top of page

GDPR

Privacy Policy for Tremolo Guitar School

Last updated: 05 August 2025

This Privacy Policy explains how Tremolo Guitar School (“we,” “our,” or “us”) collects, uses, shares, and protects personal data when you visit our website or engage with our services. We are committed to processing your information in accordance with the UK GDPR and the Data Protection Act 2018.

​

1. Data Controller

Tremolo Guitar School 

​

2. Personal Data We Collect

We collect only the information necessary to provide lessons, support your inquiries, and comply with our legal obligations. This may include:

  • Contact details: name, email address, telephone number

  • Student information: age, skill level, lesson preferences

  • Billing and payment details: card information, billing address

  • Communications: emails, chat transcripts, support tickets

  • Website usage data: IP address, browser type, cookie identifiers

3. How We Use Your Personal Data

We process your data for the following purposes and legal bases:

  • Lesson booking and delivery (contract performance)

  • Customer support and communications (legitimate interests)

  • Payment processing and invoicing (contract performance)

  • Website functionality, analytics, and improvements (consent for cookies; legitimate interests for uptime)

  • Legal and regulatory compliance (legal obligation)

4. Data Sharing and Disclosure

We will not sell or rent your personal data. We may share information with:

  • Payment processors (e.g., Stripe, PayPal) for secure transactions

  • IT and hosting providers for website and email services

  • Legal advisors or government authorities when required by law

  • Subcontracted teachers under strict data-processing agreements

5. International Transfers

If we transfer data outside the UK or EEA, we ensure adequate safeguards are in place, such as:

  • EU Commission Standard Contractual Clauses

  • Transfers to countries with an adequacy decision by the UK government

6. Data Retention

We retain personal data only as long as necessary:

  • Lesson records and contact details: while the student is active plus 2 years

  • Exam certificates and accreditation documents: 7 years

  • Financial and billing records: 7 years (HMRC requirement)

  • Support and communication logs: 2 years after resolution

After these periods, data is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate or incomplete information

  • Erase data (“right to be forgotten”) in certain circumstances

  • Restrict or object to processing

  • Obtain data portability

  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact privacy@tremologuitar.school.

8. Security Measures

We implement technical and organisational measures to protect your data:

  • SSL/TLS encryption for data in transit

  • Encrypted storage and regular backups

  • Access controls, strong password policies, and two-factor authentication

  • Staff training on data protection and breach response

9. Cookie Policy

Our website uses cookies to enhance performance and user experience. You can:

  • Accept or reject non-essential cookies via the banner

  • Manage cookie settings in your browser

  • Read more in our detailed Cookie Policy [link to Cookie Policy]

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. The revised date will appear at the top. Please review this page periodically.

11. Contact Us

For questions, concerns, or to make a complaint, please contact:

bottom of page