Privacy & GDPR Policy

Last updated: December 2025

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what personal data we collect, how we use it, the lawful basis for processing, and your rights.

Lawful Bases for Processing

We process personal data under the following lawful bases as defined by UK GDPR:

• Consent
• Contractual necessity
• Legal obligation
• Legitimate interests

Personal Data We Collect

Email Marketing (Consent)

We collect and store email addresses and names for marketing communications only where explicit consent has been provided (via double opt-in).

• Marketing data is stored with Mailchimp, a GDPR-compliant service provider.
• Your details are used only to send relevant service updates or promotional information.
• You may unsubscribe at any time using the link in our emails or via your account settings.
• Unsubscribed email addresses are retained in a suppressed state to ensure compliance with opt-out requests.
• You may request full deletion of your marketing data by emailing info@youronlinepianist.co.uk.
• Inactive marketing records are periodically reviewed and removed.

Analytics & Usage Data (Legitimate Interest)

We use cookies, server logs, and analytics tools to understand how our educational platform is used and to maintain security.

• We use cookies to enable essential site functionality, including login access.
• Usage data may be processed internally for service improvement and security monitoring.
• Aggregated, non-identifiable usage data may be shared with analytics providers such as Google Analytics.
• Limited data may be shared with advertising platforms (e.g. Facebook) for abandoned checkout reminders.
• Aggregated streaming and download statistics are provided to PRS for music licensing purposes.

Personal data collected may include IP address, browser type, pages visited, purchases made, and usage of educational practice materials.

Streaming and download data is anonymised after 12 months so it can no longer be linked to an individual user. Aggregated statistical data may be retained indefinitely for historical and licensing purposes.

Account Registration (Contractual & Legitimate Interest)

When you create an account, we collect personal information required to deliver our educational service.

• Name
• Email address
• Billing address
• Account password (stored securely in encrypted form)

Account data is used to provide access to educational materials, manage purchases, and maintain account security.

Accounts inactive for two consecutive years may be removed, unless retained for legal or accounting reasons.

Orders & Invoicing (Legal Obligation)

When you make a purchase, we retain transaction records to comply with UK tax and accounting regulations.

• Name and billing address
• Products or educational materials accessed
• Order totals and invoices

This data is retained for 7 years in accordance with HMRC requirements. After this period, personal identifiers are removed or anonymised.

Payment Processing (Legitimate Interest)

Payments are processed securely via our third-party payment provider. We do not store payment card details on our servers.

• We comply with PCI DSS requirements.
• Payment records are retained by our payment provider for up to 7 years.
• Payment data is used solely for processing transactions, refunds, and accounting.

Contact Forms (Legitimate Interest)

When you contact us via our website, we collect your name and email address solely to respond to your enquiry.

• Communications may be retained for reference and record-keeping.
• We do not use contact form data for marketing unless consent is separately provided.

Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure of your data (where legally permissible)
• Restrict or object to certain processing
• Withdraw consent for marketing at any time

Many details can be updated directly via your account. Alternatively, you may contact us using the details below.

Contact Details

Email: info@youronlinepianist.co.uk
Postal address:
YourOnlinePianist
2 Hawking Drive
Cranleigh
Surrey
GU6 8FY

Third-Party Disclosure

We do not sell or rent your personal data. Personal data is shared only with trusted service providers or where required by law.

If you believe any data we hold is incorrect or incomplete, please contact us and we will promptly rectify it.