Privacy Policy

UKDiss is a website belonging to Business Bliss Consultants FZE, which acts as the Controller of your personal data. We can be contacted using the details given at the bottom of this page.

This privacy policy tells you what to expect when we collect and process your personal data, the rights that are available to you, and how you can exercise them.

Legal basis for data processing

We process your personal data based on the following legal grounds, as permitted the relevant data protection laws:

  • Consent: We rely on your explicit consent to process your personal data for specific purposes, such as sending you marketing communications. You have the right to withdraw your consent at any time.
  • Contractual necessity: We process your personal data to fulfil our contractual obligations to you, including processing your orders, providing services, and managing your account. This processing is necessary to perform the contract between you and us.
  • Legal obligation: We may process your personal data to comply with legal obligations, such as maintaining records for tax purposes or responding to lawful requests from public authorities.
  • Legitimate interests: We process your personal data when it is in our legitimate interests to do so, provided that these interests are not overridden by your rights and freedoms. Our legitimate interests include:
    • Marketing communications: To send you marketing communications about our services, including offers and promotions, if you have shown an interest in our services (e.g., by making an inquiry) or if you have previously placed an order with us. You have the right to opt out of such communications at any time.
    • Fraud prevention: To protect our business and customers from fraudulent activities, we may retain and process data to prevent and detect fraud.
    • Copyright protection: To safeguard the intellectual property rights of our writers, we retain copies of work delivered to you and monitor its use.
    • Business continuity: To provide continuity in our services, including maintaining records of your interactions and transactions with us, and improving our services based on your feedback.
  • Public interest: We may process your personal data if it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Vital Interests: We may process your personal data to protect your vital interests or those of another individual in situations where consent cannot be obtained.

Consent and your preferences

We rely on your explicit consent for certain types of data processing and legitimate interests for others, such as sending you marketing communications. We are committed to ensuring that your consent is given freely, is specific to the processing activity, and is informed. Additionally, where we rely on legitimate interests to process your data, we ensure that these interests are balanced against your rights and freedoms.

  • Giving consent: When you provide your personal data, such as when you create an account, place an order, or sign up for marketing communications, you will be asked to give your consent for specific uses of your data where required by law. This consent will be clear and unambiguous, and you will be informed about the exact purposes for which your data will be processed.
  • Withdrawing consent: You have the right to withdraw your consent at any time. If you no longer wish to receive marketing communications from us, or want to change your preferences, you can easily update your marketing preferences in the account area of our website. Alternatively, you can withdraw your consent by contacting us directly at [email protected]. Upon receiving your request, we will promptly update your preferences to ensure that your data is no longer processed for the purposes you have withdrawn consent for.
  • Legitimate interests and opting out: In certain cases, we may send you marketing communications based on our legitimate interests, particularly if you have shown an interest in our services or have previously placed an order with us. You have the right to object to the processing of your personal data for marketing purposes at any time, and you can opt out by updating your preferences in your account or by contacting us.
  • Effect of withdrawing consent or opting out: Withdrawing your consent or opting out of marketing communications does not affect the lawfulness of any processing based on your consent or our legitimate interests before its withdrawal. However, it may impact the services we can provide to you, especially if the processing was necessary to provide those services.
  • Recording and managing consent and preferences: We keep detailed records of the consents you have given, any changes you have made to your preferences, and any objections you have raised. This allows us to respect your choices and ensure compliance with the relevant data protection laws.

What we do with your data

We will never sell your personal data for any reason. However, it may be necessary to transfer your data to third-party processors for specific purposes, as outlined below. These processors act on our behalf and under our instructions, and they are contractually obligated to adhere to the same data protection standards that we uphold in compliance with the relevant data protection laws.

Essential data

To create an online account so you can manage and download your orders, we generate a unique identifier and use your email address as a username.

When placing an order, you will be asked to provide your name, email address, and phone number. This information is essential for us to contact you regarding your order, such as to clarify requirements or provide updates.

