Last updated: May, 2025

Privacy Policy

This is the Privacy Policy of When in Culture Ltd (hereafter referred to as “us” or “we”). This Privacy Policy describes how your personal information is collected, used, and shared when you use our website, streaming and e-learning services, When in Culture through our websites (wheninculture.com, watch.wheninculture.com, learn.wheninculture.com) or any of our branded apps (together, the “Service”).
 
By using the Service, you agree to the collection, use and disclosure of your information as described in this Privacy Policy. We may modify this Privacy Policy from time to time. Your continued use of the Service constitutes your agreement to any updated Privacy Policy on a prospective basis.
 
1. Who We Are

This Privacy Policy explains how When in Culture Ltd (“When in Culture”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you access or use our websites, digital learning platforms, streaming services, mobile applications, and related services (together, the “Services”).

When in Culture Ltd is a company incorporated in England and Wales.
 Registered Address: Warlies Park House, Horseshoe Hill, Upshire, EN9 3SL
 Email: privacy@wheninculture.com

For the purposes of applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, When in Culture Ltd acts as an independent data controller in respect of personal data processed through the Services, unless expressly stated otherwise in writing.

Use of the Services is also governed by our Terms and Conditions and any applicable Partner or Licence Agreements, which may include additional provisions relating to data use, reporting, and access.

2. Scope and Individuals Covered

This Privacy Policy applies to all individuals whose personal data we process in connection with the Services, including:

  • visitors to our websites;
  • learners and students using the Services;
  • individuals who receive access via a university, education provider, agent, sponsor, employer, or other organisation (each a “Partner”);
  • Partner representatives using partner-facing portals or tools;
  • individuals who contact us with enquiries, feedback, or support requests.
3. Access via Partners and Controller Status

You may access the Services directly, or because a Partner has provided you with access (for example, by issuing a voucher code or enrolling you via a partner portal).

Where access is provided by a Partner:

  • the Partner may provide us with limited personal data (such as your name and email address) for the purpose of creating or activating your account; and
  • When in Culture remains the independent data controller for all personal data processed within the Services, including account data, platform usage, learning engagement, analytics, and reporting.

Partners are responsible for personal data processed within their own systems and under their own privacy notices.

Nothing in this Privacy Policy is intended to create a joint-controller relationship between When in Culture and any Partner, unless such relationship is expressly agreed in writing.

4. Categories of Personal Data We Collect

Depending on how you use the Services, we may collect the following categories of personal data.

4.1 Account and Registration Data
  • full name;
  • email address;
  • authentication information (passwords or single sign-on identifiers);
  • country or region of residence;
  • optional profile information (such as display name or avatar);
  • date of birth, where required for a specific feature or legal requirement.
4.2 Partner-Provided Onboarding Data

Where access is provided by a Partner:

  • name;
  • email address;
  • voucher code, cohort identifier, or group reference (where applicable).
4.3 Learning and Engagement Data
  • courses accessed;
  • progress and completion records;
  • course completion certificates and associated verification data;
  • assessment responses and results;
  • engagement metrics relating to When in Culture content only.
4.4 Technical and Usage Data
  • IP address and approximate location derived from IP;
  • device identifiers and device type;
  • browser type, operating system, and platform information;
  • timestamps, log files, and usage records;
  • referring and exit pages.
4.5 Communications and Support Data
  • messages, enquiries, or requests you send to us;
  • support correspondence;
  • survey responses or feedback you voluntarily provide.
4.6 Payment Data

Where you purchase products or services, payments are processed by secure third-party payment providers. We receive limited transaction metadata (such as payment status and transaction reference) and do not store full payment card details.

4.7 Public or Shared Content

If the Services include public features, any content you choose to post may be visible to other users.

4.8 Identity Verification Data (where applicable)

Where identity verification is required for a specific course or feature, we may process identity-related data (such as ID documents, biometric verification outputs, or authentication checks) solely for verification purposes. Such data is processed securely and retained only as long as necessary.

5. How We Use Personal Data

We use personal data to:

  • provide, operate, and maintain the Services;
  • create, manage, and authenticate user accounts;
  • deliver digital content and learning experiences;
  • display progress, completion, and certification;
  • provide customer support and respond to enquiries;
  • ensure platform security and prevent fraud or misuse;
  • analyse usage and improve performance, functionality, and content;
  • generate aggregated, anonymised or de-identified insights for reporting and product development;
  • communicate essential service and security messages;
  • send marketing communications where permitted by law;
  • comply with legal, regulatory, and contractual obligations.
6. Legal Bases for Processing

Where UK GDPR or EU GDPR applies, we process personal data on one or more of the following lawful bases:

  • Performance of a contract – to provide the Services;
  • Legitimate interests – including operating, securing, analysing, and improving the Services, and providing Partner reporting;
  • Consent – for optional marketing communications and certain non-essential technologies;
  • Legal obligation – to comply with applicable laws or regulations.
7. Sharing of Personal Data

7.1 Sharing with Partners

Where access to the Services is provided by a Partner, we may provide Partners with aggregated, anonymised or de-identified reporting to help them understand overall engagement with When in Culture content.

Such reporting may include high-level insights such as:

  • aggregate activation levels;
  • overall course engagement trends;
  • aggregated completion rates; and
  • general usage patterns across cohorts.

This reporting:

  • does not identify individual users;
  • does not include personal data;
  • does not involve continuous or real-time monitoring of individual behaviour; and
  • is limited to engagement with When in Culture content only.

Partners are responsible for their own data processing activities and any decisions they make in relation to their users, in accordance with their own policies and applicable laws.



7.2 Service Providers

We use vetted third-party service providers (e.g. hosting, analytics, authentication, communications). These providers act only on our instructions and are contractually bound to protect personal data.

7.3 Legal and Safety Disclosures

We may disclose personal data where required by law or necessary to protect users or the Services.

7.4 Business Transfers

If When in Culture undergoes a merger, acquisition, or sale, personal data may be transferred subject to appropriate safeguards.

8. International Data Transfers
Personal data may be processed outside your country. Where required, we implement safeguards such as contractual protections and appropriate security measures.
9. Data Retention

We retain personal data only as long as necessary to fulfil the purposes described in this Policy, including:

  • course completion and certification records;
  • platform usage and engagement data;
  • audit, legal, and contractual requirements.

Retention periods vary depending on the nature of the data.

10. Security
We implement appropriate technical and organisational measures to protect personal data. No system can be guaranteed to be completely secure.
11. Communications and Marketing
11.1 Essential Communications

We may send essential service-related communications (e.g. account, security, legal notices).

11.2 Marketing from When in Culture

We may send marketing communications where permitted by law. You may opt out at any time.

11.3 Third-Party Promotions

We do not share personal data with third parties for their own marketing purposes without your explicit consent.

12. Children’s Privacy
The Services are not intended for individuals under 16. If we become aware such data has been collected, we will delete it.
13. Your Rights

Depending on your location, you may have rights to:

  • access your personal data;
  • request correction or deletion;
  • restrict or object to processing;
  • withdraw consent where applicable.

Requests should be directed to When in Culture.

14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes may be communicated via the Services or by email.
15. Contact Information

When in Culture Ltd
 Warlies Park House, Horseshoe Hill, Upshire, EN9 3SL
 Email: privacy@wheninculture.com