Using the The Bach Project website, mobile website and Apps, means you agree to our Privacy and Cookie policies 1 – Who we are We are The Bach Project (we/our/us). Our office address is John Holloway, The Bach Project, Alpenstrasse 30, CH3006 Bern, Switzerland. This policy describes how we use personal information. Since the original 1984 UK Data Protection Act, the law has changed significantly attempting to compensate for leaps in technology especially “Big Data”. While the 1984 act did little to enforce, it did establish principles or ethics that have higher standards than todays legislation. We respect personal data according to both the older principles and our contemporary legal obligations. In modern computing systems and data including personal information needs to be shared to deliver modern expectations. Modern information privacy law is now more about declaration of use and consent by the individual. There may be conflicts between what someone believes is principled use of their personal information and what the rights that this document establishes over personal information. This policy sets out, practically, how we, as a Data Controller, collect, process, use and disclose your personal information, why we use it, with whom we share it, the rights to which you may be entitled and your choices about our use of your personal information. If an individual feels that their personal data has been misused, despite consent, we will actively change or delete information that has been recorded above and beyond our legal commitments in an attempt to undo perceived harm. This policy covers use of personal information arising from use of our online systems as well as buying / using our products and services. If you have any questions or need any further clarity please get in touch via email to firstname.lastname@example.org or via post to John Holloway, The Bach Project, Alpenstrasse 30, CH3006 Bern, Switzerland. 2 – Your information Data Collection and Usage Personal Data includes any data that can identify a person, or could be used in conjunction with other information to identify a person and personal qualities. We comply with all applicable laws in relation to data protection and privacy, including the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
What we collect Lawful basis for Processing How we use it
Information provided during a purchase:
• Contact details possibly including: name, address, email address and phone number;
• Bank account or credit/debit card details;
• The product or service purchased
Performance of contract. Personal information may be required to deliver a sale.
This information is used to:
Provide products and services;
Manage and administer services;
Take payment or refund monies;
Help to check that customers are genuine and to prevent fraud Information provided for subscription to newsletters, receive information or mailings: • Name and email address Consent. Consent must be given to sign up to mailing lists. This Consent can be withdrawn at any time. See section 4 below for more information. Provide products and services; Help to check that customers are genuine and to prevent fraud . Deliver news about and offers on products and services.
Information provided to enter a prize draw or competition:
• Contact details including: Name, address, email address and phone number. This may include a social media account or accounts.
Legitimate Interest. Required to administer any prize draw or competitions.
Competitions and prize draws are constrained by other legislation and
Provide products and services;
Manage and administer prize draws, competitions and our services;
Take payment or refund monies;
may have supplementary Terms and Conditions.
Help to check that customers are genuine and to prevent fraud Information about the way products and services are used including: • The things provided or purchased; • When and where the provisions or the purchases were; • What was paid and how; • Whether electronic communications from us have been opened; • Whether links in electronic communications from us have been clicked on. Legitimate Interest. We use this information to deliver quality of service and tailor experiences to individuals. We use this information to: • Develop new products and services; • Improve our products and services; • Personalise our products and services; • Identify products and marketing that may be of interest to individuals; Statistical analysis and research.
Information exchanged in communications with us whether in person, through our website or via email, over the phone, through social media or any other medium which maybe recorded in minutiae.
• This information may include contact details, name, address, email address and phone number, social media account.
Legitimate Interest. We cannot communicate without this information.
We use this information, including to: Answer questions and respond to concerns; Monitor customer communications for quality and training purposes; Develop new products and services;
• Improve our products and services including personalisation.
Regulatory compliance; Information that collected through use of our website including: • Device information such as operating system, unique device identifiers, the mobile network system; • Hardware and browser settings; • Date and time of requests; • The requests you make; • The pages you visit and search engine terms you use; • IP address. • Recordings of screen interactions and heatmaps. Legitimate Interest. We use this information to deliver quality of service and tailor experience to individuals. We use this information to: • Provide our products and services; • Develop new products and services; • Improve our products and services; • Personalise our products and services; • Identify issues with the website and user’s experience of it; • Make improvements to the user experience; • Manage and administer our systems;
• Monitor the way our website is used.
Information collected incidentally from public or other sources, including:
• Information available in the media;
• Information presented on our social media timelines;
• Information collected by security systems;
Legitimate Interest. We use this information to deliver quality of service.
We use this information, including to:
• Maintain market awareness;
• Build and maintain social media branding;
• Provide security to our sites;
• Fraud prevention and confirming identity. Information from credit reference agencies. Performance of contract. To make a credit sale
Fraud prevention and confirming identity. The Bach Project does not knowingly collect data from any unsupervised person under the age of 18. Individuals under the age of 18 must not use The Bach Project online services including websites and apps or submit any Personal Data to us without the consent of, and are supervised by, a parent or guardian. Legal requirements Personal information may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of legal claims. The Bach Project will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved. How long we keep personal information We will keep your information for as long as it is reasonably necessary. It will depend on factors such as whether you have any outstanding purchases or have interacted with recent offers.
Our suppliers and service providers will be required to meet our standards on processing information and security. Personal information we provide them, will only be provided in connection with the performance of their function. • We may also share information with third parties. We will do this either when we receive Consent or because we need them to see information to provide products or services. These include credit reference agencies, anti-fraud databases, screening agencies and other partners we do business with. Personal information may be transferred to other third party organisations in certain scenarios: • If we’re discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality; • If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services previously provided by us; • If we’re required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police; • If we are defending a legal claim your information may be transferred as required in connection with defending such claim. Personal Data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data. Where personal information will be held Our offices are based in Switzerland and your data will be held on systems accessible by this office. We will only transfer data to jurisdictions outside the scope of the European General Data Protection Regulation (GDPR) where the appropriate safeguards set out in the GDPR are in place. 3 – Individual’s rights Data Subject Rights We’ve listed the rights an individual has over their information and how they can be used below. These rights only apply in some circumstances. Not all of these rights will be available if there are outstanding contracts between us, if we are required by law to keep the information or if the information is relevant to a legal dispute. We will normally respond to or action (as applicable) requests within one month from receipt of a request. This period may be extended by 2 further months if necessary taking into account the complexity or number of requests. If this is the case, we aim to let the enquirer know within one month of the original request. Usually the information or action requested will be provided free of charge. However, if we decide that requests are unfounded or excessive or repetitive we may charge a fee or refuse to deal with the request. It is important that we establish that the individual right is being exercised by the correct person. Therefore, we may need to ask for information in order to verify identity prior to processing a request. This may include requiring personal details we have recorded for example a phone number or date of birth to be correlated by the enquirer. Individuals have the right to make the following types of request regarding the Personal Data The Bach Project stores: • Right of access (subject access requests) is the individuals’ right to request a copy of the Personal Data (if any) that we have concerning them and supporting information explaining how it is used. • Right of rectification is the individuals’ right to request that we correct inaccurate, incomplete or misleading Personal Data concerning the individual. • Right of erasure (right to be forgotten) is the right, in some situations, for the individual to have their Personal Data.