GDPR POLICY

Data Protection Policy

This website is operated by SusyBallet. We take your privacy very seriously therefore we urge you to read this policy very carefully because it contains important information.

 

Who we are 

SusyBallet, as a dance tuition provider is required to collect, use and manage certain data. When we do so we are regulated under the General Data Protection Regulation (GDPR) which was approved by the EU Parliament in 2016 and came into effect on the 25thMay 2018. GDPR states that personal data should be processed with “lawfulness, fairness and transparency” and “collected for specified, explicit and legitimate purposes” and that individuals data is not processed further in a manner that is incompatible with those purposes. Personal data acquired will be “adequate, relevant and limited to what is necessary” and will be “accurate and, where necessary, kept up to date”. Data must be “kept in a form which permits identification of data subjects for no longer than is necessary” and should be “processed in a manner that ensures appropriate security of the personal data”. SusyBallet is committed to protecting the rights and freedoms of individuals with respect to the processing of childrens’, parents, visitors, volunteers and staffs personal data.

 

What, how and why we collect, store, use and share personal information  

SusyBallet as a dance tuition provider will need to know clients (adults, Parents, guardians and childrens’) full names, addresses, telephone, mobile numbers, email addresses, important medical information (such as asthma etc), relevant SEND information and emergency contact details including names, relationship to student, telephone and mobile numbers. Dates of birth are needed for child students. Please note that for RAD examinations, festival, competition and some performance purposes, names and dates of birth are required. 

 

Visitors will need to provide names, telephone numbers and company name, where appropriate. This is in respect of our health and safety and safeguarding policies.

 

Volunteers and chaperones for shows, excursions and events will be required to obtain suitable licences and hold up to date Disclosure and Barring checks (DBS).

 

SusyBallet is required to hold data for any staff or teachers working for our organisation. Data required includes full names, addresses, email addresses, telephone and mobile numbers, relevant qualifications and certificates, bank details for payment and Disclosure Barring Service checks (DBS). Date of birth, National Insurance Numbers, photographic ID (passport or Drivers licence) and proof of eligibility to work in the UK may also be required and this information will be sent via a secure file transfer system for the processing of DBS checks. DBS numbers and date of issue are also held on a central secure staffing record.

 

Under GDPR guidelines, the sensitive data, referred to as Special Category Data required to be obtained, includes, but is not limited to: health and medical information, accident report forms. This information is required for the safety of students participating in dance classes, events and excursions. Susyballet has a legitimate interest in this information and where appropriate, to be shared with other Susyballet staff.

 

Susyballet obtains all personal data under the lawful basis of Legitimate Interest. It is necessary to collect personal details of students and details of parents and guardians of those students under the age of 18 for their protection and safety whilst in the care of Susyballet and its staff.

 

The legal basis for processing data will be identified and documented. The processing of data may be undertaken by Susyballet staff, chaperones and third parties, where the sharing of personal or sensitive data has been consented to and third parties comply with GDPR.

Personal information will be used for registers to monitor attendance and for health and safety and safeguarding reasons during class. During the Covid-19 outbreak in 2020, some personal information will be retained for the purposes of the NHS Test & Trace programme.

 

Personal information will be used for the purpose of sending requests for payment.

Personal contact information will be used for informing current and prospective customers about Susyballet news (by consent)

 

Personal information (e.g names), photographs and videos of students dance work may be used by Susyballet for the purposes of advertising events, services, news, but also for training and choreography. This may be through means of email, website or social media (by consent).

Anybody working for Susyballet (either as a teacher, employee or volunteer) who requires to obtain any relevant data about any student will be required to read this Data Protection Policy and agree to sign a Data Processing Form to demonstrate their understanding of their responsibility and to agree to their obligations.

 

Consent

No data will be processed until consent has been obtained by Susyballet.

 

Consent is given through the completion and signing of Susyballet Registration forms and Susyballet Data Processing Forms. This is how all necessary personal and sensitive data is obtained by Susyballet.

 

Formal consent is required through the signing of these forms and there are no pre-tick options.

