Dance Studio London truly respects the privacy of its customers, and is fully committed to protect their personal information and use it properly. This policy describes how we may collect and use personal information, and the rights and choices available to our visitors and users regarding such information.
We welcome any questions and contact details are listed in the document below.
Dance Studio London Group Ltd. truly respects the privacy of their users, and is fully committed to protect their personal information and use it properly. This policy describes how we may collect and use personal information, and the rights and choices available to our visitors and users regarding such information.
We collect personal information when you use Dance Studio London Group Ltd. website, make a purchase from this site, and/or when you or your child or school becomes a member of Dance Studio London Group Ltd. The information is used to enable us to process and deliver our services to provide you with the best possible service.
By registering your details on our website, you consent to Dance Studio London Group Ltd. maintaining, recording, holding and using personal data we collect about you (details of how this personal data is stored and processed is detailed below). Information may also be collected to allow Dance Studio London Group Ltd. to send you offers that we feel will be of particular interest to you. If you wish to receive email updates about web exclusives and special offers from Dance Studio London Group Ltd, please email firstname.lastname@example.org, and we will add you to our mailing list. You do have the option not to be included on our mailing list, if you would like to opt out at any point please email email@example.com and request to be removed from the mailing list.
You will be given the chance to opt in/out of any communications from us. We will not collect sensitive information about you without your explicit consent. All information that we hold will be up to date and accurate according to the latest information provided by you.
WHO WE ARE
Dance Studio London Group Ltd. Company Director acts as the Data Controller for the purpose of Data Protection Law.
RESPONSIBILITY FOR DATA PROTECTION
The Company has appointed a Compliance Officer who will deal with all your requests and enquiries concerning the Company uses of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and Data Protection Law.
Contact email address of Compliance Officer: Francesca Denton - CEO firstname.lastname@example.org
WHY THE COMPANY NEEDS TO PROCESS DATA
In order to carry out it’s ordinary duties and best quality of service to staff, students and parents, the Company needs to process a wide range of personal data about individuals (including current, past and prospective staff, students or parents) as part of its daily operation. Some of this activity the Company will need to carry out in order to fulfil its legal rights, duties or obligations – including those under a contract with its staff, or parents of its students. Other uses of personal data will be made in accordance with the Company legitimate interests provided that these are not affecting the rights of the individual, and provided it does not involve sensitive data.
The Company expects that the following uses will fall within that category of its “legitimate interests”:
For the purposes of new student enquiries (to confirm the identity of prospective students and their parents);
To provide education and artistic services, including dance education and extra-curricular activities to customers (for example schools, workshops, businesses);
Maintaining relationships with alumni and the Company community
For the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as tax or diversity);
To enable relevant authorities to monitor the Company performance and to intervene or assist with incidents as appropriate.
To give and receive information and references about past, current and prospective students and staff in relation to providing references to potential employers;
To enable students to take part in assessments, examinations and competitions, and to publish the general results of public examinations or other achievements of students of the Company;
To safeguard students' welfare and provide appropriate care;
To make use of photographic images of students in Company publications, on the Company website and (where appropriate) on the Company social media channels in accordance with the Company policy on taking, storing and using images of children;
To carry out or cooperate with any Company or external complaints, disciplinary or investigation process; and where otherwise reasonably necessary for the Company purposes, including to obtain appropriate professional advice and insurance for the Company.
In addition, the Company will on occasion need to process special category personal data (concerning health information) or criminal records information (such as when carrying out DBS checks) in accordance with rights or duties imposed on it by law, including as regards safeguarding and employment, or from time to time by explicit consent where required. These reasons will include:
To safeguard students' welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual's medical condition or other relevant information where it is in the individual's interests to do so: for example for medical advice, for social protection, safeguarding and cooperation with police or social services, for insurance purposes or to caterers or organisers and chaperones of Company trips who need to be made aware of dietary or medical needs;
To provide educational services in the context of any special educational needs of a student;
In connection with employment of its staff, for example DBS checks, welfare, union membership or pension plans;
As part of any Company or external complaints, disciplinary or investigation process that involves such data, for example if there are any SEN, health or safeguarding elements;
For legal and regulatory purposes (for example child protection `and/or health and safety) and to comply with its legal obligations and duties of care.
