PROTECTING YOUR PRIVACY
At Steinway & Sons, we are committed to protecting and respecting your privacy.
2. What personal data do we collect from you?
If you contact us with an enquiry through the contact form on the Website, through Facebook and Google ads or by phone or email, we ask you to supply essential contact details (your name, e-mail address, phone number and postcode), which we need in order to identify you and answer your enquiry.
If you purchase goods or services from us then we will open a sales ledger account and retain the following data: your name, billing/delivery address, email and telephone number and details of your product and service purchases.
We will also make copies of documents you provide to prove your age or identity where the law requires this (including your passport and driver’s licence). This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
We keep details of when you first contacted us, which website or social media vehicle you used and the nature of any contact permission which you gave us. We may also process information gathered by the use of Google Analytics.
We also collect details when you book any kind of appointment with us or to attend an event, and when you fill in any forms, for example, if you attend an event held by Steinway & Sons and complete the visitor’s form or complete delivery instruction documentation.
3. Why and on what basis do we process your personal data?
If you contact us with an enquiry through the contact form on the Website, through Facebook and Google ads or by phone or email, to deal with your enquiry, on the basis of our legitimate interests in promoting our goods and services. In the case of email communication, we will provide you with an option to unsubscribe in every email that we subsequently send you.
To process any orders that you make at Steinway Hall, at external event locations, by telephone, or by email contact and for internal record keeping, billing and accounting purposes required by law. The legal basis on which we do so is that it is necessary for our performance of the contract we have with you.
For example, your details may need to be passed to a third party to supply or deliver the product or service that you ordered and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, warranties and so on.
To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests in administering our business, and also helps to protect our customers from fraud.
Where you have purchased or enquired about our products or services, to keep you informed by email about the same or similar products and services, including tailored special offers, discounts, promotions, events, competitions and so on, on the basis of our legitimate interests in promoting our goods and services. In the case of email communication, we will provide you with an option to unsubscribe in every email that we send you.
To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice and legally required information relating to your product or services. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
To comply with our contractual or legal obligations to share data with law enforcement agencies, for example, when a court order is submitted to share data with law enforcement agencies or a court of law.
To process your booking/appointment requests (such as tuning and maintenance). Sometimes, we’ll need to share your details with a third party who is providing a service (such as delivery couriers or a tuner visiting your home). We do so to maintain our appointment with you. Without sharing your personal data, we’d be unable to fulfil your request.
What are the Legal Bases for processing we rely on?
i. Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, if you purchase a piano from us or enter into a tuning or service agreement, we’ll collect your address details to deliver your purchase or undertake the tuning or service, and pass them to our transport company or service provider.
ii. Legal compliance
If the law requires us to, we may need to collect and process your data.
For example, we have to retain records for HMRC VAT record keeping purposes.
iii. Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will maintain details of your piano purchase or service record to ensure that we are able to verify warranty claims or provide you with information for insurance valuation purposes. Or, when you make a request to receive marketing materials such as our Investment and Buyers’ Guides or respond to a Google or Facebook advertisement.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms.
5. How we protect your personal data
Steinway & Sons’ intent is to strictly protect the security of your personal information, honour your choice for its intended use and carefully protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. We have put in place appropriate physical, electronic and managerial procedures to safeguard and secure personal information we collect and maintain.
6. Who do we share your information with?
Some of our data processing and piano maintenance and delivery services are supplied by third party providers, who will need to have access to your data for that purpose.
Such third party suppliers will be appointed on the basis that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable Data Protection legislation and ensure the protection of the rights of the data subjects, and will carry out processing only on our written instructions.
We provide such third party suppliers with the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract with them.
We work closely with them to ensure that that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable Data Protection legislation and ensure the protection of the rights of the data subjects, and will carry out processing only on our written instructions.
If we stop using their services, any of your personal data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems.
Operational companies such as delivery couriers and piano maintenance specialists
- Marketing companies who help us manage our electronic communications with you.
- Payment card and fraud management services providers in order to process payments and prevent and detect fraud.
- Google, Facebook and other social media companies in order to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on those websites.
7. Sharing your data with third parties for their own purposes:
We may disclose your personal data if we need to do so in order to comply with any legal or regulatory obligation or request, or where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches, or to protect our property and rights or those of others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We may, from time to time, expand, reduce or sell the company and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
For further information please contact us at the address below or by emailing email@example.com.
Except as set out above, we will never sell, distribute or disclose any of your personal data (except anonymous aggregate information) to any third party without your express consent.
8. Where your personal data is processed.
In order to provide our products and services, we may use the input of third party providers situated in countries outside the European Economic Area (including the USA) that do not have the same standards of Data Protection laws as the EU. However, we will ensure that contractual or other safeguards are in place to ensure that your information is adequately protected, and that enforceable rights and effective legal remedies are available for data subjects.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
9. How long do we keep personal data for?
If you contact us with an enquiry but do not subsequently purchase any of our goods or services, our policy is to actively review the information we hold and, when there is no longer a legal or business need for us to hold it, to delete it.
If you order any of our products or services, we normally retain contract information (including personal data) for 6 years after the end of the relevant contract, in case issues arise after the termination of the contract, and for the establishment, exercise or defence of legal claims.
In certain case, it may not be physically possible to delete certain data (for instance, where it is stored on a secure external server), in which case we will take appropriate steps to ensure that it is not available for re-use or disclosure to third parties.
10. Your rights as a data subject
As a data subject you have certain legal rights including:
- the right to access the personal data held about you;
- the right to ask us not to process your personal data for marketing purposes through all channels, or selected channels;
- the right to withdraw at any time any consent you have given us to use your personal data;
- the right to ask us to rectify inaccurate personal data about you;
- the right to ask for the restriction of personal data about you that is inaccurate, unlawfully processed, or no longer required;
- to ask for the transfer of your personal data in a structured, commonly used and machine readable format where the processing is based on your consent;
the right to ask for the erasure of personal data about you where processing is no longer necessary, or the legitimate interests we have in processing your personal data are overridden by your interests, rights and freedoms as the data subject, unless we believe we have a legitimate overriding reason to continue processing your personal data; and
- the right to make a complaint about to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
While Steinway & Sons’ product ad campaigns and marketing materials may be viewed by children, we do not wish to receive data from children. Steinway & Sons encourages parents and guardians to spend time online with their children and to participate in the interactive activities offered on the sites their children visit. No information should be submitted to, or posted at, Steinway & Sons’ Website by visitors under 18 years of age without the consent of their parent or guardian. In the event that we learn that we have collected information from a child under age 13 without verification of parental consent, we will delete that information.
12. Links to Third Party Sites
13. How to contact us.
Click the ‘unsubscribe’ link in any email communication that we send.
Write to Steinway & Sons, Steinway Hall, 44 Marylebone Lane, London W1U 2DB or email us at firstname.lastname@example.org.
Steinway & Sons, incorporated in the State of New York, United States and registered as an overseas company in England and Wales, number BR001072.
Our UK establishment office address is Steinway Hall, London, 44 Marylebone Lane, W1M 6EN.