Terms of Use

CHARANGA CYMRU – TERMS OF WEBSITE USE

  1. About our Terms

    1. These terms (“Terms“) explain how you may use this website (“Site), which is provided by us on a subscription basis. You should read these Terms carefully before using the Site.
    2. By accessing or using the Site, you confirm that you accept these Terms and that you agree to comply with them. If you do not agree with or accept any of these Terms, you should stop using the Site
    3. If you have any questions about the Site, please contact us by e-mailing gdpr@charanga.com or calling 01273 823900. We may record calls for quality and training purposes.
    4. The Site is operated by us. We are Charanga Limited registered in England and Wales under company number 01693650 and have our registered office at 14-15 Berners Street, London, W1T 3LJ, UK.
    5. We reserve the right to vary these Terms from time to time. Our updated terms will be displayed on the Site and by continuing to use and access the Site following such changes, you agree to be bound by any variation made by us. It is your responsibility to check these Terms from time to time to verify such variations.
  2. Using the Site

    1. The Site is for use only by the teachers and students of educational establishments in Wales (“Subscribers“). If you are not a Subscriber then you must not use this Site. If you are a Subscriber then you must not grant access to the Site to any non-Subscriber.
    2. You agree that:
      1. you are solely responsible for all costs and expenses you may incur in relation to your use of the Site; and
      2. you will keep your password and other account details confidential and not share them with any non-Subscriber.
    3. You may not use the Site:
      1. in any way that breaches any applicable law or regulation;
      2. in any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect;
      3. for the purpose of harming or attempting to harm minors in any way;
      4. to send, knowingly receive, upload, download, use or re-use any material which does not comply with our content standards as set out in these Terms;
      5. to transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation;
      6. to knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programmes or similar computer code designed to adversely affect the operation of any computer software or hardware.
    4. You also agree:
      1. not to reproduce, duplicate, copy or re-sell any part of the Site in contravention of these Terms;
      2. not to access without authority, interfere with, damage or disrupt:
        1. any part of the Site;
        2. any equipment or network on which the Site is stored;
        3. any software used in the provision of the Site; or
        4. any equipment or network or software owned or used by any third party.
      3. We may prevent, terminate or suspend your access to the Site with immediate effect if you do not comply with any part of these Terms, any terms or policies to which they refer or any applicable law. If we exercise our rights under this clause then we will have no further liability to you, including liability to refund subscription fees.
      4. We may update and change the Site from time to time and we do not guarantee that the Site, or any content on it, will always be available or be uninterrupted. We may suspend or withdraw or restrict the availability of all or any part of the Site for business and operational reasons. We will try to give you reasonable notice of any suspension or withdrawal.
      5. While we try to make sure that the Site is secure, we cannot guarantee the security of any information that you supply to us and therefore we cannot guarantee that it will be kept confidential.
  3. Uploading content to the Site and content standards

    1. Whenever you make use of a feature that allows you to upload content to the Site, or to make contact with other users of the Site, you must comply with the content standards set out in these Terms.
    2. Only teacher Subscribers may upload content to the Site.
    3. The following content standards apply to all use of the Site; all content:
      1. must comply with all applicable laws and regulations;
      2. must not promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age;
      3. must not infringe any copyright, database right or trademark of any other person;
      4. must not breach any legal duty owed to a third party, such as a contractual duty or a duty of confidence;
      5. must not promote any illegal activity;
      6. must not be in contempt of court;
      7. must not be threatening, abuse or invade another’s privacy, or cause annoyance, inconvenience or needless anxiety;
      8. must not impersonate any person, or misrepresent your identity or affiliation with any person;
      9. must not advocate, promote, incite any party to commit, or assist any unlawful or criminal act;
      10. must not contain a statement which you know or believe, or have reasonable grounds for believing, that members of the public to whom the statement is, or is to be, published are likely to understand as a direct or indirect encouragement or other inducement to the commission, preparation or instigation of acts of terrorism;
      11. must not contain any advertising or promote any services or web links to other sites.
    4. You warrant and represent that any content you upload to the Site will comply with our content standards. You will be liable to us and indemnify us for any breach of these warranties and representations. This means you will be responsible for any loss or damage we suffer as a result of your breach of these warranties and representations.
    5. Failure to comply with our content standards constitutes a material breach of these Terms and may result in our taking all or any of the following actions:
      1. immediate, temporary or permanent withdrawal of your right to use the Site;
      2. immediate, temporary or permanent removal of any content uploaded by you to the Site;
      3. issue of a warning to you;
      4. legal proceedings against you for reimbursement of all costs on an indemnity basis (including reasonable administrative and legal costs) resulting from the breach;
      5. further legal action against you;
      6. disclosure of such information to law enforcement authorities as we reasonably feel is necessary or as required by law.
    6. We exclude our liability for all action we may take in response to breaches of our content standards. The actions we may take are not limited to those described above, and we may take any other action we reasonably deem appropriate.
    7. We are under no obligation to oversee, monitor or moderate any uploading or interactive service we provide on the Site, and we expressly exclude our liability for any loss or damage arising from the use of any uploading or interactive service by a user in contravention of our content standards, whether the service is moderated or not.
    8. We advise parents who permit their children to use an interactive service that it is important that they communicate with their children about their safety online. Minors who are using any interactive service should be made aware of the potential risks to them.
    9. Any content you upload to the Site will be considered non-confidential and non-proprietary. You retain all of your ownership rights in your content, but you hereby grant us and other users of the Site a licence to use, store and copy that content and to distribute and make it available to third parties. We also have the right to disclose your identity to any third party who is claiming that any content posted or uploaded by you to the Site constitutes a violation of their intellectual property rights or of their right to privacy.
    10. You are solely responsible for securing and backing up your content.
  4. Ownership, use and intellectual property rights

