Privacy Policy

This Online Privacy Policy (the “Privacy Policy”) was last updated on February 5, 2019.

At Whittle School & Studios (“Whittle”, “we”, “us”) respect your privacy and want you to understand how we collect, use, and share data about you. This Privacy Policy covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal data. This Privacy Policy provides information on the processing of personal data of prospective students, students, parents of students (or of prospective students), survey or study participants if the data is not being obtained from the data subjects themselves, and visitors to our websites. We also use cookies (after seeking your consent, if required). Further information on this can be found in our Cookie Statement.

Whittle is the party responsible for processing your personal data (the “controller”) within the meaning of the applicable legislation and regulations in the various countries Whittle, or its affiliates and group companies operate, including but not limited to the EU General Data Protection Regulation (“GDPR”).

Unless we link to a different policy or state otherwise, this Privacy Policy applies when you visit or use any Whittle website, Whittle application or related services (the “Services”). 

By using the Services, you agree to the terms of this Privacy Policy. You shouldn’t use the Services if you don’t agree with this Privacy Policy or any other agreement that governs your use of the Services.

Table of Contents

  1. What Data We Collect

  2. How We Get Data About You

  3. What We Use Your Data For

  4. Grounds for Processing Personal Data

  5. Who We Share Your Data With

  6. Security

  7. Your Rights With Regard To Personal Data

  8. Our Policy Regarding Children

  9. Jurisdiction-Specific Rules

  10. Updates & Contact Info

  11. Cookie Policy

1. What Data We Collect

We collect certain data from you directly, like information you enter yourself, data about your participation in courses, and data from third-party platforms through which you connect with Whittle. We also collect some data automatically, like information about what parts of our Services you interact with or spend time using.

1.1 Data You Provide to Us

We may collect different data from or about you depending on how you use the Services. Below are some examples to help you better understand the data we collect.

When you have an account and/or use the Services, we collect any data you provide directly, which may include:

  • name and address;

  • telephone number, email address;

  • date of birth, sex;

  • bank and payment details (of students/prospective students or their parents, as appropriate); You may be required to provide certain payment and billing data directly to our payment processing partners, including your name, credit card information, billing address, and zip code. For security, Whittle does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data;

  • study choice, academic progress and other study-related data;

  • any personal experiences in the event of the student (or prospective student) consulting a study advisor;

  • log-in credentials, a unique identifying number (“Account Data”).

  • You can also choose to provide profile information like a photo, headline, website link, social media profiles, or other data. Your profile data will not be publicly viewable by others.

Amongst other things, we process the following personal data from visitors to our websites:

  • website visit and use;

  • IP address;

  • duration and time of visit to the website;

  • use of social media.

For purposes of surveys or (scientific) research we may, in addition to the above, process additional personal data for each survey or study. The nature and scope of the personal data can vary in these cases; further information on this will accompany the survey or study concerned. 

If you contact us for support or to report a problem or concern (regardless of whether you have created an account), we collect and store your contact information, messages, and other data about you like your name, email address, location, operating system, IP address, and any other data you provide or that we collect through automated means (which we cover below). We use this data to respond to you and research your question or concern, in accordance with this Privacy Policy.

The data listed above is stored by us and may be associated with your account.

1.2 Data We Collect through Automated Means

When you access the Services (including browsing courses), we collect certain data by automated means, including:

  • Technical data about your computer or device, like your IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain and other systems data, and platform types (“System Data”).

  • Usage statistics about your interactions with the Services, including courses accessed, time spent on pages or the Service, pages visited, features used, your search queries, click data, date and time, and other data regarding your use of the Services (“Usage Data”).

  • An approximate geographic location, including information like country, city, and geographic coordinates, calculated based on your IP address.

The data listed above is collected through the use of server log files and tracking technologies, as detailed in the “Cookies and Data Collection Tools” section below. It is stored by us and associated with your account.

2. How We Get Data About You

We use tools like standard web based forms, cookies, web beacons and analytics services, to gather the data listed above. Some of these tools offer you the ability to opt out of data collection.

2.1 Cookies and Data Collection Tools

As detailed in our Cookie Policy, Whittle and service providers acting on our behalf (like Google Analytics) use server log files and automated data collection tools like cookies, web beacons, tags or scripts (together, “Data Collection Tools”) when you access and use the Services. These Data Collection Tools automatically track and collect certain System Data and Usage Data when you use the Services. In some cases, we tie data gathered through those Data Collection Tools to other data that we collect as described in this Privacy Policy.

