Liberty School of Dance

Privacy Policy

DATA PROTECTION POLICY 1. This document describes the means by which Liberty School of Dance will comply with new EU regulations known as the General Data Protection Regulation (GPDR), which came into force on 25 May 2018 and updated the UK Data Protection Act 1998. 2. The lawful basis for the collection and storing of data is that Liberty School of Dance needs to know, for each student, their name, age and contact details of parents/guardians. Without this information the school cannot run its weekly classes. 3. To comply with the GPDR Liberty School of Dance will: a. Appoint a Data Controller responsible to the school for implementation of this Policy. b. Provide all students and parents/guardians with a GPDR Privacy Notice explaining why data is being collected and what will be done with it. c. Ensure that all students’ parents/guardians positively ‘opt in’ to their data being collected. d. Ensure that electronically-held personal data is password-protected. e. Ensure that reasonable and proportionate measures are taken to prevent unauthorised viewing or theft of hard-copy personal data. f. Respond to any subject access request within the statutory 30 days. The Data Controller is responsible for responding to subject access requests. g. Normally retain data indefinitely for the purpose of maintaining a historical record but remove an individual’s data if asked to do so via a subject access request. h. Only collect personal data that is necessary for the running of Liberty School of Dance, as follows: • contact details of students (name, date of birth, address, telephone and email address); • medical conditions (which may affect the students learning of dance and wellbeing during lessons) and surgery name (in case of an emergency) • contact details of an emergency contact (name and telephone number); • basic contact details (name, address and phone number) of teachers and volunteers. i. From time to time, process post hoc aggregated data for the purpose of managing the school (for example, estimating how much time must be allocated for classes and performances). j. Place this policy and the GPDR on the school website.   4. Liberty School of Dance will not: a. Place any personal data online or on the school website, other than posting the forenames of students involved in newsworthy events. b. Share personal data with any other organisation. c. Be responsible for data relating to the school which has been collected by other persons or agencies (for example, the Royal Academy of Dance or Imperial Society of Dance). 5. This policy has been approved by the school principal. All questions regarding this policy should be addressed to the Data Controller.   ORWELL DANCE GDPR PRIVACY NOTICE Introduction New EU regulations known as the General Data Protection Regulation (GPDR) will come into force on 25 May 2018. The GPDR places significant additional responsibilities, over and above those defined in the Data Protection Act 1998, on those who collect and process personal data to ensure that providers of personal data understand the lawful basis for the collection and processing of their data. The document which explains this basis is known as a ‘Privacy Notice’. The present document constitutes the Orwell Dance Privacy Notice. What personal data does the School need to collect? For each student of the school the name, date of birth, contact details (address, telephone and email), and medical information. Who is collecting the data? The data will be collected by the school principal. How is the data collected? Data is mainly collected by means of paper enrolment forms, although some forms are sent electronically by e-mail. Why does the School need to collect this data? Self-evidently, the school must know the names of students in order to communicate within the class, their ages, contact details (in order to communicate information about the school) and medical information (so that teachers are aware of any medical conditions which may affect the learning of dance and students wellbeing). How will the data be used? Data will be input to a class management software called ‘Class manager.’ This is used to generate class lists/registers and a summary of school fees for each student. It will also be used, in combination with information from class teachers, to aid management planning of lessons, exams and performances. Parents/Guardians will receive emails from this software as well as from the school mailing address. To ensure the wellbeing of children during lesson and rehearsal times, the class teacher will have a hard copy of the child’s name, emergency contact (name and telephone number) and any medical conditions. With whom will the data be shared? The database itself is routinely accessible by the school principal, Mrs Marina O’Brien, although from time to time other teachers within the school may be given supervised access as and when required. None of the data will be placed online or shared with any outside agency or organisation. None of the data will be sold to or shared with any other organisation. The school does not receive commercial sponsorship. Does anyone else associated with the school collect data? The Royal Academy of Dance, the Imperial Society of Teachers of Dancing, and the British Federation of Festivals will require student details (names, dates of birth and gender) for exam and competition entries. These organisations have their own Data Protection Policies. Orwell Dance will require you to OPT IN before any entry data is submitted on entry forms. Can I see my data or ask for it to be deleted? You have the right to see your personal data, and to ask for it to be deleted. A request to view your data is known as a ‘subject access request’. The school is legally obliged to respond to your request within 30 days. How long will my data be kept? Paper enrolment forms will normally be kept for approximately one month (until the information has been recorded electronically) and then destroyed either by shredding or burning. The school has no timescale for the erasing of electronically held data. These data form a historical record of the school and the aim is to preserve that record. The school has been running continuously since 2012 but the new software system on which information is stored has only be running since February 2019. We would therefore like to maintain a reasonable historical record from then on. If you would like your details erased from the historic record you should make a subject access request. Your data will then be anonymised in the database. How secure is my data? Electronic data is held in a password-protected database and a backup copy maintained. None of the data is accessible online. Paper documents (eg. enrolment forms) are kept in a private dwelling with normal domestic security measures in place before they are destroyed; the school will take reasonable measures to ensure that the paper data is not lost or stolen or viewed by unauthorised persons but does not guarantee to store it under lock and key. E-mail communications are not subject to special encryption measures. The GDPR mandates procedures which must be followed for reporting a breach or suspected breach of data security. How will the new measures affect the registration process in future years? You will need to tick a lot more boxes in future to make it clear that you understand data collection issues and have ‘opted in’. A requirement of the GPDR is that providers of personal data must positively ‘opt in’ to having their data collected; it is no longer permissible to assume that ‘silence gives consent’. DATA PROTECTION POLICY 1. This document describes the means by which Liberty School of Dance will comply with new EU regulations known as the General Data Protection Regulation (GPDR), which came into force on 25 May 2018 and updated the UK Data Protection Act 1998. 