Maintaining the security of your data is a priority, and we are committed to your privacy rights. We will handle your data fairly and legally at all times and be transparent about the data we collect and how it is used.
This policy applies to www.darkstone-music.com and services related to the website. The website is managed by Simon Pendlebury.
Please read this policy carefully and contact us if you have any questions or concerns.
Who we are
Darkstone/Simon Pendlebury will be referred to as “we” or “us” within this policy.
- Operating from: Tottington, Bury
- For the purposes of this policy, we can be contacted at: [email protected]
What information do we collect?
We collect the following information from you in order to provide you with our services:
- Telephone number
- Email address
- IP address
These may be collected either when using the contact form on the website, or when signing up to use our services.
We may also collect payment details when you request our services. Payment card information may be held by third party payment providers.
How do we use personal information?
We use your personal information for the following purposes:
- Account set up and administration
- Provision of services
- Payment processing
- Delivering marketing communication
- Carrying out polls and surveys
- Internal research and development purposes
- Legal obligations (eg conditions of insurance)
- Meeting internal audit requirements
Please note that this list may not be exhaustive – additional points may be added as they become apparent.
What legal basis do we have for processing your personal data?
We process your information based on the following legal grounds:
- We process based on consent if you use the website. You have the option to request that we remove any data pertaining to you, and can choose whether to receive communication from us.
- We process based on contract if you are our client. We require these details to be available in order to provide a service. Once you are no longer a client of ours, you can request that any personal data is removed.
When do we share personal data?
We treat all personal data confidentially. We will not pass your data onto a third party, except in the following circumstances:
- Processing payments. Card details may need to passed to payment providers, along with names and address details.
- Insurance related matters.
- Dealing with law enforcement.
Where do we store and process personal data?
All data storage and processing is done within the EU, and will take place according to this policy and applicable UK law. The exception to this is card processing, which takes place according to Square Inc’s GDPR policy.
How do we secure personal data?
We take data security seriously.
- Any information gathered through the website is protected in transit using SHA-256 SSL encryption.
- The website is hosted in the EU in the state of the art Contabo datacentres in Germany, full details of which can be found here.
- All personal information on workstations is protected with AES encryption.
- All data, local and hosted, is backed up daily to an encrypted, remote location.
- In the event of total failure of computer systems, service can realistically be resumed within 2 hours.
- All staff with access to personal data are trained in best practice relating to security.
- All staff are DBS checked and certified.
How long do we keep your personal data for?
Your data will be retained for as long as is required by UK law.
- Financial data will be retained for 6 years from the date of the transaction.
- Marketing subscription data will be retained until you request removal.
- Customer data will be retained as long as you employ services from us. Once services are cancelled, your data will be removed within 28 days, with the exception of financial data.
Your rights in relation to personal data.
Under the GDPR, we respect your rights to access and control your personal data. The following rights are provided under this:
- The right to be informed. You have the right to be informed about the collection and use of their personal data. This is explained in this policy.
- The right of access. You have the right to see what personal data we hold. You can request this either verbally or in writing, and we will action this within 28 days.
- The right to rectification. If you believe we hold inaccurate data, you can request that we correct this, either verbally or in writing. We will action this within 28 days.
- The right to erasure. You can request that we remove your personal information, either verbally or in writing. This right is not absolute and only applies in certain circumstances. If applicable, we will action this within 28 days.
- The right to restrict processing. You can request that we can store your information, but not use it. This right is not absolute and only applies in certain circumstances. If applicable, we will action this within 28 days.
- The right to data portability. This allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. The right only applies to information you have provided to us.
- The right to object. You have an absolute right to stop your data being used for direct marketing. You can also object to any processing of your personal data. This right is not absolute and only applies in certain circumstances. If applicable, we will action this within 28 days.
- Rights in relation to automated decision making and profiling. We do not process data under Article 22. This does not apply.
How to contact us?
If you wish to contact us regarding anything outlined in this policy, you can do so by emailing us at [email protected]
Linking to other websites / third party content
This policy only relates to content served from the darkstone-music.com domain. We may link to third party websites, which may contain their own policies. We are not responsible for any content or data collection/processing on such sites.