1. INTRODUCTION AND SCOPE
This Privacy Policy (“Policy”) sets out the manner in which Student Help Desk World
(“Company”, “we”, “us”, or “our”), having its principal place of business at Melbourne, Victoria
3000, Australia, collects, receives, accesses, stores, uses, processes, transfers, discloses, and
protects personal data and other information of individuals who access, register on, or otherwise
use the Student Help Desk World website, mobile applications, software platforms,
communication tools, and related services (collectively referred to as the “Platform”).
This Policy applies to all categories of users of the Platform, including but not limited to students,
buyers, sellers, employers, recruiters, educational institutions, service providers,
consultants, visitors, and any other persons who interact with the Platform in any capacity,
whether registered or unregistered.
The Company operates internationally and provides its services across multiple jurisdictions,
including Australia, India, the United Kingdom, the United States of America, Canada,
Germany, the United Arab Emirates, and other countries where the Platform is accessible or
where users are located. Accordingly, this Policy is drafted to comply with global data protection
standards and shall be read in conjunction with applicable local data protection, privacy, and
cybersecurity laws, which may impose additional rights or obligations depending on the user’s
location.
Where there is any conflict between this Policy and mandatory provisions of applicable local law,
such local law shall prevail only to the extent of the inconsistency, and the remaining provisions
of this Policy shall continue to apply.
By accessing or using the Platform, users acknowledge that they have read, understood, and agreed
to the collection and processing of their personal data in accordance with this Policy, subject to
applicable legal requirements for consent.
2. DEFINITIONS
For the purposes of this Privacy Policy, unless the context otherwise requires:
“Personal Data” means any information or set of information that identifies or can reasonably be
used to identify an individual, directly or indirectly, including but not limited to name, contact
details, identification numbers, online identifiers, location data, educational or professional details,
communication records, and device information.
“Sensitive Personal Data” (where applicable under local law) means personal data that requires
a higher level of protection, including but not limited to government-issued identification details,
financial information, biometric data, or any other data classified as sensitive under applicable data
protection laws.
“Processing” means any operation or set of operations performed on personal data, whether or
not by automated means, including collection, recording, organisation, structuring, storage,
adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction.
“Buyer” refers to any individual or entity seeking services, opportunities, candidates, students, or
related offerings through the Platform.
“Seller” refers to any individual or entity offering services, opportunities, educational assistance,
recruitment support, or related offerings through the Platform.
“User” means any person who accesses, visits, registers on, or uses the Platform in any manner.
3. OUR ROLE AS A NEUTRAL MEDIATOR
Student Help Desk World functions solely as a technology-driven facilitation and mediation
platform designed to enable communication, discovery, and interaction between Buyers and
Sellers and other users. The Company acts strictly in a neutral, independent, and non
participatory capacity.
The Company does not:
• Act as an employer, employee, agent, broker, partner, guarantor, fiduciary, or
representative of any user;
• Verify, endorse, guarantee, or assume responsibility for the accuracy, legality, quality, or
performance of any services, representations, or transactions between users;
• Become a party to any agreement, contract, or arrangement entered into between users.
Personal data processed by the Company is used only to the extent necessary to operate the
Platform, enable user interactions, ensure compliance with legal obligations, prevent misuse, and
protect the rights, safety, and integrity of the Company and its users.
All Buyers and Sellers remain solely responsible for their own communications, conduct,
compliance with applicable laws, and handling of personal data received through the Platform.
4. CATEGORIES OF PERSONAL DATA WE COLLECT
Depending on the nature of interaction with the Platform, the Company may collect, process, and
store the following categories of personal data:
(a) Identification and Profile Information
• Full name, date of birth, age, gender
• Profile photographs or identifiers
• Nationality and country of residence
(b) Contact Information
• Email addresses
• Telephone or mobile numbers
• Mailing or business addresses (where required)
(c) Account and Authentication Data
• Usernames, passwords (encrypted)
• Login credentials and authentication tokens
• Account preferences and settings
(d) Educational and Professional Information
• Academic qualifications
• Work experience
• Skills, certifications, resumes, and portfolios
(e) Buyer and Seller Interaction Data
• Requests, listings, responses, and interaction history
• Time, frequency, and mode of communications
• Dispute-related interaction records
(f) Communication Metadata
• Call logs, timestamps, duration, and frequency
• Messages exchanged through Platform-controlled channels
• Support tickets and complaint records
(g) Technical and Usage Data
• IP address, browser type, operating system
• Device identifiers
• Log files, access times, and usage patterns
The Company does not intentionally collect sensitive personal data unless expressly required and
permitted under applicable law and with appropriate safeguards.