2. The lawful basis for the collection and storing of data is that Liberty School of Dance needs to know, for each student, their name, age and contact details of parents/guardians. Without this information the school cannot run its weekly classes. 3. To comply with the GPDR Liberty School of Dance will: a. Appoint a Data Controller responsible to the school for implementation of this Policy. b. Provide all students and parents/guardians with a GPDR Privacy Notice explaining why data is being collected and what will be done with it. c. Ensure that all students’ parents/guardians positively ‘opt in’ to their data being collected. d. Ensure that electronically-held personal data is password-protected. e. Ensure that reasonable and proportionate measures are taken to prevent unauthorised viewing or theft of hard-copy personal data. f. Respond to any subject access request within the statutory 30 days. The Data Controller is responsible for responding to subject access requests. g. Normally retain data indefinitely for the purpose of maintaining a historical record but remove an individual’s data if asked to do so via a subject access request. h. Only collect personal data that is necessary for the running of Liberty School of Dance, as follows: • contact details of students (name, date of birth, address, telephone and email address); • medical conditions (which may affect the students learning of dance and wellbeing during lessons) and surgery name (in case of an emergency) • contact details of an emergency contact (name and telephone number); • basic contact details (name, address and phone number) of teachers and volunteers. i. From time to time, process post hoc aggregated data for the purpose of managing the school (for example, estimating how much time must be allocated for classes and performances). j. Place this policy and the GPDR on the school website.   4. Liberty School of Dance will not: a. Place any personal data online or on the school website, other than posting the forenames of students involved in newsworthy events. b. Share personal data with any other organisation. c. Be responsible for data relating to the school which has been collected by other persons or agencies (for example, the Royal Academy of Dance or Imperial Society of Dance). 5. This policy has been approved by the school principal. All questions regarding this policy should be addressed to the Data Controller.   ORWELL DANCE GDPR PRIVACY NOTICE Introduction New EU regulations known as the General Data Protection Regulation (GPDR) will come into force on 25 May 2018. The GPDR places significant additional responsibilities, over and above those defined in the Data Protection Act 1998, on those who collect and process personal data to ensure that providers of personal data understand the lawful basis for the collection and processing of their data. The document which explains this basis is known as a ‘Privacy Notice’. The present document constitutes the Orwell Dance Privacy Notice. What personal data does the School need to collect? For each student of the school the name, date of birth, contact details (address, telephone and email), and medical information. Who is collecting the data? The data will be collected by the school principal. How is the data collected? Data is mainly collected by means of paper enrolment forms, although some forms are sent electronically by e-mail. Why does the School need to collect this data? Self-evidently, the school must know the names of students in order to communicate within the class, their ages, contact details (in order to communicate information about the school) and medical information (so that teachers are aware of any medical conditions which may affect the learning of dance and students wellbeing). How will the data be used? Data will be input to a class management software called ‘Class manager.’ This is used to generate class lists/registers and a summary of school fees for each student. It will also be used, in combination with information from class teachers, to aid management planning of lessons, exams and performances. Parents/Guardians will receive emails from this software as well as from the school mailing address. To ensure the wellbeing of children during lesson and rehearsal times, the class teacher will have a hard copy of the child’s name, emergency contact (name and telephone number) and any medical conditions. With whom will the data be shared? The database itself is routinely accessible by the school principal, Mrs Marina O’Brien, although from time to time other teachers within the school may be given supervised access as and when required. None of the data will be placed online or shared with any outside agency or organisation. None of the data will be sold to or shared with any other organisation. The school does not receive commercial sponsorship. Does anyone else associated with the school collect data? The Royal Academy of Dance, the Imperial Society of Teachers of Dancing, and the British Federation of Festivals will require student details (names, dates of birth and gender) for exam and competition entries. These organisations have their own Data Protection Policies. Orwell Dance will require you to OPT IN before any entry data is submitted on entry forms. Can I see my data or ask for it to be deleted? You have the right to see your personal data, and to ask for it to be deleted. A request to view your data is known as a ‘subject access request’. The school is legally obliged to respond to your request within 30 days. How long will my data be kept? Paper enrolment forms will normally be kept for approximately one month (until the information has been recorded electronically) and then destroyed either by shredding or burning. The school has no timescale for the erasing of electronically held data. These data form a historical record of the school and the aim is to preserve that record. The school has been running continuously since 2012 but the new software system on which information is stored has only be running since February 2019. We would therefore like to maintain a reasonable historical record from then on. If you would like your details erased from the historic record you should make a subject access request. Your data will then be anonymised in the database. How secure is my data? Electronic data is held in a password-protected database and a backup copy maintained. None of the data is accessible online. Paper documents (eg. enrolment forms) are kept in a private dwelling with normal domestic security measures in place before they are destroyed; the school will take reasonable measures to ensure that the paper data is not lost or stolen or viewed by unauthorised persons but does not guarantee to store it under lock and key. E-mail communications are not subject to special encryption measures. The GDPR mandates procedures which must be followed for reporting a breach or suspected breach of data security. How will the new measures affect the registration process in future years? You will need to tick a lot more boxes in future to make it clear that you understand data collection issues and have ‘opted in’. A requirement of the GPDR is that providers of personal data must positively ‘opt in’ to having their data collected; it is no longer permissible to assume that ‘silence gives consent’.