates to This Privacy Policy

We may update or modify this Privacy Policy from time to time in order to reflect:

  • changes in applicable law or regulatory requirements
  • improvements to the Platform or service functionality
  • updates to third-party service providers or processing practices
  • changes in data protection practices

Where significant changes are made, Users may be notified through appropriate means, such as notices displayed on the Platform, updates communicated through registered account email addresses, and revised policy publication on the Website.

The Effective Date displayed at the beginning of this Privacy Policy indicates the date on which the current version became effective. Previous versions of the Privacy Policy may be retained for transparency and recordkeeping purposes. Continued use of the Platform following the publication of an updated Privacy Policy indicates acknowledgement of the updated terms.

16. Complaints and Regulatory Authority

If a User believes that their personal data has been processed in a manner that does not comply with applicable data protection law, they have the right to lodge a complaint with the relevant supervisory authority. For Users located in the United Kingdom, complaints may be submitted to the Information Commissioner’s Office (ICO). Information about submitting a complaint can be found on the ICO website: https://ico.org.uk.

Users are encouraged to contact us first so that concerns can be addressed promptly and effectively.

17. Contact Information

For questions, requests, or concerns relating to this Privacy Policy or the processing of personal data, Users may contact Statements-Bridge using the following details:

We will take reasonable steps to verify the identity of individuals submitting data protection requests before providing access to personal data or implementing requested changes. Requests relating to personal data rights are generally addressed within the timeframes required under applicable data protection law.