Your privacy and security of your personal information are very important to us. This Cookies & Privacy Policy describes how we, Community Music Initiative Ltd, a limited company governed by the laws of the United Kingdom of Great Britain and Northern Ireland (the “Company”, “we,” “our,” or “us”), collect, store, use and disclose personal information (as defined below) from users of the website located at and a mobile application associated with it (collectively, the “Platform”).  

We aim to limit our collection of personal information to only such personal information as required for legitimate purposes. We take appropriate security measures to protect your personal information and also require this from third parties that process personal information of the Platform users on our behalf. We respect your right to access your personal information or have it corrected or deleted, at your request. If you have any questions, or want to know exactly what personal information we keep about you, please contact us.

We may amend this Cookies & Privacy Policy from time to time. We will post any changes to this Cookies & Privacy Policy here so that you always know what information we gather, how we might use that information, and whether we will disclose that information to anyone. Please refer back to this Cookies & Privacy Policy on a regular basis. All capitalized terms not defined herein are defined in our Terms & Conditions found at By using the Platform, you acknowledge that you accept the practices and policies outlined in this Cookies & Privacy Policy and you hereby consent that we will collect, store, use, and disclose your personal information in the following ways. If you do not agree with any practices in this Cookies & Privacy Policy, please stop using the Platform.



“Personal information” is any information which is related to an identified or identifiable natural person. When you sign up for an account or register for an exam on the Platform, we may collect the following personal information from you: your name, company name, email address, billing address, phone number, birth date, gender, any information provided by you voluntarily, and other personally-identifiable information about you. When you take an exam we will make an audio-video recording of you (and of your parent/legal guardian if you have not reached the age of consent).



We may collect data which is anonymous and pseudonymous, including, but not limited to, browser type, browsing history, information concerning user interaction with the Platform, page views, demographics, language settings, and time/date of login.



We only use information about you to support your experience throughout the Platform or to communicate with you about our Services. In particular, we collect information about you to: 

  • recognise you as a registered user of the Platform;
  • verify your identity;
  • provide a certificate with your information on it; 
  • process your orders; 
  • respond to your inquiries or requests;
  • send you newsletters, ads and information about the Platform or Services;
  • conduct market research; 
  • allow our partners and vendors (including, payment processing companies) to perform Services on our behalf;
  • forward it to the LRS Learning Records Service so that your name is added to the qualification database (provided that you have successfully passed an exam);
  • comply with all applicable laws or if we are required by law or by a court order to do so;
  • investigate suspected fraud, harassment, danger to persons or property or other violations of any law, rule or regulation, our Terms & Conditions, or our Cookies & Privacy Policy;
  • analyse non-personal or aggregate information for Platform improvement;
  • transfer information in connection with the sale or merger or change of control of Company.

In addition, we may need to share information about you with law enforcement agencies, regulators, LRS Learning Records Service, the UK Department for Education, courts, public authorities, fraud prevention agencies and emergency services, to comply with their request or with applicable laws.

We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.



From time to time, we will share your personal information with our partners and vendors (including, payment processing companies such as PayPal, Amazon Pay, Weepay, or Google Pay and video recording platform “addpipe”) to deliver you the Services we offer. We will share your personal information with the LRS Learning Records Service to add your name to the qualification database (provided that you have successfully passed an exam). We may also pass your personal information to an appropriate law enforcement agency if we obtain any evidence that leads us to believe that any abuse has occurred whilst exam recording has taken place. 

 Please be sure to read the privacy policies of any such partners and vendors. It is those partners’ and vendors’ responsibility to protect any information you give them and we cannot be held liable for their wrongful use of your personal information.


If you leave any feedback or suggestions (“Feedback”) on the Platform or in an email to us, you hereby assign to the Company all rights in the Feedback and agree that the Company shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.



This Cookies & Privacy Policy does not apply to third party ads posted on our Platform. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of websites belonging to such third parties prior to making use of these websites.



A “Cookie” is a small simple file that is sent along with pages of this Platform and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit. Cookies are considered personal information under GDPR (European General Data Protection Regulation). We use cookies to make navigation easier and analyse your usage of our Platform (including, your preferences). When you visit our Platform for the first time, we will show you a pop-up with an explanation about cookies. You do have the right to opt-out and to object against the further use of any cookies. However if you do so, please keep in mind that our Platform may no longer work properly.

