Join the waitlist now for our summer 25 cohort
Courses
Account
Support

Privacy Policy

The following are the legal notices, polices and terms and conditions for MIST.

Fair Processing Notice 

Last Revised: 23rd July 2024 

Introduction

This Fair Processing notice relates to the business of Metropolis London Music Ltd (“We”, “Us”, “Our”) and its various trading brands, including
Metropolis Studios and Metropolis Institute of Sound and Technology (MIST).

The General Data Protection Regulation (GDPR) protects the rights of individuals by setting out certain rules as to what organisations can and cannot do with information about people. Key to this are the principles of processing individuals’ data lawfully and fairly. In order to meet these principles, we need to provide information on how we process personal data.

For the purpose of this document, the word “process” shall serve to mean all elements of the data life-cycle from generation and/or collection through processing, storage, management, analysis, sharing and destruction.

This Fair Processing Notice satisfies this element of legislation and is designed to highlight the areas of Data Protection which may be of particular concern to prospective clients, prospective staff, prospective suppliers and others accessing or using our pre-contractual services by way of channels including email, telephone and our publicly accessible websites including, as well as clients, staff, suppliers and others that Metropolis London Music Ltd has formed a contractual relationship with.

This Fair Processing Notice is designed to help those people understand how information about them will be used. It will also provide guidance on an individual’s data rights and how to make a complaint to the Information Commissioner’s Office (ICO), the regulator for data protection in the UK.

More widely, Metropolis London Music Ltd is committed to meeting the entirety of its responsibilities under the General Data Protection Regulation (GDPR) and other related legislation, taking these matters very seriously. We will always ensure that personal data is collected, handled, stored, shared, retained and disposed of in a secure manner.

The Data Protection Officer

For the purpose of data protection, Metropolis London Music Ltd is the recognised ‘controller’ of the data we reference below, and Metropolis London Music Ltd makes a Data Protection Officer available to data subjects, who can be contacted about any of the content held herein via:

Postal Address: 

Data Protection Officer
Metropolis London Music Ltd
The Powerhouse
70 Chiswick High Road
London
W4 1SY
United Kingdom
Telephone: +44 (0) 208 742 1111
Email:

dpaofficer@thisismetropolis.com

The legal bases on which we process data about data subjects

When we process data about data subjects, we have to observe the requirements of the General Data Protection Regulation (GDPR). 

Per the requirements of the General Data Protection Regulation, we set out that our legal basis for processing information about data subjects will be one of the following: 

  • With data subjects’ consent, we may process data about data subjects on a pre-contractual basis, for example in order to deal with a prospective business enquiry that data subjects have made in written or verbal form. Such consent will be collected by us using the same platform and/or medium by which the data subject’s enquiry was made. You may withdraw that consent at any time and you may do so by contacting us using the details, below.
  • We may process data about data subjects in order to form and/or execute a contract, either because data subjects have asked us to take specific steps before entering into or during a contract, and/or because an executed contract otherwise sets out that we should do so. 
  • In rare circumstances, we may process data about data subjects in order to satisfy a legal obligation, for instance, an order that we may receive from a court of law that has jurisdiction over that data and/or an organisation that can provide evidence of a legal entitlement to that data. 
  • In rare circumstances, we may process data about data subjects for the reason that it is either in the legitimate interest or vital interest
    of the data subject or another person (for example sharing information with emergency services if you were to fall ill on our premises or during a meeting). 

Data processed before GDPR

If data subjects gave Metropolis London Music Ltd data before May 25th 2018 (the date on which GDPR came into effect), it is important for data subjects to remember that data subjects’ personal data was already protected another way, by way of The Data Protection Act (The DPA). The DPA established a framework within which information about living individuals can be legally gathered, stored, used and disseminated. At its core were eight Data Protection Principles, which Metropolis London Music Ltd and other organisations needed to abide by. These specified that personal information must be:

  • Processed fairly and lawfully, and only if certain conditions are met 
  • Obtained for specified and lawful purposes, and not used for purposes other than those for which it was gathered 
  • Adequate, relevant and not excessive 
  • Accurate and where necessary kept up to date 
  • Kept for no longer than necessary 
  • Processed in accordance with individuals’ rights 
  • Kept secure 
  • Not transferred outside the European Economic Area unless certain conditions are met 

GDPR Requirements

GDPR builds on these requirements and states that from 25 May 2018 information must be: 

  • processed lawfully, fairly and in a transparent manner in relation to individuals; 
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or
    historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified
    without delay;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the
    personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and
    organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate
    technical or organisational measures.

