Privacy & Cookies Policy

We collect and process information about you only where we have legal bases for doing so. These legal bases will depend on the individual services you use and how you use them. Additional information is provided below but in general terms we will only collect and use your information where:

• It is necessary for us to provide you with a service, including for support or to protect the safety and security of the services itself.
• It satisfies a legitimate interest which is not overridden by your data protection interests. Such as for research and development.
• You have given us consent to do so for a specific purpose.
• We need to process your data to comply with a legal obligation.

In cases where you have consented to our use of your personal information for a specific purpose you have the right to change your mind at any time. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use, but in some cases this may mean you’re no longer able to access our services.

Like most organisations we rely on a number of third-party providers to support our day-to-day operations, for example in areas such as online file storage and email delivery. We may also hire third parties to operate, maintain or improve our website and other digital services. Some of these service providers will by necessity have access to or be directly involved in processing or storing a subset of the personal information you share with us.

All our third-party data processors have been carefully chosen as service suppliers who also practice responsible data handling. We believe that each has in place appropriate protections to ensure the security of the data we store or process with them and have clear policies for how they treat that data. But if in doubt you should review their individual Privacy Policies.

Amazon Web Services (File storage): https://aws.amazon.com/compliance/data-privacy-faq/
Google (Website analytics & Google ads): https://support.google.com/analytics/answer/6004245?hl=en
HeartInternet (Hosting & email services): https://www.heartinternet.uk/terms/heart-internet-privacy-statement
MailChimp (Email marketing): https://mailchimp.com/legal/privacy/
Microsoft (Email services) https://privacy.microsoft.com/en-GB/privacystatement
The Pixel Parlour (Digital services development & support): https://www.pixelparlour.co.uk/about/privacy-and-cookies/
WhiteFuse (Membership data and payments): https://whitefuse.com/privacy-policy
Wufoo/ SurveyMonkey (Surveys and event bookings): https://www.surveymonkey.com/mp/legal/privacy/

Before using or sharing your information with third parties in ways not described here or previously authorised by you, we will provide you with notice and an opportunity to control the further use or disclosure of your personal information.

Under certain circumstances we will transfer your information outside of the European Economic Area. We will only do this with your informed consent, when it is necessary to perform a contract we have with you or where the receiving organisation has adequate safeguards in place – for example certification under the EU-US Privacy Shield framework.

Our website is hosted in the UK in a data centre managed by Heart Internet. When you visit our website or access one of the files stored on our web server information about this request will be automatically stored in our log files to provide usage statistics, enable security features and aid technical troubleshooting. This is on the legal basis of legitimate commercial interests. In these cases your IP address at the time acts as a unique identifier and is stored along with information about your operating system, browser version and the pages/files you access. These logs are retained on the server for up to 30 days, after which they are automatically deleted. Heart Internet will also record a similar set of data for the purposes of data management and security. This data is retained by them for up to 3 months.

Like most organisations we use Google Analytics to help understand how our website is being discovered and interacted with and we use this information to help improve the experience for our visitors and make decisions about future development. Google Analytics presents us with aggregate information about the geographic location, device types and operating systems used by our website visitors, but not in a way that personally identifies you. Additionally, Google will record your computer’s IP address and set a number of temporary cookies in your browser to help distinguish you as an individual visitor as you move around our site. In the interests of limiting the amount of data Google collects via our site we are using Google’s standard Analytics implementation and have not enabled any additional advertising features, such as remarketing tags which would tie your usage of our site in with your broader browsing habits. Any user-level data that is associated with Analytics’ cookies are retained for up to 26 months from your last activity on our site, after which it is automatically deleted from Analytics’ servers.

Our website and emails contain a number of links to third party sites. It is important to be aware that these external sites are governed by their own privacy policies and we do not accept any responsibility or liability for these policies. The inclusion of a link to an external source should not be understood to be an endorsement of that website, its owners or their products/services. Always check the individual privacy policies of these external sites before you submit any personal data through them.

Cookies are temporary files stored in your web browser by a website to help track usage and enable services that rely on a persistent identity. You can control which cookies you accept and remove them at any time by adjusting your browser settings, but it is important to be aware that some cookies are essential and our website may not function as expected without them.

Essential cookies

These cookies are strictly necessary to provide you with services available through our websites and to use some of its features. But you can still block or delete them by changing your browser preferences.

