top of page

Data Protection Policy

Please find our Data Protection Policy below. If you would like to view any of our other policies or procedure documents, please email us at

We Need Music CIC Data Protection Policy

Updated 24/1/24


This privacy notice provides you with details of how we collect and process your personal data through your use of our site, in our operations and service provision.

We Need Music CIC are the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

We have appointed a Data Protection Officer who is in charge of privacy related matters for us. If you have any questions about this privacy notice, please contact the Data Protection Officer using the details set out below.

Contact Details

Our full details are:

Full name of legal entity: We Need Music CIC

Email address:

Registered address: We Need Music CIC, c/o Accounting 4 Everything, 13 Hyde Road, Paignton, TQ4 5BW

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at the above address.



Personal data means any information capable of identifying an individual. It does not include anonymised data. We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.


In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

The type of data we collect about you depends on how you interact with our organisation.

Service User Data as part of our services including music sessions, community events and workshops, we may ask for personal information. We process this data to help us provide a better and more tailored and relevant services. Personal data may include name, email, phone number, address. We will collect this information in person or through a paper form during events or via an online sign-up form, our lawful grounds for processing this data is your consent. We will retain personal information for the length of your interaction with the service plus two years.

We may also, from time to time, send you information about similar events and sessions that could benefit you for marketing purposes by email. Our lawful grounds for processing this data is a legitimate interest in providing more beneficial services to yourself beyond the initial activity you signed up to. You will be able to opt out of these at any time.

Customer Data that includes data relating to the purchase of any services for example music sessions and events. This data includes name, email, phone, billing address, payment method and details of the product or service you purchased. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions and to inform you of any information you may require about your product or service. Our lawful ground for this processing is the performance of a contract with you. For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

We may also from time to time contact you to request support to help us provide a better and more tailored service to our customers, our lawful ground for processing this data is our legitimate interest in providing the best and most useful service to our current and future customers.

Website User Data that includes data about your use of our website and online services such as your IP address, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising.  Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy. We shall retain this website user data for two years from your last interaction with our site, after which we will anonymise data.

Marketing Data that includes data about your preferences in receiving marketing from us and your communication preferences. We process this data to provide you with occasional ‘what’s on’ style emails and Whatsapp communications sharing details about upcoming music events and sessions that may be of interest. Our lawful ground for this processing is your consent. Marketing Data will be retained for up to two years after you were last actively engaging with our marketing for example responding to an email, opening any newsletters or clicking on a link.

You can ask us to stop sending you marketing messages at any time by responding to any messaging saying ‘opt out’ or a similar message, following opt-out links on marketing messages sent to you or by emailing us at at any time.

If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. Our lawful grounds for processing this data is our legitimate interests for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. We shall retain this website user data for two years from your last interaction with us, after which we will anonymise data.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at the address above. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.

Our site and services are often accessed by adults, for any processing where consent is required the child must be aged over 13, if they are aged below 13 we will require consent from a parent or guardian. In the case that we do obtain any information it will be held appropriately and within the bounds of the law.


We collect data about you by you providing the data directly to us (for example by filling in forms on our site or by sending us emails). We may automatically collect certain data from you as you use our website by using cookies and similar technologies.

What are cookies?

Cookies are simple text files that are stored on your computer or mobile device by a website’s server. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, website’s domain name, and some digits and numbers.

What types of cookies do we use?

Necessary cookies: Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account.

Functionality cookies: Functionality cookies let us operate the site in accordance with the choices you make. For example, we will recognize your username and remember how you customized the site during future visits.

Analytical cookies: These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.

How to delete cookies?

If you want to restrict or block the cookies that are set by our website, you can do so through your browser setting. Alternatively, you can visit , which contains comprehensive information on how to do this on a wide variety of browsers and devices. You will find general information about cookies and details on how to delete cookies from your device.

We may also receive data from publicly available sources such as Companies House and the Electoral Register based inside the EU.

We may also receive data from publicly available sources such as Companies House and the Electoral Register based inside the EU.


We may provide your personal data to suppliers working on our behalf, as set out below:

  • Service providers who provide IT and system administration services.

  • Professional advisers including lawyers, bankers, accountants and insurers

  • Government bodies that require us by law to report processing activities.

We share data to third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, search information providers such as Google based outside the EU, providers of technical, payment and delivery services.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.


Whenever we transfer your personal data, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:

  • We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or

  • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or

  • If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.

If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.


We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.


As an individual whose personal data we process, you have the right to ensure that the information we hold about you is accurate, complete, and up to date. If you believe that any of the personal data we hold about you is inaccurate or incomplete, you have the right to request rectification of such data.

Please note that while we strive to maintain accurate and up-to-date records, it is important for you to inform us of any changes to your personal information to ensure its accuracy. We encourage you to promptly notify us of any changes, such as a change of address or contact information, so that we can update our records accordingly.

We will also take reasonable steps to inform any third parties with whom we have shared your personal data about any rectifications made, where applicable and required by law.

It is important to understand that the right to rectify your personal data is subject to any legal obligations or limitations that may prevent us from making the requested changes. If we are unable to comply with your request for rectification, we will provide you with a justification for our decision.

We are committed to ensuring the accuracy and integrity of your personal data, and we appreciate your cooperation in keeping your information updated and accurate.

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

You can see more about these rights at:

If you wish to exercise any of the rights set out above, please email us at the email address above.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We will respond to all requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

Please let us know if you have any questions or concerns regarding your personal data. We are here to assist you.

bottom of page