Legal notice

Please find below details of our privacy policy. A full paper copy can be found at the studio and you are welcome to review and rescind your data compliances at any time.

 

 

 

 

Policy:

Data Protection (GDPR)

Date Adopted:

Date of last review: 

To be reviewed next before/on:

2008 (DPA) Updated 2018

(GDPR)

21/5/2019

21/5/2020

Purpose and Statement:

DanceMax Studio is committed to ensuring the data processed by our organisation remains safe and secure. 

 

This policy has been written in line with legislative change, including both the Data Protection Act (1998) and the EU’s General Data Protection Regulation (GDPR). 

 

DanceMax Studio has determined the lawful reasons with which it processes personal data:

  • Legal obligation – GDPR Article 6(1)(c)
  • Legitimate interest – GDPR Article 6(1)(f)
  • Contract - GDPR Article 6(1)(b)

 

 

Main Aims for the policy:

  • Specify the data DanceMax collect, how it is stored/protected and the reason for collecting it
  • State how DanceMax use personal data in processing
  • Disclose who has access to the data and how long we retain information for
  • Explain Data Subject’s rights with data including access, rectification and erasure

 

Distribution:

  • To be displayed on the DanceMax website
  • This policy will be sent directly to members of the public on request
  • Paper copy of policy to be held in the studio accessible to all
  • Confirmation of receipt of information - Signed statement from recipient to be          

held on file

 

Review and monitoring of policy:

  • Reviewed annually or in instances of legislative change
  • Monitoring is part of Management and Supervision

 

 

 

 

 

The following policy is based on the below principles:

The GDPR includes the following rights for individuals:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making including profiling

 

General Principles

DanceMax is committed to providing fair and understandable privacy policies in relation to personal data.

DanceMax will, at all times, keep data in secure locations (including, but not limited to, encrypted and access restricted files) and not retain data unnecessarily or past the retention length as set out in this policy.

In the rare instance a data processor that is not a DanceMax employee is used, such as a third party, the data subject will either be asked for consent pre to supplying the data or be notified and have the right to object to processing. 

 

Participants and Customers

 

How DanceMax collect personal data:

DanceMax customers and participants supply their personal data when signing up for classes through our registration form via paper form, or our contact form on the website.

This is either completed by a parent/guardian or the child themselves if they deemed able to do so.

 

Why DanceMax collect personal data:

To attend any of DanceMax’s activities participants/parents/guardians must agree to some processing of their personal data. This is due to Legitimate Interests – GDPR Article 6(1)(f), Legal Obligation GDPR Article 6(1)(c), Contract - Article 6(1)(b) and/or Consent - Article 6(1)(a).

 

Should DanceMax be unable to process participant’s data, we would be contravening both our Health & Safety and Child Safeguarding policies. We would also be ignoring best practice regarding working with children/vulnerable adults. 

 

Our participants must remain safe at all times, therefore information about participants must be collected in order to create registers and accurate student records. This information is also used to provide students with appropriate classes, including dividing students into age groups.

 

As physical activity providers it is essential that this consent is given should a participant have any medical/disability needs. This allows us to incorporate participants safely into classes. It is also used in assessing if we can incorporate participants safely into classes.

 

 

What data we collect:

Personal data and some special category is collected. 

It is essential to our primary function (providing classes to participants) that we are provided, and allowed to process and store the following:

       Participant Personal Data:

  • Full Name - GDPR Article 6(1)(f)
  • Date of Birth - GDPR Article 6(1)(f)
  • Permission to go home alone -  GDPR Article 6(1)(f)

Participant Special Category Data:

  • Medical Information/History – GDPR Article 9 (a)
  • Disability Information - GDPR Article 9 (a) 

Parent/Guardian Personal Data:

  • Name - GDPR Article 6(1)(f)
  • Email Address - GDPR Article 6(1)(f)
  • Mobile Telephone Number - GDPR Article 6(1)(f)
  • Work/Home Number - GDPR Article 6(1)(f)
  • Emergency Contact Number - GDPR Article 6(1)(f)

 

 

 

How data collected is sent internally:

DanceMax transports data with all due diligence. 

 

Contact forms are sent to DanceMax through an encrypted email server directly from our website which has controlled access.

 

Storage/Retention of data:

Hard copies of registers and emergency contacts are carried by authorised staff members. They are locked away while not in use. When they are no longer in use or out-dated, they are destroyed thoroughly.  

 

Our standard retention policy (without the data subject’s right to access, rectification and erasure etc.) is THREE YEARS post final attendance.

Exceptions to our retention policy:

  • Financial records are kept for 6 years due to legal obligation
  • First Aid records are kept for 21 years due to legal obligation
  • Child Safeguarding records are kept indefinitely on a case-by-case basis, the minimum these will stored for is 6 years due to legal obligation

 

 

Child Performance Licensing:

In order to process child performance licences in the event DanceMax holds a show, we are legally required to provide some personal data to local councils (including but not limited to: full name, date of birth and school details). This is an optional consent, which will be sought at the time of sending participation consent forms. DanceMax is satisfied that their GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

 

Child Safeguarding Concerns:

In the unlikely event DanceMax has a safeguarding concern in relation to one of participants, we are legally required to provide data to the safeguarding board at the local council. 

DanceMax is satisfied that their GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

 

 

Examination Entry:

In order to enter examinations, DanceMax must provide some personal data to examination boards. This sharing of data is to be consented to by the data subject and/or parent/guardian upon being entered for the exam.

 

Competition Entry:

In order to enter participants into examinations, DanceMax must provide some personal data to governing bodies and dance competition organisers.  This sharing of data is to be consented to by the data subject and/or parent/guardian upon being entered for the competition.  Governing bodies include the Association of Dance and Freestyle Professionals (ADFP), the British Dance Council (BDC) and the Freestyle Rules Committee (FRC). 