• analytics, social-sharing, third-party (Music Mark) – used by our website to remember your cookie preferences. Expire after 6 months.
• wordpress_[hash] (Music Mark) – used to temporarily store your authentication details when you log in to the website. Expires at the end of your session.
• wordpress_logged_in_[hash] (Music Mark) – set to identify you to the website and tell it that you are logged in. Expires at the end of your session.

Non-essential cookies

These cookies are used to enhance the performance and functionality of our websites. They are non-essential but without them certain functionality may become unavailable.

• YSC (YouTube) – used to support playback of embedded YouTube videos. Expires at the end of your session.
• VISITOR_INFO1_LIVE (YouTube) – used to support playback of embedded YouTube videos. Expires after 8 months.
• PREF (YouTube) – used to support playback of embedded YouTube videos. Expires after 8 months.
• _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjIncludedInSessionSample_XXXXXXX, _hjSession_XXXXXXX, _hjSessionUser_XXXXXXX (Hotjar) – used to support submitting a user feedback survey. Expire after 8 hours.

Analytics and customisation cookies

These cookies collect information to help us understand how our website is being used or customise it in order to enhance your experience.

• _ga (Google Analytics) – used to distinguish between users. Expires after 13 months.
• _ga_XXXXXXXXXX (Google Analytics) – used to create a persistent session state. Expires after 13 months.

Advertising cookies

These cookies are used to make advertising messages more relevant to you and your interests.

• • _gcl_au (Google Adsense)

– used by Google advertising to store and track conversions. Expires after 3 months.

Google Advertising

We use conversion tracking as part of our online advertising with Google to help better understand the performance of our campaigns. A conversion tracking cookie is set in your browser only when you click through to our website from one of our Google ads e.g. a sponsored Google search result. These cookies expire within 30 days and do not contain any personally identifiable information.

We primarily use WhiteFuse to facilitate communication with our members and partners. For specific events we may also use MailChimp.

When you choose to receive Music Mark mailings, the email address and name you submit will be held securely by MailChimp and/or WhiteFuse, and the information also made accessible to us.

On occasion we may use MailChimp to send emails. MailChimp’s servers are based in the United States, so your information may be transferred to, stored, or processed in the US. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework, which certifies that is has adequate safeguards in place.

As respected email marketing providers neither company will share your information with any unauthorised third parties or contact you directly at any time – you can read their full privacy policies here: https://mailchimp.com/legal/privacy/ https://whitefuse.com/privacy-policy

When you sign-up to receive job alerts the details you submit are only used to support with contacting you in relation to jobs and your details are stored on WhiteFuse until such a time as you opt to delete your account. We will retain your data for as long as you are subscribed to any of our non-member mailing lists.

If you terminate / do not renew your membership and are not subscribed to any non-member mailings your record will be deleted as part of our annual membership update process which happens in July of each year.

You can update your details or opt-out of our emails at any time using the ‘Unsubscribe’ or ‘Email Preferences’ links found at the bottom of every email we send. If you unsubscribe MailChimp will retain your email address for the purposes of a suppression list to ensure that no further marketing messages can be sent unless you actively choose to opt-in again. Messages sent via MailChimp capture data about your interactions with our emails and website, such as which links you click within an email which pages you go on to visit on our website. It does this using a combination of tracking pixels and cookies. You can learn more about those in the Cookies section of this privacy policy. We use this information to help improve our product and provide more personalised messaging.

We may also combine the information you provide us at sign-up with data from other sources, such as our website, to help us improve the relevance of the emails we send you.

When you submit a resource for consideration in our Marketplace using our online form the information you provide is sent to us by email. Your email address is collected as a required field and we will also record your IP address and a timestamp for the purposes of fulfilling our obligation under data protection regulations to appropriately log submissions of personal data.

On its way to us your message will pass through anti-spam filters operated by Heart Internet and Microsoft to identify poor quality content or viruses. These are automated processes with no human involvement. These third parties will only access email content under very limited circumstances, such as investigating fraudulent or abusive activity.

Because your submission can include attachments and other information we can’t limit what data you share with us. We request that you only share information directly relating to your submission and that you have the appropriate consent to disclose the information your share with us. It is important to be aware that email is not considered a secure means of communication so please limit the extent of the personal or commercially sensitive information you share with us this way.

When you submit a resource for consideration in our Marketplace using our online form the information you provide is sent to us by email. Your email address is collected as a required field and we will also record your IP address and a timestamp for the purposes of fulfilling our obligation under data protection regulations to appropriately log submissions of personal data.

On its way to us your message will pass through anti-spam filters operated by Heart Internet and Microsoft to identify poor quality content or viruses. These are automated processes with no human involvement. These third parties will only access email content under very limited circumstances, such as investigating fraudulent or abusive activity.

