Whittle is the party responsible for processing your personal data (the “controller”) within the meaning of the applicable legislation and regulations in the various countries Whittle, or its affiliates and group companies operate, including but not limited to the EU General Data Protection Regulation (“GDPR”).
Table of Contents
- What Data We Collect
- How We Get Data About You
- What We Use Your Data For
- Grounds for Processing Personal Data
- Who We Share Your Data With
- Your Rights With Regard To Personal Data
- Our Policy Regarding Children
- Jurisdiction-Specific Rules
- Updates & Contact Info
1. What Data We Collect
We collect certain data from you directly, like information you enter yourself, data about your participation in courses, and data from third-party platforms through which you connect with Whittle. We also collect some data automatically, like information about what parts of our Services you interact with or spend time using.
1.1 Data You Provide to Us
We may collect different data from or about you depending on how you use the Services. Below are some examples to help you better understand the data we collect.
When you have an account and/or use the Services, we collect any data you provide directly, which may include:
- name and address;
- telephone number, email address;
- date of birth, sex;
- bank and payment details (of students/prospective students or their parents, as appropriate); You may be required to provide certain payment and billing data directly to our payment processing partners, including your name, credit card information, billing address, and zip code. For security, Whittle does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data;
- study choice, academic progress and other study-related data;
- any personal experiences in the event of the student (or prospective student) consulting a study advisor;
- log-in credentials, a unique identifying number (“Account Data”).
- You can also choose to provide profile information like a photo, headline, website link, social media profiles, or other data. Your profile data will not be publicly viewable by others.
Amongst other things, we process the following personal data from visitors to our websites:
- website visit and use;
- IP address;
- duration and time of visit to the website;
- use of social media.
For purposes of surveys or (scientific) research we may, in addition to the above, process additional personal data for each survey or study. The nature and scope of the personal data can vary in these cases; further information on this will accompany the survey or study concerned.
The data listed above is stored by us and may be associated with your account.
1.2 Data We Collect through Automated Means
When you access the Services (including browsing courses), we collect certain data by automated means, including:
- Technical data about your computer or device, like your IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain and other systems data, and platform types (“System Data”).
- Usage statistics about your interactions with the Services, including courses accessed, time spent on pages or the Service, pages visited, features used, your search queries, click data, date and time, and other data regarding your use of the Services (“Usage Data”).
- An approximate geographic location, including information like country, city, and geographic coordinates, calculated based on your IP address.
The data listed above is collected through the use of server log files and tracking technologies, as detailed in the “Cookies and Data Collection Tools” section below. It is stored by us and associated with your account.
2. How We Get Data About You
We use tools like standard web based forms, cookies, web beacons and analytics services, to gather the data listed above. Some of these tools offer you the ability to opt out of data collection.
2.1 Cookies and Data Collection Tools
We use third-party browser and mobile analytics services like Google Analytics on the Services. These services use Data Collection Tools to help us analyze your use of the Services, including information like the third-party website you arrive from, how often you visit, events within the Services, usage and performance data. We use this data to improve the Services, better understand how the Services perform on different devices, and provide information that may be of interest to you.
3. What We Use Your Data For
We use your data, within the framework of education and research, to do things like provide our Services, communicate with you, troubleshoot issues, secure against fraud and abuse, improve and update our Services, analyze how people use our Services, and as required by law or necessary for safety and integrity.
We use the data we collect through your use of the Services to:
- Provide and administer the Services, including to display customized content and facilitate communication with other users;
- Process your requests and orders for courses, products, specific services, information, or features;
- Communicate with you about your account by:
- Responding to your questions and concerns;
- Sending you administrative messages and information, notifications about changes to our Service, and updates to our agreements;
- Sending you information and in-app messages about your progress in courses, new services, new features and newsletters (which you can opt out of at any time);
- Manage your account preferences;
- Facilitate the Services’ technical functioning, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse;
- Solicit feedback from users;
- Market and administer surveys administered by Whittle;
- Learn more about you by linking your data with additional data through third-party data providers or analyzing the data with the help of analytics service providers;
- Identify unique users across devices;
- Improve our Services and develop new products, services, and features;
- Analyze trends and traffic;
- As required or permitted by law; or
- As we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, employees, third parties, the public, or our Services.
