We take care of your data

We are committed to keeping your data safe and secure and ensuring that you receive the best possible service from ABRSM.

In our privacy policy we explain what we do with your data and your rights to make sure it is accurate and up to date and accessible by you. Our data protection action plan ensures we are compliant with the UK’s Data Protection Act 2018 and EU General Data Protection Regulations (GDPR). Our staff, country representatives and examiners are trained and expected to adhere to our policies on the safekeeping of personal data. We have contracts in place with third parties with whom we have to share data to provide our services. We maintain state of the art security systems which are externally validated. The ICO’s guidance provides more advice on your rights and there are further helpful links on the right

ABRSM is a Data Controller in relation to our exams. You can read the advice we received about this  here.

Want more information?

If you have any questions, please contact [email protected]

ABRSM is a music education body, a music publisher and the world’s leading provider of music exams, offering assessments to over 600,000 candidates in over 90 countries every year.

This Privacy Policy, together with our Cookie Policy, sets out how ABRSM uses and protects any personal data that you provide to us.

By ‘ABRSM’ we mean both the Associated Board of the Royal Schools of Music, and ABRSM (Publishing) Ltd, its wholly-owned subsidiary.

Both ABRSM (Z6618494) and ABRSM (Publishing) Ltd (Z6329415) are data controllers registered with the UK Information Commissioner’s Office.

Where personal data is provided directly to ABRSM through use of the website, the exam booking portal, by email or by registering for ABRSM events, or other means where ABRSM is determining the way in which that personal data is processed for its own use, then ABRSM will be a data controller of such information.

ABRSM is firmly committed to complying with privacy and data protection laws and being transparent about how we process personal data. Although legal requirements may vary from country to country, ABRSM intends to adhere to the principles set out in this Privacy Policy even if, in connection with the above, we transfer your personal information from your country to other countries that may not require a high level of protection for your personal information.

We have policies, procedures and training in place to ensure that everyone who works or volunteers for us understands their responsibilities to protect personal data, and we apply these data protection principles:

  • Lawfulness, fairness and transparency – we will use personal data in a way that complies with the law, and in a way that our customers and staff expect and have been told about.
  • Purpose limitation – we will only use personal data for the reasons we collect it for, and not for something extra or unrelated.
  • Data minimisation – we will limit the amount of personal data we collect to what we need it for.
  • Accuracy – we will ensure the personal details in our records are accurate and kept up to date.
  • Storage limitation – we will only keep personal data for as long as we need it. When it is no longer needed, we will securely destroy or delete the personal data.
  • Integrity and confidentiality (security) – we will ensure personal data is kept securely and that the details of our customers and staff are protected but accessible when it is needed.
  • Accountability – we will take responsibility, have appropriate measures in place and keep records to demonstrate how we achieve data protection compliance.

Our Data Protection Lead is Rachael Casstles, Director of Legal and Compliance.

If you have any questions regarding our Privacy Policy, please either:

email: [email protected]

or write to Rachael Casstles, Data Protection Lead at the following address:

ABRSM, 4 London Wall Place, London, EC2Y 5AU

We may collect personal data in person or via post, email, SMS or the website, from you and from third parties for a number of purposes.

ABRSM will only use your personal data if we have a legal basis for doing so, and for the purposes for which it was collected. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do this.

We have set out below all the ways we use your personal data, and which of the legal bases we rely on to do so. We may process personal information where it is in our legitimate interests to do so and where we are confident that such processing will not infringe on your rights and freedoms. Our 'legitimate interests' in this context include supporting musical learning and progress, and supporting the professional development of music teachers. Where required, we will process personal information in order to comply with our legal obligations, to assist the prevention and detection of crime, and in order to assist the police and other competent authorities with investigations (including criminal and safeguarding investigations).



Lawful basis for processing

To process an exam, event, webinar booking, take payment and contact you in relation to our service


Performance of a contract

To inform you about changes to our service


Performance of a contract/Legitimate interests

To respond to a query and manage the complaint process


Consent/Legitimate interests

To perform credit checks


Consent/Legitimate interests

To process your order from our online shop


Our online shop is run by Boosey & Hawkes, which is a separate data controller and has its own privacy policy


Performance of a contract

To process your subscription to an ABRSM app


Performance of a contract

To send marketing messages to you


You can change your mind on how you receive marketing messages or you can stop receiving them at any time.



