I/we process personal data relating to clients and customers, and to those who are interested in the services I provide.
I/we are committed to complying with our legal obligations in respect of data protection and privacy. This statement sets out the principles we apply when processing personal data. This statement describes the types of personal data we may collect about you. This statement also describes what we do with any data we collect about you, how we will keep it secure and the legal bases on which we rely for processing your data. This statement also informs you of your rights and how you can contact us.
1. About me/us and my/our services
My business name is “Keys With Kay” I/we provide private music lessons. I am a Data Controller for the purposes of current data protection legislation. My contact details are:
2. What personal data do we collect from you?
Personal data is any information relating to an identifiable living individual. We only collect the personal data we need to be able to provide you with the services you have asked us to provide or tell you about.
Personal/contact information: this can include your name, contact address, email addresses, telephone numbers and your child’s date of birth.
Payment information: your bank details for billing purposes.
Digital information: IP addresses, and details of your interaction with our website and social media, should you engage with us through these channels.
Correspondence: information relevant to your specific enquiries.
Other: any other information you choose to provide to us.
3. When do we collect personal data?
We will collect information about you when you enter into a contract with us, make enquiries about our services, visit our website and engage with us on social media.
4. What is our lawful basis for processing your data?
We may only process personal data where we have a lawful basis to do so. We may collect and process your personal data when:
- it is necessary for the performance of contracts with you;
- it is necessary for the purposes of our legitimate interests as a business. In these cases we will do so in a way which might reasonably be expected from our relationship with you, and which does not impact materially on your fundamental rights, freedom and interests. We will not process your personal data on this basis if we believe your rights override ours. Instead, we may seek your specific consent, and/or another legal basis;
- it is necessary for compliance with legal obligations;
- we have your consent to do so, for example in relation to marketing by electronic means. Please see below for more detailed information about how we will use your data and on what basis. If you have any concerns about our data processing please contact us: see Contact (11).
- Please also see Your rights (9).
5. How will we use your personal data?
We may process the information we collect about you:
- to perform any contract we have agreed with you, or to respond to any enquiries you make in this connection before we enter into a contract. The lawful basis for this processing is performance of a contract with you or because you have asked us to take specific steps before entering into a contract in respect of these activities and services;
- to respond to any other enquiries or complaints. We need the information you supply to enable us to respond.
- to protect our business from fraud and other illegal activities. This processing is necessary for our legitimate interests by ensuring the proper management of our business and financial risks.
- to provide you with information by post (or by email, with your consent) about other products and services we offer similar in nature to those you currently receive or have previously asked about. Information we may process for this purpose includes your name, address and email address. This processing is necessary for marketing our services, which is a legitimate business interest.
- We will only send marketing information to you by email if we have your consent. You have the right to withdraw your consent at any time. Please write, email or telephone us: see Contact (11).
- to send you communications required by law or which are necessary to inform you about changes to the services we provide you, for example, updates to this Privacy Statement, and any information legally required which relates to any contracts between us. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. This processing is necessary for us to comply with our legal obligations.
- to administer our website, and send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. This processing is necessary for development of our services, which is a legitimate interest of our business. We have a legitimate interest to do so as this helps make our products or services more relevant to you. You are free to opt out of receiving these requests from us at any time by contacting us.
6. Who do we share your data with?
In some circumstances we may need to share your data with the following:
- Our accountants/auditors
- Accounting software company
- Direct debit company
- Examination boards We may also share your data with third parties, such as: our IT consultants/outsourced IT network administrators/cloud-based back-up service/mailing house/email marketing company etc.] to support the efficient running of our business. If this is necessary, we will provide only the information they need to perform the services we require. They will only use the data for the purposes we specify. We require third parties to maintain appropriate security to protect information from unauthorised access or processing. In some circumstances, we may need to share your personal data with other third parties (including legal or other advisers, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or where such disclosure may be permitted or required by law. Unless we tell you otherwise, your data will not be processed outside the EEA.
7. How long will we keep your data?
We will keep personal information relating to our pupils and/or their parents, guardians or carers for no longer than we judge to be necessary. Where data is needed to comply with tax and other regulatory requirements, we will normally retain that data for a maximum of seven years.
8. Data security
We will take appropriate technical [and organisational] measures to protect the personal data we transmit, store or otherwise process against accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access. Our computers and mobile devices are password protected.
9. Your rights
You may exercise your rights by contacting us using the details in Contact, below. We aim to handle any requests within a reasonable period and, in any event, within one calendar month of the original request.
Right to information and access
You have the right to be informed about what personal data we collect about you, why, on what lawful basis and what your rights are. This Privacy Statement is the key document we use to inform you about this. You also have a right to request access to the information that we hold about you, and to receive a copy of this information, along with other information which is generally contained in this Privacy Statement.
Right to rectification
You have the right to request that inaccurate personal data be rectified, or completed if it is incomplete.
Right to erasure and restriction
You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. When responding to such requests, we will tell you how such restrictions or deletions may affect our ability to fulfil our contracts with you or otherwise affect your interests.
Right to object
You have the right to object to our using your information for direct marketing. You can also ask us to stop using your information, where we are processing it on the basis of our legitimate interest. We will do so unless we believe we have a legitimate overriding justification to continue processing your personal data.
Right to withdraw consent
If you have given us any specific consent to use your personal data, you have the right to withdraw it any time. If you wish to tell us that you are withdrawing your consent, please email us at: email@example.com
If you are unhappy with the way we process your personal data, please contact us using the information provided below. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
If you have any questions about this policy, or you wish to exercise any of your rights, please contact us using the details below:
12. What is a cookie?
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
14. Controlling cookies
15. Updates to this statement
We may change this privacy statement from time to time. Where appropriate, we may notify you by post or email.
Last updated 10 October 2021.