OTE Performing Arts Academy

Privacy Policy

Data Protection and Privacy Policy 

The Academy’s Data Protection and Privacy Policy in accordance with GDPR.

At the Academy, we take your privacy seriously. We will never sell your data and we promise to keep your details safe and secure.

GDPR stands for General Data Protection Regulation and replaces the previous Data Protection. It was approved by the EU Parliament in 2016 and came into effect on 25th May 2018.GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individual’s data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals.

The Academy is committed to protecting the rights and freedoms of individuals with respect to the processing of children’s, young people’s, parent’s, carer’s, legal guardian’s, visitor’s and staff’s personal data.

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

The Academy is committed to protecting your privacy. All personal data is held and processed in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 1998 (DPA). 

What information are we collecting?

We obtain your personal data in the following ways:
•By completing a 'Trial Registration' or ‘Contact’ form via our website
•When you complete an event form, expression of interest form or audition form
•When you make an enquiry by telephone, email, text, via our website or through a social media platform e.g. Facebook Messenger etc.
•When you make an order through the OTE Store
•When you sign up to our invoice system

We may also obtain information about you from other sources. This includes information from the local authorities or other professionals or bodies, including a court, which might raise concerns in relation to your child. This is in respect of our Health and Safety and Safeguarding and Child Protection policies.

We collect the following personal data:
•Pupil’s name
•Parent/carer name(s)
•Contact telephone numbers
•E-mail address
•Emergency contact details
•Your relationship to your child
•Pupil’s date of birth
•Pupil’s school/college/university
•Pupil’s school year
•Pupil’s medical/dietary/disability requirements
•Education and training records
•Your area(s) of interest

We will also use special categories of data for monitoring such as the pupil’s gender, age, ethnic group, sexual orientation, social circumstances, religious or similar beliefs, information about health and biometric data. These types of personal data are subject to monitoring as we are committed to widening participation. The data is also subject to additional requirements.

As an employer of self-employer practitioners the Academy is required to hold data on its teachers such as names, addresses, email addresses, past employers/references, telephone numbers, date of birth, national insurance numbers, photographic ID such as passport and driver’s license, bank details. This information is also required for Disclosure and Barring Service checks (DBS), public liability insurance, first aid certificates, membership details, qualifications and proof of eligibility to work in the UK. This information is sent via a secure file transfer system to UCheck or The Teaching Executives Ltd for the processing of DBS checks. DBS Numbers and date of issue are also held on a central staffing record.

We are required to collect certain details of visitors to our Academy. We need to know visitors names, telephone numbers, email address and where appropriate company name. This is in respect of our Health and Safety and Safeguarding and Child Protection policies.

Why are we collecting your data?

We hold personal data of our applicants, students, visitors and stakeholders in order to manage our processes and services. It is important that you are aware of why we collect and handle your personal information. There are different scenarios where we need to store your information. 

Typical examples are:

How will we use the information? 

Under the GDPR, we do have to meet one of the conditions set out in Article 6 for processing your data. 

In most cases, the processing of your data is necessary for statutory and contractual purposes. We may also need to process the sensitive data you provide to us to ensure an individuals safety and wellbeing. Processing could be necessary to protect your vital interests or others. In addition to this, we also need to process some of the data you provide to us to help us comply with legal obligations.
The Academy are keen to communicate our activities, latest news and successes with students and stakeholders and we do this through a range of online and offline channels. In order for us to do this we hold your data in a business development software database. We aim to keep your data up-to-date, and you are able provide any updates by emailing [email protected]. Unless you have stated otherwise your data will be used for a full range of communications via your chosen method(s) (including email, SMS, post, telephone). To ensure you receive relevant information we use your data to personalise our communications.

How will we secure your data? 

We use highly secure business database systems with appropriate security standards in accordance with GDPR. These include Member Meister, Class Manager GoCardless, PayPal, iZettle, Stripe and WooCommerce. 

Do we share your data?

We will only share your data with internal service staff, teaching faculty and external organisations who are acting as agents for the Academy and are involved in helping us communicate and offer a service. For instance, this could include a workshop teacher - whereby a student’s SEN is disclosed to ensure the teacher is able to fully meet any additional needs.

We never sell data we hold. Your information/advice is held in the strictest confidence. The teaching faculty are aware that confidentiality is paramount and any sharing of data is a breach of data regulations. We do not permit copying or sharing by our staff and actively monitor for any potential breaches.
We will never pass your data on to third parties without your explicit consent unless we are required to do so by law.

To take part in competitions, exams, shows, events or performances we will usually be asked to send personal data to the organising body, we will ask for your consent to share the data when entering your child. We also reserve the right to share information if we suspect a safeguarding issue (Safeguarding and Child Protection policy).

How can users control any aspects of this?

Under the new regulations, you have a right of access and therefore the right to know what information we hold on you. At any point an individual can make a request relating to their data and the Academy will need to provide a response (within 1 month). Simply send an email to [email protected] and we will download what we have and send it to you. If you believe we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.

The Academy can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.

How long do we retain your data?

We keep your data as long as needed to fulfil the purpose for which it was collected, for instance to fulfil our contractual obligations towards you or pursue our legitimate interests until there is no longer any legal requirements or rights for us to keep the data. 

Please see below for the specific retention guidelines for each type of data we hold:

The right to data portability 

The Academy requires data to be transferred from student, to teacher, to Academy Principal. The Academy is also required to transfer data from one IT system to another; such as from the Academy to the Local Authority, for performance BOPA licences, and Performing Art and Dance Associations for examinations, performances or competitions. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.

The right to object 

We will send out marketing material relating to the Academy, from time to time, to our students, parents, carers, legal guardians and persons who have enquired about our classes. Parents, carers, legal guardians, prospective students, visitors and staff can object to their data being used for certain activities like marketing or research. Please inform us if you do not wish to receive this information.

The right not to be subject to automated decision-making including profiling 

Automated decisions and profiling are used for marketing based organisations. The Academy does not use personal data for such purposes.

The right to restrict processing 

Parents, carers, legal guardians, visitors and staff can object to the Academy processing their data. This means that records can be stored but must not be used in any way, for example Academy Communications, General Emails about Academy news and updates. In this situation, the Academy has no obligation to refund any classes missed or cancelled due to 'lack of communication'. It will be the individuals responsibility to ensure they are informed about any event's happening at the Academy. 

Storage and use of personal information

All paper copies of student and staff records are kept in a locked filing cabinet in the Academy Head Office. Members of staff can have access to these files but information taken from the files about individual student’s is confidential and apart from archiving, these records remain on site at all times. These records are shredded after the retention period.

Information about individual children is used in certain documents, such as, a weekly register, medication forms, referrals to external agencies and disclosure forms. These documents include data such as student’s names, date of birth and sometimes address. These records are shredded after the relevant retention period.

The Academy collects a large amount of personal data every year including; names and addresses of those on the waiting list. These records are shredded if the student does not attend or added to the student’s file and stored appropriately.
Information regarding families’ involvement with other agencies is stored both electronically on Member Meister and in paper format, this information is kept in a locked filing cabinet at the Academy Head Office. These records are shredded after the relevant retention period

The Academy stores personal data held visually in photographs or video clips or as sound recordings, unless written consent has been obtained via the Model Release form/fit to Perform agreement form. No names are stored with images in photo albums, displays, on the website.

Access to all Office computers is password protected. When a member of staff leaves the company, these passwords are changed in line with this policy and our Safeguarding and Child Protection policy. Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a locked filing cabinet.

GDPR means that the Academy must:

This policy was updated for the Academy in April 2021. We are committed to reviewing our policy and good practice annually.