• Home
  • ABOUT
  • Listen
  • Song of Albion
  • Connect

Paula Tait

  • Home
  • ABOUT
  • Listen
  • Song of Albion
  • Connect

PRIVACY STATEMENT

INTRODUCTION

I, Paula Tait, sole trader, am responsible for collecting, processing, storing and safe-keeping personal and other information as part of providing a service and carrying out my regular business activities. I manage personal information in accordance with data protection legislation including the Data Protection Act 2018. I am registered as a Data Controller with the Information Commissioner’s Office Registration Number ZA379528.

Any questions regarding my processing of personal data should be directed to me via paula@paulatait.com.

Data Processing Principles

I take protecting online privacy and data security seriously. Please read the whole of this statement carefully as it sets out my approach to processing personal data including what information I may collect from you, how I may use it, store it and protect it, and your rights as a data subject.

My Privacy Statement outlines my approach to any kind of data processing where I am acting as a data controller or co-controller (including collection, use, transfer, storage and deletion) of personally identifiable information (any information that may be used to identify a physical person, and any other information associated therewith) about natural persons. This statement applies to my processing of data collected through any means, actively as well as passively, from persons located anywhere in the world. 

I am guided by the following principles when processing data:

  • I will only collect data for specific and specified purposes
  • I will not collect data beyond what is necessary to accomplish those purposes. I will minimise the amount of information I collect from you to what I need to deliver the services required
  • I will collect and use your personal information only if I have sensible business reasons for doing so, such as making available to you my services and products
  • I will not use your data for purposes other than those for which it was collected, accepted as stated within my policy, or with your prior consent
  • I will seek to verify and/or update your data periodically and I will accept requests from you for amendment of the data held
  • I will apply high technical standards to make my processing of data secure
  • Except otherwise stated, I will not store data in identifiable form longer than is necessary to accomplish its purpose or as required by law. 

1. WHAT INFORMATION I COLLECT

In accordance with Data Protection Legislation I only collect and process information which I require to meet the specific purposes as stated above. The information I may collect about you could include, but is not limited to:

A: Standard Personal Data

  • Name
  • Email address
  • Phone number
  • Postal address (if applicable)
  •  Personal details and identifiers
  •  Details about how you use my website including technical data such as IP address.
  • Mailing list preferences

B: Special Category Personal Data 

Sound Healing Services (Historic)

Special category personal data is only processed in connection with sound healing services and is not collected for my other activities.

I do not currently provide sound healing services. However, I retain historic records relating to former sound healing clients in line with legal and professional requirements. These records include special category personal data voluntarily provided during sound healing sessions.

Historic special category personal data may include:

  • Age
  • Health-related information and medical conditions
  • Occupation and business information
  • Lifestyle and social circumstances

If I resume providing sound healing services in the future, I will process personal data, including special category health data, only where necessary to provide those services safely and appropriately.

Where special category personal data has been collected in the past, or where sound healing services are offered in the future, it will be handled with appropriate safeguards and in line with ICO best practice guidance.

In accordance with data minimisation principles, individuals are encouraged not to provide personal data or special category personal data unless it is specifically requested and necessary for the relevant service.

2. HOW I COLLECT, USE AND SHARE PERSONAL DATA

Most personal information is provided directly and voluntarily by you when you engage with me in order to enquire about, or purchase, my services or products. I do not collect personal data from third parties except where necessary for administrative or legal purposes.

I will collect information from you when:

  • You sign up to my newsletter or mailing list. This may be via my website or via my Substack.
  • You book onto a course, event or programme I am running, or engage in one-to-one tuition from me.
  • You contact me for information via my website or social media channels, by phone or email.
  • You post on my social media channels, website or blog.
  • You work with me in a commercial capacity.
  • (Historically), when you provided information on my sound healing information and consent form, or when you booked my professional services as a performing musician.

3. HOW I USE PERSONAL DATA

I collect this information in order to make available to you my services or products and to communicate with you in relation to my services or products. 

General Purposes

I use personal data for the following general purposes, where relevant to the service or activity involved:

  • To respond to enquiries and communicate with individuals.
  • To arrange, provide, and administer services or products.
  • Allow you to access and utilise the service or product you have purchased from me.
  • To manage bookings, lesson scheduling, payments, and records.
  • To send marketing communications, including a newsletter, where consent has been given.
  • Notify you about changes to my services or products.
  • To seek feedback in order to improve my services.
  • Ask you to take part in surveys or quiz events.
  • To provide information or updates requested by individuals.
  • Ensure that content from my site is presented to you in the most effective manner for you and your computer or device.
  • To meet legal, tax, and regulatory obligations and to maintain professional and financial records.

