Effective date: 5 July 2021
Last updated: 28 August 2024
Who we are?
We are The Choral Hub Ltd. trading as Biiah, (“Biiah,” “we,” “us,” or “our”) a company which provides resources, blogs and an educational/wellness app for singers called Biiah. Our contact details are set out at the end of this Privacy Policy.
What does this Policy cover?
This Privacy Policy explains our use of personal data through our websites and app and if you otherwise choose to contact us. “Personal data” means any information that identifies, relates to, describes, or is reasonably capable of being associated, linked or linkable with a particular individual.
What personal data do we collect and why do we use it?
We process and store only personal data needed to provide our Services. The table below explains who we collect personal data about, what that personal data is and the purpose. The last column sets out the ‘lawful basis’ we rely on for processing that personal data which is a requirement of data protection rules. Essentially, companies may only process personal data if they can identify a lawful basis from a list set out in the legislation.
| Individual | Personal Data | Source and Purpose | Lawful Basis for Processing |
|---|---|---|---|
Biiah app users (18 years and over). | Registration data: first name, last name, gender and email address. App use data: start and end time of sessions; song plays; anonymised heat mapping of your in-app button clicks; to record your use of the app. Wearable device data (each indicator is optional and available subject to your mobile device operating system): iOS devices: heart rate, heart rate variability, oxygen saturation, respiratory rate, environment audio exposure (noise levels). Android devices: heart rate, oxygen saturation, respiratory rate, and steps. Survey feedback for our special workshops or similar events (pre-and post-event): year of birth, how you feel before and after a singing session (using ratings 1-5), how many times a week you usually sing on average, whether you have ever sung in front of an audience, session ratings, favourite things about a session and how you would improve the session. Survey feedback for regular singing sessions (captured in the Activity log): date, start and end time of the session, how you feel before and after a singing session (using ratings 1-5), and any comments you may have. Dashboard user data: showing your next event (date and time of future and past sessions, location, name of your session leader, song choices); you can update your activity log (session type, start and end time, how the session made you feel and any additional notes and delete as required; you will have access to any required music for your sessions and may add or remove these from your playlist as preferred. Contact details for marketing: you can choose to subscribe to updates and newsletters from us. | Registration data: you provide this to us and we use it to register you in order to provide the services. App use data: We use aggregate data for analytics and improvement of the services. Wearable device data: when you add a wearable device to the app account, you have the option to provide certain physiological data to us and we use it to provide you with personalised insights and stats that help you identify trends regarding the impact of singing has on your health and overall wellness. Survey feedback data (session-specific or for overall experience):. This is used to record your feedback. The survey feedback data is also de-identified and shared in aggregated form (i.e. all data that can be used to identify individual survey participants is removed and shared when five or more responses are received) (a) within our organisation and/or third party service providers to improve our services, (b) with singing group leaders at your organisation to manage event details and music choices; and (c) with your employer or your organisation to show how our singing sessions contribute to their members’ wellbeing. Dashboard user data: this is used to summarise your next event details and an overview of your activity tracker. Here you also have access to your Survey feedback. Contact details for marketing: we use this to send you updates on our offers and promotional material about our services. | When processing your Registration data and App use data, our legitimate interest to provide the app services to you. Wearable device data, in particular, your health data is processed with your explicit consent and you can choose whether you would like to provide it. Survey feedback and dashboard user data are undertaken in our legitimate interests to understand how music affects wellness and performance during a workday, to provide and improve our services, and to manage event details and music choices. Contact details are processed in our legitimate interest in promoting our business and services. Email marketing is only undertaken with your consent, if you are not our existing customer, and any recipient of marketing communications can choose to unsubscribe at any time. |
| Individuals who contact us through our app, website or otherwise. | Contact details provided and correspondence. | This information is given to us by you. It is used to respond to the query and keep a record of it. | Our legitimate interests as a business in responding to and keeping a record of correspondence. |
| Suppliers and contractors. | Contact details and provided correspondence. | This information is given to us by you or from publicly available information (for example on your website). It is used for us to fulfil contracts and engage in business discussions. | Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details, if you are an unincorporated business. |
Website visitors to biiah.com. | Information from cookies. Contact details for marketing: you can choose to subscribe to updates and newsletters from us. | Information from cookies. This information is collected via the cookies when you use our website. We provide details of each of the types of cookies used through the ‘learn more and customise’ button when you visit our website. Contact details for marketing: we use this to send you updates. | We only install non-essential cookies with your consent. You can choose to accept or reject them and change your mind at any time. Our legitimate interest in promoting our business and services. Email marketing communications is only undertaken with your consent, if you are not our existing customer, and any recipient of our marketing communications can choose to unsubscribe at any time. |
| Web portal members of singforce.com only. This is our song catalogue. | Registration data: Contact details (name, username, email address, and associated organisation). | Registration data: you provide this to us and we use it to register you and/or log you into the web portal. | Our legitimate interest in providing the web portal services to you, including displaying the song catalogue to you. |
Keeping your personal data safe
We have put in place appropriate technical and organisational security measures to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data. We limit access to your personal data to authorised employees with minimal privileges required to discharge their responsibilities and/or to authorised third parties. They are subject to a duty of confidentiality and, where they are a third party, to similar protective measures when processing the personal information we share.
How long do we keep your personal data for?
