Confidentiality and Data Protection

Dance For All: Confidentiality and Data Protection

Incorporating:

The Data Protection Act 1998 (UK)
The European Union General Data Protection Regulation (EU GDPR)
Our Website Privacy and Cookie Policy: https://www.danceforall.co.uk/privacy-and-cookie-policy/

About the Data Protection Act 1998 (UK)

The Data Protection Act 1998 came into force on 1 March 2000 and the full provisions of the Act came into force on 24 October 2001.

About EU GDPR

On May 25, 2018 the European Union (EU) implemented the General Data Protection Regulation (GDPR) (Regulation (UE) 2016/679). This regulation is intended to strengthen and unify data protection for all individuals within the EU and addresses the export of personal data outside the EU.

To comply with the new regulations we, (Dance For All), must inform you of the personal data we hold, why we hold it, who we share it with, where it is stored.

Your explicit permission is required.

You can opt-in or opt-out via one of our Registration &/or Mailing List forms, via your paper or email registration form, or invoice.

If you opt-out, regrettably, you may be unable to access some or all of Our Services.

Confidentiality and Data Protection Policy

1. Definitions and Interpretation

In this Policy the following terms shall have the following meanings:

“Data” means collectively all information that you submit to DANCE FOR ALL. This definition shall, where applicable, incorporate the definitions provided in the Data Protection Act 1998 (UK) and the European Union General Data Protection Regulation (EU GDPR);

“Service/Services” means in-person services provided by Dance For All, such as dance tuition, classes, full-time and college-level courses, examinations, performances; digital services provided via Our Website, such as blog articles, information, communication facilities and email newsletters; and the management of those services.

“User/Visitor/You/Your/Pupil/Student” means any third party that accesses Our Services &/or Our Website and is not employed by or contracted to DANCE FOR ALL and acting in the course of their employment;

“Website/Site” means the website DANCEFORALL.CO.UK and any sub-domains of the Site unless expressly excluded by their own terms and conditions; and

“We/Us/Our” means DANCE FOR ALL

“Staff” means Our employees and specific contractors, such as regular class teachers and regular college course tutors.

2. Scope of this Policy

This Policy applies only to the actions of DANCE FOR ALL and Users with respect to Services.

3. Data Collected and Held

Dance For All is committed to ensuring that the collection and processing of personal data is only undertaken in the legitimate operation of Our business. We collect and use the following Data for legitimate purposes only and Data is not disclosed to any third party unlawfully.

We do NOT collect or store financial information such as credit/debit card numbers.

Without limitation, any of the following Data may be collected:

3.1 PERSONAL DATA:
3.1.1 name and child/ren’s name (if provided by you);
3.1.2 your &/or your and child/ren’s date of birth &/or age (if provided by you);
3.1.3 contact information such as email addresses, postal addresses and telephone numbers (if provided by you);
3.1.4 demographic information such as profession, preferences and interests (if provided by you);
3.1.5 your messages (if provided by you);

3.1.6 your feedback and reviews (if provided by you);

3.1.7 photos and videos (if permission is given by you);

3.1.8 gender identity

3.1.9 invoice payments;

3.2 Non-personally-identifiable data collected via Our Website:
3.2.1 IP address (automatically collected);
3.2.2 web browser type and version (automatically collected);
3.2.3 operating system (automatically collected);
3.2.4 a list of URLs starting with a referring site, and the site you exit to (automatically collected); and
3.2.5 your activity on this Website (automatically collected);

3.3 SENSITIVE DATA:

3.3.1 health, medical (such as allergies) or learning support requirements, if provided by you – please note this is only collected online via our secure email service provider, not via this website, and you may use alternative means to submit such data.

No personally-identifiable information is used when:
- ordering uniform, dancewear, costume and dance shoes;
- or when sharing photos on our website or on social media, with the exclusion of our college course graduates, whose names and graduating year may be used.

3.4 In addition to choosing what Data you share, you may choose the WAY in which you share Data with us. Data is collected via:

Post
Paper forms and methods
Digital forms and methods
Email
Secure online forms

Please also refer to our Website Privacy and Cookie Policy: https://www.danceforall.co.uk/privacy-and-cookie-policy/

4. Our Use of Data – Why We Hold Personal Data

4.1 DANCE FOR ALL Data users must comply with the eight Data Protection Principles:

Personal data shall be processed fairly and lawfully.
Personal data shall be held only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or purposes.
Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed.
Personal data shall be accurate and where necessary kept up to date.
Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.
Personal data shall be processed in accordance with the rights of data subject under the DPA.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of the data.
Personal data shall not be transferred to a country or a territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

4.1.1 Any personal Data you submit will be retained by DANCE FOR ALL.

4.1.2 Data provided by Users will NOT be sold to third parties.

4.2 Unless we are obliged or permitted by law to do so, and subject to Clause 5, your personal Data will NOT be disclosed to third parties.

4.3 All personal Data is stored securely in accordance with the principles of the Data Protection Act 1998. For more details on security see Clause 11 below.

4.4 Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Services. Specifically, Data may be used by us for the following reasons:
4.4.1 internal record keeping;
4.4.2 improvement of our products/services;

4.4.3 transmission by email or post of information regarding your use of Our Services;

4.4.4 transmission by email or post of promotional materials that may be of interest to you;
4.4.5 contact for market research purposes which may be done using email, telephone, or post;

4.4.6 illustrate, customise or update Our Services.

4.5 With your permission, photographs and videos of our Pupils, Students and Service Users are used for illustrative purposes on our website and may be used on our social media channels and marketing materials.