5. SOURCES OF PERSONAL DATA
The Company collects personal data from the following sources:
1. Directly from users, when they register, create profiles, submit forms, communicate
through the Platform, or contact support;
2. Automatically, through the use of cookies, log files, analytics tools, and similar
technologies when users access or use the Platform;
3. From third-party service providers or integrations, such as verification services,
analytics providers, or communication tools, where such collection is lawful and permitted;
4. From other users, where personal data is shared during Buyer–Seller interactions, subject
to this Policy and the Terms and Conditions.
Users are responsible for ensuring that any personal data they provide is accurate, lawful, and not
misleading.
6. LAWFUL BASIS FOR PROCESSING
The Company processes personal data only where there is a valid and lawful basis to do so,
including but not limited to:
• Consent: Where users have expressly or impliedly consented to the processing of their
personal data for specified purposes;
• Contractual Necessity: Where processing is necessary to perform obligations under the
Terms and Conditions or to provide Platform services requested by the user;
• Legal Obligations: Where processing is required to comply with applicable laws,
regulations, court orders, or governmental requests;
• Legitimate Interests: Where processing is necessary for the legitimate business interests
of the Company, including platform security, fraud prevention, service improvement, and
dispute management, provided such interests do not override user rights;
• Public Interest or Regulatory Compliance: Where processing is required to protect
public interest, enforce legal rights, or respond to lawful authorities.
Where required by law, the Company will obtain explicit consent and provide users with the ability
to withdraw consent, subject to legal and contractual limitations.
7. PURPOSE LIMITATION AND DATA MINIMISATION
The Company adheres to the principles of purpose limitation and data minimisation, meaning
that personal data is collected, processed, and retained only to the extent necessary to achieve
clearly defined, lawful, and legitimate purposes connected with the operation of the Platform.
Personal data shall not be:
• Collected in excess of what is reasonably required;
• Processed for purposes incompatible with those disclosed at the time of collection;
• Retained for longer than necessary for operational, contractual, or legal requirements.
The Company periodically reviews the categories of personal data collected to ensure relevance,
proportionality, and adequacy. Where a particular purpose can be achieved without identifying an
individual, the Company may use aggregated, anonymised, or pseudonymised data.
Users acknowledge that certain processing activities are inherent to platform functionality,
compliance, security, fraud prevention, dispute handling, and legal reporting, and such processing
shall not be deemed excessive or unlawful.
8. USER ACCOUNTS AND PROFILE INFORMATION
Users may be required to create and maintain an account to access certain features of the Platform.
Users are solely responsible for:
• Providing accurate, complete, and up-to-date information;
• Maintaining the confidentiality of login credentials;
• Promptly updating any changes to personal or professional information.
The Company does not independently verify user-provided data unless expressly stated and shall
not be responsible or liable for inaccuracies, misrepresentations, outdated information, or
omissions supplied by users.
Users acknowledge that:
• Other users may rely on profile information at their own risk;
• The Company does not guarantee authenticity, qualifications, or claims made by any user;
• Any reliance on user-generated content is strictly at the user’s discretion.
The Company reserves the right to suspend, restrict, or terminate accounts containing false,
misleading, or unlawful information.
9. BUYER AND SELLER DATA HANDLING
Personal data exchanged between Buyers and Sellers through the Platform is processed solely for
the purpose of enabling communication, discovery, and facilitation of interactions.
The Company:
• Does not monitor or control off-platform interactions;
• Does not verify the completion, quality, legality, or outcome of any transaction;
• Does not assume responsibility for performance, payment, delivery, or disputes between
users.
Buyers and Sellers acknowledge that:
• They act as independent data controllers for personal data they receive from other users;
• They are solely responsible for compliance with applicable data protection and privacy
laws;
• Any misuse, unauthorised disclosure, or unlawful processing of personal data is their
exclusive responsibility.
The Company disclaims all liability arising from Buyer–Seller data exchanges beyond Platform
controlled systems.
10. COMMUNICATIONS, CALL LIMITS, AND ANTI-HARASSMENT
POLICY
To protect personal data, operational efficiency, staff safety, and platform integrity, the Company
enforces a strict communication and anti-harassment policy.