To process your order properly, we also need to keep details about the assignment you are asking us to complete, as well as any files you have uploaded to your order. We strongly recommend that you remove all personal data from any files you upload. However, if personal data is included, we will take steps to anonymise it before passing it on to our writers, who act as processors. The final responsibility for anonymising your files lies with you.

Some of your data is processed by a company called Text, Inc., which acts as a processor providing a live chat and ticket management system that helps us manage customer communications more efficiently. The specific services we use are ChatBot, LiveChat, and HelpDesk. These processors are contractually bound to comply with the relevant data protection laws. You can read their privacy policy here.

In instances where a file is too large to upload to our database, we may ask you to use a service called WeTransfer to send it to us. These files remain on WeTransfer's servers for 28 days, after which they are automatically deleted. You can read WeTransfer's privacy policy here.

Payment processing

We use third-party payment providers, including Checkout.com and Telr, as processors to handle payments securely. When you make a payment, your payment details are processed by these providers, who may collect, process, and store your data in accordance with their own privacy policies. These providers are contractually obligated to comply with the relevant data protection laws.

We do not store any credit/debit card details ourselves. However, we do have access to certain identity information that you provide as part of the checkout process, such as the name on the payment card. This information is used solely for the purpose of preventing fraud and ensuring the security of transactions. The lawful basis for processing this identity information is our legitimate interest in preventing fraud and ensuring secure transactions.

We take all necessary measures to ensure that your personal data is processed securely and in accordance with the relevant data protection laws. This includes implementing appropriate technical and organisational measures to protect your data during transmission and storage. For more information on how your payment data is handled, please review the privacy policies of our payment providers: Checkout.com's privacy policy and Telr's privacy policy.

Marketing

If you have explicitly consented to receive direct marketing from us, or if you have made an enquiry or ordered from us in the past, we may use your name and email address to send you offers and promotions about the services we provide. The lawful basis for this processing may be your consent or our legitimate interest in maintaining a relationship with our customers and supporting business growth. We use services called Mailchimp and Brevo, both of which act as processors, to manage and send these communications. You can read Mailchimp's privacy policy here and Brevo’s privacy policy here.

Similarly, we may use your name and phone number to text you about offers and promotions that we are currently running. This is done using services like Esendex or Twilio, both of which act as processors. You can read Esendex's privacy policy here and you can read Twilio's privacy policy here.

If you choose to opt-in to receive push notifications, we use a service called OneSignal to send you these via your customer control panel. OneSignal acts as a processor. You can view the OneSignal privacy policy here.

All third-party processors are contractually obligated to comply with the relevant data protection laws, ensuring that your data is handled in accordance with the highest standards of security and privacy.

We will only ever call you about an existing service you have asked us to provide or to discuss something important related to your account.

You have the right to opt out of receiving marketing communications at any time by updating your preferences in your account or by contacting us directly. Withdrawing consent or opting out will not affect the lawfulness of processing based on consent or legitimate interests before its withdrawal.

Feedback

After we have completed your order, we may pass your name, email address, order number, and localisation data to a company called Reviews.co.uk, which acts as a processor to provide an independent product review service. The lawful basis for this processing is our legitimate interest in obtaining feedback to improve our services and maintain transparency with our customers.

Reviews.co.uk will then email you, asking for feedback on your order. Any feedback you provide may be posted publicly on the Reviews.co.uk website. You have the option to provide feedback anonymously if you prefer. You can read Reviews.co.uk's privacy policy here.

All third-party processors, including Reviews.co.uk, are contractually obligated to comply with the relevant data protection laws, ensuring that your data is handled securely and in compliance with the highest standards of privacy.

You have the right to object to this processing at any time. If you prefer not to be contacted for feedback purposes, you can opt out by contacting us directly.

Other purposes

Coupon administration: Sometimes, we offer coupons to individual customers for use with future orders. To ensure that only the intended recipient of the coupon can use it, we store their email address alongside the coupon details. These email addresses are not used for anything other than the administration of coupons. The lawful basis for this processing is our legitimate interest in ensuring the proper use of promotional offers.

