Privacy Notice
LAST UPDATED: 10/10/2023
1. WHO WE ARE
AND WHAT WE DO
WHO WE ARE
Rocksteady Music School (“Rocksteady”, “us”, “we”, “our”) is a limited company registered in England and Wales under registration number 08111026. Our registered office is at Bohunt Manor, Portsmouth Road, Liphook, Hampshire, GU30 7DL. We are also registered with the UK supervisory authority, the Information Commissioner’s Office (“ICO”) in relation to our processing of Personal Data under registration number ZA367955.
WHAT WE DO
We provide in-school peri tuition music sessions, making learning music fun and giving kids the chance to be in a band, perform songs they love and learn life skills. We are committed to protecting the privacy and security of the Personal Data we process about you and the kids we teach.
Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.
There are occasions where we process personal data as a data processor, on the instructions of a data controller. If we are the data processor for your personal data, you will need to contact the data controller for full details of how your personal data is used.
2. PURPOSE OF THIS
PRIVACY NOTICE
The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.
3. WHO THIS PRIVACY
NOTICE APPLIES TO
This privacy notice applies to you if:
- You visit our website
- You purchase/use services from us
- You enquire about our products and/or services
- You use our platform
- You sign up to receive newsletters and/or other promotional communications from us
A cookie is a small file that can be placed on your device that allows companies to recognise and remember you. When you visit our site, the 3rd party services we use may place analytics cookies on your device. This helps them collect data about their service and helps them display relevant content.
4. WHAT PERSONAL
DATA IS
‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.
‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.
5. PERSONAL DATA
WE COLLECT
The type of Personal Data we collect about you will depend on our relationship with you. Below is an example of the different categories of personal data we may collect and process about you depending on your relationship with us.
PARENTS/GUARDIANS/CARERS
- Full name
- Postal address
- Phone number
- Email address
- Child’s full name
- Child’s school
- Child’s age
- Relevant medical information regarding your child
- Services preferences (such as musical instrument choice, or band choice)
- Child’s attendance history and any reasons for absences
- Recordings and images of your child taking part in our services (where we are permitted to do so via your consent)
- Password and account details (if you create an account with us)
- Purchase history with us and your payment details (such as billing address and card details) where you provide them to our customers services team
- Social media handle/username details if you engage with us on social media
- Technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, device types, operating system
- Information about your visit to our website, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed, searched for or purchased, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse- overs), methods used to browse the website. We also use Google Analytics to analyse how visitors use our website via cookies.
- Feedback that you give us or our customer services team
- Any other information that you choose to give to us via our website or to our customer services team
If you are a Parent/Guardian/Carer, where we refer to ‘your personal data’ we are referring to the personal data of both you and your child/the child under your care.
THIRD PARTY CONTACTS
- Full name
- Email address
- Home address
- Organisation you work for
- Technical information (as per above)
- Information about your website visit
- Any other information chosen to provide
6. HOW WE COLLECT
YOUR PERSONAL DATA
We may collect personal data in a variety of ways, but essentially it is when you give it to us, which includes when you:
PARENTS/GUARDIANS/CARERS
- Create an account with us
- Access our website
- Ask us to provide you with services and use our services
- Sign up to receive marketing communications from us
- Contact our customer services team
- Enter one of our competitions, promotions, or fill in a survey
- Engage with us on social media (for example by mentioning/tagging us or by contacting us directly)
- Leave comments on our website or interact with other functionality where you provide us with data on our website
We may also occasionally receive information about your child from their school.
THIRD PARTY CONTACTS
We may collect personal data in a variety of ways, but essentially it is when you give it to us, which includes when you:
- Enter into contractual negotiations with us
- Sign up to our marketing communications
- Contact us
- Attend one of our events
7. HOW WE USE YOUR
PERSONAL DATA AND OUR
JUSTIFICATIONS FOR DOING SO
Applicable Data Protection legislation requires us to identify appropriate lawful bases to process personal data. The table below highlights how and why we use your personal data, along with the legal justification for doing so.
PARENTS/GUARDIANS/CARERS
How we use your personal data | Lawful basis for processing |
---|---|
To provide you with information about the services you have requested or purchased from us. | Performance of contract |
Use of video footage and images of sessions involving your child to create media for the parent timeline, accessible on the Rocksteady ‘Backstage’ feature. We may also record sessions involving your child for marketing purposes. | Your consent |
To tell you about relevant products or services we offer | Your consent |
To ensure that financial information provided to us is accurate. Detect, investigate, report, and seek to prevent financial crime or other illegal activity. Managing financial risk to us and our customers. | Legal obligation and Legitimate Interests |
To ensure the website is optimised for you and your device. | Your Consent (please see our section on Cookies for further information) |
To measure how satisfied our customers are and find out more about the users of our services, to ensure products and services are most likely to interest our customers. | Legitimate Interests |
To ensure our services are running effectively and respond to your contact for the purposes of administering our business. | Legitimate interests |
THIRD PARTY CONTACTS
How we use your personal data | Lawful basis for processing |
---|---|
To provide you with information about the services you have requested or purchased from us. | Performance of contract |
To engage with you as a service provider, including making queries regarding the services that you provide and for the purposes of managing our contract with you. | Performance of contract |
To maintain an internal list of potential suppliers | Legitimate Interests |
8. SHARING YOUR
PERSONAL DATA
When we provide you with services, we may share your personal data for several reasons which are detailed below. Whenever we share your personal data, we put safeguards in place which require these other organisations to keep your data safe and to ensure that they do not use your personal data for their own marketing purposes unless you have given us your consent to do so. We will never sell your personal data to a third party.