Not all purposes apply to all individuals. How personal data is used depends on the nature of the relationship (for example, student, former client, or mailing list subscriber).

A: Former Sound Healing Clients (Historic Data Only)

I retain personal data relating to former sound healing clients to meet legal, tax and professional obligations and to maintain historic records safely.

This includes historic special category personal data voluntarily provided during sessions. I do not currently provide sound healing services or collect new data for this purpose.

Historic special category personal data may include:

  • Age
  • Health-related information and medical conditions
  • Occupation and business information
  • Lifestyle and social circumstances

If I resume providing sound healing services in the future, personal data, including special category data, will only be processed where necessary to provide those services safely and appropriately.
Records are retained for up to seven years from the end of the client relationship, after which they are securely deleted or destroyed.

B: Former Performance Clients (Historic Data Only)

I retain personal data relating to former wedding and private event clients for legal, tax, and professional accountability purposes. This may include names, contact details, event details, and payment information. I do not collect special category data for these clients and do not actively use this data for marketing.

Some of these records were collected prior to 25 May 2018 (before GDPR came into effect). These historic records are retained solely for legal, tax, and professional accountability purposes and are not used for marketing or other active communications.

While most of this data is historic, I may provide performance services for private clients in the future. If this happens, personal data will only be processed where necessary to provide those services safely and appropriately.

Records are retained for up to seven years from the end of the client relationship, after which they are securely deleted or destroyed.

C: Music Students

I process personal data to provide music tuition and to manage accurate teaching records, lesson scheduling, communication, and related administrative and financial records.

Personal data may include names, contact details, lesson notes, and payment information. I do not routinely collect special category personal data for harp teaching.

D: Mailing List Subscribers and Music Contacts

I process personal data to communicate about my music, performances, recordings, and related updates where individuals have chosen to sign up to my mailing list or otherwise contact me for this purpose.

Personal data may include names, email addresses, and communication preferences.

Individuals may withdraw consent and unsubscribe at any time using the link provided in emails or by contacting me directly.

Third Party

 I will not sell or lend your personal data to third parties, or share your personal data for marketing purposes without your express consent. 

I will only share your personal data with third party service providers where it is necessary for the delivery of my products or services and for legal, tax, or professional purposes (for example, with my accountant). Clients are not identified beyond what is strictly required. I will do this only where I am confident that and such third party service providers have appropriate data protection systems and measures in place that are compliant with UK Data Protection Legislation.

I will not give consent to third party service providers or platforms to use your information, including audio and video recordings, for purposes other than those for which the information was collected and which are necessary for the delivery of my products and services. I will not give consent for your information to be used by third party service providers for the training and development of AI modelling software, or similar purposes. 

4. HOW I STORE AND TRANSFER YOUR DATA

I have in place appropriate technical and organisational measures to ensure the security, confidentiality, integrity and availability of personal data I control.

Physical client forms for sound healing and performance services are stored securely in a plain cupboard with a combination lock, and access is limited to me. Sensitive personal data (special category data) from former sound healing clients is stored only in these locked physical records and is not stored in email or other unsecured electronic locations.

Your phone number and any SMS/WhatsApp messages or call records are stored on my mobile phone under your first name or initials only (no surname). My phone is code-locked, and I take reasonable care to keep it secure.

Email correspondence and other electronic records (for example, spreadsheets or contact lists) are stored on password-protected devices, and my email account is also password-protected. Access is limited to me.

Appointments are recorded in my diary using first names only.

Records are retained only for as long as legally or professionally required, after which physical records are securely destroyed and electronic records are permanently deleted.

Third Party

Your information may also be stored by third-party providers who support my business, such as email platforms (Gmail, Bandzoogle Webmail, Mailchimp), website and web services (Bandzoogle, Google Drive), payment processors (Stripe and PayPal) and other authorised consultants. Clients are not identified beyond what is strictly necessary. These providers have published privacy policies explaining how they protect personal data in accordance with UK data protection law. You can review their policies on their websites for more information.

Some of the above service providers may store or process personal data outside the UK or European Economic Area (EEA). This may constitute a transfer of data on GDPR. I will only use such third party service providers where I am confident that appropriate safeguards are in place to ensure that any personal data transferred outside of the UK/EEA is subject to an equivalent level of security and protection as required under UK Data Protection Legislation, such as the UK Extension to the EU-U.S. Data Privacy Framework.

To learn more about the EU-U.S. Data Privacy Framework, visit the U.S Department of Commerce’s website at: Home (dataprivacyframework.gov)

5. DATA BREACHES

I take the security of personal data seriously. In the unlikely event of a personal data breach, I will act quickly to investigate and take steps to limit any potential harm.

Should a personal data breach occur, I will notify the affected data subjects and UK Information Commissioner’s Office (ICO) in line with UK data protection law.

