Momentum Dance

Privacy Policy

PRIVACY POLICY

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. It has been agreed that Lorna Blacker, will be appointed as Data Protection Officer (DPO) and is therefore responsible for the safe storage of information relating to our students and parents. This notice will provide information on how we, Momentum Dance are complying with this regulation.

Purpose and Statement:

Momentum Dance is committed to ensuring the data processed by our company remains safe and secure.

This policy has been written in line with legislative change, including both the Data Protection Act (1998) and the EU’s General Data Protection Regulation (GDPR).

Momentum Dance has determined the lawful reasons with which it processes personal data:

Legal obligation – GDPR Article 6(1)(c)

Legitimate interest – GDPR Article 6(1)(f)

Contract – GDPR Article 6(1)(b)

There is also some limited data we process with consent from the Data Subject; Consent – GDPR Article 6(1)(a).  

While Momentum Dance avoids sharing data with third parties at most times, some data is shared in accordance with our business practices. The sharing of data with third parties will always be consensual with the data subject and/or their parent/guardian, and only if Momentum Dance is satisfied that their Data Protection policy is GDPR compliant.

 Main Aims for the policy:

·       Specify the data Momentum Dance collects, how it is         stored/protected and the reason for collecting it

·      State how Momentum Dance use’s personal data in processing

·      Disclose who has access to the data and how long we retain information for

·      Explain Data Subject’s rights with Momentum Dance data including access, rectification and erasure

The GDPR includes the following rights for individuals:

·      the right to be informed

·      the right of access

·      the right to rectification

·      the right to erasure

·      the right to restrict processing

·      the right to data portability

·      the right to object

·      the right not to be subject to automated decision-making including profiling

General Principles

Momentum Dance is committed to providing fair and understandable privacy policies in relation to personal data. Momentum Dance will, at all times, keep data in secure locations (including, but not limited to, encrypted and access restricted files and secure servers provided by Classmanager) and not retain data unnecessarily or past the retention length as set out in this policy.

Momentum Dance customers and participants supply their personal data when signing up for classes through our registration form on classmanager. This is either completed by a student or parent/guardian. Personal data may also come to us unsolicited via enquiries through our website and to our generic email account. Momentum Dance stores information about individual students in the Classmanager admin software to generate invoices, receipts and email or message students. This software is GDPR compliant and access to these files is restricted through password protection and only available to authorised staff members.

 To attend any of Momentum Dance’s activities participants/parents/guardians must agree to some processing of their personal data. This is due to Legitimate Interests – GDPR Article 6(1)(f), Legal Obligation GDPR Article 6(1)(c), Contract – Article 6(1)(b) and/or Consent – Article 6(1)(a).

Should Momentum Dance be unable to process participant’s data, we would be contravening both our Health & Safety and Child Safeguarding policies. We would also be ignoring best practice regarding working with children/vulnerable adults. Our participants must remain safe at all times, therefore information about participants must be collected in order to create registers and accurate student records. This information is also used to provide students with appropriate classes due to ability.

Personal data and some special category data is collected. Special category data is only collected with the consent of the data subject. Special category data Momentum Dance collects includes but is not limited to: Medical/Disability information and Gender. As physical activity providers it is essential that this consent is given should a participant have any medical/disability needs. This allows us to incorporate participants safely into classes. 

It is essential to our primary function (providing classes to participants) that we are provided, and allowed to process and store the following:

Participant Personal Data:

Full Name – GDPR Article 6(1)(f)

Date of Birth – GDPR Article 6(1)(f)

Home Address – GDPR Article 6(1)(f)

Sex – GDPR Article 6(1)(f)

Participant Special Category Data:

Medical Information/History – GDPR Article 9 (a)

Disability Information – GDPR Article 9 (a)

Customer Personal Data:

Name – GDPR Article 6(1)(f)

Address – GDPR Article 6(1)(f)

Email Address – GDPR Article 6(1)(f)

Mobile Telephone Number – GDPR Article 6(1)(f)

Work/Home Number – GDPR Article 6(1)(f)

Emergency Contact Number – GDPR Article 6(1)(f)

Special Category Data:

Bank Details – further explicate consent sought in the instance of refunds etc.

Momentum Dance transports data with all due diligence. Hard copies of registers and emergency contacts are carried by authorised staff members. They are locked away while not in use. When they are no longer in use or out-dated, they are destroyed thoroughly. Waiting lists are stored on an encrypted cloud-based server (classmanager)

Our standard retention policy (without the data subject’s right to access, rectification and erasure etc.) is THREE YEARS post final attendance. Exceptions to our retention policy:

·      Financial records are kept for 6 years due to legal obligation

·      First Aid records are kept for 21 years due to legal obligation

·      Photo consent may be kept indefinitely

·      Child Safeguarding records are kept indefinitely on a case-by-case basis, the minimum these will stored for is 6 years due to legal obligation

·      Bank details are deleted after the action concerning them is complete

·      Enquiries that do not turn into bookings with current classes are deleted after they have been dealt with

·      Momentum Dance does not actively share data with third parties, however there are certain instances where sharing information is crucial to our business processes.

