Privacy and Data Protection
If you have any questions or complaints about our commitment to privacy and data protection please contact us.
What is GDPR?
The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It came into effect on 25 May 2018.
The GDPR applies to ‘personal data’, which means any information relating to a person or data subject that can be used to directly or indirectly identify a person.
The 8 principles of GDPR are:
Personal information must be fairly and lawfully processed
Personal information must be processed for limited purposes.
Personal information must be adequate, relevant and not excessive.
Personal information must be accurate and up to date.
Personal information must not be kept for longer than is necessary.
Personal information must be processed in line with the data subjects’ rights.
Personal information must be secure.
Personal information must not be transferred to other countries without adequate protection.
What information do we collect and why?
When you participate in or sign up to any of our classes, activities, workshops, mailing lists etc, we are request that you allow us to store personal information about you. Such information consists of names, addresses, contact details, date of birth, medical information, special educational needs and photographs.
By submitting this information we are able to provide you with the services you have requested and provide you with the highest level of service. It also enables us to work in accordance with the school’s other policies (Assessment, Child Protection and Safeguarding, Equal Opportunities, Health and Safety and Special Educational Needs and Disability).
How is information collected?
Personal data is collected through our website enquiry forms, enrolment forms and transaction sites. We do not collect or store payment information such as credit/debit card details. At all stages we request your consent to collect and store your personal data. Consent may be withdrawn at any stage.
Who is collecting and processing the information?
Personal data is only be collected and processed by staff of The Dance Barn with the required levels of training. This is to ensure we continue to offer high levels of customer service and comply with GDPR. All staff who process personal data are trained an annual basis or in instances of legislative change.
Who will it be shared with?
Information is only shared with staff at The Dance Barn on a need to know basis.
The Dance Barn does not actively share data with third parties, however there are occasions where sharing information is necessary. Such occasions include:
Entering pupils for examinations eg. Royal Academy of Dance.
Entering pupils for festivals.
Publicity, social media and school website.
School notice board.
Child protection concerns.
In such cases consent will be obtained before information is shared and consent may be withdrawn at any time. The only exception to this is where a situation concerns child protection.
At The Dance Barn we do NOT sell the personal data of our members or buy data from third parties.
Where is the information stored?
We are committed to ensuring that all information held by The Dance Barn is secure. In order to prevent unauthorised access or disclosure. We keep data in secure locations (including but not limited to, password protected PC and/or in lockable storage). Any computer databases used by the school are compliant with GDPR and hold the relevant accreditation.
How long will we keep personal information for?
Data is retained for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal and financial requirements. All personal data except accountancy and first aid records will be securely deleted/destroyed/shredded according to Government Guidelines after the student leaves the school or after 6 years.
Cookies are small pieces of data that websites store on a device to help the site provide a better user experience. In general, cookies are used to retain user preference, store information such as retaining things in a shopping cart and to provide anonymised tracking data to third party applications like Google Analytics.
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on our site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser which offers further guidance.
What measures do we take at The Dance Barn to ensure we are compliant with GDPR and ensuring good practice?
The school is registered with the Information Commissioner's Office. Registration is renewed each year.
The school has an appointed Data Protection Officer.
All staff who collect and process personal data undergo annual training.
A Data Protection Impact Assessment is conducted on an annual basis to ensure that privacy and data protection is considered at all times.
Systems for consent are regularly checked and records of consent maintained.
If The Dance Barn experiences a data breach of any kind, we have a legal obligation to report this to the Independent Commissioner’s Office (ICO) within 72 hours. We will inform all the victims of the data breach as soon as possible if there is a high risk of adversely affecting individuals’ rights and freedom. A register of all data breaches will be maintained.
What are your rights?
GDPR provides the following rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
Individuals can make a request for any of the above verbally or in writing, although the right is not absolute and only applies in certain circumstances. The Dance Barn will respond to a request within one month.
Last reviewed and updated: 28th May 2018.