6. DATA RETENTION

I will only keep your personal data for as long as necessary to meet the purposes for which it was collected. In most cases, personal data is retained for up to seven years.

In exceptional circumstances, some information may be retained for longer if there is a legitimate business or legal reason to do so.

After the retention period:

  • Electronic data will be permanently deleted
  • Hard copies will be securely shredded and disposed of 

7. LEGAL BASIS FOR PROCESSING YOUR DATA

The General Data Protection Regulation (GDPR) provides that processing of your data shall only be lawful if and to the extent that at least one of the following applies:

  • You have consented.
  • For the performance of a contract.
  • For compliance with a legal obligation which I must perform.
  • To protect the vital interests of your or another person.
  • It is in the public interest.
  • It is in the legitimate interests pursued by me or a third party.

I collect data for the purposes set out above. All personal data is managed to ensure that it is either erased from my system when it is no longer required for the purpose for which it was collected, retained for legal reasons or minimised and retained. 

Any special category data collected from you has special protection and is limited to that permissible by law. In all instances where special category data is collected I will obtain your express consent.

8. YOUR LEGAL RIGHTS AS A DATA SUBJECT

You have a number of legal rights in relation to the personal data that I hold about you and you can exercise your rights by contacting me using the details at the end of this statement. 

These rights include:

  • The right to obtain information regarding the processing of your personal data and access to the personal data which I hold about you. If you wish to access your personal data please email me at the address provided in this statement.
  • The right to withdraw your consent to our processing of your personal data at any time. Please note, however, that I may still be entitled to process your personal data if I have another legitimate reason (other than consent) to do so.
  • In some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that I transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data that you have provided to me.
  • The right to request that I correct your personal data if it is inaccurate or incomplete.
  • The right to request that I erase your personal data in certain circumstances. Please note that there may be circumstances where you ask me to erase your personal data but we must retain it.
  • The right to request that I restrict my processing of your personal data in certain circumstances. Again, there may be circumstances where you ask me to restrict my processing of your personal data but I must refuse that request.
  • The right to lodge a complaint with the applicable data protection regulator, in the UK this is the Information Commissioner’s Office (ICO).
  • When I am processing on the grounds of legitimate interest, you have the right to  object to the processing and I must stop unless I have an overriding reason which will be communicated to you.

I will respond to your request within 30 days. If your request is particularly complex, I may take up to a further two months, in which case I will inform you of the reason for the delay.

9. DATA OPERATIONS

Links from My Website

My Site contains links to and from other websites which are operated by individuals and companies over which I have no direct control. If you follow a link to any of these websites, please note that these websites have their own privacy and terms of use polices. I do not accept any responsibility or liability for these policies. I advise you to check the policies for third party sites before you submit any personal data to the website. 

Marketing Emails

I may send you marketing emails and communications when you have opted in or otherwise given consent for me to do so. I will make it as easy as I can for you to opt out of unwanted processing, providing it does not restrict my ability to provide you with the primary service you have requested. 

Please note if you wish to unsubscribe from any marketing emails that you have signed up for, you can do so by emailing paula@paulatait.com or clicking onto the unsubscribe link on the marketing email that was sent to you. It may take 24 hours for this to become effective.

Cookies and Website Analytics

My website uses anonymised analytics provided by Bandzoogle to help me understand how visitors use the site. These analytics do not identify you personally and are used only to improve the website’s content and performance.

Some cookies are also provided by third-party services, such as embedded content or mailing list sign-up forms.

For full details about the cookies used and how you can manage them, please see my Cookie Notice.

10. CHANGES TO MY PRIVACY POLICY & FUTURE PROCESSING 

This Privacy Statement was last updated on 16th December 2025. It is reviewed and updated regularly to ensure it accurately reflects how I collect, use, and protect personal data. Any significant changes will be published on this page, and the date of the last update will be clearly stated.

I do not intend to process your personal information except for the reasons stated within this Privacy Statement. I reserve the right to update this Privacy Statement from time to time. Where appropriate, I shall contact you to notify you of any material changes to the Privacy Statement. You should also refer to my website periodically so that you may access and view my updated Privacy Statement. This will ensure that you understand how I am using your personal data and your legal rights around my usage of such personal data.

If you have any questions or concerns regarding my data protection or privacy policies, please contact me at paula@paulatait.com and I will be happy to respond to any concerns.

Should you still have concerns about the way in which I manage your personal data then you should contact the relevant supervisory authority, which in the UK is the Information Commissioner’s Office: Contact us | ICO

 Terms of Use   Privacy   Cookies   AI Policy   Accessibility

© 2025-2026. All Rights Reserved.

Some images ©

  • Log out
Powered by Bandzoogle