Respecting Your Privacy
At Musical Futures, we respect your right to privacy online and understand that you want to keep control of your personal information. That’s why we are committed to protecting any information you share with us. We will never sell, distribute or intentionally make your personal information public and have implemented appropriate technical and organisational security measures to protect the data you share with us from loss and preserve its security and confidentiality. All your interactions with our website are protected by strong 256-bit encryption and we aim to collect the minimum of personal information needed to provide an effective service.
Questions & Data Access Requests
In accordance with the General Data Protection Regulation (2018) gives you the right to know what personal data we hold, to have it updated if it is inaccurate or removed entirely if you no longer consent to our use of it. We will endeavour to respond to any such requests within 14 days confirming receipt and outlining what follow-up actions will be taken and when.
Our Legal Bases for Processing
We collect and process information about you only where we have legal bases for doing so. This legal bases will depend on the individual services you use and how you use them. Additional information is provided below but in general terms we will only collect and use your information where:
- It is necessary for us to provide you with a service, including for support or to protect the safety and security of the service itself.
- It satisfies a legitimate interest which is not overridden by your data protection interests. Such as for research and development.
- You have given us consent to do so for a specific purpose.
- We need to process your data to comply with a legal obligation.
In cases where you have consented to our use of your personal information for a specific purpose you have the right to change your mind at any time. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use, but in some cases this may mean your are no longer able to access our services.
Children Under 16
We do not knowingly collect or use the personal data of children. If you are under the age of 16 please do not provide any personal data even if prompted to do so. While we don’t place any age restrictions on access to our website and the learning resources within, only individuals of 16 years or older should sign-up for one of our subscription plans.
Third Party Data Processors
Like most businesses we rely on a number of third-party providers to support our day-to-day operations, for example in areas such as online file storage and email delivery. We may also hire third parties to operate, maintain or improve our website and other digital services. Some of these service providers will by necessity have access to or be directly involved in processing or storing a subset of the personal information you share with us.
All our third-party data processors have been carefully chosen as service suppliers who also practice responsible data handling. We believe that each has in place appropriate protections to ensure the security of the data we store or process with them and have clear policies for how they treat that data. But if in doubt you should review their individual Privacy Policies.
Amazon AWS (File storage & email delivery services)
Google (Website analytics)
Heart Internet (Hosting services)
PayPal (Payment processing)
The Pixel Parlour (Website development & support)
Before using or sharing your information with third parties in ways not described here or previously authorised by you, we will provide you with notice and an opportunity to control the further use or disclosure of your personal information.
Transfers outside of the European Economic Area
Under certain circumstances we may transfer your information outside of the European Economic Area. We will only do this with your informed consent, when it is necessary to perform a contract we have with you or where the receiving organisation has adequate safeguards in place – for example certification under the EU-US Privacy Shield framework.
Our website is hosted in the UK in a data centre managed by Heart Internet. When you visit our website or access one of the files stored on our web server information about this request will be automatically stored in our log files to provide usage statistics, enable security features and aid technical troubleshooting. This is on the legal basis of legitimate commercial interests. In these cases your IP address at the time acts as a unique identifier and is stored along with information about your operating system, browser version and the pages/files you access. These logs are retained on the server for up to 30 days, after which they are automatically deleted. Heart Internet will also record a similar set of data for the purposes of data management and security. This data is retained by them for up to 3 months.
Like most businesses we use Google Analytics to help understand how our website is being discovered and interacted with and we use this information to help improve the experience for our visitors and make decisions about future development. Google Analytics presents us with aggregate information about the geographic location, device types and operating systems used by our website visitors, but not in a way that personally identifies you. Additionally Google will record your computer’s IP address and set a number of temporary cookies in your browser to help distinguish you as an individual visitor as you move around our site. In the interests of limiting the amount of data Google collects via our site we are using Google’s standard Analytics implementation and have not enabled any additional advertising features, such as remarketing tags which would tie your usage of our site in with your broader browsing habits. Any user-level data that is associated with Analytics’ cookies are retained for 14 months from your last activity on our site, after which it is automatically deleted from Analytics’ servers.
Our website and emails contain a number of links to third party sites. It is important to be aware that these external sites are governed by their own privacy policies and we do not accept any responsibility or liability for these policies. The inclusion of a link to an external source should not be understood to be an endorsement of that website, its owners or their products/services. Always check the individual privacy policies of these external sites before you submit any personal data through them.
