Effective date: May 24th, 2018
Music Teacher’s Helper, LLC, (“us”, “we”, or “our”) operates: the MusicTeachersHelper.com (‘MTH’), StudioHelper.com (‘SH’) and TeachingFreedom.info (‘TF’) websites; the Android and iOS apps (MTH); and, creates and distributes various Information Products (the ‘Services’).
The security of all data is important to us; in this document, we will explain how we collect, use and protect our customers’ [Teachers, Studios] personal data (as a ‘Data Controller’) and the data we process (as a ‘Data Processor’) on the behalf of others [Students, Parents].
We consider the input of data into our software as being sufficient evidence of Informed Consent being freely given by Teachers/Studios (regarding the provision of Teachers/Studios personal data, given to us in our role as Data Controller), and having been fully obtained by Teachers/Studios (regarding the provision of Parents/Students data, specifically including all necessary parental permissions for children’s data, given to us as a Data Processor [by a Data Controller).
These are 6 principles that underpin our approach to GDPR in terms of our responsibilities as a Data Controller and a Data Processor. In different words, we strive to ensure personal data is:
- Processed Lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purposes;
- Adequate, relevant and limited to what is necessary;
- Accurate and, where necessary, kept up to date;
- Retained only for as long as necessary; and,
- Processed securely in an appropriate manner to maintain security.
In our role as a Data Controller, we also strive to obtain Informed Consent, defined as being ‘freely given, specific, informed and unambiguous’. Teachers, who are acting as Data Controllers themselves in regards to Parents/Students must also uphold these principles and obtain Informed Consent from these individuals.
As an EU citizen whose personal information we hold, the GDPR affords certain rights. If you wish to exercise any of these rights, please email email@example.com or through our Services. In order to process your request securely, we reserve the right to request you to provide two valid forms of identification for verification purposes.
Your rights are as follows:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure (the ‘right to be forgotten’);
- The right to restrict processing;
- The right to data portability;
- The right to object; and,
- Rights in relation to automated decision making and profiling.
In our role as a Data Controller, we strive to uphold these rights in the manner, and to the timelines, defined within GDPR. Teachers/Studios, who are acting as Data Controllers themselves in regards to Parents/Students must also uphold these rights for these individuals.
If we consider requests to: be frivolous or vexatious; necessitate disproportionate effort to complete (time or cost); or, cannot be fulfilled for another legitime reason (e.g. legal) – then we reserve the right to refuse them. If such an exceptional circumstance arises, then we will inform you (within a reasonable timeframe). If answering requests is likely to require additional time (above that specified in GDPR) or generates a commercially unreasonable expense (which you may have to meet, in part or in full), then we will also inform you (within a reasonable timeframe).
On matters where GDPR specifies a defined timeline, for example, fulfilling Subject Access Requests (‘no later than 30 days’) and/or reporting data breaches to the Supervisory Authority (‘where feasible, within 72 hours’), we will make commercially reasonable efforts to achieve said timelines. If exceptional circumstance arise, which might impact us achieving these deadlines, then we will inform you (within a reasonable timeframe). If there is no defined timeline for a specific matter, then we will strive to address them ‘within a reasonable timeline’ as recommended within GDPR.
We collect several different types of information from Customers (Teachers/Studios), including:
- Registration and Contact Information. We collect information about you when you (a) register to use the Services; and/or, (b) provide contact information to us via email, chat bots, telephone, or through our Services.
- Payment Information. When you purchase the Services (via: Stripe, Authorize, PayPal), we collect transactional information, which may include your credit card information, billing and mailing address et al (necessary to complete purchase).
- Technical, Usage and Location Information. We automatically collect information as you interact with our Services, such as your IP address, date and time, browser version, operating system, location data, computer or device details, pages viewed, and items clicked.
- Third Parties. We sometimes collect information when you interact with our advertisements and/or other content on external sites or platforms, such as social networking sites or search engines. This might include information such as ‘likes’, ‘follows’, ‘subscribes’ et al, or other interactions with our content.
- Other Information. We may collect other information from you.
A core element of our Services is to enable Teachers/Studios to operate their businesses, including various billing, scheduling and messaging functions relating to Students/Parents. In this regard, we are a Data Processor and Teachers/Studios act as a Data Controller, so our software enables Teachers/Studios to capture data for their Legitimate Purpose (and where, we are required to do so to perform our Contractual Obligations). We consider the input of data into our software as being sufficient evidence of Informed Consent having been fully obtained by Teachers/Studios from Parents/Students (regarding the provision of Parents/Students data, specifically including all necessary parental permissions for children’s data, given to us as a Data Processor [by a Data Controller]).
