Please provide email and password to log in to the Absolute Arts portal
TERMS AND CONDITIONS
-All customers are to now pay online, via card payment,
prior to enrolment in class. Spaces cannot be reserved without payment.
-Refunds will only be made if a class is cancelled due to
an internal reason - for example, sickness of a teacher where cover cannot be
arranged. This DOES NOT include closure due to adverse weather conditions.
Refunds will not be issued if a student cannot attend a
In the event of a cancelled class, a replacement class
will be offered in the first instance. If the school is forced to close, the
replacement class will be offered online.
If this cannot be arranged and a replacement class is not
offered to a customer, then a refund will be issued.
Refunds will only be issued for the class(es) missed. The
amount refunded will be based on the hourly rate of the class (the terms fee
for that class divided by 12) taking into consideration any discounts applied
to your account.
In the event of a pandemic or epidemic, including the
current Covid-19 outbreak, if we are advised to close due to government
guidelines and laws put in place, refunds will not be issued. We will however,
move all timetabled classes onto our online platform so they can still be
attended by the students and this will be at no extra cost to the customer.
-Students who are on unlimited packages that do not
attend a class 3 or more times, will be removed from that specific class. This
is so that other students have the opportunity to move into the class if they
are on the waiting list. The student removed will be placed onto the waiting
list until a space is available to be allocated to them.
-Half a term’s notice is required (minimum 6 weeks), in
writing, via email or letter, to terminate this contract, and training at
Absolute Arts. If notice is not given, in writing, you will be charged the
equivalent of half a term (6 weeks) of your last invoice. The person signing
this contract will be liable for any and all costs incurred by Absolute Arts to
collect payment, should payment not be received. This includes but is not
limited to; court costs, debt collection agency fees, admin charges and
interest on outstanding money.
-New students are accepted at any time during the term as
long there is a space available within the class. If the class is full, your
name will be placed on our waiting list until a space is available.
-Absolute Arts reserves the right to change the timetable
-During classes some physical contact may be necessary by
a teacher to guide or demonstrate to the pupil. THIS WILL BE AVOIDED AS MUCH AS
POSSIBLE WHILST SOCIAL DISTANCING MEASURES ARE IN PLACE AND PHYSICAL CONTACT
WILL ONLY BE MADE WHEN ABSOLUTELY NECESSARY.
Every care will be taken to safeguard your child whilst
under our supervision / in our premises.
In the event of injury, physical contact may be required
to ensure the health and wellbeing of the student. Injuries will be reported in
the accident book.
-The collection and care outside the premises must remain
the responsibility of the parent/guardian. Parents will collect their children
from outside the premises. If a child is allowed to make their own way home,
without a parent, then written permission must be given to Absolute Arts.
-Absolute Arts cannot accept responsibility for the loss
or damage of any personal property.
Photos / videos may be taken during
classes/rehearsals/performances/events to be used on our website/social media
and for promotional material. If you would prefer that your child not be
involved in this, please talk to us.
-Students, teachers and anyone else entering the building
will be required to sanitise their hands upon arrival. Their temperatures will
also be checked and entry will be refused if a person is displaying a high
temperature and / or symptoms of Covid-19. This is to safeguard everyone inside
the premises. Refunds will not be issued if entrance is refused.
We expect parents and carers to make us aware if any
student is displaying symptoms of COVID19 and keep students off until a negative
COVID result has been obtained or they have reached the end of the recommended self isolation period.
In the case of a positive COVID test, Absolute Arts must
be informed immediately. Any student or teacher who has made contact with that
person will be asked to self isolate, along with their family, as per
government guidelines. If this should result in a school closure, classes will
be delivered online until it is safe to return.
-Absolute Arts has the right to change / update the Terms
and Conditions if necessary.
By attending classes at Absolute Arts, I hereby agree to
the above terms and conditions and confirm that I have read and understood
Adopted by all staff employed at Absolute Arts Performing
Date: March 2020
The General Data Protection Regulation (GDPR) ensures a
balance between an individual’s rights to privacy and the lawful processing of
personal data undertaken by organisations during the course of their business.
