1. Who we are
2. What data we collect from you
3. Why we need it
4. How we use it
5. Who we share it with
6. How you can see the data, amend the data or have it deleted.
Who we are
Music Store Online is an online business at web address https://musicstoreonline.co.uk, with a physical address in Ballymena, Northern Ireland.
What personal data we collect and why we collect it
Music Store Online collects data from you when you contact us, sign up to our mailing list or place an order. When we process an order we require your first & last name, country of residence, address, phone number and email address. This data ensures we can get your order to the right address, in an acceptable time frame. We also collect your contact details incase we have a problem with your order, or to contact you with confirmation and dispatch notices. If your order is delivered by a courier we provide your phone number to the courier company, to help with delivery.
When we process a payment we require your DEBIT/CREDIT number, expiry date and your CVC code. This enables Stripe (our payment processor) to process your payment. We use a secure HTTP protocol called HTTPS to transfer your payment details over the internet. This is the industry standard for sending encrypted data over the internet. When you place a payment, your card data is encrypted and sent to the Stripe’s servers, where it is decrypted and the payment is processed. Music Store Online never sees your payment information, can we access your payment details. You can read Stripe’s privacy report at https://stripe.com/gb/privacy.
Music Store Online also uses Google Analytics to track your location on the site. This plug-in helps us generate a picture of what customers are looking at on our site and help us tailor it to customer’s needs. Google collects your IP address to help us do this.
Who we share your data with
Other than the above companies, Music Store Online will not share your order details with anyone outside of Music Store Online and we are committed to only working with companies who have a strict GDPR policy.
How long we retain your data
We are committed to not holding your data longer than necessary. Your order data such as your name, address and contact details along with the details of what you ordered are held for 6 years in accordance with UK law. If you have not requested your data be deleted before then, it will be deleted after 6 years.
We never keep nor see your payment card details.
If you sign up to our mailing list, your email will remain on the list until you unsubscribe.
If you contact us by email or by writing, we will keep the information you supply for as long as necessary to deal with your request.
What rights you have over your data
If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including all data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
As someone who provides us data, your rights over your data include:
1. Right of access
2. Right to challenge accuracy of data held on you
3. Right to object to the use of your personal information
4. Right to object to direct marketing
5. Right to restrict use of your personal information
6. Right to erasure of your data
7. Right to withdraw your consent for us to use your data
If you have a data protection question or would like to assert any of your rights over your data, please email the Music Store Online data protection officer at firstname.lastname@example.org and we will reply promptly.
Data breach procedures
In the case of a data breach, it is now the law that we contact those affected as soon as possible. In the unlikely event of a data breach we will contact users within one working day to inform them that their data may have been accessed by someone else. We do everything possible to stop this from happening.