By using the Platform, you agree that we may install technical or functional cookies. These cookies ensure that certain parts of the Platform work properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our Platform. This way, you do not need to repeatedly enter the same information when visiting our Platform and, for example, the items remain in your shopping cart until you have paid. We may place these particular technical and functional cookies without your consent.

Moreover, we use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our Platform in order to tailor it to customer needs. We only use this information for statistical analysis purposes and later the data is removed from our servers. Overall, cookies help us provide you with a better experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Also to keep in mind: We have made agreements about the use of cookies with other companies that place cookies. However, we cannot guarantee that these third parties handle your personal data in a reliable or secure manner. Parties such as Google are to be considered as independent data controllers. We recommend that you read the privacy statements of these companies.


WordPress Cookies:  

Cookie Name Purpose
wordpress_[hash] Used to store your authentication details. Its use is limited to the Administration Screen area
wordpress_logged_in_[hash] Indicates when you’re logged in, and who you are, for most interface use.
wp-settings-{time}-[UID] This is used to customize your view of admin interface, and, where applicable, also the main site interface.
PHPSESSID Used in order for the server to associate a given session with a given request


WooCommerce Cookies (frontend): 

Cookie Name Purpose
woocommerce_cart_hash Helps WooCommerce determine when cart contents/data changes.
woocommerce_items_in_cart Helps WooCommerce determine when cart contents/data changes.
wp_woocommerce_session_ Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.


Set by the WooCommerce Stripe Payment Gateway plugin. Learn more


WooCommerce Cookies (backend): 

Cookie Name Purpose
woocommerce_snooze_suggestio ns [suggestion] Allows dashboard users to dismiss Marketplace suggestions, if enabled.
woocommerce_dismissed_sugges tions [context] Count of suggestion dismissals, if enabled.


tk_ai Stores a randomly-generated anonymous ID. This is only used within the dashboard (/wp-admin) area and is used for usage tracking, if enabled.


Wordfence Cookies: 

Cookie Name Purpose
wfwaf-authcookie-(hash) This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.


This is only set for users that are able to log into WordPress


This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.

wf_loginalerted_(hash) This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location.


This is only set for administrators.


This cookie helps site owners know whether there has been an admin login from a new device or location.

wfCBLBypass Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.


When a hidden URL defined by the site admin is visited, this cookie is set to verify the user can access the site from a country restricted through country blocking. This will be set for anyone who knows the URL that allows bypass of standard country blocking. This cookie is not set for anyone who does not know the hidden URL to bypass country blocking.


This cookie gives site owners a way to allow certain users


  from blocked countries, even though their country has been blocked.


Pipe Cookies –  

Cookie Name Purpose
_ga Created by Google Analytics and is used for identifying a user.
_gid Created by Google Analytics and is used for identifying a user.
_iub_cs-[hash] Created by Iubenda’s cookie manager solution.



We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.



We use DigitalOcean ( servers to safely store your information. The data centres where we store your information are located in the United Kingdom.



The security of your information is very important to us. We apply all reasonable security measures and complying with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information). Notably, access to the Platform’s database with your personal information is held behind administrative logins and managed, controlled and limited to authorised website administrators and support technicians only. Data transmitted between browser and application servers is encrypted using an SSL certificate. Data is backed up weekly. The Platform’s server software is updated regularly to ensure we are running the latest and safest software (where applicable and depending on compatibility). The server’s firewall is configured to prevent unauthorised access, and activity is automatically monitored to detect and ban malicious activity.

Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.

When you use your login credentials on our Platform, you are solely responsible for keeping them confidential. Do not share them with anyone. If you believe your password has been misused, please contact us immediately. You are also responsible for the security of your personal devices and for making sure they are protected against unauthorised access.



Our Platform does not respond to and does not support the Do Not Track (DNT) header request field. If you turn DNT on in your browser, those preferences will not be communicated to us in the HTTP request header, and we will continue tracking your browsing behaviour.