IP address storage: When you place an order, our system stores your IP address. This address is used to determine your time zone so that we can contact you during hours that are convenient for you. Additionally, your IP address is used to identify if a customer is using multiple accounts to place orders, which helps prevent fraudulent activities. The lawful basis for processing this data is our legitimate interest in providing appropriate customer service and preventing fraud.

Fraud prevention and payment verification: In rare cases, if our payment provider places your payment on hold and requests verification, we may ask for documents to prove you are the cardholder. This is to prevent fraudulent transactions, such as payments made with stolen card details. You can choose to provide the requested documents, or we can cancel the payment, allowing you to select another payment method or make alternative arrangements. The lawful basis for this processing is our legitimate interest in preventing fraud and ensuring secure transactions.

Legal archiving: To establish the facts in case of a legal dispute, we archive any data that might be relevant to the negotiation or performance of a contract (for example, messages or order instructions). Access to this archived data is strictly controlled so that only a few privileged employees can access it, and it is used only for the specific purpose of supporting a legal case. Some of this data may be shared with our legal counsel in the unlikely event of a dispute. The lawful basis for this processing is our legitimate interest in defending and pursuing legal claims.

Automated decision-making and profiling

We do not use automated decision-making, including profiling, in any of our data processing activities.

Business transfers

In the event that UKDiss or substantially all of its assets are acquired by a third party, personal data held by us about our customers will be one of the transferred assets. Such a transfer will be subject to the commitments we have made in this privacy policy, and the acquiring party will be required to treat your personal data in accordance with the terms set forth herein.

Cookies

Our websites use cookies to enhance your experience, ensure the smooth operation of our services, and provide us with insights into how our website is being used. Cookies are small text files stored on your device that help us remember your preferences and understand how you interact with our website.

For more detailed information about the types of cookies we use, why we use them, and how you can manage your cookie preferences, please read our cookie policy.

Your rights

As the Controller of your personal data, we are committed to ensuring that your rights are respected and upheld in accordance with the relevant data protection laws. You have the following rights concerning your personal data:

  • Right to access: You can request access to any personal data that we hold about you. This allows you to receive a copy of the personal data we hold and check that we are lawfully processing it.
  • Right to rectification: You have the right to request that we correct any inaccuracies or incomplete data that we hold about you, ensuring that your personal data is accurate and up to date.
  • Right to erasure: You can request the deletion of your personal data where there is no longer a legitimate reason for us to continue processing it. This right is sometimes referred to as the "right to be forgotten." However, please note that this right is subject to certain legal obligations and legitimate interests that may require us to retain your data (e.g., for fraud prevention, copyright protection, or legal defence).
  • Right to restrict processing: You can request that we temporarily stop processing your personal data under certain circumstances, such as if you contest the accuracy of the data, object to our processing activities, or if the processing is unlawful and you oppose the erasure of your data but request its restriction instead.
  • Right to object: You have the right to object to the processing of your personal data in certain circumstances, including where we process your data based on legitimate interests or for direct marketing purposes. If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
  • Right to data portability: Where your data is processed by automated means and based on your consent or a contractual necessity, you have the right to request a copy of your personal data. While we will provide this data in a structured and commonly used format to the extent possible, please note that due to the nature of our custom database, we may not be able to transfer your data directly to another controller. However, we are committed to working with you to provide your data in the most accessible format available.
  • Right to withdraw consent: Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: If you are not satisfied with how we have handled your personal data or if you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant data protection authority.

To exercise any of your rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within one calendar month after verifying your identity.

How we keep your data safe

We use a variety of technical and organisational measures to ensure that your personal data is stored and transmitted securely. For example, we use encryption diligently whenever personal data is being transmitted to a third party, and we perform regular backups to safeguard against data loss.

