Maurbel Integrated Services Ltd
Last Updated: 1 November 2025
This Privacy Policy explains how Maurbel Integrated Services Ltd collects, uses, stores, and protects your personal data when you use our services or visit our website. We are committed to protecting your privacy and handling your data in an open and transparent manner.
By using our services or website, you agree to the collection and use of information in accordance with this policy. We encourage you to read this policy carefully to understand how we handle your personal data.
1. Who We Are
Maurbel Integrated Services Ltd is a company registered in England and Wales that provides Educational Support Services, Information Technology Services, Travel Agency Services, and Business Support Services to clients globally. We operate from offices in the United Kingdom and Nigeria.
Company Details:
Company Name: Maurbel Integrated Services Ltd
UK Company Registration Number: 16720409 (England and Wales)
Nigeria Registration Number: BN 3216355
Registered Address (UK): Office 14658, 182-184 High Street North, East Ham, London E6 2JA, United Kingdom
Nigeria Office: Gbazango Extension, Kubwa, Nigeria
Contact Email: info@maurbel.com
Alternative Email: maurbelintegratedservices@gmail.com
Telephone: 07827 105272
Website: www.maurbel.com
We are British Council certified for the provision of education services and maintain compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Data (Use and Access) Act 2025, Nigeria Data Protection Act 2023, US Family Educational Rights and Privacy Act (FERPA), Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Payment Card Industry Data Security Standard (PCI-DSS), and other applicable data protection laws relevant to our global operations.
Depending on the nature of the service we provide, we act either as a Data Controller (where we determine the purposes and means of processing your personal data) or as a Data Processor (where we process personal data on your behalf according to your instructions, primarily in the context of business support services).
2. How We Collect Your Personal Data
We collect personal data directly from you through various channels when you interact with our services. This includes when you use our websites and digital platforms, apply for educational programmes or request educational counselling, book travel services through us, engage our IT or business support services, register for events or subscribe to our newsletters, or contact us by email, telephone, or in person.
In addition to data collected directly from you, we may receive personal data from third parties in the course of providing our services. These third parties include educational institutions with whom we facilitate applications, immigration authorities involved in visa processing, travel partners such as airlines and hotels, payment processors who handle transactions on our behalf, and other service providers who collaborate with us to deliver services to you. We only receive such data where it has been lawfully shared and where necessary for the provision of our services.
We collect what is known as sensitive personal data only when it is necessary for the service we are providing and where we have an appropriate legal basis to do so. Sensitive data includes health information that may be relevant for study abroad insurance or travel arrangements, biometric data required for visa applications, and criminal records information where this is required by educational institutions or immigration authorities. We typically collect sensitive data based on your explicit consent or where collection is required by law.
3. How We Use Your Personal Data
The way we use your personal data depends on which of our services you engage with. We process your data for specific, legitimate purposes and rely on appropriate legal bases for each type of processing.
Educational Services
When you use our educational services, which include processing university applications, providing educational counselling, assisting with visa applications, arranging accommodation, and coordinating health insurance, we collect and process your name, contact details, date of birth, nationality, academic qualifications and transcripts, passport details, financial information, references from teachers or employers, and health information where this is required for insurance or specific programme requirements.
We process this data to perform our contract with you, based on your consent where we have requested it, and to comply with legal obligations such as those imposed by immigration authorities. Your data is shared with educational institutions to which you are applying, immigration authorities for visa processing, accommodation providers you have selected, health insurance companies for coverage, and credential evaluation services where qualification assessment is required.
IT Services
For our IT services, which encompass website and software development, IT support, cybersecurity services, cloud services, and graphics design, we collect business contact details, project specifications and requirements, technical data necessary for service delivery, system access credentials in encrypted form, and end-user data where we act as a Data Processor on your behalf.
We process this data to perform our contract with you and based on our legitimate interests in providing high-quality IT services. Where we act as a Data Processor, we process data strictly according to your instructions as documented in our Data Processing Agreement. Your data may be accessed by hosting providers such as AWS and Azure, domain registrars, development platforms we use for project delivery, sub-contractors who assist with specific technical tasks, and your end users where we are providing services that involve user-facing systems.
Travel Services
When you book travel services with us, including flights, hotels, visa assistance, holiday packages, and tours, we collect your name exactly as it appears on your passport, passport details required for booking and travel, your travel preferences, payment information for processing bookings, health and dietary requirements to ensure appropriate arrangements, and emergency contact details for your safety.
We process this data to perform our contract with you, based on your consent where we have requested it, and to comply with legal obligations related to travel and immigration. Your data is shared with airlines for flight bookings, hotels and other accommodation providers, Global Distribution Systems (GDS) that facilitate travel bookings, visa processing centres for visa applications, travel insurance providers, tour operators for package holidays, and payment processors who handle financial transactions.