Freelance Teachers:
As Momentum Dance teachers are freelance staff, we have confidentiality and data processor agreements in place. Teachers will never be provided with personal details aside from participant’s names and any medical information that is pertinent to the running of a class (subject to consent from the data subject)

Class Manager:
Momentum Dance uses a software platform called ‘Class Manager’ for administration. Momentum Dance is satisfied that their GDPR regulations are thorough, and the information stored in Class Manager is secure. 

Any data subject with personal data stored within Momentum Dance is entitled to the rights of:

Access

You may contact Momentum Dance at any time to access all data held relating to you and/or your child(ren). Momentum Dance will ensure that we respond to a subject access request without undue delay and within one month of receipt. If the information request will also include data regarding others, Momentum Dance has the right to refuse the request or take steps in order to obtain consent from other involved parties. The right of access does not apply to Momentum Dance’s legal obligations such as Child Safeguarding records.

Rectification
You may contact Momentum Dance at any time in order to rectify data held relating to you and/or your child(ren). Momentum Dance will ensure that we respond to a rectification request without undue delay and within one month of receipt. The right to rectification does not apply to Momentum Dance’s legal obligations such as payment record information.

Erasure
You may contact Momentum Dance at any time in order to erase data held relating to you and/or your child(ren). Momentum Dance will ensure that we respond to an erasure request without undue delay and within one month of receipt. The right to erasure does not apply to Momentum Dance’s legal obligations such as First Aid records.

Restrict Processing
You may contact Momentum Dance at any time in order to restrict the data we process relating to you and/or your child(ren). Momentum Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt. However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with Momentum Dance until the restriction is lifted. This is due to Health and Safety and Child Safeguarding.

Data Portability
You may contact Momentum Dance at any time in order to obtain the data we process relating to you and/or your child(ren) and reuse it across different services. Momentum Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt. Please note, this does not apply to Momentum Dance’s legal obligations.

Objection
You may contact Momentum Dance at any time in order to object to the processing of data relating to you and/or your child(ren). Momentum Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt. However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with Momentum Dance until the restriction is lifted. This is due to Health and Safety and Child Safeguarding.

Rights related to automated decision-making including profiling
You may contact Momentum Dance at any time in order to object to profiling relating to you and/or your child(ren). Momentum Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt. However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with Momentum Dance until the profiling restriction is lifted. This is due to Health and Safety and Child Safeguarding. Momentum Dance has a lawful reason for profiling; Legitimate interests and consent. None of Momentum Dance’s decision making is automated. Profiling is only used in circumstances where a participant may have certain health/disability needs which may prevent them from taking part in classes (as it would be unsafe to do so).

Any and all verbal requests are noted, and then contacted again either via phone or email to verify the request. Verbal requests will be responded to in the time frames mentioned above.

Social Media/Marketing:

Momentum Dance often use footage/photos used from classes and performances for marketing purposes both in print, social media platforms (including; Instagram, Facebook and email) and the website. Participants/their Parent and/or Guardians may choose if they do not wish themselves/their child to be depicted. These will never be shared with any identifying information (age, location etc.). There may be times where we will share first names, but only with the explicit consent of the parents. All members of staff (PAYE, Freelance and Voluntary) must agree to this Data Protection policy prior to accepting a contract of employment.

Data Breeches:

Momentum Dance is registered as a Data Controller with the Independent Commissioners Office (ICO). The registered Data Protection Officer (DPO) is Lorna Blacker. If Momentum Dance experiences a data breech of any kind, we have a legal obligation to report this to ICO within 72 hours. The data breech will be reported by the DPO. Momentum Dance will also inform all the victims of the data breech as soon as possible if there is a high risk of adversely affecting individuals’ rights and freedoms. Momentum Dance will store and record all data breeches.

Complaints:

Complaints in regards to the handling of any personal data can be made directly to Momentum Dance’s DPO: (Lorna Blacker).

Email: [email protected]

Telephone: 07743433372

Address: Momentum Dance, 6 Dickens Close, Hartley, Longfield, Kent  

If you feel that your complaint was not handled in the correct manner, or still have concerns, you may escalate the complaint by contacting the Independent Commissioner’s Office (ICO).

ICO Telephone Number: 0303 123 1113

Changes to our Privacy Policy

We review our Privacy Policy on a frequent basis to check that it accurately reflects how we deal with your information and may amend it if necessary. You should check the website www.momentum-dance.com regularly to see the most up to date information. We welcome questions, comments and requests regarding this Privacy Policy which can be sent to [email protected]