Data Protection Policy

Effective Date: 7th May 2025
Reviewed: 
Owner: Music Academy Midlands Ltd

---

 

1. Purpose

This Data Protection Policy sets out how Music Academy Midlands Ltd collects, uses, stores, and protects personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

We are committed to ensuring the privacy and security of all data subjects — including students, parents/guardians, staff, contractors, and website users.

---

 

2. Scope

This policy applies to:

• All staff, tutors, contractors, and anyone handling personal data on behalf of Music Academy Midlands Ltd

• All personal data processed electronically or in paper form

• All business areas, including website activity, student registration, tuition delivery, marketing, and HR

---

 

3. Data Controller

Music Academy Midlands Ltd
15 Ascot Way, Longbridge, Birmingham, B31 2BW
Company Number: 08091113
ICO Registration Number: CSN4796252
Email: info@musicacademymidlands.com

---

 

4. Key Principles

We are committed to processing personal data in accordance with the following principles:

---

 

5. Lawful Bases for Processing

We rely on one or more of the following legal bases:

• Consent: for marketing communications and photos/videos

• Contract: to deliver lessons, communicate with customers

• Legal obligation: safeguarding, financial record keeping

• Legitimate interests: internal processes, business improvement

---

 

6. Types of Personal Data Collected

We may collect and process:

• Full name, contact information, emergency contacts

• Student info (age, instruments, lesson history)

• Email communication, lesson feedback, performance recordings (with consent)

• Payment and billing information

• IP addresses, device/browser data via cookies (with consent)

Sensitive data (e.g. medical or safeguarding concerns) is only collected where necessary and treated with enhanced protection.

---

 

7. Individual Rights

All data subjects have the right to:

• Access their personal data

• Rectify inaccurate or incomplete data

• Erase personal data (subject to legal or contractual obligations)

• Restrict or object to processing

• Withdraw consent at any time

• Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any rights, contact: info@musicacademymidlands.com

---

 

8. Data Sharing & Third Parties

We may share data with:

• Tutors and teaching staff (under data sharing agreements)

• Payment providers (e.g. GoCardless, Stripe)

• Email/CRM systems (e.g. Kajabi)

• IT support and safeguarding bodies where required

All third-party processors are contractually obliged to comply with UK data laws.

---

 

9. Data Security

• Access to data is restricted by role

• Staff and contractors receive GDPR training

• Data is stored in secure cloud systems with 2FA where applicable

• Devices are password-protected and kept up to date

• Paper records (if any) are securely stored and shredded when no longer required

---

 

10. Data Breach Protocol

Any suspected breach must be reported to the Data Protection Contact immediately. We will:

1. Investigate and contain the breach

2. Report to the ICO within 72 hours (if required)

3. Notify affected individuals where there is a high risk to their rights

4. Document all outcomes and actions taken

---

 

11. Staff Responsibilities

• Understand and follow this policy

• Only access data relevant to their role

• Report any concerns or breaches immediately

• Never store or share data outside of authorised systems

---

 

12. Policy Review

This policy is reviewed annually or when there are changes in the law, technology, or operations that impact data handling.

---

Questions or concerns?
Email: info@musicacademymidlands.com
Phone: 0121 630 3653
Mail: Music Academy Midlands Ltd, 15 Ascot Way, Longbridge, Birmingham, B31 2BW