Privacy Policy

1. Introduction

Harmony Hub ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our online music education services at nadalfrid.com.

We are the data controller for your personal information. Our registered address is 181 Abbey Street, Ulverston, V94 K2X8, Ireland.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Name and contact details (email address, phone number, postal address)
• Account registration information
• Payment and billing information
• Course preferences and musical interests
• Communications with our support team
• Profile information and learning progress

2.2 Technical Information

We automatically collect certain technical information when you visit our website:

• IP address and location data
• Browser type and version
• Device information and operating system
• Pages visited and time spent on our site
• Referring website information
• Cookies and similar tracking technologies

2.3 Usage Data

We collect information about how you use our services:

• Course completion rates and progress
• Practice session data and performance metrics
• Feature usage and interaction patterns
• Feedback and ratings provided

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

• Providing access to our online music courses
• Processing payments and managing subscriptions
• Personalising your learning experience
• Tracking your progress and providing feedback
• Facilitating communication with instructors

3.2 Communication

• Sending course updates and educational content
• Providing customer support and technical assistance
• Responding to your enquiries and requests
• Sending important service announcements

3.3 Marketing (with consent)

• Sending promotional emails about new courses
• Sharing relevant educational resources
• Inviting you to events and masterclasses
• Conducting surveys and market research

3.4 Legal and Security

• Complying with legal obligations
• Protecting against fraud and security threats
• Enforcing our terms of service
• Resolving disputes and legal claims

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our educational services and fulfil our contractual obligations
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience:

5.1 Essential Cookies

These cookies are necessary for our website to function properly and cannot be disabled. They include authentication, security, and basic functionality cookies.

5.2 Analytics Cookies

We use Google Analytics to understand how visitors interact with our website. These cookies help us improve our services and user experience.

5.3 Marketing Cookies

With your consent, we may use marketing cookies to show you relevant advertisements and measure campaign effectiveness.

5.4 Managing Cookies

You can control cookies through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect website functionality.

6. Data Sharing and Disclosure

We may share your information with trusted third parties in limited circumstances:

6.1 Service Providers

• Payment processors (Stripe, PayPal)
• Email service providers (Mailchimp)
• Cloud hosting services (AWS, Google Cloud)
• Analytics providers (Google Analytics)
• Customer support tools

6.2 Legal Requirements

We may disclose your information when required by law, court order, or to protect our rights and the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

• Account Data: Retained while your account is active plus 3 years
• Payment Records: Retained for 7 years for tax and accounting purposes
• Marketing Data: Retained until you unsubscribe or withdraw consent
• Website Analytics: Anonymised data retained for 26 months
• Customer Support: Communications retained for 3 years

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing or cookies

To exercise these rights, contact us at support@nadalfrid.com or use our GDPR Rights Portal.

9. Data Security

We implement robust security measures to protect your personal information:

• SSL/TLS encryption for data transmission
• Secure data centres with physical access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Access controls and authentication systems
• Regular data backups and disaster recovery procedures

10. International Data Transfers

Your data may be processed outside the European Economic Area (EEA). When this occurs, we ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Certification schemes and codes of conduct

11. Children's Privacy

Our services are designed for users aged 16 and over. We do not knowingly collect personal information from children under 16 without parental consent. If we discover such information has been collected, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes through email or website notices.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing personal information.

14. Supervisory Authority

You have the right to lodge a complaint with the Irish Data Protection Commission if you believe we have not handled your personal data appropriately:

← Return to Home