BFF Privacy Policy

Data Collection and Privacy Notice

Aston University and the School of Coding and AI (“SOC”, “we”, “our”, “us”) act as Data Controllers under the Data Protection Act 2018 (“DPA 2018”) and the UK General Data Protection Regulation (“UK GDPR”). This Privacy Notice explains how we collect, use, store, and protect your personal data when you use the BFF application.

We are committed to processing your personal data lawfully, fairly, and transparently, in accordance with the DPA 2018, UK GDPR, and other applicable UK data protection and privacy laws.

This Privacy Policy may be updated periodically to reflect changes in legal requirements or our data practices.

What We Collect

We collect and process personal data to:

• Support your learning journey
  
  
• Develop and enhance the BFF application
  
  
• Improve the tutor-student experience within our business simulation game
  
  

The types of data we may collect include:

• Identity data (e.g., name, username)
  
  
• Contact data (e.g., email address, phone number)
  
  
• Profile data (e.g., preferences, in-app activities)
  
  
• Technical data (e.g., device information, browser type, operating system)
  
  
• Usage data (e.g., interaction with the app, game progress)
  
  
• Log data (e.g., IP address, timestamps, error logs)
  
  

Optional Disclosure:

You may choose to use the app anonymously. However, if you voluntarily provide personal data, it will be processed to support educational delivery and for statistical research purposes to improve learning outcomes.

We process personal data where necessary to pursue our legitimate interests (UK GDPR Article 6(1)(f)).

Lawful Basis for Processing

We rely on the following lawful bases for processing your personal data:

• Legitimate interests, including:
  
  
  • Maintaining accurate records
    
    
  • Supporting student engagement
    
    
  • Securing our app and IT infrastructure
    
    
  • Providing operational and IT support
    
    
  • Improving and developing the app experience
    
    
• Consent, where applicable, especially for any optional data collection (e.g., analytics cookies or marketing communications).
  
  

Where consent is the basis, you have the right to withdraw it at any time.

Your Rights

You have rights regarding your personal data under the DPA 2018 and UK GDPR, including:

• Right to access: Request a copy of the personal data we hold about you
  
  
• Right to rectification: Request correction of inaccurate or incomplete data
  
  
• Right to erasure (“right to be forgotten”): Request deletion of your data under certain conditions
  
  
• Right to restrict processing: Request that we limit how we use your data
  
  
• Right to object: Object to processing based on legitimate interests
  
  
• Right to data portability: Request a copy of your data in a structured, commonly used format (where applicable)
  
  

Please note: Some rights may be restricted where data is processed exclusively for research or statistical purposes.

To exercise any of these rights, please contact us at:
📧 [email protected]

International Data Transfers

Your personal data may be transferred outside the United Kingdom or European Economic Area (EEA). Transfers will only occur where:

• The country has an adequacy decision from the UK Government or European Commission; or
  
  
• Appropriate safeguards are in place (such as Standard Contractual Clauses or International Data Transfer Agreements) to protect your data.
  
  

We ensure that all transfers comply with data protection laws.

Information Collection and Use

For an enhanced experience, we may request certain personally identifiable information.

We may also use trusted third-party services that collect information to assist us in:

• Managing user accounts and communications (e.g., updates, support)
  
  
• Administering, securing, and troubleshooting the app
  
  
• Performing app usage analytics and receiving feedback
  
  

Where third parties process personal data on our behalf, we ensure appropriate contracts (Data Processing Agreements) are in place.

Log Data

In the case of an app error, we collect technical data (“Log Data”), including:

• Device Internet Protocol (IP) address
  
  
• Device name and operating system version
  
  
• App configuration at the time of the error
  
  
• Time and date of error
  
  
• Other relevant diagnostic information
  
  

This information is collected solely for improving the app and diagnosing technical issues.

Cookies and Tracking Technologies

The BFF application itself does not directly use cookies. However, third-party libraries integrated into the app may employ cookies or similar tracking technologies to collect data and enhance functionality.

You have the option to accept or refuse such cookies. Please note that refusing cookies may limit certain features of the app.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Access controls
  
  
• Encryption
  
  
• Secure storage
  
  

Access to personal data is restricted to those who have a business need to know and are subject to confidentiality obligations.

⚠️ Please note: No method of transmission over the Internet or electronic storage is 100% secure. We strive to protect your data but cannot guarantee its absolute security.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or data processing practices.

When we update the Policy:

• Changes will take effect immediately upon posting
  
  
• If substantial changes are made, we may notify you directly where appropriate
  
  

We encourage you to review this Privacy Policy regularly.

Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

📧 Email: [email protected]