Beyond the Stave

GDPR

At Beyond the Stave, we are fully committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679).

This statement outlines how we collect, store, process, and protect personal information.

  1. Lawful Basis for Processing

We collect and process personal data on the following lawful bases:

  • Contractual obligation: To provide and manage your lessons and services.
  • Legitimate interest: To improve our platform and communication.
  • Consent: For marketing communications (where applicable).
  • Legal obligation: To meet regulatory and tax requirements.
  1. What Personal Data We Collect

We may collect and store the following data:

  • Full name
  • Email address and phone number
  • Student/parent profile information
  • Lesson history and preferences
  • Payment details (processed securely via third-party providers)
  • Communication and feedback
  • Technical data (e.g., browser type, login time, IP address)

We do not store any full payment card details directly on our servers.

  1. How We Use Your Data

Your data is used to:

  • Create and manage student and teacher accounts
  • Schedule, deliver, and track lessons
  • Communicate lesson updates and support
  • Process payments securely
  • Improve platform functionality and user experience
  • Comply with legal obligations
  1. Data Protection & Security
  • All data is stored securely on GDPR-compliant servers.
  • Access is restricted to authorized personnel only.
  • We use secure SSL encryption and two-factor authentication where appropriate.
  • Payment processing is handled by trusted, PCI-compliant third-party providers.
  1. Data Sharing

We do not sell or share your data with third parties for marketing.
We may share data only with:

  • Teachers, for the purpose of delivering lessons
  • Payment processors (e.g.,Total Pay)
  • Legal authorities if required by law
  1. Data Retention
  • Student data is retained only as long as necessary to provide services.
  • Financial records are retained for up to 7 years to meet legal requirements.
  • You may request deletion of your account and data at any time, subject to these obligations.
  1. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Withdraw consent at any time
  • Object to or restrict processing
  • Request data portability
  • File a complaint with your local data protection authority

To exercise any of these rights, please contact us at:
jackie@beyondthestave.music

Scroll to Top