Business Support Services
Our business support services include virtual assistance, HR support, accounting services, company registration, business consulting, and branding. For these services, we collect company details and registration information, details of directors and shareholders, employee data where we act as a Data Processor for HR functions, financial records for accounting services, strategic plans for consulting engagements, and brand materials for design and marketing services.
We process this data to perform our contract with you, to comply with legal obligations such as those relating to company formation and tax compliance, and as a Data Processor according to your specific instructions. Your data may be shared with Companies House for company registration, HM Revenue & Customs for tax compliance, accounting software providers we use to deliver services, HR platforms for human resource management, and professional advisers such as lawyers and auditors where necessary for service delivery.
Website and Communications
When you use our website or communicate with us, we collect your name, email address, communication preferences, browsing data through cookies and similar technologies, and your IP address for security and analytics purposes. We process this data based on your consent for marketing communications and based on our legitimate interests in operating and improving our website and responding to enquiries. Your data may be accessed by email service providers who help us send communications, analytics platforms that help us understand website usage, and our subsidiaries who may assist with customer service.
Security and Compliance
To prevent fraud, comply with legal obligations, and protect our rights and those of our clients, we may process various categories of personal data depending on the specific requirement. We process this data based on legal obligations, our legitimate interests in maintaining security and preventing fraud, and vital interests where necessary to protect individuals. Your data may be shared with law enforcement agencies where required by law, regulatory authorities for compliance purposes, legal advisers for professional advice, and auditors for compliance verification.
Payment Processing
Across all our services, we process billing details, payment card information in tokenised form, and transaction history to facilitate payments. We process this data to perform our contract with you and to comply with legal obligations relating to financial transactions and record-keeping. Your payment data is handled by payment processors who are compliant with the Payment Card Industry Data Security Standard (PCI-DSS) and by banks for transaction processing.
Marketing Communications
We send promotional communications about our services, special offers, and relevant information only with your explicit consent. You can withdraw your consent at any time by clicking the “unsubscribe” link in any marketing email or by contacting us directly at info@maurbel.com.
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you without human involvement. Any decisions affecting your rights or interests are made by our staff with appropriate oversight.
Cookies
We use cookies and similar technologies on our website to improve functionality, remember your preferences, and analyse how visitors use our site. For detailed information about the cookies we use and how to manage your cookie preferences, please refer to our Cookie Notice available on our website.
4. Who Has Access to Your Personal Data
We share your personal data only when it is necessary to provide our services to you or when we are required to do so by law. We want to be clear: we do not sell your personal data to third parties for marketing purposes or any other reason.
Your personal data may be accessed by various categories of recipients depending on which services you use. Our subsidiaries and affiliated companies within our global organisation may have access to your data to provide coordinated services. We work with service providers who support our operations, including hosting providers for our digital infrastructure, payment processors for financial transactions, analytics providers to help us understand and improve our services, and customer support platforms.
We engage professional advisers including lawyers, accountants, and auditors who may need access to your data to provide professional services to our business. Regulatory authorities may require access to your data, including the Information Commissioner’s Office (ICO) in the UK, the Nigerian Data Protection Commission (NDPC), HM Revenue & Customs for tax purposes, immigration authorities for visa processing, and law enforcement agencies where legally required.
The service-specific partners detailed in the previous section may also access your data as necessary to deliver the particular service you have requested. In the event of a business reorganisation, merger, acquisition, or sale of assets, your data may be transferred to successor entities, although we will notify you of any such transfer and ensure your data continues to be protected in accordance with this policy.
When we act as a Data Processor for business support clients, we may use sub-processors such as payroll systems, accounting software platforms, and cloud storage providers to deliver services. We only engage sub-processors with your approval as specified in our Data Processing Agreement, and we ensure they provide appropriate security and confidentiality protections.
All third parties with whom we share your data are required to maintain appropriate security measures and to process your data only for the purposes we have specified. We conduct due diligence on our service providers and maintain contracts that require them to protect your data and process it only as instructed.
5. International Data Transfers
Given the global nature of our services, we process personal data in both the United Kingdom and Nigeria and may transfer your data internationally to provide the services you have requested. This includes transfers to the United States, Canada, and other countries where our clients are located, where educational institutions are situated, or where our service providers operate.
We recognise that different countries have different data protection standards. When we transfer your personal data outside the UK or Nigeria, we ensure appropriate safeguards are in place to protect your data. These safeguards include relying on adequacy decisions made by the UK Government, which recognises certain countries as providing adequate levels of data protection. Where no adequacy decision exists, we use Standard Contractual Clauses approved by the Information Commissioner’s Office, which are contractual commitments between us and the recipient that ensure your data is protected to UK standards.
In some cases, we may transfer your data based on your explicit consent for specific transfers, particularly where this is necessary for educational placements or travel arrangements you have requested. We also transfer data where necessary for the performance of our contract with you, such as when booking international travel or facilitating applications to overseas institutions.