Where we believe there is ‘legitimate interest’, we may seek additional information before contacting companies or organisations to determine whether there is a suitable reason to engage with them, such as a shared interest or potential connection.
TYPES OF PERSONAL DATA PROCESSED BY THE COMPANY
This will include:
Names, addresses, telephone numbers, e-mail addresses and other contact details of both the student and parent/guardian/next of kin contact information;
Financial information, eg about parents who pay fees to the Company (please note that any financial information processed by the Company (for example standing order payment form) are kept securely in a locked cabinet in a locked office until passed to your bank for processing or to our third party payment processors where you have agreed (e.g. Paypal/Stripe). When transferring data we will do so in a locked, secure case;
Past and present student attendance records (including information about any special needs), and examination scripts and marks, and progress records;
Personnel files, including in connection with academics, employment or safeguarding; where appropriate, information about student and staff health, and contact details for their next of kin;
References given or received by the Company about students and staff, and information provided by previous educational establishments and/or other professionals or organisations working with students;
Correspondence with and concerning staff, pupils and parents past and present;
Still and moving images of students (and occasionally other individuals) engaging in Company activities (in accordance with the Company policy on taking, storing and using images of children);
Transaction and order details demographic information information relating to surveys and other feedback;
Anonymous public data and research to ensure that our communications and activity is best suited to our members such as analysis data provided by Facebook in order to advertise our services or Google Analytics, for example.
HOW THE COMPANY COLLECTS DATA
Generally, the Company receives personal data from the individual directly (including, in the case of students, from their parents). This may be via a form, or simply in the ordinary course of interaction or communication (such as email, social media, via the contact form on our website, by telephone or in person).
HOW WE USE DATA
We will not sell, rent, trade or distribute your personal data to any third parties for marketing purposes. Data may be shared with trusted service providers who are authorised to act on the Company behalf and have entered into data processing agreements with us. These services may include:
● Payment processing;
● Event ticketing;
● Secure database Services;
● Google Drive Storage;
● Website hosting;
● Email delivery services;
● Accountancy Services for purposes of records required by law
● Local council and related authorities for licensing purposes,
● Royal Academy of Dance, Imperial Society of Teachers of Dance, Trinity and International Dance Teachers Association for examination purposes.
In these circumstances your data will only be used for the agreed purpose relating to the service that they are providing. We do not transfer any personal data to countries outside of the European Economic Area (EEA) unless the service provider in question has registered its compliance with the EU-US Privacy Shield Framework.
HOW WE STORE YOUR DATA
Any information containing personal data which is provided to us by the individual or parent is stored securely in line with this policy.
Information provided by way of paper form (hard copy) will be stored in a locked cabinet within our locked premises.
Most information containing personal data will be processed by way of an online form which is stored on our secure and password protected Database Software and Cloud Storage.
Personal Data which has to be transported to another venue, for example for the purposes of providing workshops/classes, performing in an event, or storing contact information on our business phone and laptop will be transported on a password protected device or locked file.
Devices where possible will be encrypted in addition to our usual standard security measures. Any contractors/freelancers working with us who require access to information in order to carry out their work while maintaining care for student wellbeing will be compliant with our Processor Agreements in place with the said contractor/freelancer.
WHO HAS ACCESS TO PERSONAL DATA AND WHO THE COMPANY SHARES IT WITH
Occasionally, the Company will need to share personal information relating to its community with third parties, such as professional advisers (lawyers, insurers, PR advisors and accountants) government authorities (HMRC, police or the local authority); appropriate regulatory bodies (eg Royal Academy of Dance, the Information Commissioner); event organisers for licence and health and safety purposes. For the most part, personal data collected by the Studio will remain within the Studio, and will be processed by appropriate individuals only in accordance with our (ie on a ‘need to know’ basis). Particularly strict rules of access apply in the context of: medical records held and accessed only by the Company Principal and Teachers taking the classes as appropriate, or otherwise in accordance with express consent; and safeguarding files. However, a certain amount of any SEN student’s relevant information will need to be provided to staff more widely in the context of providing the necessary care and education that the student requires. Staff, students and parents are reminded that the Company is under duties imposed by law and statutory guidance to record or report incidents and concerns that arise or are reported to it, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. This is likely to include file notes on personnel or safeguarding files, and in some cases referrals to relevant authorities. For further information about this, please view the Company Safeguarding Policy.
