Privacy Policy

Privacy Policy

Please read our privacy policy carefully. By signing up to a service offered by Band Pencil you are agreeing to this privacy policy. Security of your data is our first priority and this page outlines some of our operating procedures and security practices.


Definitions

We, our, us – Band Pencil (a service offered by bandpencil.com).
You, your, user - a person logging in, or signing up via one of our login, or register pages.
Support team - our employees or contractors who have access to provide support to you.
Content – anything you input into our system e.g. events, musicians, bands, equipment, files and invoices.

Confidentiality

We place strict access controls over your data and are committed to ensuring that nobody has access to your data that shouldn't.
If you contact our support team, you will grant them temporary access to your account so that they can provide support to you. Members of our support team are vetted and have strict rules and controls about what they can do with their access, and their usage is monitored. They cannot access your content unless you contact support.
The operation of our systems requires that some of our employees and contractors have access to the systems that store and process your data. Our employees and contractors are prohibited from using this access to view your data unless absolutely required.

Security Features

Access

All passwords are stored using a non-reversible method using an industry standard hashing and salting algorithm. Users are automatically logged out of the system after a period of inactivity. Users who attempt to login with invalid credentials too many times may be temporarily blocked from the system.

Data

We do not share personal data to third-parties with the exception of text messaging, email providers, and payment providers for the instances where users send text messages, emails, and when payments are collected via the payment providers. We are not responsible for the content that users add within the system, including its accuracy. Cookies are small pieces of data stored in your browser when you visit our website. We may allow other business partners to use cookies and other tracking technology on our website. For example, Google Analytics may store a cookie in your browser when you visit our website, which will allow us to gather anonymised statistics about which of our pages are visited most frequently. Our system only creates and reads cookies which are relate to your account and help us with issues like security.

We may also collect information how the site is accessed and used. This data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Encryption

Our data is encrypted in transit (https). All sensitive information (e.g. names, email addresses, phone numbers, addresses, billing information, passwords etc.) are stored as encrypted values in our database. To be clear, no client, musician, or student data is stored as plain-text. Database backups are encrypted individually, and off-site backups have full-disk encryption too.

Backups

Database and file system backups are taken daily, and are stored for a six months.

Legal Jurisdiction

We operate under the laws of England and Wales.

We may disclose your personal data in the good faith belief that such action is necessary to: To comply with a legal obligation. To protect and defend the rights or property of Band Pencil. To prevent or investigate possible wrongdoing in connection with the Service. To protect the personal safety of users of the Service or the public. To protect against legal liability.

Payment Providers: Stripe Payments

Users may pay for services using a credit or debit card. We use Stripe Payments to process the data - we do not store any cardholder data. When using Stripe please refer to their terms and conditions and privacy policy.

Breach Notification

In the unlikely event of a data security incident, we’ll notify all affected users promptly within 72hrs via email.

Information Requests

Users can delete all their personal data by contacting the support team for 'Right for Erasure' requests. Users can request a download of personal information in a spreadsheet format. Please contact the support team who can help with this.

Data Protection Officer

Our Data Protection Officer can be contacted via the contact page. Our Information Commissioner's Office (ICO) reference number is ZA556426. Please contact our Data Protection Officer for the copy of this certificate.

Your Account

When you request to delete your account, we reset your account first to remove all data and then remove your account. To do this please contact us quoting your account number found on your settings page. Your account will be deleted within 28 working days.

Changes to this Document

Band Pencil reserves the right to change this document at any point without written notice. Wherever possible Band Pencil will give two-week’s notice of any changes of this document and will communication those changes with the user via email.


Effective date of privacy policy: 4 September, 2020
Last revised: 20 August, 2020.

Ready to get your time back?

Our band management software is loved by musicians, band manager, agencies, not-for-profit music groups and many more. Get started now 👇

14-day free trial • No card required • Cancel at anytime