Privacy Policy

1. Introduction

The legal entity responsible for collecting and processing your personal data is Modern Way Piano Ltd. Our registered address is: Forma House, 40 Bowling Green Lane, London, United Kingdom, EC1R 0NE.

Modern Way Piano Ltd (“we”, “us”, “our”) is committed to protecting your personal information and handling it responsibly. This Privacy Policy explains what personal data we collect from you, how we use it, who we share it with, and what rights you have in relation to it.

This policy applies to all personal data we collect through our website at www.modernwaypiano.com, by email, by telephone, or through any other interaction you have with us.

We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy or how we handle your data, please contact us at info@modernwaypiano.com.

2. What Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

• Identity Data – first name, last name, date of birth
• Contact Data – email address, telephone number, postal address
• Financial Data – payment card details (processed securely by our payment provider; we do not store card numbers)
• Transaction Data – details of lessons, services, or purchases you have made with us
• Technical Data – IP address, browser type and version, time zone and location, browser plug-in types, operating system, and other technology on the devices you use to access our website
• Profile Data – your username and password (where applicable), your preferences, enquiries, and feedback
• Usage Data – information about how you use our website and services
• Marketing and Communications Data – your preferences regarding receiving marketing communications from us

We do not collect any Special Category Data (such as data about your health, race, religion, or biometric data) and we do not collect data relating to criminal convictions.

3. How We Collect Your Personal Data

We collect personal data through the following means:

• Directly from you – when you fill in a contact or enquiry form, book a lesson, make a purchase, create an account, subscribe to our newsletter, or contact us by email, phone, or post
• Automatically – when you visit our website, we may automatically collect Technical Data and Usage Data through cookies and similar tracking technologies (see Section 9 on Cookies)
• From third parties – we may receive data from our payment processor (Stripe) and our email marketing platform where you have interacted with those services in connection with us

4. How We Use Your Personal Data and Our Legal Basis

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

• Performance of a contract – We process your Identity Data, Contact Data, Financial Data, and Transaction Data in order to provide our services to you, including booking and administering lessons, processing payments, and communicating with you about your bookings.
• Legal obligation – We may process your data where necessary to comply with a legal obligation, such as maintaining financial records for tax and accounting purposes.
• Legitimate interests – We may process your Technical Data and Usage Data to maintain the security and performance of our website, prevent fraud, and improve our services. We have assessed that our legitimate interests in doing so are not overridden by your data protection rights.
• Consent – Where you have opted in to receive marketing communications or newsletters from us, we will process your Contact Data and Marketing and Communications Data on the basis of your consent. You may withdraw your consent at any time (see Section 7).

We will not use your personal data for any purpose that is incompatible with the purposes described in this policy without notifying you first.

5. Marketing Communications

If you have signed up for our newsletter or otherwise consented to receive marketing emails from us, we will send you information about our services, promotions, and updates.

You may opt out of receiving marketing communications from us at any time by:

• Clicking the “unsubscribe” link in any marketing email we send you
• Emailing us at info@modernwaypiano.com

Please note that even if you opt out of marketing communications, we may still need to send you service-related communications (such as booking confirmations and payment receipts) where these are necessary to fulfil our contract with you.

6. Sharing Your Personal Data

We do not sell, rent, or trade your personal data. We may share your data with the following categories of third parties, solely to the extent necessary to provide our services:

• Stripe – our payment processor. When you make a payment, your payment card details are transmitted directly to Stripe and processed under their privacy policy. We do not store your full card details. You can view Stripe's privacy policy at stripe.com/gb/privacy.
• Email marketing platform – we use a third-party email marketing service to manage our newsletter and promotional communications. This provider processes your name and email address on our behalf and is contractually required to keep your data secure and not use it for their own purposes.
• Professional advisers – including lawyers, accountants, and auditors, where necessary to comply with our legal obligations or to protect our business interests.
• Regulatory and law enforcement authorities – where we are required by law to do so.

All third parties we work with are required to process your data securely and in accordance with applicable data protection law. We enter into appropriate data processing agreements with these parties.

7. International Transfers

Where any of our third-party service providers are based outside the United Kingdom, any transfer of your personal data will be made in accordance with the UK GDPR. This means we will only transfer your data to countries that have been deemed to provide an adequate level of protection for personal data, or where we have put in place appropriate safeguards (such as the International Data Transfer Agreement or equivalent standard contractual clauses).

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Client and transaction records are retained for seven years following the end of our relationship with you, in line with HMRC requirements.
• Marketing data is retained until you withdraw your consent or opt out.
• Inactive accounts – if you have not interacted with us for more than three years, we will treat you as an inactive client and may delete or anonymise your data.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use that information indefinitely without further notice to you.

9. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files placed on your device that help us operate the website and understand how it is used.

We use the following types of cookies:

• Strictly necessary cookies – required for the website to function (e.g. session management). These cannot be disabled.
• Analytical/performance cookies – allow us to count visits and understand how visitors interact with our site, so we can improve it (e.g. Google Analytics).
• Functionality cookies – remember your preferences and settings to improve your experience.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

10. Data Security

We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include encrypted data transmission (HTTPS), access controls, and secure payment handling via Stripe.

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at info@modernwaypiano.com.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, notify you directly.

11. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights in relation to your personal data:

• Right of access – you have the right to request a copy of the personal data we hold about you (known as a Subject Access Request).
• Right to rectification – you have the right to ask us to correct any inaccurate or incomplete personal data we hold about you.
• Right to erasure – you have the right to ask us to delete your personal data in certain circumstances (for example, where we no longer need it for the purpose for which it was collected).
• Right to restriction of processing – you have the right to ask us to restrict how we use your data in certain circumstances.
• Right to data portability – where we process your data by automated means based on your consent or a contract, you have the right to receive a copy of that data in a structured, commonly used, machine-readable format.
• Right to object – you have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis. You also have an unconditional right to object to processing for direct marketing purposes.
• Rights in relation to automated decision-making – you have the right not to be subject to a decision made solely by automated processing that produces legal or similarly significant effects on you. We do not currently use automated decision-making of this kind.
• Right to withdraw consent – where we rely on your consent to process your data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at info@modernwaypiano.com. We will respond to your request within one month of receipt. We do not charge a fee for exercising your rights, unless your request is manifestly unfounded or excessive.

We may need to verify your identity before processing your request.

12. Right to Complain

If you are unhappy with how we have handled your personal data, we would ask that you contact us first at info@modernwaypiano.com so we can try to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

13. Links to Third-Party Websites

Our website may contain links to third-party websites. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices of any third-party sites and encourage you to read their privacy policies before providing any personal data to them.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. We will post any updated version on our website with a revised “last updated” date. Where changes are material, we will endeavour to notify you directly (for example, by email).

We encourage you to review this policy periodically to stay informed about how we are protecting your data.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us: