Lisa Hurst Dance - General Data Protection Regulation/Privacy Policy
Lisa Hurst Dance during this document may also be referred to as “Our”, “Us” and “We”
General Data Protection Regulation may also be referred to as ‘GDPR” within this document.
Statement
GDPR replaces the previous Data Protection Act of 2008. The new directives were approved by the EU Parliament in 2016 and came into effect on the 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’. It also states that an individuals data is not processed without their knowledge and it is only processed with their ‘explicit’ consent. It allows individuals the right to know what information is held about them, to be able to amend that information or have the right for that information to be deleted.
GDPR means that Lisa Hurst Dance must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them
Lisa Hurst Dance is committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents, visitors and staff personal data and to ensure that personal information is handled properly.
While Lisa Hurst Dance avoids sharing data with third parties at most times, some data is shared in accordance with our business practices. The sharing of data with third parties will always be consensual with the data subject and/or their parent/guardian, and only if Lisa Hurst Dance is satisfied that their Data Protection policy is GDPR compliant.
Lisa Hurst Dance is registered with the ICO (Information Commissioners Office) under
registration reference: ZA376438
The Data Protection Officer (DPO) is: Lisa Hurst. She can be contacted at [email protected]
The Policy
This policy explains important information you need to know about how personal data is used, processed, shared and stored. We have determined the lawful reasons with which Lisa Hurst Dance processes personal data:
There is also some limited data we process with consent from the Data Subject; Consent – GDPR Article 6(1)(a).
Main Aims for the policy:
GDPR HAS 7 RIGHTS FOR INDIVIDUALS
1) THE RIGHT TO BE INFORMED
What information do we gather?
Lisa Hurst Dance is a registered dance provider with the United Kingdom Alliance (UKA). We are required to collect and manage certain data to be able to run dance classes and to comply with child protection as well as health and safety regulations.
We need to know parent’s names, telephone numbers and email addresses as well as emergency contact details. We also need to know children’s’ full names, date of birth, classes attended/paid along with any SEN or medical requirements.
During classes photo’s/videos may be taken of students to use for marketing material as well as on social medial platforms. (Separate consent is taken for this)
Lisa Hurst Dance will also collect measurements of children/adults if they have agreed to take part in events including our annual show and competitions. This information is needed to be able to purchase costumes.
As an employer Lisa Hurst Dance is required to hold data on its Volunteers and Teachers. This information includes names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers, photographic ID such as passport and driver’s license and bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK. DBS Numbers and date of issue are also held in a encrypted file.
How do we process this information, and for what purpose?
The information we gather is collected when parents sign up to our online parent portal through Dance Studio Pro or if they provide their details when they contact us through different platforms including Phone, Email and Social Medial Platforms like Facebook.
We require these personal details for a number of reasons detailed below:
* We will send email confirmation of booked classes and invoices for those classes. We will also contact individuals if classes are cancelled, if an emergency occurs whilst your child is in our care or if we need to contact you regarding your child before or after class as well as information relating to shows, competitions and exams that a child has been signed up for.
2) THE RIGHT OF ACCESS AND RECTIFICATION
What rights do you have to access and change your information?
Individuals have the right to a copy of the information we have collected of them. Additionally, they are entitled to have inaccurate personal data rectified or destroyed.
At any point an individual can make a request relating to their data and Lisa Hurst Dance will need to provide a response (within 1 month). Lisa Hurst Dance can refuse a request, if we have a lawful obligation to retain data. For example; a legal injunction. We will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.
Our online system through Dance Studio Pro allows individuals to access their own personal data we have of them and their children. This is accessed securely by the username and password provided to you. You will be the only one that can access your own information.
Within this online portal individuals are able to correct their own data if it is inaccurate. Alternatively please contact us as we welcome any amendments you may suggest, as it is also our obligation to keep any data we collect as accurate as reasonably possible.
3) THE RIGHT TO ERASURE
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Lisa Hurst Dance has a legal duty to keep children’s and parents details for a reasonable time.
Lisa Hurst Dance retention records:
* General Enquiries - 6 months
*see appendices at the end of this policy for retention periods for all aspects of Lisa Hurst Dance’s business*
You have the right to ask us to remove your personal information at any time. This can be done by individuals via the right to be forgotten button in the online portal or by emailing us at [email protected].
4) THE RIGHT TO RESTRICT PROCESSING
Parents, visitors and staff can object to Lisa Hurst Dance processing their data. This means that records will be stored but must not be used in any way, for example sending email marketing communications. However; we will still contact you for legitimate purposes. For example; if classes are cancelled and for sending invoices.
5) THE RIGHT TO DATA PORTABILITY
Lisa Hurst Dance requires data to be transferred from one IT system to another; such as from Lisa Hurst Dance to the Local Authority, for performance BOPA licences, and dance Associations for examinations. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) THE RIGHT TO OBJECT
Parents, visitors and staff can object to their data being used for certain activities like marketing or research.
7) THE RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING INCLUDING PROFILING.
Automated decisions and profiling are used for marketing based organisations. Lisa Hurst Dance does not use personal data for such purposes.
Storage and Security
Who has access to your information and who do we share it with?
Information about individual children is used in certain documents, such as, a weekly register, medication forms, referrals to external agencies and disclosure forms. These documents include data such as children's names, date of birth and sometimes addresses. These records are shredded after the relevant retention period.
Members of Staff at Lisa Hurst Dance
Lisathe owner/teacher from Lisa Hurst Dance is the only member of staff who has access to all personal details on the Dance Studio Pro Parent Portal as she is the data controller. This information is password protected.
Other teachers will only have access to student names, emergency contact details including medical conditions of students of the classes they teach to be able to run classes safely. They will have no access to any other information.
The administrative assistant only has access to names and email addresses to be able to contact you on behalf of Lisa Hurst Dance. They will contact you regarding the booking of classes, cancellations, payments and other tasks relating to the classes you have signed up for.
For the purpose of shows and exams Lisa will only share information with teachers/admin assistants who may contact parents on behalf of Lisa Hurst Dance regarding the events they have signed up for. We will also share relevant information with chaperones (only the students they are looking after) as we have to compile with safeguarding laws and health and safety regulations.
Other Organisations
Lisa Hurst Dance does not actively share data with third parties, however there are certain instances where sharing information is crucial to our business processes.
Lisa Hurst Dance is satisfied that their GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained. For more information please find their privacy policies here: https://www.lincolnshire.gov.uk/privacy
* Lincolnshire Safeguarding Children’s Board: In the unlikely event Lisa Hurst Dance has a safeguarding concern in relation to one of its participants, we are legally required to provide data to the safeguarding board at the local council.
Lisa Hurst Dance is satisfied that their GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.
We have a closed parent facebook group. This group and its members are visible to everyone who searches and finds the group. However, only members of the group can comment and see the posts.
Only Lisa Hurst and the admin assistant on behalf of Lisa Hurst Dance are able to approve members into the group. The group is designed so that parents can get up to date information on Lisa Hurst Dance. If a child is no longer part of the school parents will be deleted from the group.
By requesting to join the Lisa Hurst Dance Parent group you are agreeing to both facebook and Lisa Hurst Dance privacy policy.
All the information is processed by facebook. Any information sent to us through this platform cannot be deleted by us.
Please find their privacy policy here: https://www.facebook.com/about/privacy/update. Lisa Hurst Dance is satisfied that facebook is GDPR compliant.
From time to time we may use other 3rd party data processors including Dropbox and Mailchimp.
However, all the organisations we use we are satisfied they are compliant with GDPR. Please visit their websites for full details on what they do with this data.
Dance Studio Pro - Personal and Sensitive data is added to Dance Studio Pro. Lisa Hurst Dance is satisfied that Dance Studio Pro is GDPR compliant. Please find their privacy policy here: https://www.DanceStudio-Pro.com/privacy/
Payments for classes can be done through Dance Studio Pro. However, this is handled separately, and securely, through the company Paypal. Those details are never gathered by us and we never have access to them. Please see Paypal privacy policy for more details. It can be found here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev
We may need to share your data with other event organisers at an event you have signed up for and are attending. For example: Event Programmes. Lisa Hurst Dance may occasionally produce programmes for events. These will only ever contain the first name and first initial of a child’s last name (unless otherwise consented to). The name of a child’s class may also be included. Participants/their Parent and/or Guardians may choose if they want to be included in the programme when they agree to participate at an event.