(a) Communication Restrictions
Buyers, Sellers, and other users are expressly prohibited from:
• Making excessive, repetitive, or continuous calls to the Company or its representatives;
• Contacting the Company on a daily or unreasonable basis without material cause;
• Using multiple numbers, accounts, or persons to bypass communication limits.
(b) Permitted Channels
All communications must:
• Occur only through officially designated channels (registered email, platform messaging,
or authorised support lines);
• Be limited to published business hours unless otherwise authorised in writing.
(c) Prohibited Conduct
The following conduct constitutes harassment and misuse of personal data:
• Persistent calling, spamming, or messaging;
• Threats, coercion, intimidation, or undue pressure;
• Abusive, defamatory, or offensive language;
• Attempts to influence, manipulate, or compel outcomes outside the Platform’s scope.
(d) Enforcement Measures
The Company reserves the right to:
• Restrict, monitor, record, or terminate communications;
• Temporarily or permanently suspend accounts;
• Retain communication metadata, logs, and recordings as evidence of misuse, regulatory
compliance, or legal defence;
• Cooperate with law enforcement or regulatory authorities where required.
Violation of this clause may result in immediate account suspension without prior notice.
11. COOKIES, LOG FILES, AND DEVICE DATA
The Company uses cookies, web beacons, log files, and similar technologies to:
• Authenticate users and maintain sessions;
• Enhance user experience and platform functionality;
• Improve security and detect unauthorised access;
• Analyse usage patterns and system performance.
Cookies may be session-based or persistent and may be disabled by users through browser settings;
however, disabling cookies may limit Platform functionality.
Log files may automatically collect technical information including IP address, browser type,
device identifiers, operating system, referral URLs, timestamps, and access duration.
12. ANALYTICS AND PLATFORM IMPROVEMENT
The Company may use analytics tools and internal metrics to analyse Platform usage, performance,
and trends. Such data is primarily processed in aggregated, anonymised, or de-identified form
and does not seek to identify individual users unless necessary for security, fraud prevention, or
compliance.
Analytics data may be used for:
• Improving services and user experience;
• Developing new features;
• Monitoring system stability and scalability;
• Internal reporting and research.
The Company does not sell personal data for advertising or profiling purposes and limits analytics
processing to legitimate operational objectives.
13. THIRD-PARTY SERVICES AND INTEGRATIONS
The Platform may integrate, link to, or rely upon third-party services, tools, APIs, plugins, hosting
providers, communication platforms, analytics services, payment processors, verification services,
and other external service providers (“Third-Party Services”) to enable or enhance functionality.
The Company:
• Engages Third-Party Services only where reasonably necessary for Platform operations;
• Endeavours to select service providers that implement commercially reasonable data
protection and security measures;
• Does not control, manage, or supervise the internal privacy practices, policies, or data
processing activities of such third parties.
Users acknowledge and agree that:
• Any personal data shared directly with Third-Party Services is subject to the privacy
policies and terms of those third parties;
• The Company shall not be responsible or liable for any loss, misuse, unauthorised
disclosure, or breach of personal data occurring within Third-Party Services;
• Accessing or using Third-Party Services is at the user’s own discretion and risk.
Where required by applicable law, the Company shall enter into appropriate contractual
arrangements with Third-Party Services to ensure lawful processing of personal data.
14. INTERNATIONAL DATA TRANSFERS
Given the global nature of the Platform, personal data may be transferred to, stored in, or processed
in jurisdictions outside the user’s country of residence, including countries that may have different
data protection standards.
The Company ensures that international data transfers are carried out:
• In accordance with applicable data protection laws;
• Using lawful transfer mechanisms such as standard contractual clauses, data transfer
agreements, adequacy decisions, or equivalent safeguards;
• With appropriate technical and organisational measures to protect personal data against
unauthorised access or misuse.
By using the Platform, users acknowledge and consent to the cross-border transfer and processing
of their personal data, subject to mandatory legal protections in their jurisdiction.
15. DATA STORAGE, SECURITY, AND SAFEGUARDS
The Company implements reasonable and appropriate administrative, technical, and physical
safeguards to protect personal data against unauthorised access, disclosure, alteration, loss, or
destruction.
Such safeguards may include:
• Secure servers and encrypted databases;
• Access control mechanisms and authentication protocols;
• Firewalls, intrusion detection systems, and monitoring tools;
• Internal policies governing data handling and security practices;
• Periodic security assessments and system reviews.
