New laws introduced in the UK / EU on May 25th 2018 introduces new policies and procedures all companies in the UK need to follow. We need to review where we use, store and protect personal data which we collect from you. We need to classify which Lawful basis for processing personal data we are using and provide more transparency into how we use it. These fall into these categories:
We've Identified These Areas of Personal Data Collection
E-Mail Marketing, (Consent - double opt in)
We always ask for your consent before adding your email & name to their system.
We only use this information to send you relevant promotional announcements.
You are able to opt-out / unsubscribe / remove yourself from this list at anytime using the link at the bottom of any emails you've received. You can also unsubscribe when you have logged into your account on the website.
Please note that in order to record your opt out your email address will be kept in the system in an un-subscribed state. We are unable to send you emails when in this state.
You do have the right to complete deletion of your details should you want this please inform the office by email : email@example.com
We review activity on our list and remove any inactive accounts after 1 year of inactivity
Analytical Statistics, (Legitimate Interest)
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. This will likley disable you ability to log into the website.
We use this information internally for IT Security purposes
We use this information to track some personally identifiable information
We pass usage data externally to Google Analytics for historical analytics
We pass usage data externally to Facebook for missed / forgotten order reminder opportunities
We pass cumalitive useage stats for music streaming and downloading to the PRS for licencing purposes
Personal data collected by this method may include but is not limited to: User IP address, pages visited, forms submitted, sales revenue, product purchases, tracks streamed, tracks downloaded.
Streaming and downloading information data will be Obfuscated after 1 year so it cannot be traced back to you, however, we will hold the data on file indefinitelly for historical and statistical purposes.
We use this information to help identify areas where we can improve our service
We use this information to help improve our product / service availability
We use this information to identify unusual or malicious behaviour
We use this information to improve our security and detect security holes
We use IP information to help protect your account from malicious activity
We use server log information to monitor service up time and make sure website is operating within normal parameters
Account Sign Up, (Legitimate Interests)
When processing a new account for use on the site we will ask you for personal details. Which will include Name, Address, Email and personal password.
Passwords are encrypted in our database and are only known to you.
These will be stored for as long as you have an account with us.
Not an exhaustive list but, these details will be used when placing orders, managing your email comunication preferences, viewing past orders and amending any information we have on file for you.
After 2 years of inactivity we will remove your account from the system
To be clear, to remain active you must have logged into your account with in 2 calendar years
If you have made any purchases this personal information will be retained for legal obligation reason as outlined in the Orders / Sales section.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. This may prevent you from placing orders.
Orders - Sales Invoicing, (Legal Obligation)
When processing an order you agree to us holding your personal information in the form of a sales order / invoice.
This will include, but not limited to: Name, Address, Products Ordered, Discounts Given, Sales Total
This information will be stored for 7 years to comply with HRMC tax & VAT law in the UK
After 7 years personal data will be removed / obfuscated so it cannot be connected to you personally. Obfuscated data may be retained longer than this for statistical / historical purposes.
Payment Processing, (Legitimate Interest)
When completing your order you are passed to our 3rd party payment provider SagePay
We use this information to process payment for your order.
We use this information for accounting purposes
We do not store your payment card information on YourOnlinePianist.co.uk owned systems.
We are fully complient with the PCI DSS and contunue to monitor our servers and policies to stay inline with their guidelines.
We have access on SagePay's secure site to old payments which have been processed. This allows, along with other functions, to process refunds if required. It also allows us to confirm payment for goods you have ordered.
Information is stored in the SagePay system for up to 7 years to comply with UK tax accounting laws.
Contact Forms, (Legitimate Interest)
Our website uses RSA Encryption with a 2048 bit key providing secure communication between you and our corporate website.
You can confirm this by clicking the padlock in your browser and verifying you are connected to youronlinepianist.co.uk
You can communicate with us by using our contact form. At this point we collect your email & name information for use in communicating back to you.
We will only use this information to reply to you regarding your query or future queries
We may keep your communication on file for historical purposes. So we know what we have communicated and what has been agreed upon in the past.
Subject Access Requests
To comply with GDPR you have the right to obtain a copy of your personal data as well as other supplementary information. Much of this information will already be accessible from your account which will have been submitted to us on sign up.
If you believe that any information we are holding on you is incorrect or incomplete, you can log into your account online and amend your details. Alternatively please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Should you have any queries relating to your data on our system, or wish to be removed from our system completely please contact us
Controlling your personal information & Right to be Fogotten
You may choose to restrict the collection or use of your personal information in the following ways:
whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at firstname.lastname@example.org
We will not sell, distribute or lease your personal information to third parties outsideunless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
If you believe that any information we are holding on you is incorrect or incomplete, you can log into your account online and amend your details. Alternatively please write to or email us as soon as possible, at the above address.We will promptly correct any information found to be incorrect.