    1. This Site and all intellectual property rights in it are owned by us, our licensors or both (as applicable). We and our licensors reserve all of our and their rights in any intellectual property in connection with these Terms.
    2. Nothing in these Terms grants you any legal rights in the Site other than as necessary to enable you to access and use the Site. You agree not to adjust to try to circumvent or delete any notices contained on the Site and in particular in any digital rights or other security technology embedded or contained within the Site.
  5. Accuracy of information on the Site

    1. While we try to make sure that the Site is accurate, up-to-date and free from bugs, we cannot promise that it will be. Furthermore, we cannot promise that the Site will be fit or suitable for any purpose. Any reliance that you may place on the information on this Site is at your own risk.
    2. Content on the Site does not constitute technical, financial or legal advice or any other type of advice and should not be relied on for any purposes.
  6. Privacy and data protection

    Use of the Site is subject to the provisions of the Schedule hereto and our privacy policy which you can access here https://www.charanga.co.uk/site/gdpr/privacypolicy.

  7. Hyperlinks and third party sites

    The Site may contain hyperlinks or references to third party websites other than the Site. Any such hyperlinks or references are provided for your convenience only. We have no control over third party websites and accept no legal responsibility for any content, material or information contained in them. The display of any hyperlink and reference to any third party website does not mean that we endorse that third party’s website, products or services. Your use of a third party site may be governed by the terms and conditions of that third party site.

  8. Limitation on our liability

    1. Except for any legal responsibility that we cannot exclude in law (such as for death or personal injury), we are not legally responsible for any:
      1. losses that:
        1. were not foreseeable to you and us when these Terms were formed; or
        2. that were not caused by any breach on our part
      2. business losses; and
      3. losses to non-consumers.
  9. Events beyond our control

    We shall have no liability to you for any breach of these Terms caused by any event or circumstance beyond our reasonable control including strikes, lock-outs or other industrial disputes; breakdown of systems or network access; or flood, fire, explosion or accident.

  10. Rights of third parties

    No one other than a party to these Terms has any right to enforce any of these Terms.

  11. Variation

    No changes to these Terms are valid or have any effect unless agreed by us in writing.

  12. Disputes

    1. If you are unhappy with us please contact us as soon as possible. We will try to resolve any disputes with you quickly and efficiently.
    2. If you are a consumer, please note that these terms of use, their subject matter and their formation, are governed by the laws of England and Wales. You and we both agree that the courts of England and Wales will have exclusive jurisdiction except that if you are a resident of Northern Ireland you may also bring proceedings in Northern Ireland, and if you are resident of Scotland, you may also bring proceedings in Scotland.
    3. If you are a business, these terms of use, their subject matter and their formation (and any non-contractual disputes or claims) are governed by the laws of England and Wales. We both agree to the exclusive jurisdiction of the courts of England.

