Privacy Policy

EU General Data Protection Regulation (GDPR) Compliance Statement and Privacy Policy

The EU General Data Protection Regulation (GDPR) is in force from 25 May 2018.

The GDPR provides a set of ‘digital rights’ and protections for EU citizens in terms of the data that individuals and organizations hold about them, and applies new responsibilities to those organizations on what data they can hold, how they can process and use that data, and how individuals can access or request changes to or deletion of the data held about them.

This GDPR Compliance Statement explains what data we hold, what we use it for, and the legal basis on which it is used.

 

  1. Awareness

This Compliance Statement applies to data held and processed by Andrew Bramhill. He is aware of the impact of and responsibilities for the GDPR compliance, and has read and agreed this Compliance Statement.

Other worldwide partners and organisations with whom we work have also been made aware of this Statement, and it is available publicly on the website AndyBramhill.com. Additionally, links to this Statement have been sent in an email to every individual whose data we hold.

2. Information we hold

  • Email addresses of people who have emailed us and to whom we have replied – automatically saved in mail server software.
  • Individuals who have used the online form to request more information and to receive free music downloads from Andy Bramhill. This data comprises Email Address and First Name. Mailing lists are maintained using the Mailchimp bulk email service (https://mailchimp.com) which also automatically collects data on the IP address of the individual registering, the country in which that IP address is registered, and the date on which the last registration was made. (MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework).
  • Individuals who have purchased music or other products directly from Andy Bramhill using the online shops. Data comprises Name, Postal address, PayPal account email address, details of the goods ordered.

The Mailchimp service (www.mailchimp.com) confirms its GDPR compliance in the following statement:

“MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To learn more see the mailchimp Privacy Policy(https://mailchimp.com/legal/privacy/)”

 

Records of individuals purchasing books are collected from PayPal.

Records of individuals attending workshops by Andy Bramhill may be collected by workshop organisers and supplied to Andy Bramhill in order to compile and keep a list of qualifications attained and training completed by each individual.

 

How we use your data

Data from registrations to courses and events, newsletter requests, workshop attendees and music purchasers is used to mail reminders about subsequent events, news and information from Andy Bramhill.

Data from registrations to courses, newsletter requests, workshop attendees and music purchasers is never passed to any third parties.

 

Every mailing includes an ‘unsubscribe’ link that enables each recipient to immediately unsubscribe from the list and have their data deleted from the Mailchimp server at any time.

Individuals may also send an email to Andy Bramhill requesting their details to be removed; we aim to act on these requests as rapidly as practically possible.

3. Privacy information

The privacy information required under the GDPR Regulations are as follows:

Identity and contact details of the controller: Andrew Bramhill, info@andybramhill.com


Purpose of the processing and the legal basis for the processing: Data is collected and retained for the purposes of informing individuals of music, events and products in which they have expressed an interest. This data is collected and processed under the legal basis of ‘Legitimate Interests’ – see below.

The legitimate interests of the controller or third party: Andy Bramhill uses the data to inform individuals of the free downloads, new music, courses and events, and to create awareness of commercial events and products which we may reasonably expect the individuals to find of interest.

Categories of personal data: The categories of personal data collected and processed are as indicated in the section on ‘Information we hold’, above.

Any recipient or categories of recipients of the personal data: Data is used only by Andy Bramhill for the purposes outlined above.

Retention period or criteria used to determine the retention period: Data is retained for as long as it still has relevance or until they request to be unsubscribed.

The existence of each of data subject’s rights: The data subjects rights are acknowledged and best efforts will be used to respond to any and all requests for access to or deletion of data records.

The right to withdraw consent at any time, where relevant: Every mailing includes an ‘unsubscribe’ link that enables each recipient to immediately unsubscribe from the list and have their data deleted from the Mailchimp server at any time. Individuals may also send an email to Andy Bramhill requesting their details to be removed; we aim to act on these requests as rapidly as practically possible.

The right to lodge a complaint with a supervisory authority: Andy Bramhill is based in the UK and the relevant supervisory authority is the Information Commissioner’s Office (ICO) – see https://ico.org.uk/

The source the personal data originates from and whether it came from publicly accessible sources: The sources the personal data originates from are as indicated in the section on ‘Information we hold’, above.

Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data: There are no statutory requirements to provide data.

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences: No automated decision making is used. Mailshots are tailored according to events or new releases for which the individual has registered.

4. Individuals’ rights

We acknowledge individuals’ rights as specified in the GDPR and will make best efforts to respond to any requests from individuals in association with these rights, as follows:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making including profiling

5. Subject access requests

We will make best efforts to respond to any requests from individuals in association with these rights as quickly as possible, and in all cases within the one month timescale required by GDPR.

