Privacy Policy

PRIVACY POLICY

Last updated 28 September 2018

It’s really important to the London Music Academy that we look after your  personal data carefully.  This policy explains how we keep your data safe and secure and how we use it to improve your experience using the website and buying goods, vouchers, bootcamp and getaway packages, courses and lessons from us.

 

What this policy covers

The data controller is London Music Academy (referred to in this privacy policy as ”we” or “us).

We’ve written this privacy policy because we care about doing the right thing when we collect use and look after your personal data. This policy:

  • sets out the type of personal data that we collect;
  • explains how and why we collect and use your personal data;
  • explains how we share personal data with our service providers;
  • explains the rights and choices you have when it comes to personal data we hold.

 

We want to be very clear about what this policy covers.  If you shop with us over the phone or online or otherwise using our website where this policy is posted, this policy applies.   It also applies if you contact us or we contact you about our services.

Our website may contain links to other websites operated by other organisations that have their own privacy policies. Please make sure you read their terms and conditions and privacy policy carefully before providing any personal data on the website as we do not accept any responsibility or liability for other organisations’ websites.

 

 

Personal data we collect

This section tells you what personal data we may collect from you when you buy something from us or contact us.

 

When you register as a user on our website, you may provide us with:

  • your personal details, including your postal and billing addresses, email addresses and phone numbers;
  • your account login details, including your username and password.

 

When you shop with us online or browse our website we may collect:

  • information about your online purchases (for example, what you bought and how you paid for it)
  • information about your online browsing behaviour on our website
  • information about any devices you have used to access our website such as the make, model, operating system, IP address, browser type and mobile device identifiers.

 

When you contact us and we contact you or you give a review about our website or our lessons, we may collect:

  • personal data you provide about yourself any time you contact us about our website, goods, vouchers, bootcamp and getaway packages, courses and lessons (for example, your name, username and contact details), including by telephone, email or post all when you speak to us on social media.
  • details of the emails and other digital communications that we send to you and that you open, including any links in them that you click.

 

How and why we use your personal data

This section explains how and why we use your personal data.  We use personal data to:

  • make the ability to buy goods, vouchers, bootcamp and getaway packages, courses and lessons available to you;
  • manage your account on our website;
  • process your orders and refunds.

 

Why do we process your personal data in this way?

We need to process your personal data so we can provide you with goods, vouchers, bootcamp and getaway packages, courses and lessons that you want to buy and to help you with any orders and refunds.

  • manage and improve our website

 

Why do we process your personal data in this way?

We use cookies and similar technologies on our website to improve the website. Some cookies are necessary so you shouldn’t disable these if you want to be able to use all the features on our website.  You can still disable cookies, but this might affect your experience using the website. For more information about cookies please read the cookie policy posted on our website.

  • Detect and prevent fraud or other crime

 

Why do we process your personal data in this way?

It is important for us to monitor how our website is used so that we can detect and prevent fraud, other crimes and misuse of the website.  This helps us to make sure that you can safely use our website and place orders with us.

  • Contact and interact with you (to contact you about orders by phone, email or post or by responding when you contact us through social media)

 

Why do we process your personal data in this way?

We want to make your experience of buying products or lessons as smooth as possible.   We use personal data to help us give the most appropriate response and clarification when we reply to your queries.

  • Invite you to take part in and manage surveys, reviews and other market research activities.

 

Why do we process  your personal data in this way?

We carry out some market research to improve the way we operate our website and deliver lessons. If you tell us you don’t want us to contact you for market research, we won’t contact you for market research.

  • Claims – in order to resolve legal claims or disputes involving you or us

 

Why do we process your personal data in this way?

For example if there is any incident or accident on our premises or during lessons.   This can include medical reports.

 

Legal basis

In relation to the headings mentioned in the section above (“how and why we use your personal data”), our legal basis for processing your personal data is:

  • To make our goods, vouchers, bootcamp and getaway packages, courses and lessons available to you

 

Legal basis: (1) Contractual necessity.  At the time we collected we would be unable to except an order without the purchase and transaction data, contact details, lesson appointment times, profile details, delivery and collection details.

(2) Legitimate interests.

  • Manage and improve our day-to-day operation of our website

 

Legal basis:  legitimate interests

  • Contact and interact with you:

 

Legal basis: legitimate interests

  • Claims

 

Legal basis: bringing or defending legal claims

 

Our legitimate interests in using your personal data

Where we have mentioned above our use of your personal data is based on our legitimate interests, these are to:

  • service customer needs, for example, delivery of goods or arranging appointments for lessons;
  • promote and market our goods, vouchers, bootcamp and getaway packages, courses and lessons;
  • manage complaints and resolve any disputes;
  • understand our customers including their patterns of behaviour as well as their likes and dislikes;
  • prevent and detect antisocial behavior, fraud and other crime;
  • protect and support our tutors and teachers, other customers and you;
  • test and develop new parts of our website, new products or to improve and develop our existing offering.

