Privacy policy.
Privacy Policy
Last updated: September 2025
This Privacy Policy is provided under the UK GDPR and the Data Protection Act 2018 and applies exclusively to personal data collected through the website https://www.situno.com/ (the “Website”). Together with our Terms of Use and Cookie Policy, it explains how we process your personal data.
Data Controller
Digital Music Connections
Office Space Scotland, 14–18 Hill Street, Edinburgh, EH2 3JZ, United Kingdom
Email: info@situno.com
Platform
The Website runs on WordPress. WordPress and related plugins may process personal data (e.g., for security, performance, statistics). Some providers operate servers in multiple locations, including outside the UK/EEA.
WordPress / Automattic (infrastructure, performance, security).
PaidMembership PRO (if a shop or paid memberships are enabled).
Jetpack / site statistics (if enabled).
Provider-specific privacy details are available in their respective privacy notices.
Personal Data We Process
We may collect and process the following categories:
Identity and contact data: name, email address, phone number, postal address (billing/shipping if applicable).
Account data: username, password, user ID (if registration is enabled).
Transaction and payment data: Full card details are collected and processed by Stripe; we do not store them.
Communications data: messages you send via our contact forms or email.
Marketing preferences: newsletter opt-in/opt-out choices.
Technical and usage data: IP address, device and browser information, pages viewed, referring/exit pages, time stamps, and cookie identifiers.
Cookies and similar technologies as described in our Cookie Policy.
We do not publish teacher profiles, photo boards or public comments on the English Website.
We do not intentionally collect special category data. Please avoid sharing such information with us.
How We Collect Data
Directly from you (forms, email, account creation, checkout).
Automatically via cookies/analytics when you browse the Website.
From service providers operating features on our behalf.
Purposes and Legal Bases
We process personal data only where a legal basis applies:
Responding to enquiries & pre-contract checks
Purpose: to reply to your requests (email/phone/contact form).
Legal basis: Consent (you can withdraw at any time).
Retention: up to 5 years from last contact (or sooner if you withdraw consent).
Account registration and access
Purpose: to create/manage your account and provide related services.
Legal basis: Contract (and Consent where applicable).
Retention: up to 5 years after last login or until deletion.
Fulfilling a contract (orders, services)
Purpose: to provide paid services/products, support, warranty, cancellations/returns.
Legal basis: Contract and Legal obligation (tax, accounting).
Retention: up to 6 years (Limitation Act) or longer where legally required.
Legal compliance
Purpose: to comply with laws and requests from authorities (e.g., tax, anti-fraud).
Legal basis: Legal obligation.
Retention: as required by law (typically 6 years).
Statistics and performance
Purpose: to analyse aggregated, anonymised usage for site improvement.
Legal basis: Consent (via cookie banner).
Retention: until consent is withdrawn.
Newsletter and marketing communications
Purpose: to send updates, promotions, and news by email.
Legal basis: Consent (opt-in).
Retention: up to 24 months or until you unsubscribe.
Who We Share Data With
We may share data with:
Internal staff and contractors (administration, customer service, technical operations).
Service providers / processors acting on our instructions (hosting, security, analytics, email marketing, payments, customer support).
Public authorities where required by law.
Professional advisers (accountants, legal counsel) where necessary.
An up-to-date list of processors can be requested by emailing info@situno.com.
Key Third-Party Services We Use
Brevo (Sendinblue) – newsletter/email campaigns; data typically processed in the EU.
Stripe Payments (UK/EU) – online payments; we do not store card numbers.
PaidMembership pro – order/subscription management within WordPress.
Jetpack / Automattic – performance, security, stats.
Google Analytics 4 – only if enabled and consented; IPs are truncated and anonymised before storage.
Social and media embeds (YouTube, Instagram, Vimeo, Google Maps) – only when you play/view embedded content; these providers may set their own cookies.
Full details, including provider privacy links and cookie purposes, are set out in the Cookie Policy.
Payments (Stripe)
We use Stripe to process subscription payments (e.g., monthly billing). When you make a payment, certain personal data are transferred directly to Stripe. We do not store full payment card details on our systems. Stripe may process card data and use anti-fraud tools (e.g., device and network identifiers).
Provider: Stripe (including Stripe Payments UK, Ltd. and/or Stripe Payments Europe, Ltd., and other Stripe affiliates as applicable).
Data processed: transaction details (amount, currency, date/time), last 4 digits/brand of card, billing name and address, email, device and technical data used for fraud prevention. Full card numbers and security codes are handled by Stripe and are not stored by us.
Legal bases:
Contract (to take payment and provide the service you purchased);
Legal obligation (tax and accounting record-keeping);
Legitimate interests (fraud prevention and service integrity).
International transfers: Stripe may transfer data outside the UK/EEA. Where this occurs, appropriate safeguards are used (e.g., UK IDTA / UK Addendum to EU SCCs) plus technical and organisational measures.
Retention: We keep transaction records as required by law (typically up to 6 years). Stripe may retain payment data in line with its own legal obligations and anti-fraud policies.
For details on Stripe’s data practices, please refer to Stripe’s privacy notice.
International Transfers
Where personal data is transferred outside the UK/EEA, we use appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses, plus technical/organisational measures to protect your data.
Data Security
We use technical and organisational measures to protect your data, including HTTPS/SSL, access controls, and least-privilege principles. No method of transmission or storage is 100% secure.
Data Retention
We keep personal data only as long as necessary for the purposes above or to meet legal/accounting/reporting requirements. After expiry, data are securely deleted or anonymised.
Your Rights (UK GDPR)
You have the right to:
Access your personal data
Rectify inaccurate or incomplete data
Erase your data (where applicable)
Restrict or object to processing (including direct marketing)
Data portability (where applicable)
Withdraw consent at any time (this does not affect prior lawful processing)
To exercise your rights, email info@situno.com. We may need to verify your identity.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk.
Cookies
We use cookies and similar technologies. Details of cookie categories, purposes, providers, retention, and how to manage your preferences are set out in our Cookie Policy and cookie banner, where you can granularly consent or withdraw consent at any time.
Spam Protection and Security
We use security tools and may employ anti-spam solutions (e.g., reCAPTCHA) to protect forms and the Website. Use of reCAPTCHA is subject to Google’s privacy terms.
Children
The Website is not directed to children under 13. If you believe a child has provided us with personal data, please contact us to delete it.
Changes to This Policy
We may update this Policy from time to time. Material changes will be posted on this page with a new “Last updated” date. If you do not accept the changes, you should stop using the Website and request deletion of your data where applicable.