When transferring data to educational institutions, we ensure compliance with relevant education privacy laws, including FERPA in the United States. When using cloud service providers, we verify that they hold appropriate security certifications such as ISO 27001 and SOC 2, and we establish contractual protections that require them to maintain high standards of data security regardless of where their servers are located.
6. Security
We take the security of your personal data very seriously and implement comprehensive technical and organisational measures to protect your information from unauthorised access, alteration, disclosure, or destruction.
Our technical security measures include encryption of data both in transit using TLS/SSL protocols and at rest using AES-256 encryption. We process payments securely using tokenisation, which means sensitive payment card information is replaced with non-sensitive tokens. We protect our systems with firewall protection and intrusion detection systems that monitor for unauthorised access attempts. Access to systems is protected by multi-factor authentication and role-based access controls that ensure individuals can only access the data they need for their role. We maintain regular security updates and conduct vulnerability scanning to identify and address potential security issues. Our data is protected through secure backup systems and we maintain disaster recovery procedures to ensure business continuity.
Our organisational security measures include restricting access to personal data to authorised personnel only on a need-to-know basis. All our staff and contractors receive mandatory data protection training to ensure they understand their obligations. We require confidentiality agreements from all individuals who have access to personal data. We conduct regular security audits and compliance checks to verify that our security measures remain effective. We have established incident response procedures to quickly address any security concerns.
Only personnel who are authorised and have a legitimate business need may access your personal data, and they are required to treat it as strictly confidential. However, we must be honest with you: no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.
You have an important role to play in security too. You should keep any passwords or login credentials secure and confidential. Please notify us immediately at info@maurbel.com if you become aware of any suspected security issues, unauthorised access to your account, or any breach of your login credentials.
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner’s Office and the Nigerian Data Protection Commission within 72 hours as required by law. If the breach poses a high risk to you, we will also inform you without undue delay, providing information about the nature of the breach and the steps we are taking to address it.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal, regulatory, and business obligations. When personal data is no longer needed, we securely delete or anonymise it. We regularly review our retention periods to ensure they remain appropriate and proportionate.
For active clients, we retain data during the period we are providing services to you and for a reasonable period afterwards to address any follow-up queries or issues. Our core business records, including client information, project documentation, and correspondence, are typically retained for three years from the last interaction. This retention period allows us to address any subsequent queries while ensuring we do not retain data longer than necessary. Financial records are retained for six years from the end of the relevant financial year to comply with HM Revenue & Customs minimum requirements. Marketing communications and preferences are retained until you unsubscribe or request removal.
Specific services have tailored retention periods based on their particular requirements. For educational services, we retain your data for three years after the last interaction to support any follow-up queries about qualifications or placements. For unsuccessful applications, data is retained for one year to provide continuity if you reapply within a reasonable timeframe. For travel services, we retain booking and transaction records for three years for accounting and potential dispute resolution purposes. However, sensitive data such as passport details and visa information is deleted within one month after your travel is completed, unless there is a legal requirement to retain it longer. For IT projects, we retain project documentation for three years to support potential warranty claims or ongoing maintenance, while technical files associated with active hosting arrangements are retained for the duration of the hosting period. For business support services, we retain company formation and financial records for three years in line with proportionate business record retention requirements, while payroll records are retained for six years as required by employment and tax law.
When retention periods expire, we implement secure deletion procedures. These include permanent deletion of digital records from active systems and databases, secure overwriting of data to prevent recovery, confidential shredding of physical documents, and deletion of data from backup systems in accordance with our backup rotation schedule.
If you request deletion of your data before the retention period expires, we will honour your request where legally possible. However, we may need to retain certain data where we have a legal obligation to do so, where it is necessary for the establishment, exercise, or defence of legal claims, or where retention is necessary for other legitimate purposes.
8. Your Rights
Under the UK General Data Protection Regulation, the Nigeria Data Protection Act, and other applicable data protection laws, you have a number of important rights regarding your personal data.
You have the right to be informed about how we collect and use your personal data, which we fulfil through this Privacy Policy. You have the right of access, which means you can request a copy of the personal data we hold about you. We will respond to access requests within one month and provide this information free of charge in most circumstances. You have the right to rectification, which allows you to request that we correct any personal data about you that is inaccurate or incomplete. You have the right to erasure, sometimes referred to as the “right to be forgotten,” which allows you to request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
You have the right to restrict processing, which allows you to request that we limit how we use your personal data in specific situations, such as when you contest the accuracy of the data or object to processing. You have the right to data portability, which allows you to request that we provide your personal data to you in a structured, commonly used, and machine-readable format, and where technically feasible, to transmit it directly to another data controller. You have the right to object to processing based on our legitimate interests or when we process your data for direct marketing purposes. When you object to direct marketing, we will stop processing your data for those purposes.
