Privacy Notice

Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

When we use personal data we are bound by the General Data Protection Regulation EU 2016/679 (GDPR), and as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time (UK GDPR) and the Data Protection Act 2018 (together, Data Protection Legislation).   We are accountable as Controller of that personal data for the purposes of Data Protection legislation. 

Key terms

It would be helpful to start by explaining some key terms used in this notice:

We, us, our

Ashbea Music Limited, a limited company incorporated in England and Wales under registered number 15630452 with registered office at 35 Firs Avenue, London, England, N11 3NE, United Kingdom.

Personal data

Any information relating to an identified or identifiable natural person. 

Personal data we collect 

When you engage us for our services, including but not limited to the provision of music and instrumental tuition to your child or children, or as a supplier or freelance music teacher with us, either via our website, ashbeamusic.com or through our App, Music Aptitude Maestros, we will obtain certain personal data from you, including your name, your email address(es) and other contact information essential to the invoicing process.

This personal data is required to enable us to provide our services and to perform our contract with you, whether you are a client or supplier/freelancer. If we are not provided with this personal data, it may delay or prevent us from providing the tuition or services which you are requesting or performing our contractual obligations. 

How personal data is collected

Your personal data is collected directly by us when you contact us in any of the above mentioned ways, and arrange either to take our services or provide services to us. 

How and why we use personal data

Under Data Protection Legislation, we can only use personal data if we have a legal basis for doing so.  These are mandated by the legislation and include:

  • for the performance of our contract with you or to take steps before entering into a contract;

  • to comply with our legal and regulatory obligations; or

  • for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by the data subject’s own rights and freedoms.

The table below explains what we use (process) personal data for (our purpose) and our legal basis for doing so:

Our purpose

To enable us to engage with clients and their children for the provision of instrumental or other forms of music tuition.

To enable us to engage with freelance music teachers or other suppliers for the discharge of our purpose.

To enable us to invoice clients for our services and to pay other freelance teachers or suppliers to us.

Our legal basis

For our legitimate interests or those of a third party. 

For our legitimate interests or those of a third party.

For the performance of our contract with you.

Promotional communications

We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.

Who we share personal data with

We only share personal data with our retained external third party service providers, such as our cloud storage providers including Google, Xero, Microsoft Azure, Squarespace, Stripe and Bad Dinosaur.

We only allow our external third parties to handle personal data if we are satisfied, after appropriate due diligence, that they take all appropriate measures to protect all personal data and only on written instructions. 

We may very occasionally disclose and exchange information with regulatory bodies such as HMRC to comply with our legal and regulatory obligations. 

Where personal data is held

Personal data is kept securely in a password protected environment on personal computers via note-taking software.  Where we engage cloud-based service providers, it is always on the basis of a written Data Processing Agreement and we conduct due diligence on the location of the servers on which our data is stored. 

Many of our suppliers store data on servers which may be located outside the United Kingdom.  For more information, including on how we safeguard personal data if it is transferred outside the UK, see below: Transferring personal data out of the UK.

Keeping personal data secure

The privacy and the security of personal data is our utmost priority, and we recognise our obligation   to keep it secure and private. 

We ensure that those providers with whom we trust personal data put in place industry-standard security practices to prevent personal data from being accidentally lost or used or accessed unlawfully including password protection, multi factor authentication of users and access restriction or control. We limit access to any personal data to our freelancers and contractors with a genuine business need to access it and subject them to strict obligations of confidence.

How long personal data will be kept

We will retain the personal data which we collect about you for the duration of our contractual relationship, whether via subscription or for a discrete project, plus 6 (six) years.

When it is no longer necessary to retain personal data, we will delete it.

Transferring personal data out of the UK

Some of our third party providers may access or transfer our data outside the UK and the EEA.  

These transfers are subject to special rules regarding the adoption of additional safeguards under European and UK data protection law with which we fully comply.  Where we can specify that personal data should be stored on servers which are within the EEA, we do.  Otherwise, our third party providers comply with the additional safeguards required by Data Protection Legislation.  

Rights

All data subjects have the following rights, which can be exercised free of charge, sometimes on certain conditions :

  • Access: The right to be provided with a copy of personal data held on a data subject 

  • Rectification: The right to require us to correct any mistakes in a data subject’s personal data

  • To be forgotten: The right to require us to delete personal data—in certain situations

  • Restriction of processing: The right to require us to restrict processing of certain personal data—in certain circumstances, e.g. if the accuracy of the data is contested

  • Data portability: The right to receive the personal data provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

  • To object: The right to object:

    • —at any time to personal data being processed for direct marketing (including profiling);

    • —in certain other situations to our continued processing of personal data, e.g. processing carried out for the purpose of our legitimate interests.

  • Not to be subject to automated individual decision-making: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning a data subject 

  • To withdraw consent : The right to withdraw consent as a legal basis for processing, at any time

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

To exercise any of those rights, please contact us —see below: ‘How to contact us’.

How to complain

We hope that we can resolve any query or concern raised about our use of personal information. 

The General Data Protection Regulation also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

Changes to this privacy notice

We may change this privacy notice from time to time, when we do we will inform data subjects via our website. 

How to contact us

We can be contacted by email or telephone.  Our email address is hello@ashbeamusic.com and our main telephone number is +44 07515 862966.

For all data subject rights, please contact hello@ashbeamusic.com 


Last updated:  July 2024