Privacy Policy

  • Home
  • Privacy Policy
Shape Image One

Effective date: 8 May 2026 — Last updated: 8 May 2026

Who we are

M-Gibes College of Business and Management (“M-Gibes College”, “we”, “us”, “our”) is a global provider of British education and professional qualifications, with offices in the United Kingdom and Ghana.

  • UK office: 2 Frederick Street, Kings Cross, London, WC1X 0ND
  • Ghana office: [No.12 Tetteh Okulley Street, Achimota-Accra]
  • Email: info@mgibes.co.uk
  • Phone (UK): +44 7418 361704
  • Phone (Ghana): +233 558272760

We are the data controller for personal information processed through our website (mgibes.co.uk), our learning platforms, our mobile app, and the services we provide to applicants, students, alumni, staff, and visitors.

What this policy covers

This policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and the rights you have. It applies to information processed in connection with our website, mobile app, learning management systems (including Moodle and Tutor LMS), enrolments, payments, assessments, and communications.

Information we collect

We collect personal data that you provide directly, that is generated as you use our services, and that we receive from third parties.

Information you provide

  • Identification: full name, date of birth, gender, nationality, country of residence
  • Contact: postal address, email address, phone number
  • Account: username, password (stored hashed), profile photo
  • Application & enrolment: education history, qualifications, employment background, supporting documents, identity-verification documents
  • Payment: billing details processed via our payment provider; we do not store full card numbers
  • Communications: messages, support requests, feedback, testimonials
  • Assessments: coursework, assignments, and, project submissions

Information generated automatically

  • Learning data: courses accessed, lessons completed, time on task, quiz attempts, scores, certificates issued
  • Technical: IP address, device type, browser, operating system, referring URL, pages visited
  • Cookies and similar technologies (see Section 9)

Information from third parties

  • Accreditation and awarding bodies (e.g. OTHM, GTEC)
  • Payment processors (e.g. Paystack)
  • Partner institutions (e.g. Datalink Institute)
  • Public sources where you have made information public (e.g. LinkedIn, where used to verify qualifications)

How we use your information and our lawful basis

Under the UK GDPR and the Data Protection Act 2018 (and Ghana’s Data Protection Act, 2012 (Act 843) where applicable), we rely on the following lawful bases:

PurposeLawful basis
Process applications and admit studentsContract; legitimate interests
Deliver courses, assessments, and certificationContract
Process tuition payments and refundsContract; legal obligation
Issue qualifications and report results to awarding bodiesContract; legal obligation
Provide student support and respond to enquiriesContract; legitimate interests
Send service communications (timetables, results, account alerts)Contract
Send marketing about courses and eventsConsent (you can withdraw at any time)
Improve our courses, website, and servicesLegitimate interests
Detect fraud, plagiarism, and misuse of our platformsLegitimate interests; legal obligation
Comply with regulators, accreditors, auditors, and the lawLegal obligation

Where we rely on consent (for example, marketing emails or non-essential cookies), you can withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Who we share your information with

We share personal data only where we have a lawful basis to do so. Recipients may include:

  • Awarding and regulatory bodies: OTHM, Ofqual-regulated bodies, GTEC, and other awarding partners — to register learners, submit assessments, and issue certificates.
  • Partner institutions: for example, Datalink Institute, where you are co-enrolled or studying through a partnership pathway.
  • Service providers acting on our behalf (processors):
  • Hosting and infrastructure providers
  • Learning platforms (Moodle, Tutor LMS)
  • Payment processors (Paystack and any successor providers)
  • Email, SMS, and communications providers
  • Analytics and marketing tools
  • Cloud storage and document management providers
  • Professional advisors: auditors, lawyers, insurers, and accountants were required.
  • Authorities: law enforcement, regulators, courts, and tax authorities where we are legally required to disclose.

We do not sell your personal data.