GDPR also requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.” 

These protections apply to information in electronic form and also many types of data in paper form. Further information about the Data Protection Act and the General Data Protection Regulation is available from the Information Commissioner’s Office at www.ico.org.uk

Why Metropolis London Music Ltd processes personal data

Why we process data varies according to whether you are creating a relationship with our Metropolis Studios or MIST brand, and we outline the typical reasons these brands deal with data separately, here:

For Metropolis Studios

We process data primarily for, but not limited to, the following purposes:

  • to enable us to communicate marketing and operational messages to you via multiple platforms including social media, email and SMS;
  • to enable us to administer customer-related functions from booking to after-sales and on-day services;
  • to plan and account for the use of the services provided;
  • to provide support services, including financial and technical resources;
  • for security purposes;
  • to monitor, develop and update systems to ensure they continue to operate effectively and securely;
  • to monitor equality and diversity objectives within the organisation, and;
  • to gather feedback from prospective, current and former customers.

For MIST

We process data primarily for, but not limited to, the following purposes:

  • to enable us to collect interest from prospective clients wishing to take part in MIST programmes;
  • to enable us to communicate marketing and operational messages to you via multiple platforms including social media, email and SMS;
  • to enable us to administer client-related functions from original applications through to course completion and to provide alumni services;
  • to plan and account for the use of the services provided;
  • to produce management information including statistics;
  • to administer and support your studies and record record engagement, e.g. your course choices, attendance, assessments and the publication of any course completion event programmes
  • to administer financial aspects of your registration as a client, e.g. payment of fees, debt collection
  • to provide support services, including financial, pastoral and IT/learning resources;
  • to monitor, develop and update MIST systems to ensure they continue to operate effectively and securely;
  • to monitor equality and diversity objectives within MIST;
  • for security and disciplinary purposes;
  • for internal and external audits and quality assurance exercises
  • for alumni relations purposes

Testing Systems


We may use copies of the data, including sensitive personal data, which we hold about you for the purpose of testing our IT systems. If your data is used for system testing, it will be copied to a test environment and used with data on other clients to test changes to our IT systems in a realistic way. This is done to ensure that changes will be effective and will not cause loss or damage to data. The data about you which we hold in our live systems will not be affected. Your data will not be kept in the test environment for longer than is necessary for testing purposes. Data in that environment will not be used for purposes other than testing. We will also apply appropriate security precautions to the data.

What personal data does Metropolis London Music Ltd collect?

What personal data we process varies according to whether you are creating a relationship with our Metropolis Studios or MIST brand, and we outline the typical data types these brands deal with separately, here:

For Metropolis Studios

The nature of the personal data collected is described below, but is not limited to the data items specified:

  • name and address
  • contact details (telephone number, email address, social media)
  • payment information
  • analytical data relating to your use of our services
  • pertinent health / wellbeing information (e.g. anything relevant to safely servicing our business today whilst you are on site with us)
  • Data captured for equal opportunities monitoring (gender, date of birth, nationality, marital status, sexual orientation, religious belief, ethnicity)
  • Declaration about any disability as defined under the Equality Act 2010

For MIST

The nature of the personal data collected is described below, but is not limited to the data items specified:

  • name and address
  • a digital photograph for the purpose of creating your client ID card
  • contact details (telephone number, email address, social media)
  • nationality and country of residence
  • passport or other identity information
  • subject / area of interest
  • career aspirations
  • educational records
  • academic or professional references
  • criminal conviction declaration
  • health / wellbeing information
  • Next of kin / emergency contact details
  • Data captured for equal opportunities monitoring (gender, date of birth, nationality, marital status, sexual orientation, religious belief, ethnicity)
  • Declaration about any disability as defined under the Equality Act 2010