The age of majority depends upon jurisdiction and application, but it is generally set at eighteen (18). Minors or the underaged may use the Platform but only with the consent of a parent or a legal guardian. We do not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18 or have not reached the age of consent, your parent or legal guardian shall register you for an exam or contact us if there are any questions. Please do not send any information about yourself to us, or other users of the Platform, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from an individual under the age of 18 without the consent of a parent or legal guardian, we will delete that information as quickly as possible.



The European General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. Our collection, processing and protecting of personal information of those who access the Platform from a European county, is compliant with GDPR. 

If you are accessing and using the Platform from the European Union and the European Economic Area, you have the following rights with regard to your personal information:


  1. the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us; therefore, we have compiled this Cookies & Privacy Policy for you;
  2. the right of access (you can request us to provide you verbally or in writing with the type of information we store about you and we have a month to respond to your request); 
  3. the right to rectify (amend/correct) any personal information about you that is inaccurate;
  4. the right to erasure (some conditions apply, see Data Retention section below);
  5. the right to restrict processing your personal information, however, if you restrict us from processing a part of your personal information that is essential to our provision of the Platform and Services, you may be asked to terminate your Account and stop using the Platform;
  6. the right to data portability; the right to data portability allows users of the Platform to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company’s servers and we will do so where it is technically feasible;
  7. the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing – read our opt-out instructions below); you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so;
  8. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.

If you would like to exercise any of the above rights, please send an email to: 

We represent and warrant that your personal information is:

  1. processed lawfully, fairly and transparently;
  2. collected only for specific legitimate purposes; 
  3. collection of personal data is adequate, relevant and limited to what is necessary;
  4. accurate and kept up to date (with your help); 
  5. stored only as long as is necessary; and
  6. is secure and kept in confidence.

Date Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your Account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfil a statutory obligation under the EU law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your personal information verbally or in writing and we have one (1) month to respond to any such request. 

Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.



The California Consumer Privacy Act (“CCPA”) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents CCPA provides California residents with five core rights to data privacy and an effective way to control their personal information. If you are a California resident, you have the following rights with regard to your personal information: 

  1. the right to know what personal information is being collected about them. 
  2. the right to know whether their personal information is sold or disclosed and to whom. 
  3. the right to say no to the sale of personal information (“the right to opt out”). Sale is defined broadly in the CCPA to include “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration”. Under CCPA, a business that collects information from California residents shall not sell the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age , unless the consumer, in the case of consumers between 13 and 16 years of age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale of the consumer’s personal information. A business shall provide a clear and conspicuous link on the business’ Internet homepage, titled “Do Not Sell My Personal Information,” to an Internet Web page that enables a consumer, or a person authorized by the consumer, to opt out of the sale of the consumer’s personal information. We do not sell your personal information to anyone
  4. the right to access their personal information. Under CCPA, a business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period. 
  5. the right to equal service and price, even if they exercise their privacy rights. 

Additionally, a California consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. However, a business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:  

  1. Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer. 
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. 
  3. Debug to identify and repair errors that impair existing intended functionality. 
  4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law. 
  5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code. 
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent. 
  7. To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business. 
  8. Comply with a legal obligation. 
  9. Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information. 

Conflict resolution under CCPA: Prior to initiating any action against a business for statutory damages on an individual or class-wide basis, a California consumer shall provide a business 30 days’ written notice identifying the specific provisions of this title the consumer alleges have been or are being violated. In the event a cure is possible, if within the 30 days the business actually cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations shall occur, no action for individual statutory damages or class-wide statutory damages may be initiated against the business. Contact us should you need to exercise any of your rights under CCPA.



You have a right to learn what personal information about you is kept by us by submitting a request to our email address You can modify or remove information about you that is stored by us by logging into your account and changing your information from your Account settings or by writing us to the same email address.


You may receive updates, newsletters, surveys, offers, ads and other promotional materials from us via your email. You may indicate a preference to stop receiving further communications or notifications from us by following the unsubscribe link provided in the e-mail you receive. Despite your indicated preferences, we may send you service related communication, including notices of any updates to Platform’s Terms & Conditions, Cookies & Privacy Policy, warranty or other statements.


Community Music Initiative Ltd

Industrial Park, 2 Brooker Road, 

Waltham Abbey EN9 1HU