It aims to protect the rights of individuals about whom data is obtained,
stored, processed or supplied and requires that organisations take appropriate
security measures against unauthorised access, alteration, disclosure or
destruction of personal data. The School will protect and maintain a balance
between data protection rights in accordance with the GDPR (2018). This policy
sets out how we handle the personal data of our pupils, parents, suppliers,
employees, workers and other third parties. This policy does not form part of
any individual’s terms and conditions of employment with the School and is not
intended to have contractual effect. Changes to data protection legislation
will be monitored and further amendments may be required to this policy in
order to remain compliant with legal obligations. All members of staff are
required to familiarise themselves with its content and comply with the
provisions contained in it. Breach of this policy will be treated as a
disciplinary offence which may result in disciplinary action up to and
including summary dismissal depending on the seriousness of the breach.
SECTION 1 - DEFINITIONS
Personal data is any information relating to an individual
where the individual can be identified (directly or indirectly) from that data
alone or in combination with other identifiers we possess or can reasonably
access. This includes special category data and pseudonymised personal data but
excludes anonymous data or data that has had the identity of an individual
permanently removed. Personal data can be factual (for examples a name, email
address, location or date of birth) or an opinion about that person’s actions
or behaviour. Personal data will be stored either electronically or as part of
a structured manual filing system in such a way that it can be retrieved
automatically by reference to the individual or criteria relating to that
Special Category Data:
Previously termed “Sensitive Personal Data”, Special Category
Data is similar by definition and refers to data concerning an individual Data
Subject’s racial or ethnic origin, political or religious beliefs, trade union
membership, physical and mental health, sexuality, biometric or genetic data
and personal data relating to criminal offences and convictions.
An individual about whom such information is stored is known
as the Data Subject. It includes but is not limited to employees.
The organisation storing and controlling such information
(i.e. the School) is referred to as the Data Controller.
Processing data involves any activity that involves the use
of personal data. This includes but is not limited to: obtaining, recording or
holding data or carrying out any operation or set of operations on that data
such as organisation, amending, retrieving using, disclosing, erasing or
destroying it. Processing also includes transmitting or transferring personal
data to third parties.
Data Protection Impact Assessment (DPIA):
DPIAs are a tool used to identify risks in data processing
activities with a view to reducing them.
Criminal Records Information: This refers to personal information
relating to criminal convictions and offences, allegations, proceedings, and
related security measures.
SECTION 2 - WHEN CAN THE SCHOOL PROCESS
Data Protection Principles
The School are responsible for and adhere to the principles
relating to the processing of personal data as set out in the GDPR. The
principles the School must adhere to are:
- (1) Personal
data must be processed lawfully, fairly and in a transparent manner;
data must be collected only for specified, explicit and legitimate purposes;
data must be adequate, relevant and limited to what is necessary in relation to
the purposes for which it is processed;
data must be accurate and, where necessary, kept up to date;
data must not be kept in a form which permits identification of data subjects
for longer than is necessary for the purposes for which the data is processed;
data must be processed in a manner that ensures its security using appropriate
technical and organisational measures to protect against unauthorised or
unlawful processing and against accidental loss, destruction or damage.
Further details on each of the above principles is set out
Principle 1: Personal data must be processed lawfully, fairly
and in a transparent manner The School only collect, process and share personal data fairly and
lawfully and for specified purposes. The School must have a specified purpose
for processing personal data and special category of data as set out in the
Before the processing starts for the first time, we will
review the purposes of the particular processing activity and select the most
appropriate lawful basis for that processing. We will then regularly review
those purposes whilst processing continues in order to satisfy ourselves that
the processing is necessary for the purpose of the relevant lawful basis (i.e.
that there is no other reasonable way to achieve that purpose).
The School may only process a data subject’s personal data if
one of the following fair processing conditions are met:
· The data subject has
given their consent;
· The processing is
necessary for the performance of a contract with the data subject or for taking
steps at their request to enter into a contract;
· To protect the data
subject’s vital interests;
· To meet our legal
compliance obligations (other than a contractual obligation);
· To perform a task in the
public interest or in order to carry out official functions as authorised by
· For the purposes of the
School’s legitimate interests where authorised in accordance with data
This is provided that it would not prejudice the rights and
freedoms or legitimate interests of the data subject.
