We, our, us – Band Pencil (a service offered by bandpencil.com).
You, your, user - a person logging in, or signing up via one of our login, or register pages.
Support team - our employees or contractors who have access to provide support to you.
Content – anything you input into our system e.g. events, musicians, bands, equipment, files and invoices.
We place strict access controls over your data and are committed to ensuring that nobody has access to your data that shouldn't.
If you contact our support team, you will grant them temporary access to your account so that they can provide support to you. Members of our support team are vetted and have strict rules and controls about what they can do with their access, and their usage is monitored. They cannot access your content unless you contact support.
The operation of our systems requires that some of our employees and contractors have access to the systems that store and process your data. Our employees and contractors are prohibited from using this access to view your data unless absolutely required.
All passwords are stored using a non-reversible method using an industry standard hashing and salting algorithm. Users are automatically logged out of the system after a period of inactivity. Users who attempt to login with invalid credentials too many times may be temporarily blocked from the system.
We may also collect information how the site is accessed and used. This data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Our data is encrypted in transit (https). All sensitive information (e.g. names, email addresses, phone numbers, addresses, billing information, passwords etc.) are stored as encrypted values in our database. To be clear, no client, musician, or student data is stored as plain-text. Database backups are encrypted individually, and off-site backups have full-disk encryption too.
Database and file system backups are taken daily, and are stored for a six months.
We operate under the laws of England and Wales.
We may disclose your personal data in the good faith belief that such action is necessary to: To comply with a legal obligation. To protect and defend the rights or property of Band Pencil. To prevent or investigate possible wrongdoing in connection with the Service. To protect the personal safety of users of the Service or the public. To protect against legal liability.
In the unlikely event of a data security incident, we’ll notify all affected users promptly within 72hrs via email.
Users can delete all their personal data by contacting the support team for 'Right for Erasure' requests. Users can request a download of personal information in a spreadsheet format. Please contact the support team who can help with this.
Our Data Protection Officer can be contacted via the contact page. Our Information Commissioner's Office (ICO) reference number is ZA556426. Please contact our Data Protection Officer for the copy of this certificate.
When you request to delete your account, we reset your account first to remove all data and then remove your account. To do this please contact us quoting your account number found on your settings page. Your account will be deleted within 28 working days.
Band Pencil reserves the right to change this document at any point without written notice. Wherever possible Band Pencil will give two-week’s notice of any changes of this document and will communication those changes with the user via email.
Last revised: 20 August, 2020.