Because your submission can include attachments and other information we can’t limit what data you share with us. We request that you only share information directly relating to your submission and that you have the appropriate consent to disclose the information your share with us. It is important to be aware that email is not considered a secure means of communication so please limit the extent of the personal or commercially sensitive information you share with us this way.

When you submit the details of a job vacancy using our online form the information you provide is sent to us by email. This includes your name, email address, telephone number and place of work. This information will only be used by our team for the purpose of processing your job vacancy submission. We will also record your IP address and a timestamp for the purposes of fulfilling our obligation under data protection regulations to appropriately log submissions of personal data.

On its way to us your message will pass through anti-spam filters operated by Heart Internet and Microsoft to identify poor quality content or viruses. These are automated processes with no human involvement. These third parties will only access email content under very limited circumstances, such as investigating fraudulent or abusive activity.

Because your submission can include attachments and other information we can’t limit what data you share with us. We request that you only share information directly relating to your submission and that you have the appropriate consent to disclose the information your share with us.

When you apply online to become a member or partner of Music Mark the details you submit, which include your name, email address and postal address will only be used by us to process your application and keep you informed about updates relating to your membership and its benefits. Optionally you can also provide a short biography, profile photo and additional contact information for inclusion in our public Member Directory.

Our registration form and membership database are powered by WhiteFuse. As a data processor acting on our behalf they will not sell it to a third party, use it for marketing activities or contact you directly at any time. You can read the full detail in their Privacy Policy: https://whitefuse.com/privacy-policy

Registration for our events is provided by WhiteFuse, Wufoo (Surveymonkey) or Zoom so any information you submit when you book your place at one of our events will be processed by them in accordance with their privacy policies: https://whitefuse.com/privacy-policy, https://www.wufoo.com/privacy and https://explore.zoom.us/en/privacy.

Wufoo is run by US-based SurveyMonkey so your data will pass through their US-based servers on its way to us. SurveyMonkey participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework, committing them to protect your personal data.

The information you provide during registration, which includes your name, email address and physical address, will be made available to us for our legitimate interest in keeping financial records, controlling access to our events and providing attendees with essential event information via email. If you choose to pay by invoice for your tickets we will also collect your billing contact information for the purposes of issuing the appropriate invoice.

We will hold waiting lists for events which are fully subscribed. If you request to be included on a waiting list, you will be notified when there are spaces available and/or further sessions have been made available. The information you provide for this, which includes your name, email address and organisation, will be held until you have been notified that spaces are available or up to a maximum of 2 years, whichever is sooner.

When you use our website to sign-up your organisation to the Talk into Action pledge the details you submit are only used to support the publishing of your pledge and contact you with additional information relating to the campaign. During sign-up we collect your name, email address, organisation name and (optionally) a logo. We will also record your IP address and a timestamp for the purposes of fulfilling our obligation under data protection regulations to appropriately log submissions of personal data.

Only your organisation name and logo (if you choose to submit one) will be made public. Your name and email address will only be used to privately confirm your submission and contact you if we need to.

We will retain the information collected until such time as the Talk into Action campaign is archived or you request removal.

When you send us an email, either to one of the addresses displayed on our website or to an individual member of staff, we will collect your email address and any other information you provide within your email.

Microsoft are our email service provider so any emails you send us will be stored on their servers. Therefore, your email and any associated personal data may be transferred outside of the European Economic Area to servers located in the USA. Microsoft’s certification under the EU-US Privacy Shield Framework commits it to maintaining appropriate safeguards for international data transfers. You can learn more here: https://privacy.microsoft.com/en-GB/privacystatement

The information you provide will only be processed in relation to the purpose of your correspondence with us. We have no fixed retention period for email correspondence, but we are committed to only storing your data for no longer than is necessary to serve our legitimate interests of record keeping or to perform a contract we have entered into with you.

Our website and services are not for use by children under 16 years and we will not knowingly collect or use the personal data of children. If you are under the age of 16 please do not provide any personal data even if prompted to do so.

A breach is considered any loss, alteration, unauthorised disclosure of, or access to, personal data. We are committed to disclosing any personal data breaches that might adversely affect your rights and freedoms without undue delay so that you can take appropriate action. Any notifiable breaches will also be reported to the UK’s Information Commissioner’s Office within 72 hrs. This includes breaches affecting the third party services identified in this privacy policy, where personal data is being held on our behalf.