Special Category Data
The School may only process special category data if they are
entitled to process personal data (using one of the fair processing conditions
above) AND one of the following conditions are met:
· The data subject has
given their explicit consent;
· The processing is
necessary for the purposes of exercising or performing any right or obligation
which is conferred or imposed on the School in the field of employment law,
social security law or social protection law. This may include, but is not
limited to, dealing with sickness absence, dealing with disability and making
adjustments for the same, arranging private health care insurance and providing
contractual sick pay;
· Where the data has been
made public by the data subject;
· To perform a task in the
substantial public interest or in order to carry out official functions as
authorised by law;
· Where it is necessary for
the purposes of preventive or occupational medicine, for the assessment of the
working capacity of the employee, medical diagnosis, the provision of health or
social care or treatment or the management of health or social care systems and
· Where it is necessary for
reasons of public interest in the area of public health;
· The processing in necessary
for archiving, statistical or research purposes. The School identifies and
documents the legal grounds being relied upon for each processing activity.
Where the School relies on consent as a fair condition for
processing (as set out above), it will adhere to the requirements set out in
Consent must be freely given, specific, informed and be an
unambiguous indication of the data subject’s wishes by which they signify
agreement to the processing of personal data relating to them. Explicit consent
requires a very clear and specific statement to be relied upon (i.e. more than
just mere action is required).
A data subject will have consented to processing of their
personal data if they indicate agreement clearly either by a statement or
positive action to the processing. Consent requires affirmative action so
silence, pre-ticked boxes or inactivity will not amount to valid consent.
Data subjects must be easily able to withdraw consent to
processing at any time and withdrawal must be promptly honoured.
If explicit consent is required, the School will normally
seek another legal basis to process that data. However, if explicit consent is
required the data subject will be provided with full information in order to
provide explicit consent.
The School will keep records of consents obtained in order to
demonstrate compliance with consent requirements under the GDPR.
Principle 2: Personal data must be collected only for
specified, explicit and legitimate purposes
Personal data will not be processed in any matter that is
incompatible with the legitimate purposes.
The School will not use personal data for new, different or
incompatible purposes from that disclosed when it was first obtained unless we
have informed the data subject of the new purpose (and they have consented
Principle 3: Personal data must be adequate, relevant and
limited to what is necessary in relation to the purposes for which it is
The School will only process personal data when our
obligations and duties require us to. We will not collect excessive data and
ensure any personal data collected is adequate and relevant for the intended
When personal data is no longer needed for specified
purposes, the School shall delete or anonymise the data.
Principle 4: Personal data must be accurate and, where
necessary, kept up to date
The School will endeavour to correct or delete any inaccurate
data being processed by checking the accuracy of the personal data at the point
of collection and at regular intervals afterwards.
We will take all reasonable steps to destroy or amend
inaccurate or out of date personal data. Data subjects also have an obligation
to ensure that their data is accurate, complete, up to date and relevant. Data
subjects have the right to request rectification to incomplete or inaccurate
data held by the School.
Principle 5: Personal data must not be kept in a form which
permits identification of data subjects for longer than is necessary for the
purposes for which the data is processed Legitimate purposes for which the data is being processed
may include satisfying legal, accounting or reporting requirements. The School
will ensure that they adhere to legal timeframes for retaining data.
We will take reasonable steps to destroy or erase from our
systems all personal data that we no longer require. We will also ensure that
data subjects are informed of the period for which data is stored and how that
period is determined in our privacy notices.
Principle 6: Personal data must be processed in a manner that
ensures its security using appropriate technical and organisational measures to
protect against unauthorised or unlawful processing and against accidental
loss, destruction or damage
In order to assure the protection of all data being
processed, the School will develop, implement and maintain reasonable safeguard
and security measures. This includes using measures such as:
· Pseudonymisation (this is
where the School replaces information that directly or indirectly identifies an
individual with one or more artificial identifiers or pseudonyms so that the
person to whom the data relates cannot be identified without the use of
additional information which is meant to be kept separately and secure);
· Ensuring authorised
access (i.e. that only people who have a need to know the personal data are
authorised to access it);
· Adhering to
· Ensuring personal data is accurate and suitable for
the process for which it is processed.