Cookies are temporary files stored in your web browser by a website to help track usage and enable services that rely on a persistent identity. You can control which cookies you accept and remove them at any time by adjusting your browser settings, but it is important to be aware that some cookies are essential and our website may not function as expected without them.
These cookies are strictly necessary to provide you with services available through our websites and to use some of its features. But you can still block or delete them by changing your browser preferences.
- PHPSESSID, JSESSIONID (Musical Futures Online). Used to give you a unique identifier during your time on the site for security purposes. Expire at the end of your session.
- wp_woocommerce_session (Musical Futures Online) – Set by our website when you use our online shop Expires after 48 hours.
- woocommerce_items_in_cart (Musical Futures Online) – Used to temporarily store information about your cart when use our online shop. Expires at the end of your session.
- woocommerce_cart_hash (Musical Futures Online) – Used to temporarily store information about your cart when you use our online shop. Expires at the end of your session.
- wordpress_[hash] (Musical Futures Online
- wordpress_logged_in_[hash] (Musical Futures Online) – set to identify you to the website and tell it that you are logged in. Expires at the end of your session.
These cookies are used to enhance the performance and functionality of our websites. They are non-essential but without them certain functionality may become unavailable.
Analytics and customisation cookies:
These cookies collect information to help us understand how our website is being used or customise it in order to enhance your experience.
- _ga (Google Analytics) – used to distinguish between users. Expires after 2 years.
- _gat (Google Analytics) – used to distinguish between users. Expires after 24 hours.
- _gid (Google Analytics) – used to throttle the request rate. Expires after 1 minute.
These cookies are used to make advertising messages more relevant to you and your interests.
Purchasing a Subscription
When you register and purchase a subscription through this website the peronal data we collect at checkout is only that which we require to process your order and support your subscription.
Your name and email address are used to uniquely identify your order and provide us with a point of contact for any follow-up communication such as sending you an electronic receipt. We also collect your IP address and physical address to facilitate payment processing and meet our obligations to maintain appropriate financial records. For example we need to know the country of origin of all transactions for calculating VAT. Depending on the support level you choose additional details relating to its benefits may also be collected, for example t-shirt size. This order information may be retained for up to 5 years after your subscription ceases to be active, after which it will be erased. Payment processing is handled by PayPal and only they have access to sensitive financial information shared during your purchase, such as your credit/debit card details. You can learn more in the Payment Processing section below.
On completion of sign-up a website account is created, which provides you access to the service and gives you addituon control over your personal data including ability to directly edit details such as your name, contact email address and physical billing address or request its removal. You can close your account at any time by using the option within. Please be aware that it may take up to 30 days for your account closure request to be processed and any associated data to be removed from our primary and backup systems. Will not remove information held by us for the legitimate purpose of financial record-keeping or to meet our obligations to log personal data processing activities. Please be aware that closing your account will instantly remove your access to the subscriber-only content that is made available through this website.
We use PayPal as our online payment processor, so when you make a purchase through our website some of the information you submit is sent to them to allow your payment to processed. PayPal is committed to handling your personal data securely and will not reveal your financial information to any third party except with your express permission or if required to do so by a court order or other legal process. You can read the full in their privacy statement here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full. Please be aware that PayPal may transfer information relating to your transaction outside the European Economic Area, but in such cases they are committed to protecting it with adequate safeguards.
All the information you submit at checkout is transmitted securely via an encrypted https connection and the information we receive from these transactions is just that needed to process or support your order. That includes your name, email address, billing address and contact phone number, but does not include any sensitive financial information such as credit card numbers or bank account details. We will retain this information, along with the details of your purchase, for 5 years as part of our financial records.
Some of our subscription plans include the option to create a separate login that students can use to access the resources that are avaiable as part of your subscription. This Student login can access all the same lesson content, but has no access to subscription settings or other sensitive account details. An email address is the only piece of personal data tied to a student login and this can be updated or removed at any time through your main account. As with other updates it may take up to 30 days from any removals to be reflected by all our data storage systems.
When you create a list of bookmarked resources inside your account the name of that list and any description you give it will be visible to anyone you share access with. In the case of Private lists that will be anyone who you share the account with. For Public lists it will be anyone who has the the lists unique link. In both cases the details are visible to website administrators and may be reviewed for the purposes of understanding how the feature is being used and to guard against abuse. We recommend against including any personally identifiable information within either the list name or its description.
Personal Data Breaches
27th November 2020 – Cookie list and uses updated