Privacy Policy

a. Data Controllers and Processors

Our Designated Data (Data Protection Officer) are Amy Lynn Swarbrick (Theative Performing Arts Principal) and our Administrative Staff.

ii. Our GDPR compliant Data Processors are:

iii. Google Workspace - email and any additional permission forms.

iv. Class Manager - Client data, enrollment contracts (Terms and Conditions), class information, invoicing, bulk email (to disseminate important information) and attendance registers.

v. MailChimp - bulk Marketing emails. Enrolled specific and generic. Facebook and Instagram - Photographs and videos published with permission. Please refer to their individual privacy policies.

vi. Website (Wix) - Information collected via online forms and cookies, photographs and footage used with permission.

vii. Stripe/Ezipay, GoCardless, Xero, Starling Bank - Payment processors. They do not give us access to your financial information, only name, address/email address, date of payment and payment amount.

viii.Zoom.us - Video conferencing platform for hosting online classes.

ix. Facebook - for targeted advertising, measurement and analytics.

x.. Our Solicitor/Debt Guard Solicitors - In the case that we need to pursue legal action or collection of monies owed.

xi. NHS Test and Trace service.

b. Customer Data Collection and Processing

i. All methods and platforms used to collect, process and store your data are GDPR compliant.

ii. Initial contact/enquiry collects information via our website forms/email/telephone call/sms, and is processed into our database. Option to actively opt in to receiving Marketing Emails is provided.

iii. From May 2018, the personal and contact information you provide on enrollment by completing the online registration form will be collected, processed, stored in UK servers and automatically updated into our customer database via our Online Registration Form provided by data processor, ThinkSmart Software.

iv. The only Theative Performing Arts staff able to view your personal details other than names and medical information/injuries and publicity permissions, are our Designated Data Controllers, and this information is held on secure online servers in the UK and password protected.

v. Teaching faculty are able to see Child/pupil’s name, any additional needs/medical conditions and publicity permission via a password protected smartphone app, provided by ThinkSmart Software. This is for the legal purposes of taking attendance, ensuring the safety and wellbeing of our students during class, and protecting their right to privacy by being aware of any children we are not allowed to share photos of on our Official Social Media Pages.

vi. You may opt in to receive emails with details of exclusive offers and discounts, sent via Mailchimp. Marketing Emails for enrolled students/parents (information on new classes, holiday camps, theatre trips, promotional offers) will always contain the option to Opt Out/Unsubscribe.

c. Data Usage

i. Client data is used to help us provide individualised support and training to students and dance families.

ii. Client data is used to ensure the health and safety of all attendees (fire safety, medical conditions, accident reporting).

iii. Client contact data is used if we need to verify billing information, emergency contact, and in the event of litigation.

iv. Client contact data is also used to disseminate important information including but not limited to classes, timetables, payments, uniforms, terms and conditions, events, marketing offers, etc.

v. Permission for us to take and use photographs of your child is clarified on enrolment. If you have given permission for your child's image to be used, Theative Performing Arts retain all the rights to any photos taken in our classes. Permission can be revoked at any time. (SEE SECTION ON PHOTOS)

d. Data Retention and Erasure.

i. If not enrolling, details are made inactive on our system and may be stored for a period of 12 months before erasure.

ii. If not enrolling but joining a waiting list, details will be kept on the waiting list on our system until we’re able to offer an available class place.

iii. On enrollment, the Online Registration Form will be issued for more complete information to be provided. (Child/pupil’s relevant medical/injury/additional needs details, preferred pronouns, home address, opt-in to marketing emails, agreement to terms and Conditions, Waivers, and Photograph/footage permissions). This information is processed and updated automatically by our database.

iv. On withdrawal, your personal and contact details will be kept active on our database until all monies owed have been paid. If your invoice is still overdue after 30 days, your details will be passed onto our solicitor/debt collection service/other relevant legal entity. This is without exception.

v. On withdrawal, once all outstanding invoices/monies owed have been settled your details will be kept inactive on our database for a maximum of 1 year.

