Privacy Policy - More Music UK Ltd.

About this policy

This policy was last updated on the 15th April 2020. We regularly review this policy and therefore recommend you are familiar with its contents before using our services.

Who we are and what we do

More Music UK Ltd is a company registered in the UK under company number 10946567. Our registered address is 1st Floor, 1 East Poultry Avenue, London, United Kingdom, EC1A 9PT. More Music UK Ltd is the sole owner and operator of the website https://musictutors.co.uk. Our Data Protection Officer is Alex WIbrew. He can be contacted via [email protected]

We are regulated by the General Data Protection Regulations. A copy of which can be found here.

For private teachers, we provide the services of marketing, secure communication and booking systems and fee collection.

For private students, we enable access to high quality, professional music tutors who have, prior to being published on our platform, been screened and vetted to ensure their suitability and credentials are of sufficient quality and safety.

For Music Services and Music Hubs

We provide the service of an online classroom and associated administrative, management and monitoring systems.

Our Roles and Responsibilities

To provide these services and to comply with our contractual, statutory and legal obligations, we collect and process personal information as detailed below. We do not collect unnecessary information and we will not process your personal data in any way that is not described in this policy. For private students and teachers, we are the “controllers” of your personal data. This means we:

  • Are responsible for compliance with article 5 of the principles of the General Data Protection Regulations.
  • Will work with you should you wish to exercise your rights as an individual.
  • Are responsible for the technical and organisational structures that keep your information safe.
  • Choose processors and third parties carefully and have binding agreements in place which cover all areas of GDPR, including the transfer of data outside of the EU.
  • Report any data breaches to the ICO, and, where necessary, other supervisory authorities in the EU, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. We are also responsible for notifying affected individuals (if the breach is likely to result in a high risk to their rights and freedoms).
  • Comply with GDPR accountability obligations.
  • We are registered with The ICO under reference number ZA462894

For music service clients, we are “the processor”. This means we:

  • Process personal data only in accordance with your instructions.
  • Keep detailed records of processing operations and activities.
  • Make sure the appropriate security standards are in place.
  • Will not appoint a third party to process Personal Data without clearly describing details in this notice.
  • Notify customers of a security breach within a reasonable timeframe to ensure the breach is reported to the Information Commissioner within 72 hours, where appropriate.

The Information we Collect

For private students sending an initial message to a tutor, we collect name, email address, instrument preference, telephone number and the text chosen to relay a message to a tutor. Optional date of birth can also be collected. If a private student receives tuition from a tutor, we also collect address information, the names of additional users and optional date of birth, and optional profile image. Payment happens through a secure gate via our partner Epay (Bambora). More Music UK Ltd never has access to your card details, SSL encryption is used to keep your card details hidden.

For private tutors applying to join our platform, we collect:

Name, address, email address, date of birth, instruments taught, a CV and the text chosen to answer pedagogical questions in a text box.

If a private tutor is accepted onto the platform, we collect a profile image and up to 3 optional images. The text chosen to to describe your teaching approach, enhanced DBS certificate, national insurance number, bank account details, and optional video.

For both private students and tutors we also process communication between parties and information on bookings, payments and diary information.

For music service clients, we process the provided teacher names, email addresses, instruments taught. An image and the text chosen to describe the service you offer. We also process or collect on your behalf, student name, parent or guardian email address and in the instance of multiple children from the same family taking lessons, the name of the parent.

We also process communication between teachers and students, information on bookings and diary information.

This information is collected using input fields inside the website, or via email communication and file transfer. Our website is password protected. Our email and storage facilities are cloud based and protected via 2FA (2 factor authentication)

How we use your Personal Data

More Music UK Ltd take our responsibilities in protecting your privacy very seriously and will never disclose your personal information, nor share or use your data in ways not described in this privacy policy. We will never sell your personal data. Your data is only held for as long as necessary to provide you with the services requested by you. We collect and process your data to fulfil our duties as described in our terms and conditions and via the SLA for music services. We use your to give you the best possible standard of service. According to UK law, we also process your data to fulfil our requirements in regards to accounting and taxation. For our private students and tutors, we from time to time may send marketing materials or newsletters via email through a managed communication platform. We do so on the legal basis of a legitimate interest and you have the right to unsubscribe at any time. For private students only, We also use your email address to send you online targeted marketing information about our product offers and promotions via social media platforms. To do this, we securely share your email address (hashed) with social media organisations, such as Facebook, who will match our marketing requirements to your social media profile. We do so on the legal basis of legitimate interests to send you product information via social media which we believe is of relevance to you. You can opt out of this service at any time via the settings inside your account at musictutors.co.uk This service is not offered to music service clients.

Your Rights and how to Exercise them

As described in the General Data Protection Regulations (link available in the first section) we acknowledge your rights in relation to the data we hold about you.