 

Sharing personal data with service providers

 This section explains how and why we share personal data with service providers.

When we share personal data with these companies we require them to keep it safe, and they must not use your personal data for their own promotional and marketing purposes.

Our service providers do things for us that we can not do ourselves.  For example we work with companies that help us to process payments, give us legal or other professional services and deliver orders.  We only share personal data that enables that service provider to provide the services.

Examples of our service providers include Facebook, PayPal, iZettle and Royal Mail.

 

Sharing personal data with other organisations

This section explains how and why we share personal data with other organisations.

We may share personal data with other organisations in the following circumstances:

  • if the law or a public authority says we must share that personal data;
  • if it is necessary for the administration of justice;
  • if we need to share personal data so that we can establish, exercise or defend our legal rights.

This could include, for example, providing personal data to others to help us prevent fraud.

 

How we protect personal data

We place a great deal of importance on protecting your personal data.   This section sets out some of the things we do to achieve that.

  • We apply physical, electronic and procedural safeguards when we collect, store or disclose personal data.
  • We protect the security of your information when it is being transmitted electronically by using encryption.
  • We use firewalls to keep your data safe
  • We only authorize access to partners and contractors who need it to carry out their responsibilities or deliver our services to you.
  • Our hosting provider, TSO Host, monitors its servers and systems for possible vulnerabilities and attacks.
  • If we need to confirm an order by using your payment card number we will only ask you about the last four digits of your card number.

We ask you to help us look after your personal data by keeping your login details confidential and keeping your devices protected so that people can’t use them without your authorization.

The personal data that we collect from you may be transferred to, and stored out, a destination outside the European Economic Area (EEA). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. If we do this we ensure that your privacy rights are respected in line with this policy. This would mean we put in place a contract like the international transfers contract (HTTP://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm) or use privacy shield (https://www.privacyshield.gov/welcome).

 

How long we use personal data for

We will keep your personal data no longer than we need to.  The length of time depends on different factors, such as:

  • why we collected it in the first place;
  • how old it is;
  • if there is a legal or regulatory reason for us to keep it;
  • if we need it to protect us or to protect you.

 

Subject access rights

You have a right to see your personal data held by us.  This is called a “Subject Access Request”.

If you would like a copy of the personal data we hold about you, please write to us at the contact address on our contact page.   Please mark the letter “Subject Access Request: Data Protection”.

You can also email us at the email address set out on our contact page.  If you email us for a Subject Access Request please use “Subject Access Request: Data Protection” as the subject of your email.

 

Other data protection rights

In relation to your personal data, you also have the right to:

  1. Have inaccurate information corrected.

If you believe we hold inaccurate or incomplete information, please let us know and we will correct it.

  1. Object to our use of it.

You have the right to make a general objection or an objection in relation to direct marketing.   If you make a general objection we will consider your objection to our use of your personal data. If on balance, your rights outweigh our interest in using your personal data, then we will at your request either restrict the use of it as below, or delete it also, as below.

  1. Restrict the use of it.

There are situations when you can restrict the use of your personal data, including where you have made a successful general objection, where you are challenging the accuracy of the personal data we hold, or where we have used your personal data unlawfully, but you don’t want us to delete it.

  1. Have us delete it.

There are situations when you can require us to delete your personal data, such as where we no longer need to keep your personal data, where you have successfully made a general objection, you’ve withdrawn your consent to us using your personal data (and we don’t have any other grounds to use it), or where we’ve unlawfully processed your personal data.

  1. Have us transfer or “port” a copy of it.

You have a right to data portability and we will work with you to find the best way to do this if it is applicable.

  1. Complain to the data protection regulator.

Whether you try to resolve any complaints you have with us first or not – and we would like you to try to resolve complaints with us first –you do also have the right to complain to the UK data protection regulator (the ICO) about how we used your personal data. Their website is ico.org.uk and you can make a complaint by following the links to “your data matters” and then “raising concerns”.   The ICO website contains lots of useful information about your privacy rights in the “resources and support” section, under “your data matters”.

 

More information on your data protection rights

The ICO website also contains more detail on the data protection rights mentioned above.   If you would like to speak to us about your data protection rights and how they affect the goods, vouchers, bootcamp and getaway packages, courses and lessons we offer, contact us using any of the methods listed on our contact page.

 

 Our Data Protection Officer

Our Data Protection Officer can be contacted by email. Please mark the email “For the attention of the Data Protection Officer” in the subject field.

We reserve the right to change this policy at any time, so please check back regularly to keep informed of any updates.