You have the right to withdraw consent at any time where we are processing your data based on your consent. This will not affect the lawfulness of processing carried out before you withdrew your consent. You have the right not to be discriminated against for exercising any of your data protection rights. You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your data properly. In the UK, this is the Information Commissioner’s Office (www.ico.org.uk), and in Nigeria, this is the Nigerian Data Protection Commission (ndpc.gov.ng).
If you are a resident of the United States, you may have additional rights under state-specific privacy laws such as the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and similar laws in other states. If you are a Canadian resident, you have rights under PIPEDA, including the right to challenge the accuracy and completeness of your information. If you are a Nigerian resident, you have comprehensive rights under the Nigeria Data Protection Act 2023, including rights to access, rectification, erasure, restriction, portability, and objection.
To exercise any of your rights, please contact us at info@maurbel.com with the subject line “Data Subject Rights Request.” To help us process your request efficiently, please provide your full name and contact details, a clear description of which right you wish to exercise and the specific action you would like us to take, information about which service you used or how you interacted with us, and proof of identity to enable us to verify your identity and protect your personal data from unauthorised disclosure.
We will respond to your request within one month of receipt. In some cases, particularly for complex requests or where we receive multiple requests from you, we may extend this period by up to two additional months. If we do so, we will inform you of the extension and the reasons for it. We may take reasonable steps to verify your identity before acting on certain rights requests to ensure we are disclosing personal data only to the person to whom it relates.
9. Contact Us
If you have any questions about this Privacy Policy, how we handle your personal data, or if you wish to exercise any of your rights, please do not hesitate to contact us.
General Enquiries:
Email: info@maurbel.com or maurbelintegratedservices@gmail.com
Telephone: 07827 105272
Post: Maurbel Integrated Services Ltd, Office 14658, 182-184 High Street North, East Ham, London E6 2JA, United Kingdom
Data Subject Rights Requests:
Email: info@maurbel.com with the subject line “Data Subject Rights Request”
Complaints:
We take complaints seriously and will endeavour to resolve any concerns you have about how we handle your personal data. Please contact us first using the details above, and we will work with you to address your concerns. If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the relevant supervisory authority:
United Kingdom: Information Commissioner’s Office
Website: www.ico.org.uk
Telephone: 0303 123 1113
Nigeria: Nigerian Data Protection Commission
Website: ndpc.gov.ng
United States: Contact your State Attorney General’s office
Canada: Privacy Commissioner of Canada
Website: www.priv.gc.ca
10. Additional Information
Children’s Privacy
Our services are not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13 without parental consent. For applicants to educational programmes who are under 18 years of age, we recommend the involvement of a parent or guardian in the application process. We may require parental consent for the processing of personal data of minors in accordance with applicable laws. If you believe we have inadvertently collected personal data from a child under 13 without appropriate parental consent, please contact us immediately at info@maurbel.com, and we will take steps to delete such information.
Third-Party Links
Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices or content. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, changes in applicable laws, the introduction of new services, or improvements to our data protection measures. When we make material changes to this Privacy Policy, we will notify you by posting a prominent notice on our website or by sending you an email notification if we have your email address. The “Last Updated” date at the top of this policy indicates when it was last revised.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our services after notification of changes to this Privacy Policy will constitute your acknowledgement and acceptance of those changes.
Data Processing Agreements
When we act as a Data Processor for your business support services, we enter into a written Data Processing Agreement that sets out the subject matter and duration of processing, the nature and purpose of processing, the types of personal data processed, the categories of data subjects, and our obligations and your rights as the Data Controller. If you require a Data Processing Agreement for services where we act as a Data Processor, please contact us at info@maurbel.com.
Fee Transparency for Educational Services
For educational services, we comply with the National Code of Ethical Practice for UK Education Agents published by the UK Council for International Student Affairs. As is standard practice in the education consultancy sector, we receive commission from educational institutions for successful student placements. Many of our core consultancy services, including initial assessments, application guidance, and post-arrival support, are provided at no cost to students because they are funded by these institutional commissions.
Where we charge fees directly to students for premium services such as visa assistance or test preparation, these fees are clearly communicated before you commit to using the service. We are committed to transparency in all our fee arrangements and will always clarify our fee structure upon request.
Maurbel Integrated Services Ltd
British Council Certified Education Consultancy | Integrated Business Services
UK Company Registration Number: 16720409 | Registered in England and Wales
Nigeria Registration Number: BN 3216355
This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Data (Use and Access) Act 2025, Nigeria Data Protection Act 2023, US Family Educational Rights and Privacy Act (FERPA), Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Payment Card Industry Data Security Standard (PCI-DSS), and other applicable data protection laws.
© 2025 Maurbel Integrated Services Ltd. All rights reserved.