For Staff and Freelance Suppliers

Metropolis London Music Ltd also collects personal data from prospective and current staff and freelance suppliers. The nature of the personal data collected is described below, but is not limited to the data items specified:

  • name and address
  • contact details (telephone number, email address, social media)
  • nationality and country of residence
  • self-declaration of permission to work in the UK and upload of passport/visa copy if necessary
  • passport or other identity information
  • education, professional training and qualification records
  • employment history and references
  • criminal conviction declaration
  • health / wellbeing information
  • Next of kin / emergency contact details
  • Data captured for equal opportunities monitoring (gender, date of birth, nationality, marital status, sexual orientation, religious belief, ethnicity)
  • Declaration about any disability as defined under the Equality Act 2010

Sensitive or Special Category Data

Some of this information, such as your ethnicity, medical information and information about disabilities, is classed as “sensitive” personal data under the Data Protection Act. Under the General Data Protection Regulation sensitive data covers information consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. Sensitive personal data is subject to extra legal protection and we have to meet an additional set of conditions in order use the data fairly and lawfully.

Sensitive data about you may be to ensure that you have access to appropriate services and support, and may also be used to monitor equality and diversity, but will not be used to make decisions about you.

MIST’s Younger Clients

NB If you are under 18, we may also need to collect details from a parent/guardian for the purpose of administering your engagement with MIST, and if you are under 13, we will need to specifically collect their consent to collect and process your information.

CCTV

For safeguarding and crime prevention purposes, we may operate CCTV systems that cover areas you access at Metropolis London Music Ltd. Please refer to our CCTV policy for more information.

Who else has access to my data? 

We will never share data subjects’ information with third parties for their own marketing purposes, unless we’ve specifically asked you for your consent to do so.
If you’ve previously provided consent, you may withdraw it at any time by contacting us using the details below.  

To deliver our services to you effectively and legally, however, we may at times need send your details to third parties, such as those that we engage for professional compliance, accountancy or legal reasons, or those with a statutory obligation to the data (such as HMRC for tax matters).

Data subjects’ data may also be sent to different companies/departments within the Metropolis London Music Ltd ‘group’ where this is necessary for our day to day operations.

The full list of Metropolis London Music Ltd Group companies is: ACM Commercial Ltd, The Academy of Contemporary Music Ltd, Metropolis London Music Ltd, ACM Commercial Ltd, ACM Education Ltd, ACM Guildford Ltd, ACM London Ltd, ACM Birmingham Ltd, Industrication Ltd, Metropolis London Music Ltd.

Metropolis London Music Ltd may itself process data using a variety of different systems and platforms. Not all of these systems and platforms will be owned and/or operated by Metropolis London Music Ltd; for example, those provided as Software As A Service.

Where Metropolis London Music Ltd is using a third party system or platform for the purpose of processing data, such as Mailchimp for Marketing Emails, Clickatell for sending SMS to you or Facebook for targeting messages to you via Social Media, we’ll always have a contract in place with the third party to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidence in processing your data and that they’ll only act in accordance with our written instructions.

We’ll use appropriate security measures such as password protection and/or encryption to protect your personal data in transit to the third party, and although we do not transfer data outside of the European Economic Area (EEA) as a matter of course of usual business, if a transaction was ever to involve the transfer of data subjects’ data outside the European Economic Area (EEA), we will inform data subjects of this in advance, along with information about the safeguards in place. The data will only be transferred outside the EEA in compliance with the conditions of transfer outlined in the General Data Protection Regulation.

How long does Metropolis London Music Ltd keep data for? 

Metropolis London Music Ltd has a retention schedule in place for the different categories of data it holds.

Prospective clients and staff

We ordinarily retain personal data about prospective clients and staff (i.e. those that did not proceed to contract) for 6 years to communicate future opportunities and to deal with any enquiries, complaints, appeals and disciplinary matters that may arise pertaining to your pre-contract relationship with us.

