Privacy & Data Policy
At Cturtle, we follow global best practices in data privacy, built on the EU General Data Protection Regulation (GDPR) — the international benchmark for personal data protection. As a global talent intelligence company with databases covering over 180 countries, we apply GDPR’s principles, definitions, and consent protocols to all aspects of our operations.
Data privacy built on global standards
We apply GDPR as our baseline across all 180+ countries — extending opt-out, unsubscribe, and deletion rights universally, regardless of jurisdiction.
GDPR Baseline
GDPR applied as the global standard across all markets, with local law compliance layered on top.
Public Data Only
We collect only publicly available professional information — no private or sensitive personal data.
Right to Opt-Out
Every individual can unsubscribe or request data removal at any time — always honoured promptly.
Secure Storage
Data stored with encryption, role-based access, regular audits, and timely deletion protocols.
Complete Privacy & Data Policy
Contents
About This Policy
This policy sets out the manner in which Cturtle Limited (“Cturtle”) and our affiliate brands and partners collect, use, disclose and process your personal data when you access or use our applications, websites, and services, or provide us with your personal data.
Please do not access or use our platforms or provide any personal data to us if you do not accept this policy. We may amend this policy from time to time without notice to you, in compliance with applicable laws.
Collecting Personal Data
What personal data we collect. We collect personal data that is relevant to our relationship with you. We may collect your personal data directly or indirectly through various channels, including when you use our platforms and services, register an account, respond to our promotions, contact us, or submit your personal data for any other reason.
We may also collect your personal data from third party sources, including business partners, public agencies, and public social media platforms such as LinkedIn, Facebook, Instagram, and Twitter.
Automated collection. Our platforms may contain technologies that automate the collection of data, including cookies, web beacons, artificial intelligence, and web analytics tools.
Minors. If you are a child or minor, please seek the consent of your parent or guardian before providing your personal data to us.
What We Do With Personal Data
We collect, use, disclose and process your personal data where you have given us consent, where necessary to comply with legal obligations, where necessary to support our legitimate business interests, or where necessary to perform a transaction you have requested.
Purposes include:
- Facilitating your use of our platforms and services, including recommendations of education, employment, events, and immigration services
- Providing and maintaining our platforms and services, including monitoring usage
- Assisting you with enquiries and feedback
- Administrative purposes including accounting, risk management, and record keeping
- Security purposes — detecting, preventing, and addressing technical issues
- Conducting data analytics to improve our platforms and services
Disclosure of Personal Data
We may disclose or share your personal data with our related parties and business partners, third parties who provide services to us including IT services and data analytics, and regulatory authorities, governments, or public agencies.
When disclosing personal data to third parties, we will, where required by applicable law, enter into contracts to protect your personal data.
Cross-Jurisdictional Transfers
We may transfer your personal data from the jurisdiction where it is collected to any other jurisdictions that we operate in, and to third parties in other jurisdictions.
Where we transfer your personal data across jurisdictions, we will ensure it is treated securely and in accordance with this policy and applicable laws. You may obtain details of these safeguards by contacting us.
Protection of Personal Data
Unauthorised access. While we take reasonable precautions to safeguard your personal data, we cannot be held responsible for unauthorised or unintended access that is beyond our control.
Period of retention. We retain your personal data only for as long as is necessary to fulfil the purposes we collected it for. Typically, our data retention period is at least 6 years.
Your Rights
Depending on the laws applicable to you, you may enjoy the following rights in relation to your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of incomplete or inaccurate personal data
- Withdrawal of consent — withdraw consent for our use of your personal data
- Erasure — ask us to delete or remove personal data in certain circumstances (EU residents)
- Portability — request transfer of certain personal data to another party (EU residents)
To exercise your rights, please contact us at hello@cturtle.co. You may also submit a data removal request via our Remove My Data form.
Partner & Affiliate Brands
Cturtle is a market network that works with education, employer, government and other partners and affiliates. Current affiliate brands include:
New brands and affiliates are added regularly. This list is updated on an ongoing basis.
Data Compliance Statement
At Cturtle, we are committed to ensuring the highest standards of data compliance and privacy. Our data acquisition practices, which employ artificial intelligence (AI) technologies, are designed to align with GDPR and other relevant regulations.
- Lawful basis — we only acquire data when a lawful basis exists, including consent, contractual necessity, legal obligation, legitimate interests, or public interest
- Purpose limitation — data is used solely for purposes explicitly stated at the time of collection
- Data minimisation — we only collect and retain data that is necessary and proportionate
- Transparency — we provide clear information about data acquisition, purposes, and how to exercise rights
- Security — we maintain encryption, access controls, regular security assessments, and staff training
- Retention & deletion — we retain data only as long as necessary, then securely delete or anonymise it
- Data Protection Officer — we have designated a DPO who oversees our data acquisition practices
Contact Us
If you have any feedback or issues in relation to your personal data or this policy, please contact us so that we can resolve your concerns.
Email: hello@cturtle.co
To request removal of your data: Remove My Data →
Questions about your data?
We’re committed to transparency. If you have questions about how we handle your personal data, or wish to exercise your rights, please get in touch.
Global compliance frameworks
GDPR — European Union
Privacy Act 1988 & Spam Act 2003 — Australia
PDPO — Hong Kong
CCPA — California, United States
Applied as a baseline across all 180+ countries we operate in.
Questions about your data?
If you have questions about how we handle your personal data or wish to exercise your rights, please get in touch.
🔒 Your details are kept private and never shared.