We use cookies (small files that websites send to your device to uniquely identify your browser or device or to store data in your browser) for things like analyzing your use of the Services, personalizing your experience, making it easier to log into the Services, and recognizing you when you return. We may use web beacons (small objects that allow us to measure the actions of visitors and users using the Services) for things like identifying whether a page was visited.

You can set your web browser to alert you about attempts to place cookies on your computer, limit the types of cookies you allow, or refuse cookies altogether. If you do, you may not be able to use some or all features of the Services, and your experience may be different or less functional.

2.2 Analytics

We use third-party browser and mobile analytics services like Google Analytics on the Services. These services use Data Collection Tools to help us analyze your use of the Services, including information like the third-party website you arrive from, how often you visit, events within the Services, usage and performance data. We use this data to improve the Services, better understand how the Services perform on different devices, and provide information that may be of interest to you.

3. What We Use Your Data For

We use your data, within the framework of education and research, to do things like provide our Services, communicate with you, troubleshoot issues, secure against fraud and abuse, improve and update our Services, analyze how people use our Services, and as required by law or necessary for safety and integrity.

We use the data we collect through your use of the Services to:

  • Provide and administer the Services, including to display customized content and facilitate communication with other users;

  • Process your requests and orders for courses, products, specific services, information, or features;

  • Communicate with you about your account by:

  • Responding to your questions and concerns;

  • Sending you administrative messages and information, notifications about changes to our Service, and updates to our agreements;

  • Sending you information and in-app messages about your progress in courses, new services, new features and newsletters (which you can opt out of at any time);

  • Manage your account preferences;

  • Facilitate the Services’ technical functioning, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse;

  • Solicit feedback from users;

  • Market and administer surveys administered by Whittle;

  • Learn more about you by linking your data with additional data through third-party data providers or analyzing the data with the help of analytics service providers;

  • Identify unique users across devices;

  • Improve our Services and develop new products, services, and features;

  • Analyze trends and traffic;

  • As required or permitted by law; or

  • As we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, employees, third parties, the public, or our Services.

4. Grounds For Processing Personal Data

In order to be allowed to process your personal data, there must be a legitimate basis for doing so as set out in the GDPR. In the case of Whittle this legitimate basis will be – depending on the type of personal data concerned – performance of an agreement, a legal obligation, a legitimate interest or consent. If you do not provide certain personal data, you may not be allowed to use the Services, conduct research or benefit from all Services functionalities.

Agreement 

We need to process personal data for the purposes of fulfilling certain contractual obligations. Examples include processing personal data in connection with agreements between Whittle and a student or his or her parents, or in connection with an authorization to collect tuition fees.

Legal obligations

We need to process certain personal data pursuant to such legislation as applicable educations laws, administrative laws and tax law.

Legitimate interest

We have an interest in being in a position to carry out certain surveys or research, to safeguard the quality of education and to provide information. On the grounds of these interests, we will process your personal data unless your privacy interests outweigh our interests. For that reason, we sometimes carry out surveys in the public domain with personal data being processed, carry out student satisfaction surveys and keep a record of your use of the website.

Consent

If none of the aforementioned bases for processing apply, then we will request your consent to process certain personal data. An example of a situation for which we could ask for your consent is issuing your personal data to an insurer and to a university abroad, within the compass of an exchange project. You are free to withdraw your consent at any time. 

5. Who We Share Your Data With

We share certain data about you with instructors, other students, companies performing services for us, our business partners, analytics and data enrichment providers. We may also share your data as needed for security, legal compliance, or as part of a corporate restructuring. Lastly, we can share data if we get your consent.

We may share your data with third parties under the following circumstances or as otherwise described in this Privacy Policy:

  • With Other Students and Instructors: Depending on your settings, your shared content and profile data may be publicly viewable to other students and instructors. 

  • With Service Providers, Contractors, and Agents: We share your data with third-party companies who perform services on our behalf, like payment processing, data analysis, email and hosting services, and customer services and support. These service providers may access your personal data and are required to use it solely as we direct, to provide our requested service.

  • With Analytics and Data Enrichment Services: As part of our use of third-party analytics tools like Google Analytics, we share certain contact information, Account Data, System Data, Usage Data (as detailed in Section 1), or de-identified data as needed. 

  • For Security and Legal Compliance: We may disclose your data to third parties if we (in our sole discretion) have a good faith belief that the disclosure is:

  • Permitted or required by law;

  • Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;

  • Reasonably necessary as part of a valid subpoena, warrant, or other legally-valid request;

  • Reasonably necessary to enforce our Terms of Use, Privacy Policy, and other legal agreements;

  • Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or

  • Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of Whittle, our users, employees, members of the public, or our Services.