SCHEDULE to Terms of USE

Part A

Operative provisions

  1. Definitions

    1. In this Schedule:
      Controller has the meaning given in applicable Data Protection Laws from time to time;
      Data Protection Laws means, as binding on either party or the Services:

      (a) the Directive 95/46/EC (Data Protection Directive) and/or Data Protection Act 1998 or the GDPR;
      (b) any laws which implement any such laws; and
      (c) any laws that replace, extend, re-enact, consolidate or amend any of the foregoing;
      Data Subject has the meaning given in applicable Data Protection Laws from time to time;
      GDPR means the General Data Protection Regulation (EU) 2016/679;
      International Organisation has the meaning in the GDPR;
      Personal Data has the meaning given in applicable Data Protection Laws from time to time;
      Personal Data Breach has the meaning given in the GDPR;
      processing has the meaning given in applicable Data Protection Laws from time to time (and related expressions, including process, processed, processing, and processes shall be construed accordingly);
      Processor has the meaning given in applicable Data Protection Laws from time to time;
      Protected Data means Personal Data received from or on behalf of the Customer in connection with the performance of the Supplier’s obligations under the Terms; and
      Sub-Processor means any agent, subcontractor or other third party (excluding its employees) engaged by the Supplier for carrying out any processing activities on behalf of the Customer in respect of the Protected Data.
      Teaching organisations means schools, music hubs, music services or any other customer organisation who subscribes to Charanga’s services;
  2. The terms used in this Schedule shall have the meanings set forth at 1.1 above. Capitalised terms not otherwise defined herein shall have the meaning given to them in the Terms. Teaching organisation’s compliance with data protection laws

    The parties agree that the teaching organisation is a Controller and that Charanga is a Processor for the purposes of processing Protected Data pursuant to the Terms. The Teaching organisation shall at all times comply with all Data Protection Laws in connection with the processing of Protected Data. The teaching organisation shall ensure all instructions given by it to Charanga in respect of Protected Data (including the provisions of the Terms) shall at all times be in accordance with Data Protection Laws.

  3. Charanga’s compliance with data protection laws

    Charanga shall process Protected Data in compliance with the obligations placed on it under Data Protection Laws and the provisions of the Terms.
  4. Indemnity

    The teaching organisation shall indemnify and keep indemnified Charanga against all losses, claims, damages, liabilities, fines, sanctions, interest, penalties, costs, charges, expenses, compensation paid to Data Subjects, demands and legal and other professional costs (calculated on a full indemnity basis and in each case whether or not arising from any investigation by, or imposed by, a supervisory authority) arising out of or in connection with any breach by the teaching organisation of its obligations under this Schedule.

  5. Instructions

    1. Charanga shall only process (and shall ensure Charanga’s Personnel only process) the Protected Data in accordance with Part B of this Schedule and the Terms (and not otherwise unless alternative processing instructions are agreed between the parties in writing) except where otherwise required by applicable law (and shall inform the teaching organisation of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest).
    2. If Charanga believes that any instruction received by it from the teaching organisation is likely to infringe the Data Protection Laws it shall promptly inform the teaching organisation and be entitled to cease to provide the relevant services until the parties have agreed appropriate amended instructions which are not infringing.
  6. Security

    Taking into account the state of technical development and the nature of processing, Charanga shall implement and maintain the technical and organisational measures set out in Section 2 of Part B of this Schedule to protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access.

  7. Sub-processing and personnel

  8. Charanga shall:
    1. not permit any processing of Protected Data by any agent, subcontractor or other third party (except its or its Sub-Processors’ own employees in the course of their employment that are subject to an enforceable obligation of confidence with regards to the Protected Data) without the prior written authorisation of the teaching organisation;
    2. prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing materially the same obligations as under this Schedule that is enforceable by Charanga and ensure each such Sub-Processor complies with all such obligations;
    3. remain fully liable to the teaching organisation under the Terms for all the acts and omissions of each Sub-Processor as if they were its own; and
    4. ensure that all persons authorised by Charanga or any Sub-Processor to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential.
  9. List of authorised sub-processors

    The teaching organisation authorises the appointment of the Sub-Processors listed below:

    • None
  10. Assistance

    1. Charanga shall (at the teaching organisation’s cost) assist the teaching organisation in ensuring compliance with the teaching organisation’s obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under applicable Data Protection Laws) taking into account the nature of the processing and the information available to Charanga.
    2. Charanga shall (at the teaching organisation’s cost) taking into account the nature of the processing, assist the teaching organisation (by appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of the teaching organisation’s obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under applicable Data Protection Laws) in respect of any Protected Data.
  11. International transfers

    Charanga shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside the EU or to any International Organisation without the prior written consent of the teaching organisation.

