I treat the the privacy of all of my customers and visitors to my website with the utmost respect and would never share your personal data with third parties. This policy outlines my commitment to my customers' privacy and security.
Definitions of terms 'I', 'Me' and 'My' refer to Paul Gardner trading as Piano-Accompaniments.com
'You' and 'Your' refer to a customer at Piano-Accompaniments.com
'GDPR' refers to the General Data Protection Regulation, an EU-wide policy on data protection which is extended to all customers on this website
'HMRC' refers to Her Majesty's Revenue and Custom, the UK tax authority
'PCI-DSS' refers to Payment Card Industry Data Security Standard
'SSL' refers to Secure Socket Layer, a data encryption standard
Online Payments Payment data is handled by either SagePay (one of Europe's largest and more trusted payment companies) or PayPal (probably the best known online payment company in the world). Both of these payment providers use at least 128-bit SSL encryption to process transactions securely, and are fully PCI-DSS compliant. I never personally see or process any payment card details because you enter them directly on SagePay or Paypal, therefore my website is also certified PCI-DSS compliant.
SagePay: Click here for more details about SagePay's online shopping security
PayPal: Click here for more details about PayPal's online shopping security
Website Security Piano-Accompaniments.com is protected by full Secure Socket Layer (SSL) technology, as indicated by the padlock symbol or green text in your browser. This means all data that passes between your browser and my website's server is encrypted so cannot be compromised.
What Personal Data is processed and why? Piano-Accompaniments.com requires customers who wish to order accompaniment tracks to submit address and email details. My Payment Providers (SagePay or PayPal) require invoice name and address information to be passed to them to process the order correctly. I also ask for your email address, since my website operates by sending links to a customer's email address after a transaction is completed. This information is held securely by me, and is never passed to any other parties. Only customers who have ticked a box to opt in to my mailing list will receive extra occasional emails detailing new works and discount offers, and these can be unsubscribed from at any time.
How is personal information stored? Personal information is securely stored electronically, and I never print paper copies of invoices.
Legal basis for processing data In accordance with Article 6 of the GDPR, my legal basis for processing data in any given instance is one or more of:
6.a) Consent has been given for the specific purpose of joining my mailing list. Consent may be withdrawn at any time by unsubscribing using a link contained within these emails
6.b) Processing of address and email data is necessary to fulfil and complete a transaction in which customers pay for and receive accompaniment mp3 tracks from my website
6.c) Retention of transaction data is necessary for me to fulfil my legal obligations to HMRC in the UK, and to VAT offices in EU States.
'Right to be Forgotten' In accordance with article 17 of the GDPR, if at any point you would like me to delete any data (i.e. address, email or works ordered) which I hold, please email me and I will do so straightaway.
If you would like to stop receiving my discount emails at any time, simply click the 'unsubscribe' link contained within and send the resulting email to me.
There are three different types of cookie which are used on this website, which are described below.
Google Analytics Cookies: Along with millions of other websites, my site incorporates Google Analytics, which anonymously tracks usage statistics of people using the site. This information helps me see how many visitors are using my website, and illustrates which of the web pages are most viewed. None of the information is ever personally identifiable and will not result in any unwanted marketing or spam emails. For extra protection, my website instructs Google Analytics to anonymise any IP addresses, which means location tracking only works at a regional and not local level.
Shopping Cart Cookies: As with every website on which online shopping takes place, when customers put items in their carts a temporary cookie is placed on the user's machine in order to remember the contents of the cart once the user continues looking around the website. These cookies usually expire after a couple of hours.
'Remember Me' Cookie: During the checkout process, customers are given the option to tick a box to say if they would like their address details to be stored, in order to make future orders that much quicker. This is the only 'permanent' cookie used on my website, and only by ticking the relevant box in the checkout procedure is it enabled. If this box is ticked it implies consent from the user for this cookie to be stored. If the user wants to remove this (or any other) cookie, it is a simple task to delete cookies from your browser - just read the help file for your particular browser to see how to do this.
Data breach In the unlikely event of a data breach, I shall contact the Information Commissioner's Office here in the UK, as well as any affected parties in accordance with articles 33 and 34 of the GDPR.