top of page

Privacy Policy

 The Rock Project Ltd  Privacy Notice

This Privacy Notice governs the manner in which The Rock Project collects, uses, maintains and discloses information collected from users (each, a “User”) of the   website (“Site”). This privacy notice applies to the Site and all products and services offered by The Rock Project.

Web browser cookies

Our Site may use “cookies” to enhance User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. The User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

Data Protection

The Rock Project Ltd take all industry advised precautions to protect any and all submitted and stored data, however The Rock Project Ltd accepts no responsibility for loss of data caused by persons with malicious intent, computer attack or infection. The Rock Project Ltd is absolved of any liability of data loss directly caused by a Franchisee’s failure to follow correct policy, and the franchisee bears responsibility for all data they process.

Data Collection:

Personal identification information

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site related activities.


Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Data Controller:

The Data controller is The Rock Project LTD,

The Rock Project Head Office: Stuart Wynne is the volunteer Data Protection Officer, and is contactable on:

0800 04 07 390


B10 Trem y Dyffryn

Colomendy Industrial Estate





Purpose of Data collection:

Data is collected for a variety of purposes:

  • Business Administration

  • Monitoring marketing effectiveness.

  • Facilitate a response to queries,

  • Pre-entering data to office systems to facilitate sign up processes.

  • Improving our services and systems, as well as to allow us to provide requested services.

  • To improve customer service. 

  • Information you provide helps us respond to your customer service requests and support needs more efficiently.

  • To process payments
    We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.

  • Marketing: Use of images collected by The Rock Project Ltd or Franchisees with express consent.

  • To run a promotion, contest, survey or other Site feature
    To send Users information they agreed to receive about topics we think will be of interest to them.

  • To send periodic emails
    We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.

Data Categorisation:

Personal – any data which could be used to personally identify an individual. Including names, DOB, postal address, telephone/email, IP Address.

Personal & Special – Medical information

Non-personal – Browser name, the type of computer and technical information about Users means of connection to our Site as well as data which has been anonymised.


Basis for Processing



(Parental permission is required for data of children under the age of 16) (& Processing Special Data)

Contractual necessity

Legitimate interests

Explicit consent is requested upon submission of sensitive, children’s data or special data during class enrolment. Consent is also required to send promotional material.

Data requested during session signup, job or franchise application is needed in order to prepare and enter in to a


Non personal data collected automatically used for statistical research, direct response to queries.

Sharing your personal information

We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. Information may be handled by 3rd party Data Processors (Business Partners) on our behalf. Our business partners are:

Business Partners must attest that they also comply with all current legislation and GDPR.


How we protect your information – Data Retention & Security

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.


  • Personal Data is only stored for a period of 30 Days past current use. Data may be anonymised and stored for longer periods to facilitate business review and development.

  • Personal Data stored online or offline is protected by password and encrypted.

  • Special Data is deleted within 30 Days past current use

  • Data Transmission occurs only when necessary, only data required for the task is used, and transmission is conducted through SSL.

The Rock Project Ltd.  holds an internal Data Breach Policy and Procedure and will act accordingly in the event data is compromised.


Third party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.



Right to withdraw Consent:

The User has the right to withdraw consent at any time. This request must be submitted electronically to info@therockproject.comThe request will be also passed by The Rock Project Ltd.  to any 3rd party data processors. The Rock Project Ltd will remove or anonymise all stored data from all systems within 7 working days. Should the right to withdraw consent relate to use of images please include as much information & URL Links as possible in order to help with the request.

Right to complaint:

Should you believe The Rock Project Ltd to have not acted in a fair, proper and safe manner regarding personal data you may submit a complaint the supervisory authority

The Information Commissioner’s Office 
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1625 545 745

Rights listed below are explained in detail here

You have the right to

  • access to a copy of the information comprised of your personal data;

  • object to processing that is likely to cause or is causing damage or distress;

  • prevent processing for direct marketing;

  • object to decisions being taken by automated means;

  • (in certain circumstances) have inaccurate personal data rectified, blocked, erased or destroyed; and

  • claim compensation for damages caused by a breach of the Act.



Changes to this privacy Notice

The Rock Project has the discretion to update this privacy policy at any time. When we do, we will post a notification on the main page of our Site, revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.


Your acceptance of these terms

By using this Site, you signify your understanding of this policy. Express consent for use of special personal data is requested at point of submission. We do not store or track IP address’s with the exception of firewall blacklisting for security purposes.


Online Lesson Safeguarding Policy


Safeguarding when providing online music lessons



Safeguarding remains as important when teaching online as when teaching at the sessions. Tutors should familiarise themselves with The Rock Project Child Protection Policy before commencing the new method of teaching online. The points below are to be used in addition to our Child Protection Policy, not instead of.


Working via Zoom or any other online audio-visual applications does raise some additional safeguarding issues to consider.


Safeguarding rules for Rock Project Franchisee:

  • Get the agreement of the parents or guardians for teaching online in writing.

  • Use parent or guardian’s own account rather than a child’s to deliver lessons to.

  • Set out a clear policy in writing. Tell people that your Zoom / Skype account will be used exclusively for the purpose of lessons and only during music lessons.

  • Do not record any lesson under any circumstance.



Safeguarding rules for the tutor:

  • Use a specific Zoom (or equivalent) account for online teaching. Keep it separate from any personal profile. Make sure that you select an appropriate image for your profile picture and do not share ANYpersonal information eg. Phone number, email address, or any social media profiles.

  • Test your set up before going live. 

    • Check that the camera/mic is working properly 

    • Ensure the camera position is optimum for teaching

    • Ensure that you are against a neutral background for teaching

  • Be professional when delivering the lessons. Always present yourself as you would at the regular sessions. 

  • Polo shirts and lanyards are to be worn at all times.

  • The student must take lessons in a room with an open door and a parent/guardian should be in the same premises whilst the lesson takes place.

  • Do not record any lesson under any circumstance.


Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

The Rock Project Ltd

B10 Trem y Dyffryn

Colomendy Industrial Estate



0800 04 07 390



This document was last updated on 26/4/18 

Please reload

bottom of page