  12. Audits and processing

    Charanga shall, in accordance with Data Protection Laws, make available to the teaching organisation such information that is in its possession or control as is necessary to demonstrate Charanga’s compliance with the obligations placed on it under this Schedule and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR (and under any equivalent Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the teaching organisation (or another auditor mandated by the teaching organisation) for this purpose (subject to a maximum of one audit request in any 12 month period under this paragraph 12).

  13. Breach

    Charanga shall notify the teaching organisation without undue delay and in writing on becoming aware of any Personal Data Breach in respect of any Protected Data.

  14. Deletion/return and survival

    As defined in Charanga’s privacy policy (see www.charanga.co.uk/site/gdpr/privacypolicy) following the end of the provision of the Services relating to the processing of Protected Data, at Charanga’s cost and at the teaching organisation’s option, Charanga shall either return all of the Protected Data to the teaching organisation or securely dispose of the Protected Data (and thereafter promptly delete all existing copies of it) except to the extent that any applicable law requires Charanga to store such Protected Data. This Addendum shall survive termination or expiry of the Agreement indefinitely in the case of paragraphs 4 and 14 of this Part A and until 12 months following the earlier of the termination or expiry of the Agreement in the case of all other paragraphs and provisions of this Addendum.Following the end of the provision of the Services relating to the processing of Protected Data, at the teaching organisation’s cost, Charanga shall securely dispose of the Protected Data in accordance with the periods specified in our Privacy Policy (and thereafter promptly delete all existing copies of it) except to the extent that any applicable law requires Charanga to store such Protected Data. This Schedule shall survive termination or expiry of the Services indefinitely in the case of paragraphs 4 and 14 of this Part A and until 12 months following the earlier of the termination or expiry of the Services in the case of all other paragraphs and provisions of this Schedule.

Part B

Data processing and security details

Section 1 — Data processing details

Processing of the Protected Data by Charanga under the Terms shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Section 1 of Part B.

  1. Subject-matter of processing:

    The subject matter of Charanga’s processing activities for GDPR purposes comprises the provision of a service for teaching organisations to provide digital music teaching and learning to their teachers and students.

  2. Categories of Data Subjects

    • Customer contacts details – teachers and their students, billing contacts within organisations
    • Employee details
    • Invoicing and billing history
  3. Duration of the processing:

    Any personal data is stored for the duration of the contract and beyond depending on the data subject :-

    • Organisational billing data is stored for 6 years from the start of the contract
    • Teacher data is retained 3 years from the end of contract in case a teacher changes teaching organisation affiliation so that their personal lessons and resources can be retained between subscriptions and also so that they can be informed of new content and features.
    • Student data is retained 18 months from end of contract in case their teaching organisation re-subscribes.
  4. Nature and purpose of the processing:

    • We collect your personal data in the performance of a contract to provide a digital music teaching and learning service, to ensure that orders are completed and that you can make the most out of the service,
    • We collect and store your personal data as part of our legal obligation for business accounting and tax purposes
    • We will occasionally send you marketing information where we have assessed that it is beneficial to you as a prior subscriber and in our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interests
  5. Type of Personal Data:

    • Organisation
      • Billing contact details (name, organisation and email address)
      • In the case where payment is done by card our payment provider (Stripe) would hold payment card details – payment card details are accessed via a secure token in the event that Charanga never stores card details.
    • Teachers
      • Contact details (name, teaching organisation and email address)
      • Personal resources (files such as pdf, mp3, mp4 of personal materials)
      • Personal lessons (lists of Charanga resources or own personal resources)
      • Pupil/student groups (lists of students)
    • Students
      • Name, teaching organisation
      • Work evidence/assessment files
  6. Specific processing instructions:

    None

Section 2—Minimum technical and organisational security measures

  1. Charanga shall implement and maintain the following technical and organisational security measures to protect the Protected Data:
    1. In accordance with the Data Protection Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with the Terms, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Protected Data transmitted, stored or otherwise processed, Charanga shall implement appropriate technical and organisational security measures appropriate to the risk, including as appropriate those matters mentioned in Articles 32(1)(a) to 32(1)(d) (inclusive) of the GDPR.