Metropolis Clients

We will hold data about you in digital and paper form. Basic information about your service consumption so that we may serve you again in the future will be retained permanently. Other data will be disposed of from time to time, in accordance with Metropolis Studio’s data retention approach. For example, financial data relating to payments received from you or paid to you will be kept for at least seven years for audit purposes, which is a mandatory requirement.

MIST Clients

After you leave MIST, we will continue to hold data about you in digital and paper form. Some information, such as your dates of attendance and your achievements, will be retained permanently. This is so that we may be of service to you and others (with your permission) when it comes to confirming achievements obtained through MIST. Other data will be disposed of from time to time in accordance with MIST’s data retention approach. For example:

  • Data relating to your application – retained for 6 years after you leave MIST
  • Records relating to applications for Extenuating Circumstances – retained for 1 year after the application is made.
  • Data relating to any client complaints or appeals – retained for one year post completion of complaint and appeal procedures
  • Financial data relating to payments received from you or paid to you – there is a mandatory requirement to keep financial data for at least seven years for audit purposes.

What are my rights regarding the personal data held relating to me? 

  • An individual has the right to be informed about data collection via a Fair Processing Notice. This is that notice. 
  • An individual has the right to ask Metropolis London Music Ltd what personal data we hold about them, and to ask for a copy of that information.
  • Metropolis London Music Ltd reserves the right to ask data subjects to provide proof of identification and for data subjects to clarify data subjects’ request if it is unclear in the first instance. Data subjects
    will receive a reply no longer than 30 calendar days from the date data subjects make the request in writing. If data subjects are unhappy with the initial response data subjects can ask Metropolis London Music Ltd to
    undertake a further search if there is specific information data subjects have good reason to believe exists but that hasn’t been delivered to data subjects.
  • Data subjects have the right to rectify data that is incorrect. If data subjects believe Metropolis London Music Ltd holds information about data subjects that is factually incorrect please email our Data Protection Officer to provide the correct information, and Metropolis London Music Ltd should update it within one month.
  • Where there is not a legal / statutory obligation for Metropolis London Music Ltd to hold data about data subjects, data subjects have the right to be forgotten. 
  • Data subjects have the right to data portability where the personal data is processed with the consent of the data subject, not where the personal data has been collected using any of the other legal basis for processing.
  • Data subjects have the right to restrict processing. 
  • Data subjects have rights in relation to automated decision making and profiling.  
  • Data subjects also have the right to object / withdraw consent from the processing of data subjects’ personal data by Metropolis London Music Ltd at any time, if data subjects’ consent was sought initially to use data subjects’ personal data.

Data subjects have the right to complain to Metropolis London Music Ltd if data subjects think Metropolis London Music Ltd has not handled personal information responsibly and in line with good practice.
 
Metropolis London Music Ltd takes complaints seriously and is obliged under GDPR to explain clearly why it is using personal information in the way it is doing or why it has refused a request. Complaints should be made
to:

Postal Address: 

Data Protection Officer
Metropolis London Music Ltd
The Powerhouse
70 Chiswick High Road
London
W4 1SY
United Kingdom
Telephone: +44 (0) 208 742 1111
Email:

dpaofficer@thisismetropolis.com 

If data subjects are unhappy with the response from Metropolis London Music Ltd, data subjects have the right to complain to the Information Commissioner’s Office (ICO). 
A complaint can be raised via the ICO’s website at 
www.ico.org.uk

or by writing to the following address: 

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

How do I exercise my rights under GDPR? 

You may contact our Data Protection Officer, using the details provided earlier in this document.

Cookie Policy

Last Revised: 17th July 2024 

What are cookies?

This Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to manage the cookie settings.

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.

How do we use cookies?

As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

Manage cookie preferences

Cookie Settings

You can change your cookie preferences any time by clicking the above button. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away.

In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. Listed below are the links to the support documents on how to manage and delete cookies from the major web browsers.

Chrome: https://support.google.com/accounts/answer/32050

Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US

Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

If you are using any other web browser, please visit your browser’s official support documents.