Finally, in accordance with Data Protection Law, some of the Company processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with the Company specific directions. The Company will only use trusted service providers such as Google Drive for example.
HOW LONG WE KEEP PERSONAL DATA
The Company will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the recommendation for how long to keep ordinary staff and student personnel files is up to 6 years following departure from the Company. However, incident reports and safeguarding files will need to be kept much longer, in accordance with specific legal requirements. If you have any specific queries about how our retention policy is applied, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Compliance Officer by email at email@example.com However, please bear in mind that the Company will potentially have lawful and necessary reasons to hold on to some personal data even following such request.
KEEPING IN TOUCH AND SUPPORTING THE COMPANY
The Company will use the personal data of parents, guardians and members of the Company community so that we may keep them informed, by telephone or email, of the Company developments, provide opportunities to attend events, and offers or information that we feel they may be interested in. We may occasionally submit surveys to gain their feedback and views to help improve the service we currently deliver. Should you wish to limit or object to any such use, please email our Compliance Officer at firstname.lastname@example.org. You always have the right to withdraw consent, where given, or otherwise object to direct marketing or fundraising at any time.
YOUR RIGHTS & RIGHTS OF ACCESS
Individuals have various rights under Data Protection Law to access and understand personal data about them held by the Company, and in some cases ask for it to be erased or amended or for the Company to stop processing it, but subject to certain exemptions and limitations. Any individual wishing to access or amend their personal data, or who has some other objection to how their personal data is used, should put their request in writing to the Compliance Officer (Francesca Denton - email@example.com).
The Company will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which is one month in the case of requests for access to information. The Company will be better able to respond quickly to smaller, targeted requests for information.
You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal professional privilege (for example legal advice given to or sought by the Company, or documents prepared in connection with a legal action). The Studio is also not required to share any confidential reference given by the Company itself for the purposes of the education, training or employment of any individual
Students can make subject access requests for their own personal data, provided that, in the reasonable opinion of the Company they have sufficient maturity to understand the request they are making (usually considered over the age of 13 years). A student of any age may ask a parent or other representative to make a subject access request on his/her behalf. Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of younger students, the law still considers the information in question to be the child’s.
WHO DO THE RIGHTS OF THE INDIVIDUAL BELONG TO?
The rights under Data Protection Law belong to the individual to whom the data relates. However, the Company will often rely on parental authority or notice for the necessary ways it processes personal data relating to students. For example, via a form. In general, the Company will assume that students’ consent is not required for ordinary disclosure of their personal data to their parents, eg for the purposes of keeping parents informed about the student's activities, progress and behaviour, and in the interests of the student's welfare. That is unless, in the Company opinion, there is a good reason to do otherwise. However, where a student seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, the Company may be under an obligation to maintain confidentiality unless, in the Company opinion, there is a good reason to do otherwise; for example where the Company believes disclosure will be in the best interests of the student or other students, or if required by law.
Students are required to respect the personal data and privacy of others, and to abide by the Company Code of Conduct. Staff are under professional duties to do the same covered under the relevant staff policy/code of conduct.
DATA ACCURACY AND SECURITY
The Company will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must please notify the Compliance Officer of any significant changes to important information, such as contact details, held about them. An individual has the right to request that any out-of-date, irrelevant or inaccurate or information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law): please see above for details of why the Studio may need to process your data, and who you may contact if you disagree. The Studio will take appropriate technical and organisational steps to ensure the security of personal data about individuals. All staff will be made aware of this policy and their duties under Data Protection Law and receive relevant training.
QUERIES AND COMPLAINTS
Any comments or queries on this policy should be directed to the Compliance Officer at firstname.lastname@example.org
If an individual believes that the Company has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should utilise the Company complaints procedure and should also notify the Compliance Officer.
Data Compliance Officer & Controller: Francesca Denton Email: email@example.com