Security
How do we protect your information?
We follow the Information Commissioner Office (ICO) and the National Cyber Security centre (NCSC) recommendations for our own data security.
All mobile devices including phones and iPads are encrypted as well as all devices being pin/password protected with fingerprint recognition. This means that all personal details cannot be accessed without these details. In an event these devices are lost or stolen thieves will not be able to access the data as pin has to be inputted for it to boot up as well as security measures in place for them to be remotely erased.
Computers used by Lisa Hurst Dance are password protected and all files with personal details are also password protected. We also have safeguarding/security measures in place such as firewalls, anti-virus and anti-malware software and these are regularly updated to ensure your personal details are safe and we are complying with the law.
We also back-up our system and documents using icloud. This information was taken from their website: “iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed in to iCloud. No one else, not even Apple, can access end-to-end encrypted information.”
More information can be found here: https://support.apple.com/en-gb/HT202303
We have our own security policy and procedures in place (which is available on request) that outlines key information including network security, physical security, access controls, secure configuration, patch management, email and internet use, data storage and maintenance and security breach / incident management.
Access to all office computers are password protected and only staff members have access to this. A contract is in place that restricts staff members for disclosing any personal data/sharing data unless instructed by Lisa from Lisa Hurst Dance. When a member of staff leaves the company these passwords are changed in line with this policy and our Safeguarding policy. Any portable data storage used to store personal data, e.g. USB Hard Drive, are password protected and/or stored in a locked filing cabinet.
All paper copies of personal data this includes registers, staff records, event sign-up and photography and video consent are kept in a locked filing cabinet at the office of Lisa Hurst Dance. Only Lisa Hurst of Lisa Hurst Dance will have access to these files paper files. These records are shredded after the retention period.
Lisa Hurst Dance stores personal data held visually in photographs or video clips or as sound recordings (Prior consent will have been obtained ) on a password protected device or on the computer of Lisa Hurst Dance. No names are stored with images in photo albums, displays, on the website or on Lisa Hurst Dance’s social media sites.
Our Payment Processor (Paypal) use their own security measures to keep your personal banking details safe, including safeguards such as firewalls and data encryption. Please see their privacy policy for more information.
Data Breeches
If Lisa Hurst Dance experiences a data breech of any kind, we have a legal obligation to report this to ICO within 72 hours. The data breech will be reported by the DPO.
Lisa Hurst Dance will also inform all the victims of the data breech as soon as possible if there is a high risk of adversely affecting individuals’ rights and freedoms.
Lisa Hurst Dance will store and record all data breeches.
Training and Data Protection in Practice
All members of staff (PAYE, Freelance and Voluntary) must agree to this Data Protection policy prior to accepting a contract of employment.
Training is supplied as part of management and supervision. It is also included in all induction and training periods. All current staff have been provided and participated in training around the new data protection rules and regulations as well as signing a new agreement accepting these new terms.
Non-Compliance
If you feel that there has been a breach in your personal data or if you think we have not complied with the data protection law you are able to contact the ICO for an investigation. However. in the first instance please contact us.
Complaints: Complaints in regard to the handling of any personal data can be made directly to
Lisa Hurst Dances’ DPO: Lisa Hurst
Email: [email protected]
Telephone: 07715 406911
Address: The Old Boiler House (Birchwood Community Hall), 278 Woodifeld Avenue, Lincoln, LN6 0LT
If you feel that your complaint was not handled in the correct manner, or still have concerns, you may escalate the complaint by either contacting by contacting the Independent Commissioner’s Office (ICO).
ICO Telephone Number: 0303 123 1113
Use of Cookies on www.lisahurstdance.co.uk
When you provide us with personal information via our website or via Dance Studio Pro we use "cookies". A cookie is a short amount of data that is sent to your browser by a Web server and can only be read back by the server that sent it to you. A cookie functions as your identification card and we may use it to track your bookings, log your IP address, or record other information about you. Cookies cannot be executed as code or deliver viruses. Most browsers are able to accept cookies. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to accept it. If you decline to accept a cookie sent by us you may not be able to access certain functions of the site such as online booking. (A separate Cookies policy can be found on our website www.lisahurstdance.co.uk or available on request)