Sazonova Dance and Fitness Studio

Privacy Policy

 

 

Policy:

Data Protection (UK-GDPR)

Date Adopted:

Date of last review: 

To be reviewed next before/on:

06/08/23

06/08/23

06/08/24

06/08/25

Purpose and Statement:

Sazonova Dance and Fitness Studio is committed to ensuring the data processed by our school remains safe and 

secure.

 

This policy has been written in line with legislative change, including both the Data Protection Act (2018) and the UK’s General Data Protection Regulation (UK-GDPR) which is based upon EU-GDPR. 

 

Sazonova Dance and Fitness Studio has determined the lawful reasons with which it processes personal data:

·       Legal obligation – UK-GDPR Article 6(1)(c)

·       Legitimate interest – UK-GDPR Article 6(1)(f)

·       Contract - UK-GDPR Article 6(1)(b)

 

There is also some special category data we process with consent from the Data Subject; Explicit Consent – UK-GDPR Article 9(a).  

 

While Sazonova Dance and Fitness Studio avoids sharing data with third parties at most times, some data is shared in accordance with our business practices. The sharing of data with third parties will always be 

consensual with the data subject and/or their parent/guardian, and only if Sazonova Dance and Fitness Studio is satisfied that their Data Protection policy is UK-GDPR compliant. 

 

Main Aims for the policy:

-        Specify the data Sazonova Dance and Fitness Studio collect, how it is stored/protected and the reason for collecting it

-        State how Sazonova Dance and Fitness Studio use personal data in processing

-        Disclose who has access to the data and how long we retain information for

-        Explain Data Subject’s rights with Sazonova Dance and Fitness Studio data including access, rectification and erasure

 

Distribution:

·       To be distributed to Board at AGM and Induction sessions for Board Members [IF 

APPROPRIATE]

·       To be sent to all staff, freelance staff and volunteers as part of induction and training

·       To be displayed on the Sazonova Dance and Fitness Studio website

·       This policy will be sent directly to members of the public on request

·       Confirmation of receipt of information - Signed statement from recipient to be held on file

Review and monitoring of policy:

·       Reviewed annually or in instances of legislative change

·      Monitoring is part of Management and Supervision

 

 

The following policy is based on the below principles:

The UK-GDPR includes the following rights for individuals:

-        the right to be informed

-        the right of access

-        the right to rectification

-        the right to erasure

-        the right to restrict processing

-        the right to data portability

-        the right to object

-        the right not to be subject to automated decision-making including profiling

 

General Principles

Sazonova Dance and Fitness Studio is committed to providing fair and understandable privacy policies in relation to personal data.

Sazonova Dance and Fitness Studio will, at all times, keep data in secure locations (including, but not limited to, encrypted and access restricted files) and not retain data unnecessarily or past the retention length as set out in this policy.

In the rare instance a data processor that is not an Sazonova Dance and Fitness Studio employee is used, such as a third party, the data subject will either be asked for consent pre to supplying the data or be notified and have the right to object to processing. 

 

Participants and Customers

How Sazonova Dance and Fitness Studio collect personal data:
Sazonova Dance and Fitness Studio customers and participants supply their personal data when signing up for classes through our registration form either via the website, or via paper form.
This is either completed by a parent/guardian or the child themselves if they deemed able to do so.

Personal data may also come to us unsolicited via enquiries through our website and to our generic email account.

Why Sazonova Dance and Fitness Studio collect personal data:
To attend any of activities participants/parents/guardians must agree to some processing of their personal data. This is due to Legitimate Interests – UK-GDPR Article 6(1)(f), Legal Obligation UK-GDPR Article 6(1)(c), Contract - Article 6(1)(b) and/or Consent - Article 6(1)(a).

 

Should Sazonova Dance and Fitness Studio be unable to process participant’s data, we would be contravening both our Health & Safety and Child Safeguarding policies. We would also be ignoring best practice regarding working with children/vulnerable adults. 

 

Our participants must remain safe at all times, therefore information about participants must be collected in order to create registers and accurate student records. This information is also used to provide students with appropriate classes, including dividing students into age groups.

 

Special category data is only collected with the consent of the data subject. Special category data Sazonova Dance and Fitness Studio collects includes but is not limited to: Medical/Disability information, Income information, Ethnicity, Gender and Sexuality.

 

As physical activity providers it is essential that this consent is given should a participant have any medical/disability needs. This allows us to incorporate participants safely into classes. It is also used in assessing if we can incorporate participants safely into classes.