  • We may also disclose data about you to our auditors and legal advisors in order to assess our disclosure obligations and rights under this Privacy Policy.

  • During a Change in Control: If Whittle undergoes a business transaction like a merger, acquisition, corporate divestiture, or dissolution (including bankruptcy), or a sale of all or some of its assets, we may share, disclose, or transfer all of your data to the successor organization during such transition or in contemplation of a transition (including during due diligence).

  • With Your Permission: with your consent, we may share data to third parties outside the scope of this Privacy Policy.

6. Security

We use appropriate security based on the type and sensitivity of data being stored. As with any internet-enabled system, there is always a risk of unauthorized access, so it’s important to protect your password and to contact us if you suspect any unauthorized access to your account.

Whittle takes appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data that we collect and store. These measures vary based on the type and sensitivity of the data. Unfortunately, however, no system can be 100% secured, so we cannot guarantee that communications between you and Whittle, the Services, or any information provided to us in connection with the data we collect through the Services will be free from unauthorized access by third parties. Your password is an important part of our security system, and it is your responsibility to protect it. You should not share your password with any third party, and if you believe your password or account has been compromised, you should change it immediately and contact us with any concerns.

We have taken appropriate technical and organizational measures to prevent loss or unlawful processing of personal data. For example, your personal data can only be viewed by staff authorized to view it on the grounds of their role.

7. Your rights with regard to personal data

You are entitled, under certain circumstances, to access any personal data processed by us or to have it corrected or deleted or restrict its processing. Sometimes you can also lodge an objection or request a transfer of your personal data. To submit a request to us in this respect, please contact us by sending an email to legal.administration@whittleschool.org.  If in doubt about your identity, we are entitled to ask you to provide proof of your identity first.

We will not keep your personal data for longer than is necessary for the purposes for which we use it. We are required by law to keep some data for a certain period of time.

For example, it could be that after you have completed a course of study we have to keep certain personal data for administrative purposes or due to a legal obligation. Wherever possible, we will pseudonymize or anonymize your personal data to the fullest extent possible. 

Access and correction

If you wish to know whether we are processing your personal data or would like to amend your personal data, please get in touch with us. 

Erasure

Under certain circumstances, the GDPR allows you to have personal data erased. We will assess whether it is possible to implement such a request: in some cases we will have to retain your personal data, e.g. to comply with a statutory obligation, to facilitate education or (as a one-off action) to see to it that you will no longer receive messages from us.

Restriction

You are entitled to contact us with a request to restrict the processing of your data if you think that your personal data is incorrect, the processing of it is unlawful, you require it for legal action or you have objected to it being processed.

Objection

if we process your personal data on the basis of a legitimate interest, then you can object to further use of your personal data on the grounds of your specific reasons.

Objection to receiving messages

If you no longer wish to receive email messages or any other electronic messages from us, then you can deregister for these by clicking on the unsubscribe button in an email message received from us. You can also deregister by contacting us. 

8. Our Policy Concerning Children

We recognize the privacy interests of children and encourage parents and guardians to take an active role in their children’s online activities and interests. Children under 13 (or under 16 in the European Economic Area) should not use the Services without parental supervision. If we learn that we’ve collected personal data from a child under those ages without the appropriate consents of parents or guardians, we will take reasonable steps to delete it.

Parents or guardians who believe that Whittle may have collected personal data from a child under those ages without the appropriate consents, can submit a request that it be removed to legal.administration@whittleschool.org.

9. Jurisdiction-Specific Rules

If you live in California, you have certain rights to request information. Users outside of the United States should note that we transfer data to and from the US, to and from the PRC and to and from European Economic Area.

9.1 Users in California

If you are a California resident, you have the right to request certain details about what personal information we share with third parties for those third parties’ direct marketing purposes. To submit your request, send an email to legal.administration@whittleschool.org with the phrase “California Shine the Light” and include your mailing address, state of residence, and email address.

Since the internet industry is still working on Do Not Track standards, solutions, and implementations, we do not currently recognize or respond to browser-initiated Do Not Track signals.