  • You will have access to your personal information and all activity pertinent to your use of the services we provide.
  • You have the right to change your personal information and to request corrections of any errors we have made.
  • You have the right to instruct us to delete your personal information.
  • You have the right to instruct us to supply you with the personal information you have provided to us in a commonly used, machine readable format.
  • You have the right to unsubscribe from email lists used to disseminate marketing and newsletters at any time. The unsubscribe button at the bottom of these emails enables this function instantly and automatically.
  • You have the right to challenge any decisions taken by More Music UK Ltd which concern or may affect you.
  • You have the right to challenge continued processing of your personal information.
  • You have the right to otherwise restrict our processing of your personal information in certain circumstances.
  • Whilst there is no obligation for you to supply our personal data, we may not be able to provide you with the desired service if you choose not to do so.

For further information on these rights and how you can exercise them, full details can be found in the guidance issued from the UK Information Commissioner’s Office, details of which can be found here.

Please contact Alex Wibrew via [email protected] to begin the process of exercising your rights in regard to your personal information.

If you wish to complain to More Music UK Ltd regarding our use or processing of your personal data, a copy of our complaints policy is available upon request to our data protection officer, Alex WIbrew. You can contact Alex via [email protected]

Should you wish to take your complaint to the Information Commissioner’s Office, you can do so via this link.

Sharing and Disclosing your Information with Third Parties.

In order to provide you with the best service possible, we have agreements in place with the following 3rd parties who may process your data.

Postmarkapp.com is our service provider for transactional notification emails. As part of our service, you will be sent reminders and notifications via email when lessons are created or you have received a message. This service is integrated into our platform. Postmarkapp.com’s privacy notice can be found here.

Day to Day email and administration takes place via the cloud based applications and storage in Gsuite for business. A copy of Google’s privacy policy can be found here.

To ensure your personal data is processed in the correct way, we use automation processes from Zapier. A copy of their privacy notice is found here.

For private students and teachers, we use the integrated accounting platform E-conomic as a financial management tool. A copy of the E-conomic privacy statement can be found here.

For private teachers and students we manage our marketing and information emails via a system ran by Active Campaign. You are able to unsubscribe from these emails at any time by clicking “Unsubscribe” at the bottom of an email. You can also opt out via the settings in the “my account” section of your account at musictutors.co.uk. Active Campaign’s privacy policy can be found here.

For private teachers, we offer the optional service of embedding video messages into your profile via a link from the musictutors.co.uk Youtube.com channel. Youtube’s privacy policy can be found here.

For Private teachers, we offer the service of actioning an application for an enhanced DBS certificate via our service provider, Ucheck. Ucheck’s privacy policy can be found here

For private students, our payment provider EPAY (Bambora) provides a secure card payment facility with SSL encryption. More Music UK Ltd will never see your card information. Anonymised transaction records are stored and we use these for the purposes of refunds, auditing and the monitoring of instalment purchases. A copy of EPAY (Bambora)’s privacy policy can be found here

Cookies

To improve our general performance and marketing efforts, we gather non-personal information for statistics and analysis via cookies.For private students only, To improve the quality of our marketing audiences, we share anonymised data with social media platforms such as Facebook. Upon your first visit to the site, you will have the option to review your cookie preferences. Cookies are also provided to remember your preferences to give you a fast and easy-to-use experience when you are logged on to musictutors.co.uk. Our cookies will only gather information relating to your activity on MusicTutors.co.uk and not elsewhere on the internet. Via your browser settings, you are in control of what cookies are accepted. We recommend you periodically review your cookie settings in your browser.

Keeping Your Data Secure

We take our commitment to keeping both your data and our platform secure extremely seriously. Our website is hosted via Digital Ocean.com in their European data centre in Frankfurt, Germany. SSH access into the server is only allowed from a set of whitelisted IP addresses Password access is not permitted, nor is root access. Access is solely from SSH keypairs, which are reviewed on a regular basis. Data is stored on an RDS relational database service, which is a managed MySQL database. Back ups are automatically maintained and securely stored separately on Digital Ocean’s NAS / SAN non visible servers. All parts of our infrastructure comply with ISO27001.

Through our partner Cloudflare, we ensure all network data is encrypted via https and further security measures to protect against Ddos type attacks are in place.

Legitimate Interests

As described in the “How we use your personal data” section of this policy, we from time to time send out marketing and newsletter information via email to our private students and teachers, alongside using social media platforms to keep you informed of our latest offers and updates. We do so on the legal basis of “legitimate interests’. We have conducted a risk assessment in justification of these actions and have been sure to balance our own commercial interests (via direct marketing) against your own personal interests. Further safeguards are built in via the check box in the settings inside your account and the unsubscribe button found at the bottom of every email.

How long do we keep your data?

For private students, we retain your data for 2 years, counting from your last interaction on the platform. Financial and billing records however are stored for a period of 7 years.

For private teachers who applied to join the platform but never progressed an application, we retain your data for 3 years, counting from your last interaction with the platform.

For private teachers who were accepted onto the platform but have since become inactive, we retain your data for three years, counted from your last interaction on the platform. Financial and billing records however, are stored for a period of 7 years.

For music services, your dataset is clearly flagged, marked and stored in our database, ready for immediate and permanent destruction or transfer, upon your request.