To consider and award scholarships and funding grants


Consent/Legitimate interests

To consider applications to work or volunteer


Consent/Legitimate interests

To process special category information that we need to run events, courses, meetings and exams



To improve our website and our services to you

Legitimate interests


To administer our own discussion forum



Market research


We may use your anonymised information to identify trends and to design market research. Market research agencies acting on our behalf may get in touch with you to invite you to take part in research. Any responses you provide will be reported back to us anonymously unless you give us permission for your details to be shared.


Legitimate interests

We may share your information with relevant agencies, law enforcement and other third parties for the purpose of preventing or detecting crime, or where it is the public interest.

Legitimate interests/Legal obligation/Public interest

The information that we collect may include:

  • Contact details such as name, address, email address and phone numbers
  • Your instrument and grade
  • Your musical interests
  • Your relationship to a candidate
  • Credit or debit card details and any purchases you have made
  • Date of birth, gender and title
  • Any access or Special Educational Needs (SEN) requirements for your exams and medical reports where relevant
  • Dietary requirements where this is required for catering
  • Qualifications and school or organisation you belong to/work for
  • Name of your parent or guardian (if you are under 13 years old)
  • Nationality
  • Optional information about race and ethnicity for monitoring purposes
  • Recordings or transcripts of exam submissions, meetings, telephone calls, webchat
  • Emails, letters

In respect of job applicants, we may also collect:

  • Your image and likeness where this is required for business or security purposes
  • Information about your family, social circumstances and extra-curricular activities
  • Your bank account details, tax and residency status
  • References from previous employers or educational institutions
  • Contact details for your family members and next of kin
  • Information concerning your health and medical conditions
  • Optional information about your race, ethnicity and sexual orientation
  • Details of criminal convictions

We ask you for Special Educational Needs (SEN) requirements, which may require supporting evidence, in order to consider making reasonable adjustments for candidates taking exams. We will retain the supporting evidence only for a maximum of six months. We keep details of any access arrangements and reasonable adjustments, and brief details of the supporting evidence given, for compliance purposes indefinitely, but records are deleted if the candidate has not taken an exam for five years. Systems used to store supporting documents have restricted access.


We need to collect and use relevant information about young people so that they can enter exams and competitions, attend events, and sign up to some of our services. We consider a young person to be under 14 years old. If you are under 14 years old, please get your parent/guardian's permission before you provide any personal information to us.

We use cookies and log files on our websites to store information about how you use them. A cookie is a piece of data stored on the user’s computer tied to information about the user. This enables us to create a profile which details your viewing preferences. We use your profile to tailor your visit to our websites, to make navigation easier and direct you to information that best corresponds to your interests and country. Cookies are used to display exam dates, fees and contact details of ABRSM representatives for that country. You can view our Cookie Policy [insert link]

Aggregate information is collected from users using our own web tracker. This information includes users' Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time of visit, number of clicks, error pages and number of unique visits. This information is not linked to personal profiles or to personally identifiable information provided by users. We use it to analyse visitor trends and use of our website, administer the website and to gather broad demographic information of our website users.

We may provide your personal data to third parties who we engage to provide supplemental services such as caterers, schools, conference and course providers, referees, tutors and examiners. We may also share your information with our bank in order to process a payment; our professional advisers (such as our legal advisers) where it is necessary to obtain their advice; our IT support and data storage providers; mailing house; website administrator, and printers. We also share data with suppliers that provide key support to Online Theory. We are required to share personal data with the Department for Education and to share anonymised data with our regulators, Ofqual, CCEA and Qualifications Wales.

Sometimes these third parties will share your information with us and we will use it in accordance with this Privacy Policy.

Payments in relation to exams are processed by Barclaycard, PayPal or Stripe.

Purchases from our online shop are processed by a third party, Boosey & Hawkes Music Publishers Ltd. Your data is processed in accordance with their Privacy Policy (https://shop.abrsm.org/shop/help/privacy_policy).

Payments for events are processed by Eventbrite.

By completing the payment, you agree that these third parties may process your data in accordance with their Privacy Policies.