6. Lawful basis for processing personal data

Data is collected and processed under the legal basis of ‘Legitimate Interests’, using the three-part test:

Identify a legitimate interest: By registering for a course or event, requesting a newsletter subscription, attending a workshop or purchasing music, individuals have expressed a legitimate interest in the work of Andy Bramhill.

 

Communication via email is fundamental to the operation of AndyBramhill.com and associated events.

 

The individual has the absolute right to request deletion of their data at any time.

Data is used in ways which the individuals would reasonably expect and which has a minimal privacy impact. Only data necessary for the operations stated is collected and processed.

7. Consent

Consent is requested from each individual on registration to AndyBramhill.com for use of their data in the ways outlined above. Links are given to this Compliance Statement from the sign-up form, and individuals are enabled to choose whether or not to receive mailings and other information via email. If consent is not given for direct mailings, then data is collected and processed solely for the purposes of participation in events or courses or music purchases..

Every mailing includes an ‘unsubscribe’ link that enables each recipient to immediately unsubscribe from the list and have their data deleted from the Mailchimp server at any time.

Individuals may also send an email to Andy Bramhill requesting their details to be removed; we aim to act on these requests as rapidly as practically possible.

8. Children

None of the services offered by Andy Bramhill are offered to or recommended to children. We do not ask for or verify age, except as part of the PayPal payment process for purchased products and services.

9. Data breaches

We acknowledge the requirement to notify the ICO in certain instances of data breaches. Reasonable steps are taken to prevent data breaches, including the use of secure servers and strong password protection of individual PCs, mobile phones and online accounts.

10. Data Protection by Design and Data Protection Impact Assessments

We acknowledge the content of the ICO’s Guide to Data Protection Impact Assessments (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/) and have implemented to the limited extent required for our current operations.

11. Data Protection Officers

Any issues pertaining to the GDPR and data protection in general will in the first instance be addressed by Andrew Bramhill.

12. International

Andy Bramhill is based in the UK and the lead data protection supervisory authority is the Information Commissioner’s Office (ICO) – see https://ico.org.uk/

 

Contact info@andybramhill.com

 

Google Adsense and the DoubleClick DART Cookie

Google, as a third party advertisement vendor, uses cookies to serve ads on this site. The use of DART cookies by Google enables them to serve adverts to visitors that are based on their visits to this website as well as other sites on the internet.

To opt out of the DART cookies you may visit the Google ad and content network privacy policy at the following url http://www.google.com/privacy_ads.html Tracking of users through the DART cookie mechanisms are subject to Google’s own privacy policies.

Other Third Party ad servers or ad networks may also use cookies to track users activities on this website to measure advertisement effectiveness and other reasons that will be provided in their own privacy policies, Some Site has no access or control over these cookies that may be used by third party advertisers.

Collection of Personal Information

When visiting AndyBramhill.com, the IP address used to access the site will be logged along with the dates and times of access. This information is purely used to analyze trends, administer the site, track users movement and gather broad demographic information for internal use. Most importantly, any recorded IP addresses are not linked to personally identifiable information.

Links to third party Websites

We have included links on this site for your use and reference. We are not responsible for the privacy policies on these websites. You should be aware that the privacy policies of these sites may differ from our own.

Changes to this Privacy Statement

The contents of this statement may be altered at any time, at our discretion.

If you have any questions regarding the privacy policy of Some Site then you may contact us at info@andybramhill.com

FTC Disclaimer

In accordance with the new guidelines from the FTC I am required to inform you that some of the links on this blog/website, either through images, text or audio anywhere throughout this website, are in fact affiliate links, and if you purchase products through these links then I get paid a commission. The amount of commission varies from product to product.

Please also note that any of the video content you watch on this blog may also contain affiliate links and if you were to buy products through these links I will make a commission. These links may be below the video in text OR they may be displayed inside the video content itself, as audio or text displayed in the video. Some URL’s may be masked and forwarded, so that they re-direct through my affiliate link and I earn commission if you buy through these also.

This web site is a personal web site written and edited by me. This web site accepts forms of cash advertising, sponsorship, paid insertions or other forms of compensation. The compensation received may influence the advertising content, topics or posts made in this web site. That content, advertising space or post may not always be identified as paid or sponsored content.

The owner(s) of this web site may be compensated to provide opinion on products, services, websites and various other topics. Even though the owner(s) of this web site may receive compensation for posts or advertisements, we always give our honest opinions, findings, beliefs, or experiences on those topics or products. The views and opinions expressed on this web site are purely the web site owners’ own. Any product claim, statistic, quote or other representation about a product or service should be verified with the manufacturer, provider or party in question.

This web site does contain content which might present a conflict of interest. This content may not always be identified.

For questions about this web site, please contact me here

 

Last updated Tue, 03 Aug 2010 18:03

This post is also available in: Spanish

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.