All of our core database functionality, including most of your personal data, is stored using Amazon Web Services (AWS), which acts as a Processor. AWS is certified to be ISO 27001 compliant, which is recognised as the gold standard in information security. This certification ensures that your personal data is secure and protected to the highest standards.

We regularly review our security practices to ensure that they comply with the latest legal requirements and industry standards. In addition to encryption and backup measures, we also implement access controls, regular security audits, and incident response protocols to protect your data.

If you communicate with us by email over the Internet, please be aware that the nature of the Internet is such that unencrypted communication may not be secure and may pass through several different countries en route to us. We strongly advise against emailing us with confidential or sensitive information, such as your credit card details. While we take all reasonable precautions to protect your data, we cannot accept responsibility for unauthorised access to your information that is outside our control.

International data transfers

We may transfer your personal data to countries outside of the United Arab Emirates (UAE) for processing, storage, and other necessary business operations. In such cases:

  • Adequate protection: We will only transfer your personal data to countries or organisations that are recognised as having data protection standards comparable to those of the UAE. Alternatively, we may rely on appropriate safeguards, such as binding corporate rules or standard contractual clauses, to protect your personal data in accordance with the relevant data protection laws.
  • Explicit consent: Where the above conditions are not met, we may transfer your personal data based on your explicit consent. You will be informed of the potential risks involved in such transfers before giving your consent.
  • Legal requirements: We may also transfer your data outside the UAE if required by law, if necessary to fulfil contractual obligations between you and us, or if the transfer is necessary for the establishment, exercise, or defence of legal claims.

Data retention, archiving, and deletion

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, such as providing services, gathering feedback, complying with legal obligations, and protecting intellectual property rights. Given the nature of our business, certain types of data are retained for extended periods to ensure continuity in client relationships and to safeguard against potential copyright infringements.

Retention Criteria

When determining our retention policy for any type of data, we use the following criteria:

  • Ongoing relationships: We retain your data for as long as you continue to engage with our services. This includes maintaining records of your interactions and transactions to support you throughout your educational journey, which may span several years.
  • Copyright protection: The work we supply is protected by copyright, which is held by our writers. To safeguard these rights and prevent unauthorised use or infringement of our intellectual property, we retain copies of the work delivered to you indefinitely. This retention is necessary to monitor potential copyright breaches and to manage any disputes related to the ownership and use of the work.
  • Fraud prevention and legal defence: In cases where there is a history of misrepresentation, fraudulent activity, breaches of contract, or attempts to obtain services by deception, we may retain your data indefinitely to protect our legitimate interests. This includes retaining data for potential legal action, investigation, or to prevent future fraudulent activity. Data may also be retained to defend against potential legal claims or to pursue legal action against individuals or entities that attempt to defraud us.
  • Legal obligations: We retain personal data as necessary to comply with legal obligations, such as maintaining financial records for tax purposes. This includes adhering to statutory retention periods required by law.
  • Client reinstatement: Archived account data can be reinstated if you return to use our services. Therefore, we securely archive your account and related data after four years of inactivity. This data is retained indefinitely unless deletion is specifically requested and permitted under the law.

Specific retention periods

  • Account information: We retain your account information, including your name, email address, and order history, for as long as your account is active. Archived account data is retained indefinitely to facilitate reinstatement if you return to use our services.
  • Payment information: We retain payment information for seven years to comply with financial and tax regulations. This includes details related to transactions and any documents provided for payment verification.
  • Order files and correspondence: Files and communications related to your orders are retained indefinitely to protect copyright, address potential disputes, and support long-term client relationships.
  • Marketing preferences: We retain your marketing preferences for as long as you remain subscribed to our communications. If you unsubscribe or withdraw your consent, we will delete or anonymize this data promptly.
  • Legal and compliance data: Personal data retained for legal and compliance purposes is kept for the duration required by law, which may include indefinite retention for certain legal claims or compliance requirements.