We may share your personal data in the following circumstances:
- To provide our services – we work with a number of trusted service providers who carry out services on our behalf, such service providers include website and database hosting (Amazon Web Services) and our certificate provider, Trinity College.
- To comply with legal requests and prevent crime – There may be scenarios where we are subject to a legal obligation to disclose or share your personal data, such as with law enforcement agencies, regulatory bodies or public authorities in order to prevent or detect crime. We will only ever disclose your personal data to these third parties to the extent we are required to do so by law.
- If our Group Structure changes – We may also share your personal data if we choose to sell, transfer, or merge parts of our business and/or group, or our assets in the future. Or we may seek to acquire other businesses or merge with them. During any such process, we may share your data with other parties. We will only do this if they agree to keep your data safe.
9. INTERNATIONAL
TRANSFERS
Your Personal Data may be processed outside of the UK, this is because some of the organisations we use to provide our service to you are based internationally.
We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK.
We do this by ensuring that:
- Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
- We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary.
10. YOUR RIGHTS AND
HOW TO COMPLAIN
You have certain rights in relation to the processing of your Personal Data, including to:
- Right to be informed
You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this. - Right of access (commonly known as a “Subject Access Request”)
You have the right to receive a copy of the Personal Data we hold about you. - Right to rectification
You have the right to have any incomplete or inaccurate information we hold about you corrected. - Right to erasure (commonly known as the right to be forgotten)
You have the right to ask us to delete your Personal Data. - Right to object to processing
You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material. - Right to restrict processing
You have the right to restrict our use of your Personal Data. - Right to portability
You have the right to ask us to transfer your Personal Data to another party.Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
- Right to withdraw consent
If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so. - Right to lodge a complaint
You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:
Or by telephone on 0303 123 1113
HOW TO EXERCISE YOUR RIGHTS
You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.
11. CHILDREN’S PRIVACY
AND SAFEGUARDING
We understand the importance of ensuring children’s data is kept safe and do all we can to make sure it is not compromised. We have security measures and procedures in place should we become aware of any compromise to a child’s data and will inform relevant parties as needed and required under data protection legislation.
Rocksteady Music School has a statutory and moral duty to safeguard and promote the welfare of all children receiving education and training with us. More information can be found in our Safeguarding Notice.
12. RECORDED MUSIC
SESSIONS
We record our band sessions in the form of video, audio, and photographic images. We do this for the following purposes:
- Showcasing your child’s educational experience with us as part of the service we provide
- Assisting with lesson planning and development
- Training
We don’t record every session or performance piece and where we record/photograph sessions for our ‘Backstage’ feature, consent is gathered from parents/guardians/carers.
Where schools have enrolled children via our bursary and funded schemes, we will not record/take photos unless direct consent has been provided to us from a parent/guardian/carer. Any consent withdrawals, concerns or complaints will be passed onto the school as necessary.
13. USE OF COOKIES AND
SIMILAR TECHNOLOGIES
Our website utilises cookies and similar technologies. You can find out more by viewing our cookie notice available here.
14. SECURITY AND
STORAGE OF INFORMATION
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
If we become aware of any loss, misuse, alteration of personal data we will work closely with our IT team, Data Protection Officer (DPO) and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.
15. DATA RETENTION
We will not keep Personal Data longer than is necessary, for the purpose or purposes for which they were collected. Retention periods will vary according to the types of personal information we hold and for what purposes. Rocksteady will take all reasonable steps to destroy, or erase from its systems, all Personal Data which is no longer required. This does not apply to anonymised data.
If you would like more information on our data retention practices, please contact us using the details in the ‘Contact Us’ section.
16. HOW TO CONTACT
US AND OUR DATA
PROTECTION OFFICER
If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows:
Rocksteady Music School
Bohunt Manor, Portsmouth Road, Liphook, Hampshire, GU30 7DL
Phone: 0330 113 0330
Email: data@rocksteadymusicschool.com
We have also appointed a Data protection Officer (“DPO”). Our DPO is Evalian Ltd can be contacted as follows:
Evalian Limited
West Lodge
Leylands Business Park
Colden Common
Hampshire
SO21 1TH
www.evalian.co.uk
Phone: 0333 050 0111
17. CHANGES TO THIS
PRIVACY NOTICE
We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.
Last modified 10/10/2023
You can contact us for previous versions of this Privacy Notice.