Sophie Gallie Dance Academy

Privacy Policy

Privacy Policy

SOPHIE GALLIE DANCE ACADEMY


Sophie Gallie Dance Academy (“We” or “Us”) is fully committed to safeguarding and promoting the well-being of all students, staff, and volunteers associated with Us.


Registered Address:

The Hammond School, Mannings Lane, Hoole Bank, Chester, CH2 4ES


For the purpose of this Policy, Sophie Gallie Dance Academy (SGDA) is the data controller and, where applicable, the data processor of your information.


This Policy describes how personal data must be collected, handled, and stored to meet our data protection standards and to comply with the law. This Policy, together with any other documents referred to within it, sets out the basis of:

- What personal data we collect and why

- What we do with your personal data

- How we secure your personal data

- How you can change or request to remove your personal data


Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.


The legal basis on which we process the information we collect is in order for us to provide the Service outlined in our Terms and Conditions. It is in Our legitimate interests, which are further explained in the ‘How We Use The Information Collected’ section of this Policy.


What Information We Collect


We will store the following data in relation to students and/or parents/guardians:

- Information collected via our online registration form (including: parent name, email address, contact telephone number, student name, student date of birth, important medical details).

- Occasional class photographs/videos where applicable (as per Photography/Filming Consent).

- Observational notes on the performance/progress of the students.

- Safeguarding concerns.


To comply with GDPR guidelines, personal data will not be kept for longer than is necessary. We agree to:

- Store any personally identifiable data recorded on paper securely in a locked drawer or filing cabinet, which is behind at least one locked door.

- Store any personally identifiable data recorded on a computer/device securely and password-protected.

- Consider the purpose or purposes for which we hold the information and decide whether (and for how long) it needs to be retained.

- Securely delete (or shred any hard copies of) information that is no longer required.

- Update, archive, or securely delete information every four years.


How We Use the Information Collected


We use the information that we collect in various ways during the operations of our business, including:


Operations

- To track and acknowledge students enrolled in classes via a password-protected register.

- To carry out our obligations during the class timetable.

- To carry out any business-essential administrative processes.

- To allow you/your child to participate in extras such as exams, performances, events, and demonstrations.


Communications

- To enable Sophie Gallie Dance Academy to provide support to customers and students when requested or required.

- To investigate any issues that arise from participating in our classes.

- To notify you of any changes to our timetable.

- To provide any information you have requested or that we feel may be of genuine interest to you, including updates about the services we offer, promotions, and general business information. You have the right to opt out of receiving any promotional information as detailed below under ‘Your Rights’.


How We Store Your Data


These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the Data Protection Officer. When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.


These guidelines also apply to data that is usually stored electronically but has been printed out for whatever reason:

- When not required, the paper or files will be kept in a locked drawer or filing cabinet.

- Paper and printouts will not be left where unauthorised people could see them (e.g., on a printer).

- Data printouts will be shredded and disposed of securely when no longer required.

- Personal/sensitive data stored on USB storage devices will be encrypted – the Data Protection Officer can provide an encrypted USB device if required.

- When data is stored electronically, it must be protected from unauthorised access, accidental deletion, and malicious hacking attempts.

- If data is stored on removable media (flash drive), these will be kept locked away securely when not used.

- All servers and computers containing data are securely protected by software and a firewall.


Data Usage


When working with personal data, staff members will ensure that the screens of their computers are always locked when left unattended. Staff members will not have saved copies of personal data on their own computers. It will always be accessed and updated in the central system ‘Class Manager’.


Data Accuracy


The law requires that we take reasonable steps to ensure that data is kept accurate and up-to-date. Sophie Gallie Dance Academy will:

- Take reasonable steps to ensure data is kept as accurate and up-to-date as possible.

- Hold data




Data Accuracy


The law requires that we take reasonable steps to ensure that data is kept accurate and up-to-date. Sophie Gallie Dance Academy will take the following measures to maintain data accuracy:


- Data will be held in as few places as necessary, avoiding unnecessary additional data sets or copies.

- We will take every opportunity to ensure that data is updated promptly.

- We will make it easy for data subjects to update the information that we hold about them.

- Data will be updated as inaccuracies are discovered.


Subject Access Requests


All individuals who are the subject of personal data held by us are entitled to:


- Ask what information the company holds about them and why.

- Ask how to gain access to it.

- Be informed how to keep it up-to-date.

- Be informed how the company is meeting its data protection obligations.


If we are contacted by an individual requesting the information held by us, this is called a “subject access request.” Subject access requests from individuals should be made by e-mail and addressed to the data controller, Sophie Day, at [email protected].


The data controller can supply a standard request form, although individuals do not have to use this. The data controller will always verify the identity of anyone making a subject access request before handing over any information.


Changes to this Policy


Any changes we may make to our privacy policy in the future will be updated in this document and, where appropriate, notified to you by email.