Phoenix AcroDance Academy

Privacy Policy

All data is fully protected inline with our Data Protection Policy & General Data Protection Regulation (GDPR). Only the principal & admin team have access to Phoenix AcroDance Academy's data.

Data Protection

Both parties will comply with all applicable requirements of the General Data Protection Regulation and any UK implementing laws (“the Data Protection Legislation”). The parties acknowledge that for the purposes of the Data Protection Legislation, we are a data processor and you are the data controller. You shall ensure that it has all necessary consents or has complied with another processing condition and has the appropriate notices in place to enable the lawful transfer of personal data to us for the duration and for the purposes of these terms. Consent must specifically be requested before uploading any personal information, including images (profile pictures) into the system. When we process any personal data on behalf of you, we shall: act only on your instructions have in place appropriate technical and organisational security measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Such measures shall be appropriate to the harm that might result from the unauthorised or unlawful processing; ensure all personnel who have access to the personal data are obliged to keep it confidential; assist you to respond to a data subject’s request to enforce their rights of subject access, rectification, erasure and any other rights conferred by the Data Protection Legislation; assist you if requested with respect to security, breach notifications, impact assessments and any investigations by a supervisory authority or regulator; notify you without undue delay in the event of a data security breach and assist you with any investigations; at your direction delete or return to you all personal data and copies on termination unless required by law to retain the same; complete and accurate records to demonstrate its compliance with this clause and allow for audits by you; and keep up to date a data processing register (if required). We shall not appoint a third-party processor without your prior written consent. We shall ensure that any third-party processor will enter into an agreement with the same or substantially similar terms in relation to the Data Protection Legislation.