Privacy Policy

Keeping your personal information safe is very important to us. We are committed to complying with privacy and data protection laws and being transparent about how we process personal data.

This policy applies to both ABRSM and ABRSM Publishing, which are two separate legal entities.

Both ABRSM and ABRSM Publishing are data controllers registered with the UK Information Commissioner’s Office (registration numbers Z6618494 for ABRSM and Z6329415 for ABRSM Publishing).

We have policies, procedures and training in place to help our employees and volunteers understand their data protection responsibilities and follow the data protection principles:

• We will process your personal information fairly, lawfully and transparently
• When we gather personal information from you, we will ensure what we collect is adequate, relevant and not excessive to our needs
• We take care to ensure your personal information is accurate and up to date
• We will only keep personal information for as long as necessary
• We will only use your personal information for the reasons for which it was collected
• We have put in place technical and organisational measures to protect your personal information from accidental loss or unlawful processing

Our Data Protection Lead is Sue Cambridge (Executive Director of Finance & Corporate Services). If you have any questions regarding our privacy policy, please email [email protected], or write to Sue Cambridge, ABRSM, 4 London Wall Place, London, EC2Y 5AU. 

This privacy policy relates to our use of any personal information we process about you.

We have policies, procedures and training in place to ensure that everyone who works or volunteers for us understands their responsibilities to protect personal data, and we apply these data protection principles:

• Lawfulness, fairness and transparency – we will use personal data in a way that complies with the law, and in a way that our customers and staff expect and have been told about.
• Purpose limitation – we will only use personal data for the reasons we collect it for, and not for something extra or unrelated.
• Data minimisation – we will limit the amount of personal data we collect to what we need it for.
• Accuracy – we will ensure the personal details in our records are accurate and kept up to date.
• Storage limitation – we will only keep personal data for as long as we need it. When it is no longer needed, we will securely destroy or delete the personal data.
• Integrity and confidentiality (security) – we will ensure personal data is kept securely and that the details of our customers and staff are protected but accessible when it is needed.
• Accountability – we will take responsibility, have appropriate measures in place and keep records to demonstrate how we achieve data protection compliance.

Our Data Protection Lead is Rachael Casstles, Director of Legal and Compliance.

If you have any questions regarding our Privacy Policy, please either:

email: [email protected]

or write to Rachael Casstles, Data Protection Lead at the following address:

ABRSM, 4 London Wall Place, London, EC2Y 5AU

We may collect personal data in person or via post, email, SMS or the website, from you and from third parties for a number of purposes.

ABRSM will only use your personal data if we have a legal basis for doing so, and for the purposes for which it was collected. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do this.

We have set out below all the ways we use your personal data, and which of the legal bases we rely on to do so. We may process personal information where it is in our legitimate interests to do so and where we are confident that such processing will not infringe on your rights and freedoms. Our 'legitimate interests' in this context include supporting musical learning and progress, and supporting the professional development of music teachers. Where required, we will process personal information in order to comply with our legal obligations, to assist the prevention and detection of crime, and in order to assist the police and other competent authorities with investigations (including criminal and safeguarding investigations).

The information that we collect may include:

• Contact details such as name, address, email address and phone numbers
• Your instrument and grade
• Your musical interests
• Your relationship to a candidate
• Credit or debit card details and any purchases you have made
• Date of birth, gender and title
• Any access or Special Educational Needs (SEN) requirements for your exams and medical reports where relevant
• Dietary requirements where this is required for catering
• Qualifications and school or organisation you belong to/work for
• Name of your parent or guardian (if you are under 13 years old)
• Nationality
• Optional information about race and ethnicity for monitoring purposes
• Recordings or transcripts of exam submissions, meetings, telephone calls, webchat
• Emails, letters

In respect of job applicants, we may also collect:

• Your image and likeness where this is required for business or security purposes
• Information about your family, social circumstances and extra-curricular activities
• Your bank account details, tax and residency status
• References from previous employers or educational institutions
• Contact details for your family members and next of kin
• Information concerning your health and medical conditions
• Optional information about your race, ethnicity and sexual orientation
• Details of criminal convictions

We ask you for Special Educational Needs (SEN) requirements, which may require supporting evidence, in order to consider making reasonable adjustments for candidates taking exams. We will retain the supporting evidence only for a maximum of six months. We keep details of any access arrangements and reasonable adjustments, and brief details of the supporting evidence given, for compliance purposes indefinitely, but records are deleted if the candidate has not taken an exam for five years. Systems used to store supporting documents have restricted access.

We need to collect and use relevant information about young people so that they can enter exams and competitions, attend events, and sign up to some of our services. We consider a young person to be under 14 years old. If you are under 14 years old, please get your parent/guardian's permission before you provide any personal information to us.

We use cookies and log files on our websites to store information about how you use them. A cookie is a piece of data stored on the user’s computer tied to information about the user. This enables us to create a profile which details your viewing preferences. We use your profile to tailor your visit to our websites, to make navigation easier and direct you to information that best corresponds to your interests and country. Cookies are used to display exam dates, fees and contact details of ABRSM representatives for that country. You can view our Cookie Policy [insert link]

Aggregate information is collected from users using our own web tracker. This information includes users' Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time of visit, number of clicks, error pages and number of unique visits. This information is not linked to personal profiles or to personally identifiable information provided by users. We use it to analyse visitor trends and use of our website, administer the website and to gather broad demographic information of our website users.