 

Income information is only collected in instances where a participant applies to attend our classes at a concessionary price, or on a bursary. This financial support is means tested, and therefore is subject to documented proof. Proofs of entitlement to concession are shredded after the entitlement has been noted.

 

Ethnicity and other sensitive data are to provide information to funding bodies for statistical purposes. 

This data is always provided to third parties as quantified data (i.e. cumulative numerical data only with no identifying information relating to any data subject).

 

What data we collect:

Personal data and some special category is collected. 

It is essential to our primary function (providing classes to participants) that we are provided, and allowed to process and store the following:

Participant Personal Data:

-        Full Name - UK-GDPR Article 6(1)(f)

-        Date of Birth - UK-GDPR Article 6(1)(f)

-        Home Address - UK-GDPR Article 6(1)(f)

-        Sex - UK-GDPR Article 6(1)(f)

-        Exam results (vocational exams taken through Sazonova Dance and Fitness Studio only) - UK-GDPR Article 6(1)(f)

-        Classes attended/Price paid - UK-GDPR Article 6(1)(f)

Participant Special Category Data:

-        Medical Information/History – UK-GDPR Article 9 (a)

-        Disability Information - UK-GDPR Article 9 (a) 

-        Gender/Sex – UK-GDPR Article 9 (a & j) – further explicate consent sought

Parent/Guardian Personal Data:

-        Name UK-GDPR Article 6(1)(f)

-        Address - UK-GDPR Article 6(1)(f)

-        Email Address UK-GDPR Article 6(1)(f)

-        Mobile Telephone Number UK-GDPR Article 6(1)(f)

-        Work/Home Number UK-GDPR Article 6(1)(f)

-        Emergency Contact Number UK-GDPR Article 6(1)(f)

 

How data collected is sent internally:

Sazonova Dance and Fitness Studio transports data with all due diligence. 

Enrolment forms are sent to Sazonova Dance and Fitness Studio through an encrypted email server directly from Class Manager which has controlled access. Received enrolment forms are stored on Class Manager. They are deleted upon un-enrolment.

 

Storage/Retention of data:

Data received through enrolment forms is uploaded manually into our database software. Our database is stored both in encrypted files on office-based hardware and backed up regularly. Access to these files is restricted through password protection and only available to authorised staff members. 

 

Registers and emergency contact lists created from student data are stored in encrypted files on office-based hardware and backed up regularly in our encrypted cloud-based server. Access to these files is restricted through password protection and only available to authorised staff members. 

 

Our standard retention policy (without the data subject’s right to access, rectification and erasure etc.) is THREE YEARS post final attendance.

Exceptions to our retention policy:

-        Financial records are kept for 6 years due to legal obligation

-        First Aid records are kept for 3 years due to legal obligation

-        Photo consent may be kept indefinitely

-        Child Safeguarding records are kept indefinitely on a case-by-case basis, the minimum these will stored for is 6 years due to legal obligation

-        Bank details are deleted after the action concerning them is complete

 

Third Parties/Data Processors:

Sazonova Dance and Fitness Studio does not actively share data with third parties, however there are certain instances where sharing information is crucial to our business processes. 

 

Freelance Teachers:

As many of Sazonova Dance and Fitness Studio teachers are freelance staff, we have confidentiality and data processor agreements in place. Teachers will never be provided with personal details aside from participant’s first names and any medical information that is pertinent to the running of a class (subject to consent from the data subject)

 

Child Safeguarding Concerns:

In the unlikely event Sazonova Dance and Fitness Studio has a safeguarding concern in relation to one of our participants, Sazonova Dance and Fitness Studio are legally required to provide data to the safeguarding board at the local council. 

Sazonova Dance and Fitness Studio is satisfied that their UK-GDPR process are thorough, and any data will be stored in a secure environment, and not unnecessarily retained.

 

Event Programmes:

Sazonova Dance and Fitness Studio may occasionally produce programmes for events. These will only ever contain the first name and first initial of a child’s last name (unless otherwise consented to). The name of a child’s class may also be included. Participants/their Parent and/or Guardians may choose if they want to be included in the programme when they agree to participate at an event.

 

Examination Entry:

In order to enter examinations, Sazonova Dance and Fitness Studio must provide some personal data to examination boards (currently Sazonova Dance and Fitness Studio work with: ISTD, TDSC, Acrobatic Arts). This sharing of data is to be consented to by the data subject and/or parent/guardian upon being entered for the exam. 

