Generation Dance is committed to protecting you and your dependents’ personal information. We are committed to providing a safe environment for all our customers, employees, casual and freelance workers and everybody who comes into contact with us, both physically and virtually (online). This Privacy Statement relates to the use of any personal information provided to us online or via application forms, telephone, email exchange, letters or correspondence.
Whenever you provide such information, we are legally obliged to use your information in line with current legislation concerning the protection of personal information, including the Data Protection Act 1998 and the General Data Protection Regulations.
DATA PROTECTION PRINCIPLES
The legislation sets out various data protection principles. These include that personal information is:
The legislation conveys various individual rights. These include the following:
WHAT INFORMATION DOES GENERATION DANCE HAVE ABOUT ME?
The legislation requires that there is a clear legal basis for processing personal information. In general Generation Dance relies on the individual’s consent in order to process their data.
When you participate in or sign up to any Generation Dance class, activity or workshop, we may collect and store personal information about you. This can consist of information such as your name, email address, postal address, telephone or mobile number and date of birth, depending on how you are engaging with us. By submitting your details, you enable us to provide you with the products or services that you have selected.
When taking pictures of students in class or filming performances, Generation Dance ask for parental permission. Generation Dance may use the images resulting from the photography/video filming, and any reproductions or adaptations of the images for fundraising, publicity or other purposes to help achieve the group’s aims. This might include (but is not limited to), the right to use them in their printed and online publicity, social media, press releases and funding applications.
Generation Dance does NOT share your personal information with third parties, unless clearly stated. We do NOT sell your data, and neither do we buy data from third parties.
HOW WILL YOU USE MY PERSONAL INFORMATION?
USE OF DATA PROCESSORS
Data processors are third parties who provide services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. The following is a list of our main data processors.
When sending letters, parcels, publications and purchases we will share your postal address with the delivery service (Normally Royal Mail or Parcel Force).
We use a third party service, Go Daddy to host our website. Go Daddy are contractually obliged to treat any information on our private website as confidential and only use such information for the purpose of providing Generation Dance with web hosting.
A DBS checking service for Generation Dance teachers and chaperones is provided by Due Diligence Checking Ltd. Information provided by them to Generation Dance will only be shared with the individual concerned. The records are kept for 3 years and then deleted.
If you are under 18 and you provide us with information on an application form (online or printed), your parent(s)/guardian(s) permission will be required.
We keep the information we hold about our customers and students for as long as is necessary to deliver the services we are providing you with.
HOW LONG WILL WE KEEP PERSONAL INFORMATION?
We use secure technologies to help protect your personal information from unauthorised access, use or disclosure. We store personal information you provide on computer systems which have carefully controlled access and which are located in secure facilities.
The security measures described above ensure that all reasonable steps are taken to protect your personal information. However, the nature of the Internet means that an absolute guarantee of security cannot be offered, and, as with all Internet transactions, you should be aware that there may be a small security risk when disclosing information online.
WHERE IS THE INFORMATION STORED?
You have the right to access certain personal information held about you. If you wish to make a Data Subject Access Request, please contact
CAN I FIND OUT WHAT PERSONAL INFORMATION GENERATION DANCE HOLDS ABOUT ME?
We may disclose your information to governmental agencies or entities, regulatory authorities, or other persons in line with any applicable law, regulations, court order or official request.
GENERATION DANCE GDPR POLICY
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection Directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals.
Generation Dance is committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents, visitors and staff personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GENERAL DATA PROTECTION REGULATION POLICY STATEMENT
1) THE RIGHT TO BE INFORMED
Generation Dance is required to collect and manage certain data. We need to know parent’s names, addresses, telephone numbers, email addresses. We need to know children’s’ full names, addresses, date of birth along with any SEN or medical requirements.
We are required to collect certain details of visitors and chaperones to our dance school. We need to know visitors and chaperones names, telephone numbers, and where appropriate company name. This is in respect of our Health and Safety and Safeguarding Policies.
Although our teachers are freelance, Generation Dance is required to hold data on its Teachers; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers and in some cases, photographic ID such as passport and driver’s license, bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK. This information is sent via a secure file transfer system to DDC for the processing of DBS checks. DBS Numbers and date of issue are also held on a central staffing record. Copies of teachers DBS are shared with the respective schools in which the teachers work in for Safeguarding purposes.
2) THE RIGHT OF ACCESS
At any point an individual can make a request relating to their data and Generation Dance will need to provide a response (within 1 month). Generation Dance can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.
3) THE RIGHT TO ERASURE
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However Generation Dance has a legal duty to keep children’s and parents details for a reasonable time, Generation Dance retain these records for 3 years after leaving the dance school, children's accident and injury records for 19 years (or until the child reaches 21 years), and 22 years (or until the child reaches 24 years) for Child Protection records.
Teachers records must be kept for 6 years after the member of leaves, before they can be erased.
This data is archived securely onsite and shredded after the legal retention period.
4) THE RIGHT TO RESTRICT PROCESSING
Parents, visitors and staff can object to Generation Dance processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.
5) THE RIGHT TO DATA PORTABILITY
Generation Dance requires data to be transferred from one IT system to another; such as from Generation Dance to the Local Authority, for performance BOPA licences. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) THE RIGHT TO OBJECT
Parents, visitors and staff can object to their data being used for certain activities like marketing or research.
7) THE RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING INCLUDING PROFILING
Automated decisions and profiling are used for marketing based organisations. Generation Dance does not use personal data for such purposes.
GDPR INCLUDES 7 RIGHTS FOR INDIVIDUALS
All paper copies of children's and staff records are kept in a locked filing cabinet. Members of staff can have access to these files but information taken from the files about individual children is confidential and apart from archiving, these records remain at the address at all times. These records are shredded after the retention period.
Information about individual children is used in certain documents, such as, a weekly register, medication forms, referrals to external agencies and disclosure forms. These documents include data such as children's names, date of birth, contact numbers and sometimes address. These records are shredded after the relevant retention period.
Generation Dance collects a large amount of personal data every year including; names and addresses of those on the waiting list. These records are shredded if the child does not attend or added to the child’s file and stored appropriately.
Generation Dance stores personal data held visually in photographs or video clips or as sound recordings, and written consent has been obtained via tour terms and conditions form. No full names are stored with images in photo albums, displays, on the website or on Generation Dance’s social media sites.
Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a locked filing cabinet.
STORAGE AND USE OF PERSONAL INFORMATION