9.2 Users Outside of the U.S.

Whittle‘s (IT) operations are managed out of the U.S. and in order to provide the Services to you we may need to transfer your data to the United States and process it there. By visiting or using our Services, you consent to storage of your data on servers located in the United States. If you are using the Services from outside the United States, you consent to the transfer, storage, and processing of your data in and to the United States or other countries. Whittle will endeavor to process personal data collected in Switzerland and the European Economic Area (“EEA”) on EU citizens solely within the EU, by saving your data on a server located in the EU wherever possible. Sometimes this will not be possible, and we will need to transfer and store personal data collected in Switzerland and the European Economic Area outside those areas.

That data is also processed outside of Switzerland and the EEA by our Whittle group companies, or our service providers, including to process transactions, facilitate payments, and provide support services. We have entered into data processing agreements with our service providers that restrict and regulate their processing of your data on our behalf. By submitting your data or using our Services, you consent to this transfer, storage, and processing by Whittle and its processors.

10. Updates & Contact Info

When we make a material change to this policy, we’ll notify users via email, in-product notice, or another mechanism required by law. Changes become effective the day they’re posted. Please contact us via email or postal mail with any questions, concerns, or disputes.

10.1 Modifications to This Privacy Policy

From time to time, we may update this Privacy Policy. If we make any material change to it, we will notify you via email, through a notification posted on the Services, or as required by applicable law. We will also include a summary of the key changes. Unless stated otherwise, modifications will become effective on the day they are posted.

As permitted by applicable law, if you continue to use the Services after the effective date of any change, then your access and/or use will be deemed an acceptance of (and agreement to follow and be bound by) the revised Privacy Policy. The revised Privacy Policy supersedes all previous Privacy Policies.

10.2 Interpretation

Any capitalized terms not defined in this policy are defined as specified in Whittle's Terms of Use. Any version of this Privacy Policy in a language other than English is provided for convenience. If there is any conflict with a non-English version, you agree that the English language version will control.

10.3 Questions

If you have any questions, concerns, or disputes regarding our Privacy Policy, please feel free to contact our designated privacy officer at legal.administration@whittleschool.org. You can also send postal mail to us at Whittle Management Inc., Attn: General Counsel, 54 W 40th Street, 10th Floor, New York NY 10018.

11. Cookie Policy

This Cookie Policy was last updated on February 5, 2019

What are cookies?

Cookies are small text files stored by your browser as you browse the internet. They can be used to collect, store, and share data about your activities across websites, including on our sites. Cookies also allow us to remember things about your visits and to make the site easier to use.

We use both session cookies, which expire after a short time or when you close your browser, and persistent cookies, which remain stored in your browser for a set period of time. We use session cookies to identify you during a single browsing session. We use persistent cookies where we need to identify you over a longer period, like when you request that we keep you signed in.

Why does Whittle use cookies and similar technologies?

We use cookies and similar technologies like web beacons, pixel tags, or local shared objects (“flash cookies”), to deliver, measure, and improve our services in various ways. We use these cookies both when you visit our site and services. As we adopt additional technologies, we may also gather additional data through other methods.

We use cookies for the following purposes:

Authentication and security

  • To log you into Whittle

  • To protect your security

  • To help detect and fight spam, abuse, and other activities that violate Whittle’s agreements

For example, cookies help authenticate your access to Whittle and prevent unauthorized parties from accessing your accounts.

Preferences

  • To remember data about your browser and your preferences

  • To remember your settings and other choices you’ve made

For example, cookies help us remember your preferred language or the country you’re in, so we can provide content in your preferred language without asking each time you visit.

Analytics and research

  • To help us improve and understand how people use our services

We also work with analytics partners, including Google Analytics, who use cookies and similar technologies to help us analyze how users use the Services, including by noting the sites from which you arrive. Those service providers may either collect that data themselves or we may disclose it to them.

What are my privacy options?

You have a number of options to control or limit how we and our partners use cookies:

  • Most browsers automatically accept cookies, but you can change your browser settings to decline cookies by consulting your browser’s support articles. If you decide to decline cookies, please note that you may not be able to sign in, customize, or use some interactive features in the Services.

  • Flash cookies operate differently than browser cookies, so your browser’s cookie-management tools may not remove them. To learn more about how to manage Flash cookies, see Adobe’s article on managing flash cookies and Website Storage Settings panel.

  • For general information about targeting cookies and how to disable them, visit www.allaboutcookies.org.

Updates & Contact Info

From time to time, we may update this Cookie Policy. If we do, we’ll notify you by posting the policy on our site with a new effective date. If we make any material changes, we’ll take reasonable steps to notify you in advance of the planned change.

If you have any questions about our use of cookies, please email us at legal.administration@whittleschool.org.