The School follow procedures and technologies to ensure
security and will regularly evaluate and test the effectiveness of those
safeguards to ensure security in processing personal data.
The School will only transfer personal data to third party
service providers who agree to comply with the required policies and procedures
and agree to put adequate measures in place.
Sharing Personal Data
The School will generally not share personal data with third
parties unless certain safeguards and contractual arrangements have been put in
place. These include if the third party:
· Has a need to know the
information for the purposes of providing the contracted services;
· Sharing the personal data
complies with the privacy notice that has been provided to the data subject
and, if required, the data subject’s consent has been obtained;
· The third party has
agreed to comply with the required data security standards, policies and
procedures and put adequate security measures in place;
· The transfer complies
with any applicable cross border transfer restrictions; and
· A fully executed written
contract that contains GDPR approved third party clauses has been obtained.
There may be circumstances where the School is required
either by law or in the best interests of our pupils, parents or staff to pass
information onto external authorities, for example, the local authority. These
authorities are up to date with data protection law and have their own policies
relating to the protection of any data that they receive or collect.
The intention to share data relating to individuals to an
organisation outside of our School shall be clearly defined within written
notifications and details and basis for sharing that data given.
Transfer of Data Outside the European Economic Area (EEA)
The GDPR restricts data transfers to countries outside the
EEA in order to ensure that the level of data protection afforded to individuals
by the GDPR is not undermined. The School will not transfer data to another
country outside of the EEA without appropriate safeguards being in place and in
compliance with the GDPR. All staff must comply with the School’s guidelines on
transferring data outside of the EEA. For the avoidance of doubt, a transfer of
data to another country can occur when you transmit, send, view or access that
data in that particular country.
SECTION 3 - DATA SUBJECT’S RIGHTS AND
Personal data must be made available to data subjects as set
out within this policy and data subjects must be allowed to exercise certain
rights in relation to their personal data. The rights data subjects have in
relation to how the School handle their personal data are set out below:
consent is relied upon as a condition of processing) To withdraw consent to
processing at any time;
certain information about the School’s processing activities;
access to their personal data that we hold;
(d) Prevent our
use of their personal data for marketing purposes;
(e) Ask us to
erase personal data if it is no longer necessary in relation to the purposes
for which it was collected or processed or to rectify inaccurate data or to
complete incomplete data;
processing in specific circumstances;
processing which has been justified on the basis of our legitimate interests or
in the public interest;
(h) Request a
copy of an agreement under which personal data is transferred outside of the
(i) Object to
decisions based solely on automated processing;
processing that is likely to cause damage or distress to the data subject or
(k) Be notified
of a personal data breach which is likely to result in high risk to their
rights and freedoms;
(l) Make a
complaint to the supervisory authority; and
(m) In limited
circumstances, receive or ask for their personal data to be transferred to a
third party in a structured, commonly used and machine readable format.
If any request is made to exercise the rights above, it is a
requirement for the relevant staff member within the School to verify the
identity of the individual making the request.
Subject Access Requests
A Data Subject has the right to be informed by the School of
that their data is being processed;
(b) Access to
their personal data;
description of the information that is being processed;
(d) The purpose
for which the information is being processed;
(e) The recipients/class
of recipients to whom that information is or may be disclosed;
(f) Details of
the School’s sources of information obtained;
(g) In relation
to any Personal Data processed for the purposes of evaluating matters in
relation to the Data Subject that has constituted or is likely to constitute
the sole basis for any decision significantly affecting him or her, to be
informed of the logic of the Data Controller’s decision making. Such data may
include, but is not limited to, performance at work, creditworthiness,
reliability and conduct.
Any Data Subject who wishes to obtain the above information
must notify the School in writing of his or her request. This is known as a
Data Subject Access Request.
The request should in the first instance be sent to the
School Business Manager.
The School are subject to certain rules and privacy laws when
marketing. For example a data subject’s prior consent will be required for
electronic direct marketing (for example, by email, text or automated calls).