Data archiving and deletion

While we securely archive your account data after 6 years of inactivity, this data is retained indefinitely to ensure continuity and support if you choose to return to our services. We do not automatically delete your personal data unless it is no longer needed or you request its deletion. However, requests for deletion are evaluated based on our legal obligations and legitimate interests, including the need to protect copyright, prevent fraud, and defend or pursue legal rights.

Data breach notification

We take the security of your personal data very seriously. Despite our best efforts to protect your data, should a data breach occur that affects the confidentiality, integrity, or availability of your personal data, we are committed to handling the situation in accordance with the relevant data protection laws.

  • Notification to relevant authorities:
    • UAE: We will notify the UAE Data Office as soon as we become aware of a data breach that affects your personal data, especially if the breach is likely to result in a high risk to your rights and freedoms. The notification will include details about the nature of the breach, the categories and approximate number of data subjects affected, the potential consequences, and the measures we have taken or plan to take to address the breach.
    • UK: If you are located in the UK, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with the UK GDPR, unless the breach is unlikely to result in a risk to your rights and freedoms.
    • EU: For EU residents, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the EU GDPR, unless the breach is unlikely to result in a risk to your rights and freedoms.
  • Notification to affected individuals: If the data breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay. This notification will include a description of the nature of the breach, the likely consequences, and the steps you can take to mitigate any potential adverse effects.
  • Preventive measures: After a breach, we will promptly take steps to mitigate the damage and prevent further unauthorised access to your personal data. We will also assess and improve our security measures to prevent similar incidents in the future.

Maintenance of records

As the Controller of your personal data, we are committed to maintaining detailed records of all our data processing activities in compliance with relevant data protection laws. These records help us ensure that our data processing practices are transparent, secure, and fully compliant with applicable legal requirements.

Appointment of Data Protection Officer (DPO)

In compliance with relevant data protection laws, we have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure that our data processing practices comply with applicable laws.

If you have any questions about how we process your personal data, or if you wish to exercise any of your data protection rights, you can contact our DPO directly at [email protected].

Complaints

We are committed to protecting your personal data and ensuring that your rights are respected. If you have any concerns or complaints regarding the way we process your personal data, we encourage you to contact us so that we can address your concerns promptly.

How to submit a complaint

If you believe that your personal data has been processed in a manner that violates this privacy policy or applicable data protection laws, you can submit a complaint by contacting our Data Protection Officer (DPO) at [email protected]. Please provide detailed information about your complaint, including any relevant documentation.

Our response

Upon receiving your complaint and provided that we have verification of your identity, we will acknowledge receipt and begin an internal investigation. We will provide you with a response within one calendar month, outlining our findings and any corrective actions that will be taken if necessary.

Escalation to relevant authorities

If you are not satisfied with our response, or if you believe that your complaint has not been resolved adequately, you have the right to escalate the matter to a relevant data protection authority such as the UAE Data Office or Information Commissioner’s Office (ICO). We are committed to cooperating fully with the supervisory authorities to resolve any complaints and to comply with their guidance or decisions.

Children

If you are 13 or under, you must have permission from a parent or guardian before you give us your personal information. If we find that we have received information from you without the appropriate consent, we reserve the right to cancel all transactions and services and remove all personal data that you have supplied. You will be able to re-submit the information when you have the required permission.

Those using the website who are minors (under the age of 18) shall not register as a User of the website and shall not transact on or use the website.

Links to Other Websites

Our websites may contain links to external third-party websites. We are not responsible for the privacy and security of these websites unless they belong to Business Bliss Consultants FZE. This privacy policy applies only to UKDiss.

Updates and Revisions to the Privacy Policy

We are committed to ensuring that our privacy practices remain compliant with the latest legal requirements and best practices. As such, this privacy policy will be regularly reviewed and updated to reflect any relevant changes in data protection laws.

Any changes to this privacy policy will be communicated through updates on this privacy policy page. We encourage you to periodically review this page to stay informed about how we are protecting your personal data. Changes will become effective on the date they are posted.

For further questions, please contact [email protected].