We, our, us, Band Pencil – Band Pencil (any service offered by bandpencil.com) owned by Simon Hirst of 205 Middle Drive, Newcastle upon Tyne NE20 9LU.
You, your, user – a person logging in, signing up, or using Band Pencil.
Administrator – a person who has registered for a service offered by Band Pencil. This is not a person who is accessing Band Pencil through the member or client portal.
Support team – our employees or contractors who have access to provide support to you.
Content – anything you input into our system e.g. events, members, clients, equipment, files, invoices and contracts.
We place strict access controls over your data and are committed to ensuring that nobody has access to your data that shouldn't. If you contact our support team, you will grant them temporary access to your account so that they can provide support to you. Members of our support have strict rules and controls about what they can do with their access. The operation of our systems requires that some of our employees and contractors have access to the systems that store and process your data. Our employees and contractors are prohibited from using this access to view your data unless absolutely required.
All passwords are stored using a non-reversible method using an industry standard hashing and salting algorithm. Users are automatically logged out of the system after a period of inactivity. Users who attempt to login with invalid credentials too many times may be temporarily blocked from Band Pencil.
We do not disclose your personal information to any third parties, except for the trusted third-party providers who assist us in delivering Band Pencil. These providers may include text messaging, email providers, and payment providers. Their involvement is limited to specific instances where users engage in activities such as sending text messages, emails, or making payments through the designated payment providers.
We may also collect information how the site is accessed and used. This data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Your data is stored in the UK and US. Our hosting servers are based in London, UK. Wherever possible your data is processed within the UK. We may process your personal data outside of the European Union and of the country you reside in. By using Band Pencil, you consent to the transfer of your personal data to countries outside of the country you reside in and transfer data outside of the European Union.
Our data is encrypted in transit (https). Where possible, all sensitive information (e.g. names, email addresses, phone numbers, addresses, billing information etc.) are stored as encrypted values in our database. Database backups are encrypted individually, and off-site backups have full-disk encryption.
Database and file system backups are taken daily, and are stored for six months.
Users can export their invoices created in Band Pencil into QuickBooks.
Mailgun is used as our email provider.
Digital Ocean & Krystal Hosting
Digital Ocean and Krystal Hosting are our hosting providers.
Cloudflare secures and ensures the reliability of our software.
JetBackup & Snap Shooter
JetBackup & Snap Shooter are our off site backup and restore providers.
Sentry handles our error tracking and performance monitoring of our software.
Google Analytics, SplitBee, Hotjar, Facebook & Twitter
The services named above are used for analytics purposes.
We are the data controller for users using Band Pencil as an administrator. As the data controller, we will send you transactional emails such as invoices, legal document changes, and account warnings. Additionally, if you have opted-in to receive marketing emails, you may occasionally receive marketing communications from us.
Furthermore, we act as the data processor for all information added by users, including, but not limited to, your clients and members. This may involve various types of data, such as names, contact details, personal/organizational information, and any other details that you choose to collect.
It is important to note that we process data based on a contractual lawful basis, as governed by the Terms & Conditions between us and the administrator user. The administrator user will be responsible for collecting data about its own members, adhering to their own lawful processing basis.
It is essential to ensure that you have appropriate policies in place to collect and manage consent for the data being uploaded and used in Band Pencil. Obtaining proper consent is crucial to comply with data protection and privacy laws and to respect the rights of individuals whose data is involved. By using Band Pencil you agree that you have reviewed and implemented the necessary measures to obtain valid consent from data subjects before uploading and utilizing their data in Band Pencil.
Band Pencil has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to you (the data controller). Band Pencil supplies functionality to enable you to remove the data.
We may disclose your personal data in the good faith belief that such action is necessary to: To comply with a legal obligation. To protect and defend the rights or property of Band Pencil. To prevent or investigate possible wrongdoing in connection with the Service. To protect the personal safety of users of Band Pencil or the public. To protect against legal liability.
In the unlikely event of a data security incident, we are committed to promptly notifying all affected users via email within 72 hours. As the data controller for the data you collect, including but not limited to your clients and members, it is possible that you may have a legal obligation to contact the relevant data protection office and individuals whose data is stored in Band Pencil if their data has been affected.
Users can delete all their personal data by contacting the support team for 'Right for Erasure' requests. Users can request a download of personal information in a spreadsheet format. Please contact the support team who can help with this.
Our Data Protection Officer can be contacted via the contact page. Our Information Commissioner's Office (ICO) reference number is ZA556426. Please contact our support for the copy of this certificate.
When you request to delete your account, we reset your account first to remove all data and then remove your account. To do this please contact us quoting your account number found on your settings page. Your account will be deleted within 28 working days.
Band Pencil reserves the right to change this document at any point without written notice. Wherever possible Band Pencil will give two-week’s notice of any changes of this document and will communication those changes with the user via in-app notification and/or email users who are subscribed to our Product Updates newsletter.
Last revised: 22 May 2023
Last minor revision (correction of spelling mistakes etc.): 26 October 2023.