The School will explicitly offer individuals the opportunity
to object to direct marketing and will do so in an intelligible format which is
clear for the individual to understand. The School will promptly respond to any
individual objection to direct marketing.
Employees may have access to the personal data of other
members of staff, suppliers, parents or pupils of the School in the course of
their employment or engagement. If so, the School expects those employees to
help meet the School’s data protection obligations to those individuals.
Specifically, you must:
Only access the personal data that you have authority to access, and only for
· Only allow others to
access personal data if they have appropriate authorisation;
· Keep personal data secure
· Not to remove personal
data or devices containing personal data from the School premises unless
appropriate security measures are in place (such as Pseudonymisation,
encryption, password protection) to secure the information;
· Not to store personal information on local drives.
SECTION 4 - ACCOUNTABILITY
The School will ensure compliance with data protection
principles by implementing appropriate technical and organisational measures.
We are responsible for and demonstrate accountability with the GDPR principles.
The School have taken the following steps to ensure and
document GDPR compliance: - Data Protection Officer (DPO)
Please find below details of the School’s Data Protection
- Data Protection Officer:
192 Station Rd,
The DPO is responsible for overseeing this data protection
policy and developing data
policies and guidelines.
Please contact the DPO with any
questions about the operation of this Data Protection Policy or the GDPR or if
you have any concerns that this policy is not being or has not been followed.
In particular, you must always contact the DPO in the following circumstances:
(a) If you are
unsure of the lawful basis being relied on by the School to process personal
(b) If you need
to rely on consent as a fair reason for processing (please see below the
section on consent for further detail);
(c) If you need
to draft privacy notices or fair processing notices;
(d) If you are
unsure about the retention periods for the personal data being processed but
would refer you to the School’s data retention policy in the first instance;
(e) If you are
unsure about what security measures need to be put in place to protect personal
(f) If there has
been a personal data breach and would refer you to the procedure set out in the
School’s breach notification policy;
(g) If you are
unsure on what basis to transfer personal data outside the EEA;
(h) If you need
any assistance dealing with any rights invoked by a data subject;
(i) Whenever you
are engaging in a significant new (or a change in) processing activity which is
likely to require a data protection impact assessment or if you plan to use
personal data for purposes other than what it was collected for;
(j) If you plan
to undertake any activities involving automated processing or automated
(k) If you need
help complying with applicable law when carrying out direct marketing
(l) If you need
help with any contracts or other areas in relation to sharing personal data
with third parties.
Personal Data Breaches
The GDPR requires the School to notify any applicable
personal data breach to the Information Commissioner’s Office (ICO).
We have put in place procedures to deal with any suspected
personal data breach and will notify data subjects or any applicable regulator
where we are legally required to do so.
If you know or suspect that a personal data breach has
occurred, do not attempt to investigate the matter yourself. Immediately
contact the DPO.
Transparency and Privacy
Notices The School will provide detailed, specific
information to data subjects. This information will be provided through the
School’s privacy notices which are concise, transparent, intelligible, easily
accessible and in clear and plain language so that a data subject can easily
understand them. Privacy notices sets out information for data subjects about
how the School use their data and the School’s privacy notices are tailored to
suit the data subject.
Whenever we collect personal data directly from data
subjects, including for human resources or employment purposes, we will provide
the data subject with all the information required by the GDPR including the
identity of the data protection officer, the School’s contact details, how and
why we will use, process, disclose, protect and retain personal data.
When personal data is collected indirectly (for example from
a third party or publicly available source), we will provide the data subject
with the above information as soon as possible after receiving the data. The
School will also confirm whether that third party has collected and processed
data in accordance with the GDPR.
Notifications shall be
in accordance with ICO guidance and, where relevant, be written in a form
understandable by those defined as “children” under the GDPR.
Privacy by Design
The School adopt a privacy by design approach to data
protection to ensure that we adhere to data compliance and to implement
technical and organisational measures in an effective manner.
Privacy by design is an approach that promotes privacy and
data protection compliance from the start. To help us achieve this, the School
takes into account the nature and purposes of the processing, any cost of
implementation and any risks to rights and freedoms of data subjects when
implementing data processes.