Our data privacy policy?

Who we are

Swindon Music Service – PRIVACY POLICY

Swindon Music Service is local authority  service (referred to as “SMS”, “we” or “us” in this policy).


Maintaining the security of your data is a priority at SMS, and we are committed to respecting your privacy rights.  We pledge to handle your data fairly and legally at all times. SMS is also dedicated to being transparent about what data we collect about you and how we use it.

This policy, which applies whether you request a service or go on line, provides you with information about:

– how we use your data;

– what personal data we collect;

– how we ensure your privacy is maintained; and

– your legal rights relating to your personal data.


Promotional communications

SMS uses your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you on the latest SMS offers.

SMS aims to update you about products & services which are of interest and relevance to you as an individual.

You have the right to opt out of receiving promotional communications at any time, by:

  1. changing marketing preferences via your SMS/SYM Schooble on-line account;
  2. making use of the simple “unsubscribe” link in emails or the “STOP” number for texts; and/or
  3. contacting SMS via the contact channels set out in this Policy.

Swindon Young Musicians (SYM)

If you are a member of SYM, we may collect data directly from you.

SMS E-News Mailing List

Subscribers of our E-News are fully aware of what it means to opt-in.

Those who subscribe to the SMS E-News will receive emails sent to their nominated email address. The E-News will contain recent news, information on upcoming public events, and other service related topics. We may also include invitations to join fundraising campaigns, information on how to leave a gift to SMS Charity Incorporated Organisation or highlight opportunities for you to join us as a regular donor on the Supporter Scheme in the E-News.

The contact information provided in your opt-in form to the E-News will not be shared with, sold, rented or leased to any third parties. Your email address and personal data will be held on secure servers in the US operated by Mailchimp, our eNews marketing service provider, on behalf of SMS. We may also store your details within SMS’s secure database.

We will only ask you to provide your first and last name and email address in order to receive the E-News. We ask for your name so that we are able to personalise the mailing.

You can unsubscribe at any time by clicking the ‘unsubscribe’ button at the bottom of the email. Unsubscribing will automatically remove you from the E-News mailing list.

SMS complies with the protection offered to you under the Data Protection Act 1998 and the General Data Protection Regulations 2018 (GDPR) 


Our service providers and suppliers

In order to make certain services available to you, we may need to share your personal data with some of our service partners.  These include IT, delivery and marketing service providers.

SMS only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.  We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to SMS and to you, and for no other purposes.

Other third parties

Aside from our service providers, SMS will not disclose your personal data to any third party, except as set out below.  We will never sell or rent our customer data to other organisations for marketing purposes.

We may share your data with:

– credit reference agencies where necessary for card payments;

– governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: –

– to comply with our legal obligations;

– to exercise our legal rights (for example in court cases);

– for the prevention, detection, investigation of crime or prosecution of offenders; and

– for the protection of our employees and customers.


We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.

If you wish to exercise any of the above rights, please contact us using the contact details set out below.


SMS may collect the following information about you:

– your name, age/date of birth and gender;

– your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;

– purchases and orders made by you;

– your on-line browsing activities on SMS websites;

– your password(s);

– when you make a purchase or place an order with us, your payment card details;

– your communication and marketing preferences;

– your interests, preferences, feedback and survey responses;

– your location;

– your correspondence and communications with SMS/SYM; and

– other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy.  Some of the above personal data is collected directly, for example when you set up an on-line account on our website, or send an email to our customer services team.  Other personal data is collected indirectly, for example your browsing or shopping activity.  We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.


Our controls

SMS is committed to keeping your personal data safe and secure.

Our security measures include:

– encryption of data;

– periodic audits of the data needed;

– security controls which protect the entire SMS IT infrastructure from external attack and unauthorised access; and

– internal policies setting out our data security approach and training for employees.


SMS will never ask you to confirm any bank account or credit card details via email.  If you receive an email claiming to be from SMS asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety both in relation to SMS and more generally: ­-

– keep your account passwords private.  Remember, anybody who knows your password may access your account.

– when creating a password, use at least 8 characters.  A combination of letters and numbers is best.  Do not use dictionary words, your name, email address, or other personal data that can be easily obtained.  We also recommend that you frequently change your password.  You can do this accessing your account, clicking ‘your account’, clicking ‘your data’ and selecting ‘change password’.

– avoid using the same password for multiple online accounts.


You have the following rights:

– the right to ask what personal data that we hold about you at any time, subject to a fee specified by law (currently £10);

– the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and

– (as set out above) the right to opt out of any marketing communications that we may send you.

If you wish to exercise any of the above rights, please contact us using the contact details set out below.

Legal basis for SMS processing customer personal data


SMS collects and uses customers’ personal data because is it necessary for:

– the pursuit of our legitimate interests (as set out below);

– the purposes of complying with our duties and exercising our rights under a contract for the sale of goods and services to a customer; or

– complying with our legal obligations.

In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message.

Customers have the right to withdraw consent at any time.  Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.


The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of SMS, including:-

– selling and supplying goods and services to our customers;

– protecting customers, employees and other individuals and maintaining their safety, health and welfare;

– promoting, marketing and advertising our products and services;

– sending promotional communications which are relevant and tailored to individual customers (including administering the Swindon Young Musicians membership scheme);

– understanding our customers’ behaviour, activities, preferences, and needs;

– improving existing products and services and developing new products and services;

– complying with our legal and regulatory obligations;

– preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;

– handling customer contacts, queries, complaints or disputes;

– protecting SMS, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to SMS;

– effectively handling any legal claims or regulatory enforcement actions taken against SMS; and

– fulfilling our duties to our customers, colleagues and trustees.


If you have any questions about how SMS uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:

– phone us on:

– e-mail us at: pclark@swindon.gov.uk or

– write to us at: Swindon Music Service, Administration Department, The Platform, Faringdon Road, Swindon SN1 5BJ

You have the right to lodge a complaint with the Information Commissioner’s Office.  Further information, including contact details, is available at https://ico.org.uk.


SMS has partnered with certain trusted third parties to make additional products and services available to you, including:

Paritor – a database system for holding sensitive data and financial data

Fanatic – Our website developers

iConnect a web based company who has developed our Arts Council England data app for collecting data


This policy was last updated in July 2017.