Privacy Policy
Your privacy is important to us
At MusicalSong Ltd, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you interact with our website, products, and services.
Last Updated: 1 January 2026
Effective Date: 1 January 2026
Information We Collect
We collect various types of information to provide you with the best possible service and experience. This information is collected only when necessary and is handled in accordance with applicable data protection laws.
Personal Information
When you make a purchase, create an account, or contact us, we may collect:
- Name, email address, and phone number
- Billing and delivery addresses
- Payment information (processed securely by third-party providers)
- Order history and preferences
- Communications with our customer service team
Technical Information
When you visit our website, we automatically collect:
- IP address and browser information
- Device information and operating system
- Pages visited and time spent on our site
- Referral source and search terms
- Cookies and similar tracking technologies
Marketing Communications
If you subscribe to our newsletter or marketing communications:
- Email address and preferences
- Engagement data (opens, clicks, purchases)
- Survey responses and feedback
How We Use Your Information
We use your personal information for specific purposes outlined below. We will not use your data for purposes other than those described unless we have your explicit consent or are required by law.
Order Processing
Processing and fulfilling your orders, managing payments, and arranging delivery
Customer Support
Providing assistance, answering queries, and resolving issues
Sending newsletters, product updates, and special offers (with consent)
Website Improvement
Analysing usage patterns to enhance our website and services
Security
Protecting against fraud, ensuring security, and complying with legal obligations
Personalisation
Customising your experience and recommending relevant products
Legal Basis for Processing
Under the UK General Data Protection Regulation (GDPR), we process your personal information based on the following legal grounds:
Contractual Necessity
Processing necessary to fulfil our contractual obligations to you, such as processing orders and providing services.
Legitimate Interest
Processing for our legitimate business interests, such as improving our services and preventing fraud.
Consent
Processing based on your explicit consent, such as for marketing communications and newsletter subscriptions.
Legal Obligation
Processing required by law, such as for tax purposes and regulatory compliance.
Data Sharing and Third Parties
We may share your personal information with carefully selected third parties to provide our services. We ensure these partners meet high standards of data protection and privacy.
Service Providers
We work with the following types of service providers:
- Payment Processors: Secure payment processing services (e.g., Stripe, PayPal)
- Delivery Partners: Royal Mail, DPD, and other courier services
- Email Marketing: Newsletter and email service providers
- Analytics: Website analytics and performance monitoring
- Customer Support: Help desk and CRM systems
Data Transfers
Some of our service providers are based outside the UK. We ensure appropriate safeguards are in place for international data transfers, including:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Binding corporate rules for intra-group transfers
Data Security
We implement robust security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction.
Encryption
All data transmissions are encrypted using SSL/TLS protocols. Sensitive data is encrypted at rest.
Secure Infrastructure
Our servers are hosted in secure data centres with 24/7 monitoring and physical security.
Access Control
Strict access controls ensure only authorised personnel can access personal data.
Regular Updates
We regularly update our security measures and conduct vulnerability assessments.
Your Rights
Under UK GDPR, you have the following rights regarding your personal information:
Right to Access
Request a copy of the personal information we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete personal information.
Right to Erasure
Request deletion of your personal information in certain circumstances.
Right to Restrict Processing
Request restriction of processing in specific situations.
Right to Data Portability
Request transfer of your data to another service provider.
Right to Object
Object to processing based on legitimate interests or direct marketing.
To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.
Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience and analyse website usage.
Types of Cookies
You can manage cookie preferences through your browser settings or our cookie consent banner.
Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, unless required or permitted to retain it longer.
Retention Periods
- Order Information: 7 years for tax and accounting purposes
- Customer Accounts: Until account deletion or 2 years of inactivity
- Marketing Data: Until you unsubscribe or withdraw consent
- Support Communications: 3 years for service improvement
- Website Analytics: 26 months (anonymised after 13 months)
Some data may be retained longer if required by law or for legitimate business purposes.
Children's Privacy
Our website and products are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.
If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete such information immediately.
Parents or guardians who believe their child has provided personal information to us should contact us at [email protected].
International Data Transfers
As a UK-based company, we primarily process and store your personal information within the United Kingdom. However, we may transfer data to international service providers.
When transferring data outside the UK, we ensure appropriate safeguards are in place:
- Transfers to EEA countries are covered by UK adequacy regulations
- Transfers to other countries use Standard Contractual Clauses
- All service providers undergo rigorous data protection assessments
- Regular audits ensure ongoing compliance with international standards
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.
When we make significant changes, we will:
- Post the updated policy on our website
- Update the "Last Updated" date at the top of this policy
- Notify active users via email for material changes
- Display a prominent notice on our website
Your continued use of our services after any changes indicates your acceptance of the updated policy.
Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:
Phone
+44 20 7946 0958
Post
Data Protection Officer
MusicalSong Ltd
71-75 Shelton Street
Covent Garden, London
WC2H 9JQ
United Kingdom
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).