Principal Music Practitioner

Music Studies

Performing & Composing

Community Choir


Introductory Courses


The General Data Protection Regulations (GDPR) come into force on 25th May 2018 and requires that all businesses issue a privacy statement to all clients and contacts, regarding the data held about the individual.


1. Rubato Music Academy/Tom Hughes Music are registered with the Information Commissioner’s Office. Thomas Hughes is the “controller” of your data. ICO reference is ZA405285.



2. Data Held


2.1. I hold personal contact information as well as information about each student’s music education, eg progress, objectives, exam results and tracking against goals. I only hold the data needed to provide the services you engage me to provide.



3. What I do with it


3.1. Contact information is used for scheduling, invoicing, record keeping and communicating my own services such as recitals and holiday initiatives.


3.2. Invoices will be processed by myself using external companies involved in my financial accounts. They are compliant with the GDPR.


3.3. Some information will be shared with examination boards if you wish to enter for exams.


3.4. No other data will be shared unless there is a legal obligation to do so.


3.5. All reasonable steps are taken to ensure your data is processed and stored securely.



4. Individual Rights to the Data Held:


4.1. If you wish to change or delete the information I hold about you, or if you have any concerns about your data, please contact me directly.


4.2. You have additional rights regarding the data stored about you. You can read about them here:



5. Reporting a breach of rights or security


5.1. If you believe your data rights or security have been breached, please contact immediately.  

Privacy Statement