Last Edit NOV 2018

GDPR

New laws introduced in the UK / EU on May 25th 2018 introduces new policies and procedures all companies in the UK need to follow. We need to review where we use, store and protect personal data which we collect from you. We need to classify which Lawful basis for processing personal data we are using and provide more transparency into how we use it. These fall into these categories: 

• Consent
• Contractual 
• Legal Obligation
• Vital Interests
• Public Task 
• Legitimate Interests

 

We've Identified These Areas of Personal Data Collection

E-Mail Marketing, (Consent - double opt in) 

• We collect and store information with MailChimp, a well established and fully GDPR complaint company based in the USA. You can view there privacy policy on their website. 
• We always ask for your consent before adding your email & name to their system. 
• We only use this information to send you relevant promotional announcements. 
• You are able to opt-out / unsubscribe / remove yourself from this list at anytime using the link at the bottom of any emails you've received. You can also unsubscribe when you have logged into your account on the website. 
• Please note that in order to record your opt out your email address will be kept in the system in an un-subscribed state. We are unable to send you emails when in this state. 
• You do have the right to complete deletion of your details should you want this please inform the office by email : info@youronlinepianist.co.uk
• We review activity on our list and remove any inactive accounts after 1 year of inactivity 

 

Analytical Statistics, (Legitimate Interest)

• We use cookies & other web / server logs to monitor user behaviour on our site.
• You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. This will likley disable you ability to log into the website.
• We use this information internally for IT Security purposes
• We use this information to track some personally identifiable information
• We pass usage data externally to Google Analytics for historical analytics
• We pass usage data externally to Facebook for missed / forgotten order reminder opportunities
• We pass cumalitive useage stats for music streaming and downloading to the PRS for licencing purposes
• Personal data collected by this method may include but is not limited to: User IP address, pages visited, forms submitted, sales revenue, product purchases, tracks streamed, tracks downloaded.
• Streaming and downloading information data will be Obfuscated after 1 year so it cannot be traced back to you, however, we will hold the data on file indefinitelly for historical and statistical purposes. 
• We use this information to help identify areas where we can improve our service
• We use this information to help improve our product / service availability 
• We use this information to identify unusual or malicious behaviour
• We use this information to improve our security and detect security holes
• We use IP information to help protect your account from malicious activity 
• We use server log information to monitor service up time and make sure website is operating within normal parameters

 

Account Sign Up, (Legitimate Interests) 

• When processing a new account for use on the site we will ask you for personal details. Which will include Name, Address, Email and personal password. 
• Passwords are encrypted in our database and are only known to you. 
• These will be stored for as long as you have an account with us. 
• Not an exhaustive list but, these details will be used when placing orders, managing your email comunication preferences, viewing past orders and amending any information we have on file for you. 
• After 2 years of inactivity we will remove your account from the system
• To be clear, to remain active you must have logged into your account with in 2 calendar years
• If you have made any purchases this personal information will be retained for legal obligation reason as outlined in the Orders / Sales section. 
• The use of cookies is required to allow you to log into the website. We store information on your computer which holds your personal information. This allows us to identify you and grant you access into your account. 
• You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. This may prevent you from placing orders. 

 

Orders - Sales Invoicing, (Legal Obligation)

• When processing an order you agree to us holding your personal information in the form of a sales order / invoice. 
• This will include, but not limited to: Name, Address, Products Ordered, Discounts Given, Sales Total 
• This information will be stored for 7 years to comply with HRMC tax & VAT law in the UK
• After 7 years personal data will be removed / obfuscated so it cannot be connected to you personally. Obfuscated data may be retained longer than this for statistical / historical purposes. 

 

Payment Processing, (Legitimate Interest)

• When completing your order you are passed to our 3rd party payment provider SagePay 
• We use this information to process payment for your order. 
• We use this information for accounting purposes
• We do not store your payment card information on YourOnlinePianist.co.uk owned systems. 
• We are fully complient with the PCI DSS and contunue to monitor our servers and policies to stay inline with their guidelines. 
• We have access on SagePay's secure site to old payments which have been processed. This allows, along with other functions, to process refunds if required. It also allows us to confirm payment for goods you have ordered. 
• Information is stored in the SagePay system for up to 7 years to comply with UK tax accounting laws.  

 

Contact Forms, (Legitimate Interest)

• Our website uses RSA Encryption with a 2048 bit key providing secure communication between you and our corporate website. 
• You can confirm this by clicking the padlock in your browser and verifying you are connected to youronlinepianist.co.uk
• You can communicate with us by using our contact form. At this point we collect your email & name information for use in communicating back to you. 
• We will only use this information to reply to you regarding your query or future queries
• We may keep your communication on file for historical purposes. So we know what we have communicated and what has been agreed upon in the past. 

 

Subject Access Requests

To comply with GDPR you have the right to obtain a copy of your personal data as well as other supplementary information.  Much of this information will already be accessible from your account which will have been submitted to us on sign up.  

If you believe that any information we are holding on you is incorrect or incomplete, you can log into your account online and amend your details. Alternatively please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect. 

Should you have any queries relating to your data on our system, or wish to be removed from our system completely please contact us

By email: info@youronlinepianist.co.uk 

In writing: 

YourOnlinePianist
2 Hawking Drive
Cranleigh
Surrey
GU6 8FY

Controlling your personal information & Right to be Fogotten

You may choose to restrict the collection or use of your personal information in the following ways:

• whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes

• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at info@youronlinepianist.co.uk

 

We will not sell, distribute or lease your personal information to third parties outsideunless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

If you believe that any information we are holding on you is incorrect or incomplete, you can log into your account online and amend your details. Alternatively please write to or email us as soon as possible, at the above address.We will promptly correct any information found to be incorrect.