While the Company strives to protect personal data, no system is completely secure. Users
acknowledge that transmission of data over the internet involves inherent risks, and the Company
cannot guarantee absolute security.
16. DATA RETENTION AND DELETION
Personal data is retained only for:
• As long as necessary to fulfil the purposes for which it was collected;
• The duration required to comply with legal, regulatory, accounting, or reporting
obligations;
• The resolution of disputes, enforcement of agreements, or protection of legal rights.
Upon expiry of the applicable retention period, personal data shall be securely deleted,
anonymised, or archived in accordance with the Company’s data retention policies and applicable
laws.
Users may request deletion of their personal data, subject to legal obligations that may require
continued retention.
17. CONFIDENTIALITY AND ACCESS CONTROLS
Access to personal data is strictly limited to authorised employees, contractors, and service
providers who require such access to perform their duties.
All authorised personnel are:
• Bound by confidentiality obligations;
• Trained in data protection and privacy practices;
• Subject to disciplinary action for unauthorised access or misuse of personal data.
The Company maintains internal access controls to prevent unauthorised or accidental disclosure
of personal data.
18. DISCLOSURE OF PERSONAL DATA
The Company may disclose personal data:
• To regulatory authorities, law enforcement agencies, courts, or governmental bodies where
required by law, court order, or legal process;
• To service providers and professional advisors engaged for operational, legal, or
compliance purposes;
• To protect the rights, property, safety, or integrity of the Company, its users, or the public.
Such disclosures shall be limited to what is legally required or reasonably necessary and shall be
made in accordance with applicable data protection laws.
19. USER RIGHTS AND CHOICES
Subject to applicable law and jurisdiction, users may exercise certain rights in relation to their
personal data processed by the Company. These rights may vary depending on the user’s location
and applicable legal framework.
(a) Right of Access
Users may request confirmation as to whether their personal data is being processed and may
request access to such data, subject to legal limitations and verification of identity.
(b) Right to Correction or Rectification
Users may request correction of inaccurate, incomplete, or outdated personal data. The Company
shall take reasonable steps to rectify such data where appropriate.
(c) Right to Deletion or Erasure
Users may request deletion of their personal data where:
• The data is no longer necessary for the purposes for which it was collected;
• Consent has been withdrawn, where applicable;
• Processing is unlawful; or
• Deletion is required under applicable law.
Deletion requests may be denied where retention is necessary to comply with legal obligations,
resolve disputes, enforce agreements, or protect legal rights.
(d) Right to Restriction of Processing
Users may request restriction of processing in certain circumstances, including where the accuracy
or lawfulness of processing is contested.
(e) Right to Data Portability
Where legally applicable, users may request to receive certain personal data in a structured,
commonly used, and machine-readable format or request transfer to another service provider.
(f) Right to Withdraw Consent
Where processing is based on consent, users may withdraw such consent at any time. Withdrawal
shall not affect the lawfulness of processing carried out prior to withdrawal.
(g) Exercise of Rights
Requests must be submitted through official contact channels. The Company reserves the right to
verify identity before responding and may refuse or limit requests where permitted by law.
20. COUNTRY-SPECIFIC LEGAL COMPLIANCE
The Company operates globally and has designed this Privacy Policy to comply with multiple data
protection regimes. Where required, the Company applies jurisdiction-specific safeguards, user
rights, and compliance measures in accordance with local laws.
In the event of a conflict between this Policy and mandatory local law, such local law shall prevail
solely to the extent of the inconsistency, without affecting the validity of the remaining provisions.
21. AUSTRALIA – PRIVACY ACT 1988 (CTH)
For users located in Australia, the Company complies with the Privacy Act 1988 (Cth) and the
Australian Privacy Principles (APPs), including obligations relating to:
• Open and transparent management of personal information;
• Collection of solicited personal information;
• Use and disclosure of personal information for primary purposes;
• Data quality and security;
• Access to and correction of personal information.
Australian users may lodge privacy-related complaints with the Company and, where unresolved,
with the Office of the Australian Information Commissioner (OAIC).
22. INDIA – INFORMATION TECHNOLOGY ACT & DPDP ACT
For users located in India, the Company processes personal data in accordance with:
• The Information Technology Act, 2000;
• The Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules, 2011; and
• The Digital Personal Data Protection Act, 2023 (DPDP Act).
Processing is conducted on lawful grounds, including consent and legitimate use. Users may
exercise rights relating to access, correction, grievance redressal, and withdrawal of consent,
subject to statutory limitations.