International transfers

Because we operate in both the United Kingdom and Ghana, and because some of our service providers are located outside the UK and the European Economic Area, your personal data may be transferred internationally. Where we transfer personal data out of the UK, we rely on a recognised transfer mechanism such as:

  • An adequacy decision by the UK government, or
  • The UK International Data Transfer Agreement, or the Addendum to the EU Standard Contractual Clauses, supported by a transfer risk assessment, or
  • Another lawful safeguard recognised under the UK GDPR.

We take steps to ensure that your data receives an essentially equivalent level of protection wherever it is processed.

How long we keep your information

We keep personal data only for as long as we need it for the purposes set out in this policy. Typical retention periods include:

  • Application records (unsuccessful applicants): up to 2 years from the application
  • Student academic records and certificates: retained indefinitely, to enable lifetime verification of qualifications
  • Financial and payment records: at least 6 years, to meet UK tax and accounting requirements
  • Marketing preferences: until you unsubscribe or withdraw consent
  • Website analytics and logs: typically, up to 26 months
  • Support communications: up to 3 years

When we no longer need personal data, we delete it or anonymize it.

Your rights

Under the UK GDPR (and equivalent rights under Ghana’s Data Protection Act, 2012 where applicable), you have the right to:

  • Be informed about how we use your personal data
  • Access a copy of the personal data we hold about you
  • Have inaccurate or incomplete data corrected
  • Have your data erased in certain circumstances
  • Restrict processing of your data in certain circumstances
  • Data portability — receive your data in a portable format
  • Object to processing based on legitimate interests or direct marketing
  • Withdraw consent at any time, where we rely on consent
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (we do not currently make such decisions)

To exercise any of these rights, contact us at info@mgibes.co.uk. We will respond within one month. We may need to verify your identity before acting on your request.

Cookies and similar technologies

Our website uses cookies and similar technologies to operate the site, remember your preferences, measure traffic, and (where you consent) deliver marketing. Categories we use include:

  • Strictly necessary — required for the site, login, payments, and security
  • Functional — remember preferences and settings
  • Analytics — help us understand how the site is used
  • Marketing — show relevant advertising on third-party platforms

You can manage cookies through our cookie banner and through your browser settings. Disabling some cookies may affect how the site works.

Security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, or disclosure. These include access controls, encryption in transit (HTTPS/TLS), secure password hashing, audit logging, and staff training. No system is completely secure; if you believe your account has been compromised, contact us immediately at uk@mgibes.co.uk.

Children

Our courses are designed for adult learners, and applicants are normally aged 18 or over. We do not knowingly collect personal data from children under the age at which they can consent in their country of residence (13 in the UK for online services). If you believe a child has provided us with personal data, contact us so we can remove it.

Third-party links

Our website and platforms may contain links to third-party websites and services. This policy does not apply to those services, and we are not responsible for their privacy practices. Please review their privacy notices.

  • Automated decision-making and profiling

We do not use your personal data for any decision based solely on automated processing that produces legal or similarly significant effects on you. Where we use analytics to understand learning progress or website use, decisions about admissions, assessment, and student support involve human judgement.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will reflect the most recent change. Where changes are significant, we will notify you by email or through the website.

How to contact us

Data protection enquiries and requests:

M-Gibes College of Business and Management 2 Frederick Street, Kings Cross, London, WC1X 0ND, United Kingdom Email: info@mgibes.co.uk Phone: +44 7418 361704

How to complain

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.

Reviews

Professional Courses

Diploma Programmes

CONTACT DETAILS
Get in touch with us
We can be reached by phone during our working hours.

Office Address
2 Frederick Street, Kings Cross, London, United Kingdom, WC1X 0ND.

Phone Number
+44 7418 361704

Ghana Branch
+233 0558272760

Email Address
uk@mgibes.co.uk

Executive Programmes

University Programmes

Copyright © 2023 M-Gibes College of Business & Management | All Right Reserved | Privacy Policy

Instagram Facebook Twitter Linkedin