 

Schools:

Sazonova Dance and Fitness Studio is satisfied that their UK-GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

 

Rights of the data subject and Sazonova Dance and Fitness Studio compliance with responses:

Any data subject with personal data stored within Sazonova Dance and Fitness Studio is entitled to the rights of:

 

-        Access 

You may contact Sazonova Dance and Fitness Studio at any time to access all data held relating to you and/or your child(ren). Sazonova Dance and Fitness Studio will ensure that we respond to a subject access request without undue delay and within one month of receipt. If the information request will also include data regarding others, Sazonova Dance and Fitness Studio has the right to refuse the request or take steps in order to obtain consent from other involved parties.
The right of access does not apply to Sazonova Dance and Fitness Studio’s legal obligations such as Child Safeguarding records.

 

-        Rectification
You may contact Sazonova Dance and Fitness Studio at any time in order to rectify data held relating to you and/or your child(ren). Sazonova Dance and Fitness Studio will ensure that we respond to a rectification request without undue delay and within one month of receipt.
The right to rectification does not apply to Sazonova Dance and Fitness Studio’s legal obligations such as payment record information.

 

-        Erasure
You may contact Sazonova Dance and Fitness Studio at any time to erase data held relating to you and/or your child(ren). Sazonova Dance and Fitness Studio will ensure that we respond to an erasure request without undue delay and within one month of receipt.
The right to erasure does not apply to Sazonova Dance and Fitness Studio’s legal obligations such as First Aid records.

 

-        Restrict Processing
You may contact Sazonova Dance and Fitness Studio at any time to restrict the data we process relating to you and/or your child(ren). Sazonova Dance and Fitness Studio will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.

However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with Sazonova Dance and Fitness Studio until the restriction is lifted. This is due to Health and Safety and Child Safeguarding.

 

-        Data Portability
You may contact Sazonova Dance and Fitness Studio at any time in order to obtain the data we process relating to you and/or your child(ren) and reuse it across different services. Sazonova Dance and Fitness Studio will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
Please note, this does not apply to Sazonova Dance and Fitness Studio’s legal obligations.

 

-        Objection

You may contact Sazonova Dance and Fitness Studio at any time in order to object to the processing of data relating to you and/or your child(ren). Sazonova Dance and Fitness Studio will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with Sazonova Dance and Fitness Studio until the restriction is lifted. This is due to Health and Safety and Child Safeguarding.

 

 

-        Rights related to automated decision making including profiling

You may contact Sazonova Dance and Fitness Studio at any time in order to object to profiling relating to you and/or your child(ren). Sazonova Dance and Fitness Studio will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with Sazonova Dance and Fitness Studio until the profiling restriction is lifted. This is due to Health and Safety and Child Safeguarding.

Sazonova Dance and Fitness Studio has a lawful reason for profiling; Legitimate Interests and consent.
None of Sazonova Dance and Fitness Studio’s decision making is automated. Profiling is only used in circumstances where a participant may have certain health/disability needs which may prevent them from taking part in classes (as it would be unsafe to do so).

 

Any and all verbal requests are noted, and then contacted again either via phone or email to verify the request. Verbal requests will be responded to in the time frames mentioned above.

 

Photos/Videos of Participants

 

Sazonova Dance and Fitness Studio often use footage/photos used from shows, performances and classes for marketing purposes both in print media and the website. Participants/their Parent and/or Guardians may choose if they do not wish themselves/their child to be depicted.

Social Media:

Sazonova Dance and Fitness Studio regularly share photos/videos of students in workshops, events and performances through social media platforms including; Instagram, Facebook, Twitter, Email. These will never be shared with any identifying information (age, location etc.). There may be times where we will share first names, but only with the explicit consent of the parents. Participants/their Parent and/or Guardians may choose if they do not wish themselves/their child to be depicted.

 

Staff (Employees/Freelance), Trustees, Volunteers and 
Potential Staff/Trustees and/or Volunteers

For the purposes of this policy, the aforementioned persons above will be referred to as ‘staff’.

 

How Sazonova Dance and Fitness Studiocollect personal data:
Sazonova Dance and Fitness Studio staff supply their personal data when applying for roles within the company. 
This is either completed through an application form or submission of a CV. 

Further information is collected when applicants are considered successful. Unsolicited data may come to Sazonova Dance and Fitness Studio in the form of applicants emailing regarding work/volunteer opportunities.