MTH is a US-registered business and we utilize Amazon AWS hosting solutions and other US-based third parties. If you elect to provide information to us (defined as the input of data into our Services), then be advised we might transfer elements of this data, including personal data, to the US and process it there. In this regard, we are fulfilling a Contractual Obligation to provide the Services which our Customers are purchasing from us. For the avoidance of doubt, we also consider the input of data into our software as being sufficient evidence of Informed Consent for said transfer of your own data and the Parents/Students data you control. We further consider the input of data into our Services as being sufficient evidence you’ve obtained all necessary parental permissions for the transfer of children’s data.
We take the security of all data (teachers, studios, parents, students) extremely seriously and utilize multiple technologies, processes and protocols to protect against the loss or theft of personal data, including (but not limited to): encryption, access controls, data backups, passwords, reputable third parties (e.g. Amazon Web Services) et al. This being said, although we invest at a commercially reasonable level, no software platform or data storage can be 100% secure; thus, we cannot make guarantees relating to data security.
We use personal Teacher/Studio data for various activities including (but not limited to) safeguarding, delivering and improving our Services to you, such as:
- Fulfilling, maintaining and improving the Services;
- Enabling us to personalize aspects of our Services (e.g. remembering your information so that you will not have to re-enter it during this or subsequent visits);
- To answer your Service questions and otherwise deliver customer service;
- To process your payments, we share and use external payment processors (PayPal, Stripe, Authorize);
- To control, monitor and prevent unauthorized use or abuse of the Services;
- To analyze trends, usage patterns, demographic data, or other data to optimize the Services;
- To communicate directly with you, such as newsletters, promotions or other materials relating to Services (current & future). You can opt-out of these, at your convenience.
We use personal Teacher/Studio data for limited processing activities, as required to fulfil our contractual obligations to our customers (Teachers, Studios), such as:
- To deliver customer support to customers of our Services, on behalf of their parents/students;
- To control, monitor and prevent unauthorized use or abuse of the Services; and,
- To analyze trends, usage patterns, or other data to optimize the Services.
In simple terms, we do not sell, distribute or lease any personal information (Teachers, Studios, Parents, Students) outside of our business, without obtaining Informed Consent, unless we are legally required to do so, or there is a ‘good faith belief’ such action is absolutely necessary. For example, if MTH or its Services are involved in a merger, acquisition or sale, then personal data might be transferred; in this case, we will provide advance notice. Disclosure could also be required to: protect the rights or assets of our business; prevent or investigate a wrongdoing related to our Services; support a legal request from a recognized legal authority; and/or, protect the safety of users of the Services et al.
We use third-parties (including, but not limited to those listed, beneath) to monitor, analyze, support, promote and enhance our Services. In some cases, these providers will use personal data to fulfil their contractual obligations (with us), when we request them to perform various services on a legitimate interest basis:
- Google Analytics is a web analytics service offered by Google that tracks and reports website traffic and usage: http://www.google.com/intl/en/policies/privacy/
- VWO.com helps us optimize our website design: https://vwo.com/privacy-policy/
- Google Adwords remarketing service is a personalized advertising service offered by Google Inc.: http://www.google.com/settings/ads
- Stripe processes payments: https://stripe.com/us/privacy
- Authorize processes payments: https://www.authorize.net/company/privacy/
- PayPal processes payments: https://www.paypal.com/webapps/mpp/ua/privacy-full
- Intercom is used for customer communication, marketing and customer support (MTH): https://www.intercom.com/terms-and-policies#privacy
- UserVoice is used for customer communication and customer support: (SH). https://www.uservoice.com/privacy/
- Mail Chimp is used for email marketing: https://mailchimp.com/legal/privacy/
For the avoidance of doubt, we do not support Do Not Track (“DNT”) technologies (DNT is a web browser setting that requests that a web application disable its tracking of an individual user).
We are a virtual business that operates its Services without a physical office, so we’ve a strong preference to communicate in digital form via email firstname.lastname@example.org or through our Services (i.e. through customer support). For legal and formal purposes, our registered office is 179 North 1200 East Suite 102, Lehi, UT, 84043, USA. Be mindful, if correspondence is sent to this address it might take us longer to process (i.e. there’ll be a lead time to re-route the document[s] before one of our team members receive them).