In accordance with the Payment Card Industries Data Security Standard (PCI DSS), ABRSM does not process, transmit or store credit card data. A truncated PAN (Primary Account Number) that consists of the first and last four digits of the card number is provided by the payment gateway provider for reporting and reconciliation purposes.

We may need to collect or send some personal information outside of the European Economic Area (EEA), for example to process your exam, take a payment, or make arrangements for a conference. If we transfer personal information to countries or jurisdictions which are not subject to an adequacy decision granted by the European Commission, we will take measures to comply with our legal obligations and all reasonable safeguards to ensure that your personal information is treated securely and in accordance with this Privacy Policy. For example, we will enter into standard contractual clauses that have been approved by the European Commission.

ABRSM is based in the UK and has no offices, branches or other establishments in the EEA. We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally, please email our Representative at [email protected], or post your request or query to:

EU Representative, IT Governance Europe, Third Floor, The Boyne Tower, Bull Ring, Lagavooren, Drogheda, Co. Louth, A92 F682, Republic of Ireland.

When contacting our Representative please ensure you include our company name, ABRSM, in any correspondence you send.

We take every precaution to protect our staff and customers’ information. ABRSM annually renews its National Cyber Security Centre’s Cyber Essentials Plus accreditation that validates our commitment to secure configuration and action against cyber security threats.

All exam entries for Grades 1 - 8 and Music Medals are made through our online booking portals. Paper entries forms are used for Choral Singing and Instrumental Ensembles. Diploma entries are  submitted by PDF via a secure link.

Exam entries are stored on the ABRSM’s secure cloud database server in the UK and a copy of this data is transferred onto our UK-hosted Microsoft Dynamics 365 CRM system. All online information is held purely for the purpose of exam entries and is retained on this secure database server so that applicants can view their past entries.

When our online examination entry form asks users to enter sensitive information (such as credit card number and expiry date), that information is encrypted and is protected with industry-standard Secure Socket Layer (SSL) software. While on a secure page, such as our online portal(s) the lock icon on the bottom of web browsers such as Google Chrome, Microsoft Internet Explorer, Edge and Safari becomes locked, as opposed to un-locked, or open, when users are just ‘surfing.’

We use SSL encryption to protect sensitive information online and we also do everything in our power to protect user-information offline. Access by staff to personal information is restricted to only appropriate departments, minimising access privileges to certain individuals within them. All employees are provided with a unique username and password in order to gain access to this information. On premise, servers that store personally identifiable information are held in a secure environment and in a locked facility. Regular backups are made of this data, and these are securely stored off site and managed by Iron Mountain (http://www.ironmountain.co.uk/) who ensure rigorous protocols and logistics for delivery and retrieval of media to and from designated ABRSM IT staff.

If you no longer wish to receive communications about products and services from us, please contact [email protected]. You can also unsubscribe at any time to emails that we may send to you about the products and services that we think will be of interest to you.

You also have the right to:

  • Request a copy of the information we hold about you.
  • Tell us to change or correct your personal information if it is incomplete or inaccurate.
  • Ask us to restrict our processing of your personal data or to delete your personal data if there is no compelling reason for us to continue using or holding this information (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal).
  • Receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you sending that personal information to another data controller.
  • Object, on grounds relating to your specific situation, to any of our particular processing activities where you feel this has a disproportionate impact on you.

All requests should be addressed to [email protected]. We aim to respond within one month. Please note that we may be entitled to refuse requests where exceptions apply, for example if we have reason to believe that the personal data we hold is accurate or we can show our processing is necessary for a lawful purpose set out in this Privacy Policy.

We will retain your personal information in accordance with our Retention Policy which follows the principle of retaining information for only as long as is necessary. You can request a copy of the Retention Policy by contacting the Data Protection Lead, Rachael Casstles whose contact details are set out above.

This Privacy Policy may change from time to time. We recommend that you visit this webpage periodically to keep up-to-date with the changes in our Privacy Policy.

If you are not satisfied with our response to any query you raise with us, or you believe we are processing your personal data in a way which is inconsistent with the law, you can complain to the Information Commissioner’s Office. Their helpline number is 0303 123 1113.

Contact us

Marketing Department

T +44 (0)20 7636 5400

This website uses cookies to improve your experience. By using our website, you are agreeing to our cookie policy and consent to our use of cookies. Find out more.