 

 

Freestyle competitors who wish to register with the ADFP will be asked to provide the relevant registration details to allow the ADFP to register the child on their systems and provide the child with a status card.  This process is repeated annually for status card renewal, as well as when any changes to the child’s status occurs, such as a birthday (changing age group) or a change of grade due to loss of lives. 

DanceMax is satisfied that the ADFP GDPR processes are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

 

As part of the process of entering other dance competitions/festivals, organisers/promoters require details such as the name and age of a child as well as their status or grade.  This is to ensure that they are correctly entered into a competition and are dancing in the right section. 

DanceMax will only enter such competitions if they are satisfied that the organisers GDPR processes are thorough and any data will be stored in a secure environment, and not unnecessarily retained.  DanceMax will request copies of policies in advance of registering to attend any event.  This will be done on a case by case basis.

 

Workshops/Training/Coaching

From time to time DanceMax may participate in internally or externally organised dance-based activities, where it may be necessary to provide data such as the name of a child and an emergency contact.  Should DanceMax be unable to process participant’s data, we would be contravening both our Health & Safety and Child Safeguarding policies.  We would also be ignoring best practice regarding working with children/vulnerable adults. 

 

DanceMax will only participate in such workshops/training/coaching if they are satisfied that the organisers GDPR processes are thorough and any data will be stored in a secure environment, and not unnecessarily retained.  DanceMax will request copies of policies in advance of registering to attend any event.  This will be done on a case by case basis.

 

 

 

Rights of the data subject and DanceMax compliance with responses:

Any data subject with personal data stored within DanceMax is entitled to the rights of:

 

  • Access 

You may contact DanceMax at any time to access all data held relating to you and/or your child(ren). DanceMax will ensure that we respond to a subject access request without undue delay and within one month of receipt. If the information request will also include data regarding others, DanceMax has the right to refuse the request or take steps in order to obtain consent from other involved parties.

The right of access does not apply to DanceMax’s legal obligations such as Child Safeguarding records.

 

  • Rectification

You may contact DanceMax at any time in order to rectify data held relating to you and/or your child(ren). DanceMax will ensure that we respond to a rectification request without undue delay and within one month of receipt.

 

 

  • Restrict Processing

You may contact DanceMax at any time in order to restrict the data we process relating to you and/or your child(ren). DanceMax will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.

However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with DanceMax until the restriction is lifted. This is due to Health and Safety and Child Safeguarding.

 

  • Data Portability

You may contact DanceMax at any time in order to obtain the data we process relating to you and/or your child(ren) and reuse it across different services. DanceMax will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.

Please note, this does not apply to DanceMax’s legal obligations.

 

  • Objection

You may contact DanceMax at any time in order to object to the processing of data relating to you and/or your child(ren). DanceMax will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.

However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with DanceMax until the restriction is lifted. This is due to Health and Safety and Child Safeguarding.

 

  • Rights related to automated decision making including profiling

You may contact DanceMax at any time in order to object to profiling relating to you and/or your child(ren). DanceMax will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.

However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with DanceMax until the profiling restriction is lifted. This is due to Health and Safety and Child Safeguarding.

DanceMax has a lawful reason for profiling; Legitimate Interests and consent.

None of DanceMax’s decision making is automated. Profiling is only used in circumstances where a participant may have certain health/disability needs which may prevent them from taking part in classes (as it would be unsafe to do so).

 

  • Erasure

               You may contact DanceMax at any time in order to erase data held relating to you and/or

               your child(ren). DanceMax will ensure that we respond to an erasure request without

               undue delay and within one month of receipt.

The right to erasure does not apply to DanceMax’s legal obligations such as First Aid records.

 

 

All verbal requests are noted, and then contacted again either via phone or email to verify the request. Verbal requests will be responded to in the time frames mentioned above.

 

Photos/Videos of Participants

 

DanceMax often use footage/photos used from shows, performances and classes for marketing purposes both in print media and the website. Participants/their parent and/or guardians may choose if they do not wish themselves/their child to be depicted.

 

Some attendees at events may film/take photos for their own personal use (e.g. parents of other participants). Participants/their parent and/or guardians may choose if they do not wish themselves/their child to be depicted.

 

 

Social Media

DanceMax regularly share photos/videos of students in workshops, events and performances through social media platforms including; Instagram, Facebook, Twitter, email. These will never be shared with any identifying information (age, location etc.). There may be times where we will share first names, but only with the explicit consent of the parents.

 

 

 

 

Complaints and Data Breeches 

 

Complaints:

Complaints in regard to the handling of any personal data can be made directly to DanceMax’s DPO:

Kirstin McGuigan

6-10 Newmarket Street, Consett, Co Durham, DH8 5LQ

07969137076

If you feel that your complaint was not handled in the correct manner, or still have concerns, you may escalate the complaint by contacting the Independent Commissioner’s Office (ICO).  ICO Telephone Number: 0303 123 1113

 

Data Breeches:

If DanceMax experiences a data breech of any kind, we have a legal obligation to report this to ICO within 72 hours. The data breech will be reported by the DPO. In the instance they are unavailable to report the breech, the next most senior staff member shall do so.

 

DanceMax will also inform all the victims of the data breech as soon as possible if there is a high risk of adversely affecting individuals’ rights and freedoms.

 

DanceMax will store and record all data breeches.

 

 

 

 

Address

DanceMax Studio

6-10 Newmarket Street

Consett

County Durham

DH8 5LQ

 

 

Call us

Kirstin - 07969137076

Dean - 07805722674

 

If Kirstin is unavailable to take your call due to teaching or competition feel free to call Dean in case of any important matter.

Find us on Facebook - DanceMax

 

Instagram - dancemaxstudio