Muziplay
My Space

Privacy Policy

Last updated:

Muziplay ("we", "our", "us") is committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, store and protect your personal information when you use our online music lesson platform.

By using our service, you accept the practices described in this policy. If you do not accept this policy, please do not use our service.

1. Data controller

Muziplay

For any questions regarding the processing of your personal data, you can contact us via our contact page.

2. Personal data collected

2.1. Identification data

  • First name and surname
  • Email address
  • Phone number (optional)
  • Profile photo (optional, with your explicit consent)

2.2. Connection data

  • Login credentials (managed by Keycloak)
  • Login history
  • IP address
  • Browsing data (cookies, see our cookie policy)

2.3. Educational data

  • Learning profile (level, goals, instruments played)
  • Lesson and appointment history
  • Audio recordings of lessons (with your consent)
  • Shared documents and teaching materials
  • Teacher notes and comments

2.4. Payment data

  • Billing information (name, address)
  • Transaction history
  • Payment information (processed by secure third-party providers)
  • Important note: We do not store your full banking details on our servers

2.5. Communication data

  • Messages exchanged with teachers via the platform
  • Notification preferences

3. Purposes of data processing

We use your personal data for the following purposes:

  • Account management: Creation, authentication and management of your user account
  • Service provision: Organisation and management of music lessons, connecting you with teachers
  • Communication: Sending notifications, responding to your requests, communication with teachers
  • Billing: Payment management, invoice issuance and transaction tracking
  • Service improvement: Analysis of platform usage to improve our services
  • Legal compliance: Compliance with legal and regulatory obligations
  • Security: Fraud prevention and platform security protection

4. Legal basis for processing

Consent

For certain data (profile photo, audio recordings), we obtain your explicit consent before collecting and processing this information.

Performance of a contract

The processing of your data is necessary for the performance of the service contract you accepted by using our platform.

Legal obligation

Certain processing is necessary to comply with our legal obligations (billing, retention of accounting records).

Legitimate interest

We may process certain data for our legitimate interests (security, service improvement, fraud prevention), while respecting your rights and freedoms, in accordance with the UK General Data Protection Regulation (UK GDPR) as retained under the Data Protection Act 2018.

5. Data retention periods

We retain your personal data only for as long as necessary for the purposes for which it was collected:

  • Account data: For the duration of your active account, then 3 years after account closure
  • Billing data: 10 years in accordance with accounting obligations
  • Audio recordings: According to your preferences, until deleted by you or 2 years maximum
  • Browsing data: 13 months maximum (see our cookie policy)
  • Communication data: 2 years after the last exchange

Beyond these periods, your data is securely deleted or anonymised.

6. Data sharing and disclosure

We never sell your personal data. We may share your data with:

  • Teachers: Information necessary to organise and deliver lessons (name, contact details, level, goals)
  • Service providers: Technical providers (hosting, authentication via Keycloak) and payment processors, under strict confidentiality agreements
  • Competent authorities: Where required by law or in response to a legitimate judicial request

International transfers: Some of our service providers may be located outside the United Kingdom. In such cases, we ensure that appropriate safeguards are in place (standard contractual clauses, UK adequacy decisions, or other approved transfer mechanisms under UK data protection law).

7. Data security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication via Keycloak
  • Restricted access to personal data (principle of least privilege)
  • Intrusion monitoring and detection
  • Regular and secure backups
  • Staff training in security best practices

Despite our efforts, no system is completely secure. In the event of a security incident affecting your data, we will notify you as soon as possible in accordance with applicable regulations.

8. Your rights

Under the UK General Data Protection Regulation (UK GDPR), retained in UK law under the Data Protection Act 2018, you have the following rights:

πŸ” Right of access

You can obtain a copy of the personal data we hold about you.

✏️ Right to rectification

You can correct inaccurate or incomplete personal data.

πŸ—‘οΈ Right to erasure

You can request the deletion of your personal data in certain circumstances (right to be forgotten).

⏸️ Right to restriction of processing

You can request the restriction of processing of your data in certain circumstances.

πŸ“¦ Right to data portability

You can receive your data in a structured format and transmit it to another data controller.

❌ Right to object

You can object to the processing of your data on legitimate grounds.

πŸ”„ Right to withdraw consent

Where processing is based on your consent, you can withdraw it at any time.

βš–οΈ Right to lodge a complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that the processing of your data violates data protection regulations.
ICO contact: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF β€” https://ico.org.uk

To exercise your rights: Contact us via our contact page. We will respond to your request within one month at the latest.

9. Cookies and similar technologies

We use cookies and similar technologies to improve your experience on our site. For more information about our use of cookies and how to manage them, please see our cookie management policy.

10. Changes to this policy

We may update this privacy policy at any time. Any changes will be published on this page with an indication of the date of the last update. We encourage you to check this page regularly to stay informed about how we protect your data.

11. Contact

For any questions regarding this privacy policy or the processing of your personal data, you can contact us:

  • Via our contact page
  • By email at the address provided on our contact page

This privacy policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.