 

Why Sazonova Dance and Fitness Studio collect personal data:

It is Sazonova Dance and Fitness Studio’s legal obligation to collect staff’s personal data in relation to their employment. This is due to Legal Obligation UK-GDPR Article 6(1)(c) and/or Contract - Article 6(1)(b)

 

Should Sazonova Dance and Fitness Studio be unable to process staff’s data, we would be contravening UK Employment law, our own employment contracts and our own Health & Safety and Child Safeguarding policies. 

Special category data is only collected with the consent of the data subject. Special category data Sazonova Dance and Fitness Studio collects includes but is not limited to: Medical/Disability information, Ethnicity, Gender and Sexuality. Sazonova Dance and Fitness Studio’s lawful purpose for collecting this data is both Article 6(1)(b) – contract and 

Article 9(2)(b) – employment. This also ensures we are confirming to our Equal Opportunities policy. Any data is always recorded as quantified data (i.e. cumulative numerical data only with no identifying information relating to any data subject).

 

Sazonova Dance and Fitness Studio is also entitled to obtain and process data in relation to criminal convictions and DBS checks. Most posts within Sazonova Dance and Fitness Studio are exempt from the Rehabilitation of offenders act (1974) by the 1975 and 2001 Exceptions Amendment, as they involve working with vulnerable and/or young people. This is further supported by article 10 of UK-GDPR.

What data we collect:

Personal data and some special category is collected. 

It is essential to our business that we are provided, and allowed to process and store the following:

Staff Personal Data:

-        Full Name Legal obligation – UK-GDPR Article 6(1)(c) Legal Obligation

-        Date of Birth - UK-GDPR Article 6(1)(c) Legal Obligation

-        Contact Details - UK-GDPR Article 6(1)(c) Legal Obligation

-        Pension Information - UK-GDPR Article 6(1)(c) Legal Obligation

-        NI number - UK-GDPR Article 6(1)(c) Legal Obligation

-        UTR number - UK-GDPR Article 6(1)(c) Legal Obligation

-        Right to work in the UK - UK-GDPR Article 6(1)(c) Legal Obligation

-        References - UK-GDPR Article 6(1)(c) Legal Obligation

-        Bank Details - UK-GDPR Article 6(1)(b) Contract

-        Qualifications - UK-GDPR Article 6(1)(b) Contract

-        Pay Details - UK-GDPR Article 6(1)(c) Legal Obligation

-        Safeguarding Concerns UK-GDPR Article 6(1)(c) Legal Obligation

-        Emergency Contact - UK-GDPR Article 6(1)(b) Contract

 

Staff Special Category Data:

-        Criminal Record/DBS Checks - UK-GDPR Article 6(1)(c) Legal Obligation & GDPR Article 10

-        Medical/Disability - UK-GDPR Article 6(2)(b) Contract & Article 9(2)(b)

 

How data is sent internally:
Any transfer of data regarding staff is conducted through encrypted emails and/or stored in our encrypted cloud-based server.

Any unsolicited information is received to an encrypted email server.

Storage/Retention of data:

All Staff personal data is stored on encrypted files in our cloud-based server. It is also stored on encrypted hardware within the office. Any hard copies are stored in a locked cabinet. All of these files have restricted access to authorised staff only.

Most staff data is retained for 6 YEARS (post-employment). 
Exceptions to our retention policy:

-        Child Safeguarding records are kept indefinitely on a case-by-case basis, the minimum these will stored for is 6 years due to legal obligation

-        First Aid records are kept for a minimum of 3 years due to legal obligation

Unsuccessful applicant data is stored 6-months post campaign, this includes unsolicited data from potential applicants.

Third Parties/Data Processors:
Sazonova Dance and Fitness Studio does not actively share data with third parties, however there are certain instances where sharing information is crucial to our business processes. 


Co-Operative Bank:
In order to process payments by BACs, staff’s bank details and names must be added to our online banking system. Sazonova Dance and Fitness Studio is satisfied that their UK-GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

QuickBooks:
QuickBooks is Sazonova Dance and Fitness Studio’s finance software. In order to process staff members pay, Sazonova Dance and Fitness Studio processes some of their personal data monthly and stores it there. Sazonova Dance and Fitness Studio is satisfied that their UK-GDPR processes are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

Class Manager:

Class Manger is Sazonova Dance and Fitness Studio’s booking, registration and finance software. In order to process staff members pay, Sazonova Dance and Fitness Studio processes some of their personal data monthly and stores it there. Sazonova Dance and Fitness Studio is satisfied that their UK-GDPR processes are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

References:
In order to supply references for staff members, some personal data must be divulged. This will only be done with the data subject’s consent, as Sazonova Dance and Fitness Studio may not be fully aware of the recipients UK-GDPR policies.

