Privacy Policy

RhythmGate is the data controller for personal data described in this policy. Where we act as a processor on behalf of partners, we process data strictly under their instructions.

1. Data we collect

Identity and contact data, usage data, marketing preferences, and technical data. See UK GDPR.

• Identity and contact: name, email, telephone, account IDs.
• Technical: IP address, device identifiers, browser type, time zone, and similar cookies data.
• Usage: pages visited, interactions, referral URLs, error logs.
• Preferences: language, marketing choices, notification settings.
• Support: messages you send us and related attachments.

We collect data directly from you, via automated technologies (e.g. cookies), and from limited third-party sources where lawful.

2. How we use data

• To provide course discovery, enrolment suggestions, and support.
• To improve our catalog and site performance.
• To communicate updates with your consent.

Lawful bases

• Performance of a contract: to provide and maintain our services.
• Legitimate interests: to improve security, prevent fraud, and enhance user experience, balanced against your rights.
• Consent: for optional analytics/marketing technologies.
• Legal obligations: to comply with applicable laws and requests from authorities.

3. Cookies

We use essential and analytics cookies. Manage choices via the cookie banner or Cookie settings. See more in Cookies and Profiling definitions.

4. Sharing

We do not sell personal data. We may share with service providers under contracts with appropriate safeguards, including confidentiality, security and DPIA where necessary. International transfers may use IDTA or SCCs plus additional measures.

5. Your rights

• Access, rectification, erasure, restriction, portability and objection.
• Right to withdraw consent for processing based on consent at any time.
• Complain to the ICO if you believe we mishandled data.
• We will respond within one month (extendable by two months for complex requests).

6. Contact

Email: [email protected] • Phone: +44 20 3808 9275

7. Retention

We retain personal data only as long as needed for the purposes described or to meet legal, accounting, or reporting requirements. We routinely review and securely delete or anonymise data when no longer required. See pseudonymisation.

8. International transfers

Where data is transferred outside the UK, we implement appropriate safeguards such as the UK International Data Transfer Agreement, Addendum to EU SCCs, or other approved mechanisms with supplementary measures where required.

9. Security

We employ technical and organisational measures including encryption in transit, access controls, audit logging, rate limiting, and staff training. No system is 100% secure; please use strong passwords and keep them confidential.

10. Children

Our services are not directed to children under 13. If you believe a child has provided us personal data, contact us to request deletion.

11. Automated decision-making

We do not make decisions producing legal or similarly significant effects solely by automated means. We may use limited profiling to recommend content, subject to your rights and choices.

12. Changes to this policy

We may update this policy to reflect changes in law or our practices. We will adjust the “Last updated” date and take additional steps where required.