We may provide your personal data to third parties who we engage to provide supplemental services such as caterers, schools, conference and course providers, referees, tutors and examiners. We may also share your information with our bank in order to process a payment; our professional advisers (such as our legal advisers) where it is necessary to obtain their advice; our IT support and data storage providers; mailing house; website administrator, and printers. We also share data with suppliers that provide key support to Online Theory. We are required to share personal data with the Department for Education and to share anonymised data with our regulators, Ofqual, CCEA and Qualifications Wales.

Sometimes these third parties will share your information with us and we will use it in accordance with this Privacy Policy.

Payments in relation to exams are processed by Barclaycard, PayPal or Stripe.

Purchases from our online shop are processed by a third party, Boosey & Hawkes Music Publishers Ltd. Your data is processed in accordance with their Privacy Policy (https://shop.abrsm.org/shop/help/privacy_policy).

Payments for events are processed by Eventbrite.

By completing the payment, you agree that these third parties may process your data in accordance with their Privacy Policies.

In accordance with the Payment Card Industries Data Security Standard (PCI DSS), ABRSM does not process, transmit or store credit card data. A truncated PAN (Primary Account Number) that consists of the first and last four digits of the card number is provided by the payment gateway provider for reporting and reconciliation purposes.

We may need to collect or send some personal information outside of the European Economic Area (EEA), for example to process your exam, take a payment, or make arrangements for a conference. If we transfer personal information to countries or jurisdictions which are not subject to an adequacy decision granted by the European Commission, we will take measures to comply with our legal obligations and all reasonable safeguards to ensure that your personal information is treated securely and in accordance with this Privacy Policy. For example, we will enter into standard contractual clauses that have been approved by the European Commission.

We use cookies and log files on our website (abrsm.org) to store information about how you use our website. 

A cookie is a piece of data stored on the user’s computer tied to information about the user. This enables us to create a profile that details your viewing preferences. We use your profile to tailor your visit to our website to make navigation easier and direct you to information that best corresponds to your interests and country.  Cookies are used to display exam dates, fees and contact details of ABRSM representatives for that country. Read our cookie policy.

Aggregate information is collected from users using our own web tracker. This information includes users' Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time of visit, number of clicks, error pages and number of unique visits. This information is not linked to personal profiles or to personally identifiable information provided by users. We use it to analyse visitor trends and use of our website, to administer the website, and to gather broad demographic information of our website users.

We take every precaution to protect our staff and customers’ information. ABRSM annually renews its National Cyber Security Centre’s Cyber Essentials Plus accreditation that validates our commitment to secure configuration and action against cyber security threats.

All exam entries for Grades 1 - 8 and Music Medals are made through our online booking portals. Paper entries forms are used for Choral Singing and Instrumental Ensembles. Diploma entries are  submitted by PDF via a secure link.

Exam entries are stored on the ABRSM’s secure cloud database server in the UK and a copy of this data is transferred onto our UK-hosted Microsoft Dynamics 365 CRM system. All online information is held purely for the purpose of exam entries and is retained on this secure database server so that applicants can view their past entries.

When our online examination entry form asks users to enter sensitive information (such as credit card number and expiry date), that information is encrypted and is protected with industry-standard Secure Socket Layer (SSL) software. While on a secure page, such as our online portal(s) the lock icon on the bottom of web browsers such as Google Chrome, Microsoft Internet Explorer, Edge and Safari becomes locked, as opposed to un-locked, or open, when users are just ‘surfing.’

We use SSL encryption to protect sensitive information online and we also do everything in our power to protect user-information offline. Access by staff to personal information is restricted to only appropriate departments, minimising access privileges to certain individuals within them. All employees are provided with a unique username and password in order to gain access to this information. On premise, servers that store personally identifiable information are held in a secure environment and in a locked facility. Regular backups are made of this data, and these are securely stored off site and managed by Iron Mountain (http://www.ironmountain.co.uk/) who ensure rigorous protocols and logistics for delivery and retrieval of media to and from designated ABRSM IT staff.

If you no longer wish to receive communications about products and services from us, please contact [email protected]. You can also unsubscribe at any time to emails that we may send to you about the products and services that we think will be of interest to you.

You also have the right to:

• Request a copy of the information we hold about you.
• Tell us to change or correct your personal information if it is incomplete or inaccurate.
• Ask us to restrict our processing of your personal data or to delete your personal data if there is no compelling reason for us to continue using or holding this information (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal).
• Receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you sending that personal information to another data controller.
• Object, on grounds relating to your specific situation, to any of our particular processing activities where you feel this has a disproportionate impact on you.

All requests should be addressed to [email protected]. We aim to respond within one month. Please note that we may be entitled to refuse requests where exceptions apply, for example if we have reason to believe that the personal data we hold is accurate or we can show our processing is necessary for a lawful purpose set out in this Privacy Policy.

We will retain your personal information in accordance with our Retention Policy which follows the principle of retaining information for only as long as is necessary. You can request a copy of the Retention Policy by contacting the Data Protection Lead, Rachael Casstles whose contact details are set out above.

This Privacy Policy may change from time to time. We recommend that you visit this webpage periodically to keep up-to-date with the changes in our Privacy Policy.

We may need to collect or send some personal information outside of the EEA – for example, to facilitate the exam process and for arranging conferences. If we transfer personal information to countries or jurisdictions that may not be subject to an adequacy decision granted by the European Commission, we will take measures to comply with our legal obligations and all reasonable steps to ensure that your personal information is treated securely and in accordance with this privacy policy. For example, we will enter into standard contractual clauses that have been approved by the European Commission.

For more information about international transfers of personal data (or to request a copy of the standard contractual clauses), you can contact our Data Protection Lead, Sue Cambridge, by emailing [email protected] or writing to Sue Cambridge, ABRSM, 4 London Wall Place, London, EC2Y 5AU.