4. Grounds For Processing Personal Data
In order to be allowed to process your personal data, there must be a legitimate basis for doing so as set out in the GDPR. In the case of Whittle this legitimate basis will be – depending on the type of personal data concerned – performance of an agreement, a legal obligation, a legitimate interest or consent. If you do not provide certain personal data, you may not be allowed to use the Services, conduct research or benefit from all Services functionalities.
We need to process personal data for the purposes of fulfilling certain contractual obligations. Examples include processing personal data in connection with agreements between Whittle and a student or his or her parents, or in connection with an authorization to collect tuition fees.
We need to process certain personal data pursuant to such legislation as applicable educations laws, administrative laws and tax law.
We have an interest in being in a position to carry out certain surveys or research, to safeguard the quality of education and to provide information. On the grounds of these interests, we will process your personal data unless your privacy interests outweigh our interests. For that reason, we sometimes carry out surveys in the public domain with personal data being processed, carry out student satisfaction surveys and keep a record of your use of the website.
If none of the aforementioned bases for processing apply, then we will request your consent to process certain personal data. An example of a situation for which we could ask for your consent is issuing your personal data to an insurer and to a university abroad, within the compass of an exchange project. You are free to withdraw your consent at any time.
5. Who We Share Your Data With
We share certain data about you with instructors, other students, companies performing services for us, our business partners, analytics and data enrichment providers. We may also share your data as needed for security, legal compliance, or as part of a corporate restructuring. Lastly, we can share data if we get your consent.
- With Other Students and Instructors: Depending on your settings, your shared content and profile data may be publicly viewable to other students and instructors.
- With Service Providers, Contractors, and Agents: We share your data with third-party companies who perform services on our behalf, like payment processing, data analysis, email and hosting services, and customer services and support. These service providers may access your personal data and are required to use it solely as we direct, to provide our requested service.
- With Analytics and Data Enrichment Services: As part of our use of third-party analytics tools like Google Analytics, we share certain contact information, Account Data, System Data, Usage Data (as detailed in Section 1), or de-identified data as needed.
- For Security and Legal Compliance: We may disclose your data to third parties if we (in our sole discretion) have a good faith belief that the disclosure is:
- Permitted or required by law;
- Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
- Reasonably necessary as part of a valid subpoena, warrant, or other legally-valid request;
- Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or
- Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of Whittle, our users, employees, members of the public, or our Services.
- During a Change in Control: If Whittle undergoes a business transaction like a merger, acquisition, corporate divestiture, or dissolution (including bankruptcy), or a sale of all or some of its assets, we may share, disclose, or transfer all of your data to the successor organization during such transition or in contemplation of a transition (including during due diligence).
We use appropriate security based on the type and sensitivity of data being stored. As with any internet-enabled system, there is always a risk of unauthorized access, so it’s important to protect your password and to contact us if you suspect any unauthorized access to your account.
Whittle takes appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data that we collect and store. These measures vary based on the type and sensitivity of the data. Unfortunately, however, no system can be 100% secured, so we cannot guarantee that communications between you and Whittle, the Services, or any information provided to us in connection with the data we collect through the Services will be free from unauthorized access by third parties. Your password is an important part of our security system, and it is your responsibility to protect it. You should not share your password with any third party, and if you believe your password or account has been compromised, you should change it immediately and contact us with any concerns.
We have taken appropriate technical and organizational measures to prevent loss or unlawful processing of personal data. For example, your personal data can only be viewed by staff authorized to view it on the grounds of their role.
7. Your rights with regard to personal data
You are entitled, under certain circumstances, to access any personal data processed by us or to have it corrected or deleted or restrict its processing. Sometimes you can also lodge an objection or request a transfer of your personal data. To submit a request to us in this respect, please contact us by sending an email to firstname.lastname@example.org. If in doubt about your identity, we are entitled to ask you to provide proof of your identity first.
We will not keep your personal data for longer than is necessary for the purposes for which we use it. We are required by law to keep some data for a certain period of time.
For example, it could be that after you have completed a course of study we have to keep certain personal data for administrative purposes or due to a legal obligation. Wherever possible, we will pseudonymize or anonymize your personal data to the fullest extent possible.
Access and correction
If you wish to know whether we are processing your personal data or would like to amend your personal data, please get in touch with us.
Under certain circumstances, the GDPR allows you to have personal data erased. We will assess whether it is possible to implement such a request: in some cases we will have to retain your personal data, e.g. to comply with a statutory obligation, to facilitate education or (as a one-off action) to see to it that you will no longer receive messages from us.