Child Safeguarding Concerns:

In the unlikely event Sazonova Dance and Fitness Studio has a safeguarding concern in relation to one of participants and/or staff members, Sazonova Dance and Fitness Studio are legally required to provide data to the safeguarding board at the local council and the Disclosure and Barring service.

Sazonova Dance and Fitness Studio is satisfied that their UK-GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

 

Rights of the data subject and Sazonova Dance and Fitness Studio compliance with responses:

Any data subject with personal data stored within Sazonova Dance and Fitness Studio is entitled to the rights of:

 

-        Access 

You may contact Sazonova Dance and Fitness Studio at any time to access all data held relating to you. Sazonova Dance and Fitness Studio will ensure that we respond to a subject access request without undue delay and within one month of receipt. If the information request will also include data regarding others, Sazonova Dance and Fitness Studio has the right to refuse the request or take steps in order to obtain consent from other involved parties.
The right of access does not apply to Sazonova Dance and Fitness Studio’s legal obligations such as confidential Child Safeguarding records.

-        Rectification
You may contact Sazonova Dance and Fitness Studio at any time in order to rectify data held relating to you. Sazonova Dance and Fitness Studio will ensure that we respond to a rectification request without undue delay and within one month of receipt.
The right to rectification does not apply to Sazonova Dance and Fitness Studio’s legal obligations such as payment record information.

-        Erasure
You may contact Sazonova Dance and Fitness Studio at any time in order to erase data held relating to you. Sazonova Dance and Fitness Studio will ensure that we respond to an erasure request without undue delay and within one month of receipt.
The right to erasure does not apply to Sazonova Dance and Fitness Studio’s legal obligations such as First Aid records.

-        Restrict Processing
You may contact Sazonova Dance and Fitness Studio at any time in order to restrict the data we process relating to you. Sazonova Dance and Fitness Studio will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.

However, due to our legitimate interest and legal obligations in most of the data collected- we may not be able to restrict processing.

-        Data Portability
You may contact Sazonova Dance and Fitness Studio at any time in order to obtain the data we process relating to you and reuse it across different services. Sazonova Dance and Fitness Studio will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
Please note, this does not apply to Sazonova Dance and Fitness Studio’s legal obligations.

-        Objection

You may contact Sazonova Dance and Fitness Studio at any time in order to object to the processing of data relating to you. Sazonova Dance and Fitness Studio will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
However, due to our legitimate interest and legal obligations in most of the data collected- we may not be able to accept your objection.

-        Rights related to automated decision making including profiling

You may contact Sazonova Dance and Fitness Studio at any time in order to object to profiling relating to you). Sazonova Dance and Fitness Studio will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
Please note, this does not apply to Sazonova Dance and Fitness Studio’s legal obligations.

Sazonova Dance and Fitness Studio has a lawful reason for profiling; Legitimate Interests and consent.
None of Sazonova Dance and Fitness Studio’s decision making is automated. Profiling is only used in circumstances where a staff member has a criminal conviction.

Any and all verbal requests are noted, and then contacted again either via phone or email to verify the request. Verbal requests will be responded to in the time frames mentioned above.

 

Training and Data Protection in Practise

All members of Sazonova Dance and Fitness studio must agree to this Data Protection policy prior to accepting a contract of employment.

 

 

 

 

Complaints and Data Breeches 

 

Complaints:

Complaints in regard to the handling of any personal data can be made directly to Sazonova Dance and Fitness Studio’s Principal

 

If you feel that your complaint was not handled in the correct manner, or still have concerns, you may escalate the complaint by contacting the Independent Commissioner’s Office (ICO). 

ICO Telephone Number: 0303 123 1113

 

Data Breeches:

If Sazonova Dance and Fitness Studio experiences a data breech of any kind, we have a legal obligation to report this to ICO within 72 hours. The data breech will be reported by the DPO. In the instance they are unavailable to report the breech, the next most senior staff member shall do so.

 

Sazonova Dance and Fitness Studio will also inform all the victims of the data breech as soon as possible if there is a high risk of adversely affecting individuals’ rights and freedoms.

 

Sazonova Dance and Fitness Studio will store and record all data breeches.

 


 

 By clicking that you agree, you are agreeing to our terms and conditions and privacy policy