vi. On withdrawal, if you opted in, your email address will be deleted from our Enrolled Mailing List. You may unsubscribe from the General mailing list at any time.

vii. On withdrawal you will be removed from our closed members area.

e. Data Access & Update

i. Any staff with access to client data have been trained on our data protection policies and procedures, relevant to their level of access.

ii. Clients are welcome at any time to enquire via email about what data we have stored, and to update this information (which can be done directly via our Online Customer Portal).

iii. Clients will be asked at the beginning and end of every academic year to check and update their information and consent via our Online Customer Portal/Registration Form.

f. Further Data Sharing

i. Your contact information will be shared with our Solicitor and/or debt collectors in the event of any outstanding monies owed to us and/or Breach of Contract.

ii. In the event of an emergency, your contact information may be shared with the emergency services.

iii. We will never disclose your information to any other parties without your explicit consent.

g. Lawful Basis for Processing Personal Data

i. Consent - By contacting us and/or Enrolling in our Dance school you are consenting to Theative Performing Arts collecting and processing your information in the methods and for the specific purposes outlined above.

ii. Contract - Our Terms and Conditions serve as a Contract of Enrollment. We are lawfully required to collect and process your information so that both parties are fully able to uphold this agreement.

iii. Legal Obligation - We are legally obliged to collect certain data for attendance records, Fire Safety, accident report forms in the case of injuries, proof of payment, etc.

iv. Vital Interests - We collect information regarding our pupils’ medical conditions/additional needs/injuries so that our teachers can adhere to safe practice methods and ensure communication, lesson delivery and teaching strategies are appropriate and ensure the health and wellbeing of all our students. This also applies to accident reporting and contacting the emergency services.

v. Legitimate Interests - We use client data in a way that one would expect with minimal privacy impact. We have clear and compelling justification for processing data in the way that we do and have ensured that it is ethical and for the benefit of both parties.

h. Data for Marketing Purposes

i. Clients must give consent/opt-in to receive marketing emails from us. Marketing Emails are defined as information pertaining to: New classes, promotional offers for our classes/products or partner products/offers, holiday classes/camps, Theatre and Cultural Trips.

ii. Emails regarding timetables, invoices, venues, uniforms, exams, performances, terms and conditions, class cancellations or updates, or newsletters about student/school achievements, or any other information that pertains to your classes are not regarded are Marketing.

i. Data Protection

i. Theative Performing Arts are registered with the information commissioner's office and pay a yearly data protection fee.

ii. All customer information is held on secure servers, and accessed by secure, password protected and encrypted electronic devices.

iii. Approved staff have access to customer information on a tiered security levels, and can only see the information relevant to their specific job needs. j. Right of Access, Rectification and Data Quality

i. Customers can access and amend any information that we currently hold via our Online Customer Portal.

ii. Customers will be prompted to update any necessary information via the Online Customer Profile at the end of every academic year.

k. Right to Erasure

i. In addition to our data erasure schedule, you may request that we delete your details from our database (provided that there is not a legal basis, as detailed above, for us to keep it). In this instance we will erase and confirm deletion with you within 28 days of a formal request.

l. Data Risks and Protection Policies

i. Data risks are mitigated in a multitude of ways. We have endeavoured to reduce security risks by streamlining our data collection and processing procedures as much as possible, and with as few people being privy to or manually processing data as possible.

ii. All of our data processing partners are GDPR compliant and have their own policies should you wish to know more.

iii. All of our customer data is protected with up-to-date safeguards and checks including 2 level security (password protection and encryption where possible,plus anti-virus and anti-malware software) .

iv. All staff who collect or process your data can access only what is necessary for them to do their job, and are trained in our data protection procedures and policies. m. Data Breaches

i. In the event of any data breach (defined as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data) we will inform the ICO immediately, unless it is unlikely to result in a risk to the rights and freedoms of individuals.

ii. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also inform those individuals immediately.

iii. In all cases we will keep a record of any data breaches.