Data Protection Policy
In order to provide you with the best service we possibly can there are items of information that needs to be collected by RA Dance Fitness. RA Dance Fitness is responsible for the data collected. RA Dance Fitness is the business name for the employment of Rhiannon Annandale. Our registered address is; 8 King Edward Close, Bristol, BS14 0RT. The company acts as a ‘controller’ for your data, and as such has a responsibility to control how your data is collected and how it is used.
TABLE OF DATA
Where do you store the data?
Data is stored in three different ways. The first, is online using a third parties secure cloud database (example, gmail contacts). The information provided on here is accessible by that third party and RA Dance Fitness. To access the information the correct login details need to be provided. Secondly, RA Dance Fitness may use applications on electronic devices to store written notes or information, in an effort to reduce paper usage. All devices that are used by this format have biometric locks, using fingerprint or facial recognition software. When these fail there is also a secondary lock that requires a 6 digit code to access the device securely. Thirdly, data may be stored in hard copy format. Information stored in this way is minimal and refers only to registers, records of attendance and student body measurements, that have not been stored on an electronic device. Any data stored in this way is only accessible by RADanceFitness.
How do you protect and document the data you have?
Data provided online (via email) is stored on a secure cloud requiring a username and password to be accessed. The data is encrypted within this cloud storage, therefore if the data does become compromised none of the data stored will be shared in a useable format. Any data downloaded for use by RA Dance Fitness is stored electronically on a secure and encrypted laptop. Any physical copy of information provided to RA Dance Fitness will be stored in a lockable travel container immediately, before being transferred to a secure lockable filling cabinet at the earliest convenience.
Physical data used by RA Dance Fitness to provide normal service on location will be stored in a lockable travel container, used for register purposes in the event of an emergency.
How long do you keep the data for?
Data is kept for the minimum time possible. All data relating to costumes and uniform will be discarded once the garments are received and seen to fit correctly. Any attendance records are kept for a year and then discarded at the beginning of the years term, i.e. Term 1 of 2018 will be discarded in Term 1 of 2019. Personal records related to the individual that attends class, and guardian information relating to that student will be kept for the entirety of their attendance to class. Annually parents and guardians will be asked to update this information if it is now out of date. This information is kept 6 weeks after they begin to non-attend classes, unless RA Dance Fitness is told that they will be stopping their business with the Dance School. In such cases data will be removed immediately. Information relating to first aid incidences will be kept for the desired length of time denoted by our insurance providers Markel.
Who has access to the data?
Access to the data is kept minimal and only Rhiannon Annandale has access to all pieces of information. Some information is shared with third parties in order to improve our services and communication with our clients. All third parties also have privacy policies in place and appear to be GDPR compliant as well. These third parties include; Gmail, Facebook, Twitter, Instagram, Square, Test and Trace, and the IDTA, other third parties may also include other teachers at RA Dance Fitness, parents and attendees to the classes. When in the presence of other third parties information shared will be kept to a minimum and is likely only to include the child’s first name.
What is the current process if someone asks to be removed from your records?
Anyone wishing to have their data remove should contact RA Dance Fitness by any means expressing their desire to have their information removed. At which point any communications with the business will be deleted. The associated will be discard from any electronic devices and any paper documents relating to that customer will be shredded.