Categories of individuals | Personal data items
| Method of collection | Purpose | Format | Location & Security | Lawful basis
| Legitimate interest reason/test & date | Shared with? | Retention period and reason |
Private lesson students | Name Address Mobile phone | Registration forms Contracts Website | Contract execution | Paper | Password protected on desktop PC/ Locked cabinet for paper | Contract | n/a | - | 6 years post-contract termination to ensure right to pursue fee recovery |
Private lesson students | Online/card payment | Digital collection | Contract execution | Digital | Password protected on desktop PC Locked cabinet for paper | Contract | n/a | Square | 6 months post-termination of contract to allow for collection of fees |
Private lesson students | Date of birth | Registration form | Exam entry | Password protected on desktop PC Locked cabinet for paper | Legitimate interest | Entering pupils for exams is legitimate part of my business. No individual rights etc unfairly overridden | Exam board | ||
Enquirers re services | Name, email, telephone | Website, phone calls, emails | Quotes for contract | Forms, email, notes of conversation | Password protected on desktop PC/ Locked cabinet for paper | Contract | 6 years post contract if applicable; 1 year after initial contact |
Last updated: Feb 2025
Personal data and privacy statement
I process personal data relating to clients and customers, and to those who are interested in the services I provide.
I am committed to complying with my legal obligations in respect of data protection and privacy.
This statement sets out the principles I apply when processing personal data. This statement describes the types of personal data I may collect about you. This statement also describes what I do with any data I collect about you, how I will keep it secure and the legal bases on which I rely for processing your data. This statement also informs you of your rights and how you can contact me.
I am a sole trader
I provide educational services and live performance entertainment
I am a Data Controller for the purposes of current data protection legislation.
My contact details are:
Patrick Heatherley
www.phmusicstudio.co.uk
Personal data is any information relating to an identifiable living individual. I only collect the personal data I need to be able to provide you with the services you have asked me to provide or tell you about.
Personal/contact information: this can include your name, contact address, email addresses, telephone numbers.
Payment information: your bank details for billing purposes.
Digital information: IP addresses, and details of your interaction with my website and social media, should you engage with me through these channels.
Correspondence: information relevant to your specific enquiries.
Other: any other information you choose to provide to me.
I will collect information about you when you enter into a contract with me, make enquiries about my services, visit my website and engage with me on social media.
I may only process personal data where I have a lawful basis to do so.
I may collect and process your personal data when:
Please see below for more detailed information about how I will use your data and on what basis.
If you have any concerns about our data processing please contact me: see Contact. Please also see Your rights, below.
I may process the information we collect about you:
to perform any contract I have agreed with you, or to respond to any enquiries you make in this connection before we enter into a contract. The lawful basis for this processing is performance of a contract with you or because you have asked us to take specific steps before entering into a contract in respect of these activities and services;
to respond to any other enquiries or complaints. I need the information you supply to enable us to respond.
to protect my business from fraud and other illegal activities. This processing is necessary for my legitimate interests by ensuring the proper management of my business and financial risks.
to provide you with information by post (or by email, with your consent) about other products and services I offer similar in nature to those you currently receive or have previously asked about. Information I may process for this purpose includes your name, address and email address. This processing is necessary for marketing my services, which is a legitimate business interest.
I will only send marketing information to you by email if we have your consent. You have the right to withdraw your consent at any time. Please contact me via my website at phmusicstudio.co.uk
to send you communications required by law or which are necessary to inform you about changes to the services I provide you, for example, updates to this Privacy Statement, and any information legally required which relates to any contracts between us. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. This processing is necessary for me to comply with my legal obligations.
to administer my website, and send you survey and feedback requests to help improve my services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. This processing is necessary for development of my services, which is a legitimate interest of my business. I have a legitimate interest to do so as this helps make my products or services more relevant to you. You are free to opt out of receiving these requests from me at any time by contacting me.
In some circumstances we may need to share your data with the following:
I may also share your data with third parties, such as (for online students) online meeting companies to support the efficient running of my business.
If this is necessary, I will provide only the information they need to perform the services I require. They will only use the data for the purposes I specify. I require third parties to maintain appropriate security to protect information from unauthorised access or processing.
In some circumstances, I may need to share your personal data with other third parties (including legal or other advisers, regulatory authorities, courts and government agencies) to enable me to enforce my legal rights, or where such disclosure may be permitted or required by law.
Unless I tell you otherwise, your data will not be processed outside the EEA.
I will only keep personal data for as long as is necessary to provide my services, or for as long as I reasonably need to keep the information for the lawful business purposes or to comply with a statutory or other legal requirement.
I will take appropriate technical measures to protect the personal data I transmit, store or otherwise process against accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access. My computers and mobile devices are password protected.
You may exercise your rights by contacting me using the details in Contact, below. I aim to handle any requests within a reasonable period and, in any event, within one calendar month of the original request.
You have the right to be informed about what personal data I collect about you, why, on what lawful basis and what your rights are. This Privacy Statement is the key document I use to inform you about this.
You also have a right to request access to the information that I hold about you, and to receive a copy of this information, along with other information which is generally contained in this Privacy Statement.
You have the right to request that inaccurate personal data be rectified, or completed if it is incomplete.
You have the right to ask me to limit or cease processing or erase information I hold about you in certain circumstances. When responding to such requests, I will tell you how such restrictions or deletions may affect my ability to fulfil my contracts with you or otherwise affect your interests.
You have the right to object to my using your information for direct marketing. You can also ask me to stop using your information, where I am processing it on the basis of our legitimate interest. I will do so unless I believe I have a legitimate overriding justification to continue processing your personal data.
If you have given me any specific consent to use your personal data, you have the right to withdraw it any time. If you wish to tell me that you are withdrawing your consent, please email me at enquiries@phmusicstudio.co.uk
If you are unhappy with the way I process your personal data, please contact us using the information provided below. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: 0303 123 1113 or 01625 545 745
https://ico.org.uk/global/contact-us/
If you have any questions about this policy, or you wish to exercise any of your rights, please email me at enquiries@phmusicstudio.co.uk
I may change this privacy statement from time to time. I will post updates to this privacy statement on my website, and where appropriate, I may notify you by post or email. Please check my website to stay up to date.
Last updated December 2025
© Patrick Heatherley 2025. All Rights Reserved. Privacy Statement