1. Overview

The International Education Management Agency (IEMA) is a global infrastructure platform enabling structured collaboration across governments, universities, institutions, and stakeholders in higher education.

We are committed to data minimization and privacy by design. This Privacy Notice applies exclusively to activity on this website (iema.org.uk).

For information about data handling practices related to IEMA applications, partnerships, events, and ecosystem engagement, please refer to our separate Data Protection Policy.

2. What This Website Does Not Collect

This website operates under a principle of strict data minimization:

• No personal data collection - We do not capture names, email addresses, or identifying information through website interaction.
• No analytics or tracking - We do not use Google Analytics, Hotjar, Mixpanel, or similar technologies to monitor user behavior.
• No cookies - We do not use cookies for profiling, advertising, analytics, or tracking purposes.
• No IP address logging - We do not store or analyze IP addresses for user identification or behavioral tracking.
• No advertising technology - We do not use retargeting pixels, conversion tracking, or third-party advertising networks.

The website is designed as a static information platform. No tracking occurs during your visit.

3. Limited Server Logs

Web hosting infrastructure may generate standard server logs (request timestamps, page accessed, response status). These logs:

• Are retained for 30 days maximum for security purposes only.
• Are not analyzed for behavioral patterns or user profiling.
• Are not shared with third parties.
• Do not include tracking cookies or identifiers.

Server logs are technical security records only, not personal data collection.

4. How to Communicate with IEMA

If you wish to contact IEMA or explore partnership opportunities, communication occurs directly via email:

• Partnerships:
  partnerships@iema.org.uk
• Investment & Capital:
  invest@iema.org.uk

Email correspondence is governed separately under our Data Protection Policy. Any information you provide via email will be handled according to that policy.

5. External Links & Third-Party Websites

This website may contain links to external resources, partner institutions, and third-party platforms. IEMA is not responsible for the privacy practices of external websites.

We recommend reviewing the privacy notices of any third-party site before providing personal information.

6. Document Downloads

This website offers downloadable documents (CIIF framework, impact plans, reports). Downloading does not require registration or data collection:

• No account creation required.
• No email capture for downloads.
• No tracking of download activity.

7. Your Rights

Since this website does not collect personal data, rights to access, correction, or deletion do not apply here. However:

• If you have contacted IEMA via email, you may request access to or deletion of your correspondence under our Data Protection Policy.
• You have the right to browse this website without any tracking or profiling.

8. Legal Compliance

IEMA operates in compliance with:

• GDPR (General Data Protection Regulation) - EU data protection standards.
• UK Data Protection Act 2018 - UK data protection framework.
• International Data Protection Standards - Commitment to responsible data stewardship globally.

This website's data minimization approach exceeds legal requirements-we collect no personal data, eliminating compliance friction entirely.

9. Changes to This Notice

IEMA may update this Privacy Notice as our operations evolve. We will update the Effective Date at the top of this document when material changes occur.

Continued use of the website following changes indicates acceptance of the updated notice.

10. Contact & Enquiries

If you have questions about this Privacy Notice or IEMA's approach to data protection, contact us at

1. Scope & Applicability

This policy applies to all personal data processed by IEMA in connection with its operations: institutional partnerships, learner pathways, ecosystem intelligence, and impact measurement.

2. Data Protection Principles

IEMA commits to these core principles:

• Lawfulness, Fairness, Transparency: Data processing is lawful, fair, and transparent
• Purpose Limitation: Data used only for specified, legitimate purposes
• Data Minimisation: Only necessary data collected; excess data not retained
• Accuracy: Personal data is kept accurate and updated
• Storage Limitation: Data kept only as long as necessary
• Integrity & Confidentiality: Data protected from unauthorised access, disclosure, and damage
• Accountability: IEMA demonstrates compliance and responsibility

3. Data Controller & Processor Roles

IEMA (Data Controller): Determines purposes and means of data processing; responsible for compliance and individual rights.

Partner Institutions (Data Processor/Co-Controller): Process learner data under IEMA direction; jointly responsible for some compliance obligations.

4. Data Subjects' Rights

All individuals have rights over their personal data:

• Right to be informed (transparent privacy notices)
• Right of access (request copy of data)
• Right to rectification (correct inaccurate data)
• Right to erasure (delete data, with exceptions)
• Right to restrict processing (limit how data is used)
• Right to data portability (receive and transfer data)
• Right to object (to processing under certain circumstances)
• Rights related to automated decision-making (human review rights)

5. Data Storage & Processing Systems

Your data is securely managed through trusted, enterprise-grade platforms that meet international security and compliance standards.

5.1 Storage Platforms

• Enterprise Database Systems: Structured data management for applicant, partner, and institutional information with role-based access controls
• Email Communication Systems: Encrypted email communication (encryption in transit and at rest)
• Secure Cloud Storage: Encrypted file storage for documents and agreements with redundancy and backup protocols

5.2 Processing & Workflow Tools

• Workflow Automation Systems: Automated process management for event coordination and programme logistics
• Enterprise Videoconferencing Platforms: Secure video meetings for interviews, convenings, and collaboration with encryption end-to-end
• Advanced Analysis Tools: Limited use of AI-assisted analysis for internal process optimization only (never applied to sensitive personal data)

5.3 Access Controls

• Access is strictly restricted to core IEMA operational teams
• Access is role-based - team members access only what is necessary for their function
• All systems require authentication (passwords, multi-factor authentication)
• All data access is logged and auditable

6. Data Security

IEMA implements appropriate technical and organisational security measures:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Multi-factor authentication for all personnel
• Regular security audits and penetration testing
• Incident response protocols and breach notification procedures
• Data minimisation: only collect and retain necessary information
• Backup and disaster recovery systems to ensure business continuity

7. International Data Transfers

When personal data is transferred outside the country of origin, IEMA ensures transfers comply with applicable data protection laws. Transfers are made only under one of the following lawful mechanisms: adequacy decisions, Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or documented consent.

8. Data Subject Rights Requests

Individuals may submit requests to exercise their data protection rights. IEMA processes requests in accordance with applicable law, typically within 30 days. Requests should be submitted to privacy@iema.org.uk with clear identification and specificity.

9. Exercising Your Data Rights

To exercise your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws, individuals may contact IEMA directly at privacy@iema.org.uk. IEMA will respond to all legitimate requests in accordance with applicable data protection laws.

10. Data Protection Governance

IEMA maintains a data protection governance structure with named responsibilities, regular training, and documented procedures. A Data Protection Officer (DPO) or equivalent senior officer oversees compliance and investigates concerns. All staff handling personal data receive mandatory data protection training.

11. Complaints & Legal Recourse

Individuals who believe IEMA has violated their data protection rights may lodge a formal complaint with their national data protection authority or pursue legal remedies under applicable law.

12. Policy Review & Updates

This policy is reviewed annually and updated to reflect operational changes, regulatory updates, and best practices. Material changes are communicated to affected individuals.