If you are an app user, you can choose to delete the account and data through the app at any time. You may choose to only delete your email and name associated with your account or all your data associated with your account by going into your ‘Profile’. Deleting all account data will mean any Survey feedback data you may have provided will no longer be linked to you and de-identified so that we can keep the information on how our services affect people’s well-being in general.
If you have linked your wearable device to the app, you may unlink it at any time by going into your “Profile”. Any information we have that is collected from your wearable device, such as data synced to ‘activities’ in your activity log will be kept, but no new data will be captured. You can delete the synced data when you delete your account or exercise your data protection rights set out below.
If you are a web portal member, you can choose to delete your web portal profile through the portal settings at any time.
Otherwise, we keep your information only for as long as is necessary for the relevant purpose. For example, if we have a contract with you, this will be for 6.5 years after expiration or termination, in order to assist us with any contractual claims. We use a number of criteria for determining the retention period including obligations under law, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose we collected it for.
Who do we share your personal data with?
Data may be shared in the following circumstances:
- internally with singing group leaders at your organisation who manage event details and music choices (only de-identified data);
- with professional advisors;
- in the event of a sale of the company or its assets; and
- with suppliers but only subject to robust contractual protections.
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data necessary, we may not be able to respond to your query or consider your application or request. Basic registration data is required for you to be able to sign up to use the app and use its functionality.
If you do not provide your health information data which is connected to your wearable device, we may not be able to provide you with personalised insights and stats on the impact of singing using our app on your health.
Do we make automated decisions concerning you?
Automated decisions are those made without human intervention that have a legal effect on you or other similarly significant effect. We do not carry out this type of processing activity.
Do we transfer your data outside the UK and/or the EEA?
We store personal data in the UK. We may sometimes transfer your personal data to countries outside the UK and/or European Economic Area (or between the two), for example, if we are using a supplier based elsewhere. You can find the list of member states by clicking on the following link: https://ec.europa.eu/eurostat/statistics-explained/index.php/Glossary:European_Economic_Area_(EEA). The privacy laws in countries outside the European Economic Area and the UK may be different from those in your home country.
Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we always have security measures and approved model clauses or other adequate safeguards in place to protect your personal data. Please contact us if you would like more details about our safeguards for data transfers.
What rights do you have in relation to the data we hold on you?
Residents of the United Kingdom and the EEA have a number of rights when it comes to their personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. In the UK this is the Information Commissioner’s Office.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests; or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request in some circumstances.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
| Rights | What does this mean? |
|---|---|
| 1. The right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, do please get in touch. |
| 2. The right of access | You have the right to obtain access to your information (if we are processing it), and certain other information similar to that provided in this Privacy Policy. |
| 3. The right to rectification | You are entitled to have your information corrected if it is inaccurate or incomplete. |
| 4. The right to erasure | This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions. If you are an app user, you can delete your account and data by using the deletion option in the settings. |
| 5. The right to restrict processing | You have the right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future. |
| 6. The right to data portability | You have the right to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions you can contact us. |
| 7. The right to object to processing | You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on our legitimate interests for processing. |
| 8. The right to lodge a complaint | You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. |
| 9. The right to withdraw consent | If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes. |
Children’s Privacy
We do not offer our website or app to children under the age of 18 and we do not knowingly collect or maintain personal data from anyone under the age of 18. If we find that we have collected personal data online from a child under the legal age, we will promptly delete that personal data. If you have concerns over our collection of children’s personal data, please contact us at the information provided in the “How can you contact us?” section below. While our websites and app are not directed to children, if your child uses them and you wish to review or delete your child’s personal data, you may make such a request by contacting us at the location or email address below under “How can you contact us?”.
Do Not Track
We do not currently recognise automated browser signals regarding tracking mechanisms, which may include “Do Not Track” (DNT) signals sent by web browsers, mobile devices, or other mechanisms. Third parties may be able to collect information, including personal data, about your online activities over time and across different websites or online services when you use the Services. You may opt out of online behavioural ads at http://www.aboutads.info/choices/. You also may limit certain tracking by disabling cookies in your web browser.
Cookies and Analytics
We use cookies, pixels, tags, and other technologies, which may be provided by third parties, on our websites to enable certain functionality and for security and fraud detection and prevention, as well as to collect usage information about our websites and the emails that we send and to personalise content and provide more relevant ads and information. We may combine the information we collect via these technologies with other information, including personal data.
You can find more details in our cookie policy here (accessible in the footer) https://biiah.com/.
Cookies. Cookies are alphanumeric identifiers that are transferred to your computer through your web browser for record-keeping purposes. Some cookies enable you to log-in to our website or save certain settings and preferences, while others allow us to track usage and activities on our website, personalise content on our website, or deliver more relevant ads on our website and third-party sites. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The “Help” tab on the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you block cookies, however, certain features on our website may not be available or function properly. Residents of the UK and the EEA can use our cookie consent banner displayed on our website to make their choices about cookies.
Pixel tags and embedded script (aka clear GIFs and web beacons). Pixel tags are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, pixel tags are embedded invisibly on web pages. We may use these, in connection with our website to, among other things, track the activities of the users of our Services, improve ads, personalise and manage content, and gather usage information about our website. We may also use these in HTML emails to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Third-Party Analytics Tools. Our website uses automated devices and applications operated by third parties, such as Google Analytics, which uses cookies and similar technologies to collect and analyse information about use of the website and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and you can opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
How can you contact us?
If you are unhappy with how we’ve handled your information or have further questions on the processing of your personal data, contact us here: dpo@thechoralhub.com.