23. UNITED KINGDOM – UK GDPR & DATA PROTECTION ACT
2018
For users located in the United Kingdom, the Company acts as a data controller and processes
personal data in compliance with:
• The UK General Data Protection Regulation (UK GDPR); and
• The Data Protection Act 2018.
Processing adheres to core principles including lawfulness, fairness, transparency, purpose
limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.
UK users have the right to lodge complaints with the Information Commissioner’s Office (ICO)
if they believe their data protection rights have been violated.
24. UNITED STATES – FEDERAL AND STATE PRIVACY LAWS
For users located in the United States, the Company complies with applicable federal and state
privacy laws, including, where applicable:
• The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act
(CPRA);
• Other applicable state privacy laws relating to consumer data protection.
U.S. users may have rights to request disclosure, access, correction, or deletion of personal data,
subject to statutory exemptions. The Company does not sell personal data as defined under
applicable U.S. privacy laws.
25. CANADA – PIPEDA AND PROVINCIAL LAWS
For users located in Canada, the Company processes personal data in accordance with the Personal
Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial
privacy laws.
In compliance with PIPEDA, the Company adheres to the following principles:
• Accountability for personal data under its control;
• Identification of purposes for which personal data is collected;
• Obtaining meaningful consent for collection, use, and disclosure;
• Limiting collection, use, disclosure, and retention of personal data;
• Ensuring accuracy, safeguards, openness, and individual access.
Canadian users may request access to or correction of their personal data and may raise privacy
concerns through the Company’s designated contact channels. Where unresolved, complaints may
be escalated to the Office of the Privacy Commissioner of Canada, subject to applicable
procedures.
26. GERMANY & EUROPEAN UNION – GENERAL DATA
PROTECTION REGULATION (GDPR)
For users located in Germany or any other member state of the European Union, the Company
processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection
Regulation – GDPR).
The Company complies with GDPR requirements, including but not limited to:
• Lawful, fair, and transparent processing;
• Purpose limitation and data minimisation;
• Accuracy and storage limitation;
• Integrity, confidentiality, and accountability.
EU users are entitled to exercise GDPR data subject rights, including the right of access,
rectification, erasure, restriction, portability, and objection, subject to legal limitations.
Where required, the Company implements appropriate safeguards for cross-border transfers of
personal data outside the EU, including standard contractual clauses or equivalent mechanisms.
EU users may lodge complaints with their local supervisory authority if they believe their GDPR
rights have been infringed.
27. CHILDREN’S AND MINOR USERS’ PRIVACY
The Platform is not intended for use by children or minors unless expressly permitted under
applicable law and with valid parental or guardian consent.
The Company:
• Does not knowingly collect or process personal data of children without required consent;
• Takes reasonable steps to delete personal data where it becomes aware that such data has
been collected in violation of applicable laws;
• Implements safeguards where minors are permitted to use limited Platform features.
Parents or legal guardians may contact the Company to review, correct, or request deletion of a
child’s personal data, subject to verification requirements.
28. COMPLAINTS, DISPUTE HANDLING, AND ESCALATION
Users may submit privacy-related complaints, grievances, or concerns through the Company’s
officially designated contact channels.
To ensure efficient handling:
• Complaints must be submitted in writing with sufficient details;
• The Company will make reasonable efforts to investigate and respond within a
commercially reasonable timeframe;
• Communications must remain professional and non-abusive.
Harassing, excessive, repetitive, or coercive communication, including daily calls, persistent
follow-ups, or pressure tactics directed at the Company or its representatives, is strictly prohibited
and may result in communication restrictions, account suspension, or other enforcement measures.
The Company reserves the right to document, monitor, and retain complaint-related
communications for compliance, audit, and legal purposes.
29. POLICY UPDATES AND MODIFICATIONS
The Company reserves the right to update, amend, or modify this Privacy Policy at any time to
reflect changes in legal requirements, business practices, or Platform functionality.
Where material changes are made, the Company may notify users through the Platform or by other
reasonable means. Continued access to or use of the Platform after the effective date of any
changes shall constitute acceptance of the updated Privacy Policy.
Users are encouraged to review this Policy periodically.
30. CONTACT INFORMATION
For any questions, requests, or concerns relating to this Privacy Policy or the processing of
personal data, users may contact:
Student Help Desk World
Melbourne, Victoria 3000, Australia
Email: australia@studenthelpdesk.world