 

Paper and electronic copies of these forms will be stored securely for appropriate lengths of times and reviewed atleast annually or as required.

 

Parental consent is required for any child under the age of 18.

 

For withdrawal of consent an email can be sent to susy@susyballet.co.uk

Specific consent is required to give us permission to take and use photographs/videos/names of individuals participating in classes, shows, workshops, parties, demonstrations, events for advertising, marketing and promotional purposes.

 

Consent is also required for permission to take photos and videos by teaching staff during class for for training purposes for individuals and for other Susyballet teaching staff.

 

Consent will also give permission for the release of photographs/videos to be sold to parents/students as mementos of Susyballet workshops, rehearsals, shows, other events performed by Susyballet students.

 

SusyBallet uses Cookies on its website to collect data for Google Analytics. This data is anonymous.

 

The Right of Access


Your rights in relation to your personal information and how to contact us and supervisory authorities in the event that you have a complaint

 

You have the right to access your personal data at any time. Individuals have the right to ask for their data to be updated, removed or erased and if requested, this will be actioned as quickly as possible (This will be within the legal requirement of 30 days), provided that there are no legal reasons preventing us from doing so. If there are any legal reasons why we cannot remove or delete your data then we will notify you of the reason why.  Please note that certain information must be retained for differing periods of time (e.g accident books, child protection records, staff records). It is ultimately the responsibility of the individual to notify Susyballet of any changes to their personal or sensitive data and this can be done at any time via emailing susy@susyballet.co.uk or completing a new Registration Form. 

 

Susyballet will at times require certain personal and sensitive data to be transferred to GDPR compliant third parties. This includes but is not limited to performance & festival organisers, insurance companies, uniform and costume providers, examination boards, HMRC, local authorities in instance of obtaining chaperone and other performance related licences.

During the Covid-19 Outbreak, some personal details will need to be retained for a period of 21 days for the purposes of the NHS Test & Trace Programme. As part of our Covid-19 screening questions on entry to each class, we will ask for your Name, contact details (Parent/guardian in case of a child under 18), date & time of entry, and questions regarding your current health and possible exposure to Covid-19.

 

Staff may at times be required to access or process data. Training will be provided to this end and copies of this Data Protection Policy must be read, understood and signed by all staff and volunteers at Susyballet. Staff will make every effort to keep data secure when they are in possession of it and by storing data in lockable filing cabinets or with the use of strong passwords on phones and computers. Staff are also data subjects and as individuals are required to consent to the retention and use of their personal data for their employment. Staff are responsible for keeping their information up to date and informing Susyballet of any changes. Staff also have the right to obtain, update, remove or erase any information held by Susyballet about themselves as they so wish.

 

Firewall and virus checking software will be installed on computers owned by Susyballet and all Susyballet staff will be required to keep their own computers updated and protected as far as is possible. Mobile phones with internet access must also be regularly updated and protected with passwords. Anti-spyware tools will be used on computers. Regular back- ups of information must be made by Susyballet staff to keep vital information stored in a secure place other than a computer so that the loss of a computer does not mean a loss of all information. Susyballet will ensure that all personal data is securely removed from old computers before they are disposed of.

 

Susyballet employees will ensure that emails are encrypted if they contain sensitive material, that they will be sent only to the intended recipient and that emails will be sent using (BCC) blind carbon copy when sending to more than one recipient. 

 

Susyballet registration forms have opt in boxes where it is asked whether the individual or consenting adult will allow photos or videos being taken during susyballet dance sessions and events organised by or attended by students of susyballet. 

 

All staff at susyballet will ensure that all sensitive and confidential paper waste is shredded after use. Physical security of any premises used by a member of staff will be checked regularly.

In the unlikely event of a data breach, Susyballet will contact the Information Commissioners Office (ICO) within 72 hours of the breach being realised. Susyballet will inform all individuals that they hold data on of the breach and will work quickly with the necessary bodies to resolve the problem.

 

For further information please contact Susy Morley (Principal) at susy@susyballet.co.uk