You are entitled to contact us with a request to restrict the processing of your data if you think that your personal data is incorrect, the processing of it is unlawful, you require it for legal action or you have objected to it being processed.
if we process your personal data on the basis of a legitimate interest, then you can object to further use of your personal data on the grounds of your specific reasons.
Objection to receiving messages
If you no longer wish to receive email messages or any other electronic messages from us, then you can deregister for these by clicking on the unsubscribe button in an email message received from us. You can also deregister by contacting us.
8. Our Policy Concerning Children
We recognize the privacy interests of children and encourage parents and guardians to take an active role in their children’s online activities and interests. Children under 13 (or under 16 in the European Economic Area) should not use the Services without parental supervision. If we learn that we’ve collected personal data from a child under those ages without the appropriate consents of parents or guardians, we will take reasonable steps to delete it.
Parents or guardians who believe that Whittle may have collected personal data from a child under those ages without the appropriate consents, can submit a request that it be removed to email@example.com.
9. Jurisdiction-Specific Rules
If you live in California, you have certain rights to request information. Users outside of the United States should note that we transfer data to and from the US, to and from the PRC and to and from European Economic Area.
9.1 Users in California
If you are a California resident, you have the right to request certain details about what personal information we share with third parties for those third parties’ direct marketing purposes. To submit your request, send an email to firstname.lastname@example.org with the phrase “California Shine the Light” and include your mailing address, state of residence, and email address.
Since the internet industry is still working on Do Not Track standards, solutions, and implementations, we do not currently recognize or respond to browser-initiated Do Not Track signals.
9.2 Users Outside of the U.S.
Whittle‘s (IT) operations are managed out of the U.S. and in order to provide the Services to you we may need to transfer your data to the United States and process it there. By visiting or using our Services, you consent to storage of your data on servers located in the United States. If you are using the Services from outside the United States, you consent to the transfer, storage, and processing of your data in and to the United States or other countries. Whittle will endeavor to process personal data collected in Switzerland and the European Economic Area (“EEA”) on EU citizens solely within the EU, by saving your data on a server located in the EU wherever possible. Sometimes this will not be possible, and we will need to transfer and store personal data collected in Switzerland and the European Economic Area outside those areas.
That data is also processed outside of Switzerland and the EEA by our Whittle group companies, or our service providers, including to process transactions, facilitate payments, and provide support services. We have entered into data processing agreements with our service providers that restrict and regulate their processing of your data on our behalf. By submitting your data or using our Services, you consent to this transfer, storage, and processing by Whittle and its processors.
10. Updates & Contact Info
When we make a material change to this policy, we’ll notify users via email, in-product notice, or another mechanism required by law. Changes become effective the day they’re posted. Please contact us via email or postal mail with any questions, concerns, or disputes.
What are cookies?
Cookies are small text files stored by your browser as you browse the internet. They can be used to collect, store, and share data about your activities across websites, including on our sites. Cookies also allow us to remember things about your visits and to make the site easier to use.
We use both session cookies, which expire after a short time or when you close your browser, and persistent cookies, which remain stored in your browser for a set period of time. We use session cookies to identify you during a single browsing session. We use persistent cookies where we need to identify you over a longer period, like when you request that we keep you signed in.
Authentication and security
- To log you into Whittle
- To protect your security
- To help detect and fight spam, abuse, and other activities that violate Whittle’s agreements
For example, cookies help authenticate your access to Whittle and prevent unauthorized parties from accessing your accounts.
- To remember data about your browser and your preferences
- To remember your settings and other choices you’ve made
For example, cookies help us remember your preferred language or the country you’re in, so we can provide content in your preferred language without asking each time you visit.
Analytics and research
- To help us improve and understand how people use our services
What are my privacy options?
- Most browsers automatically accept cookies, but you can change your browser settings to decline cookies by consulting your browser’s support articles. If you decide to decline cookies, please note that you may not be able to sign in, customize, or use some interactive features in the Services.
- Flash cookies operate differently than browser cookies, so your browser’s cookie-management tools may not remove them. To learn more about how to manage Flash cookies, see Adobe’s article on managing flash cookies and Website Storage Settings panel.
- For general information about targeting cookies and how to disable them, visit www.allaboutcookies.org.
Updates & Contact Info