4.5.1 Photographs and videos of Pupils and Service Users under 18 will NOT have their names or other personally-identifiable data attached;

4.5.2 Photographs and videos of Students and Service Users over 18 MAY have their names attached.

5. Sharing Your Data and Third-Party Services

5.1 DANCE FOR ALL may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to:
5.1.1 Website use;
5.1.2 search engine facilities;
5.1.3 communications and newsletter transmission;

5.1.4 advertising and marketing;

5.1.5 feedback and reviews;

5.1.6 Service use.

Excluding our secure email service provider (if health/medical data is provided by you via email), the providers of such services do NOT have access to sensitive Data provided by Users of Our services.

Third-party providers MAY have access to some personal Data provided by Users of Our services.

5.2 Third-Party providers for in-person Service use include:

5.2.1 Examination Boards:

ROYAL ACADEMY OF DANCE (RAD) Privacy Policy
INSTITUTE OF TEACHERS OF DANCE (ISTD) Privacy Policy
SPANISH DANCE SOCIETY Website

5.2.2 College course-related third parties:

Edinburgh College: Policies Privacy Policy
SQA: Polices

5.2.3 service providers:

Google (email messages; storage of photos, videos, blank forms and marketing files): Policies;
Jeda Pearl Creative (communications, marketing, photography and website management): Privacy Policy and Terms & Conditions including Client Confidentiality;
Backblaze (PC drive and file backup) Security, Privacy Policy, EU Privacy Shield framework & GDPR compliance: GDPR Info;
MailChimp (email newsletters, digital registration forms) Privacy, Terms of Use;
Vrazer (website security) Privacy Policy

5.3 We may share personal and sensitive Data with Dance For All employees and teachers.

A non-exhaustive list of further Third-Party providers, including digital Service use, and first-party Cookies use is within Clause 12 of Our Website Privacy and Cookie Policy.

6. Confidentiality

6.1 PART-TIME PUPILS UNDER 18:

6.1.1 Subject to Clauses 4, 5 and 3.4, Pupils’ personal and sensitive Data are confidential information and will not be shared in full with anyone apart from the Director, the Administrator and the appropriate teachers.

6.1.2 Subject to Clauses 4 and 5, some personally-identifiable Data may need to be shared, for example, for the purpose of examinations we must share a Pupil’s name and date of birth for an Identification Number to be issued.

6.1.3 A register is taken at the start of each class and a record is kept of attendance.

6.1.4 Where applicable, Pupil examination certificates are recorded.

6.2 FULL-TIME COLLEGE STUDENTS:

6.2.1 Subject to Clauses 4, 5 and 3.4, Students’ personal and sensitive Data are confidential information and will not be shared in full with anyone apart from the Director, the Administrator and the appropriate teachers.

6.2.2 Subject to Clauses 4 and 5, some personally-identifiable Data may be shared, for example, video footage for HND unit outcomes.

6.2.3 A record is kept of attendance.

6.2.4 Where applicable, Student achievement in tutorials and Certificate and HND courses are recorded.

6.2.5 The assessment outcomes for the HND units and videos may be audited by Edinburgh College and SQA.

6.2.6 Parent/Guardians of Students will be asked to sign a guarantor agreement for student fees due to Dance For All. This is a binding document.

6.3 ALL SERVICE USERS:

6.3.1 Subject to Clauses 4 and 3.4, if a Pupil, Student, or Service User gives Us information of a sensitive &/or confidential nature, this will be kept confidential. Staff will not assume that the information has been passed on to other members of Staff and will encourage the Pupil, Student, or Service User to allow the information to be passed on to the appropriate person, such as a member of Staff, Parent/Guardian, or medical professional.

6.3.2 Subject to Clause 4, when a Pupil, Student or Service User ends leaves the School permanently they will not be included in the next term’s registers/database.

7. Where We Store Data

Subject to Clauses 4, 5 and 3.4, personal Data is kept on a database on our office PC; and personal, sensitive and confidential information is kept in a secure cabinet and is not available to anyone other than the Director, the Administrator and appropriate teacher.

8. Controlling Use of Your Data

8.1 Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
8.1.1 use of Data for direct marketing purposes;
8.1.2 sharing Data with third parties; and

8.1.3 taking photographs and video footage (see Clause 4).

9. Your Right to Withhold Information

9.1 You may access certain areas of Our Website and some of Our Services (such as our “Drop In” classes) without providing any Data at all. However, to use all features and functions available on the Website and fully use Our services, you may be required to submit certain Data.

9.2 You may restrict your internet browser’s use of Cookies. For more information see Clause 12 of our Website Privacy and Cookie Policy.

9.3 Your explicit permission is required.

9.3.1 You can opt-in or opt-out via our Registration and Mailing List form, via your paper or email registration form, or invoice.

9.3.2 You may “opt-out” of providing certain Data. If you opt-out, regrettably, you may be unable to access some or all of Our Services.

9.4 You may unsubscribe from Our mailing list at any time.

9.5 You may request your Data is rectified, restricted, blocked, erased or destroyed.

9.6 You may notify us of any change in Data permissions, for example, you may request photographs and videos to be removed from this Website by contacting our Website Manager: jeda.dfa@jedapearl.co.uk

10. Your Right to Access Your Own Data

You have the right to ask for a copy of any of your personal Data held by DANCE FOR ALL (where such data is held) on payment of a small fee which will not exceed £10 (the statutory maximum).

11. Security

11.1 Data security is of great importance to DANCE FOR ALL and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected.

11.2 You acknowledge it is impossible to construct “perfect internet security”. We have appropriate security measures in place and many of our third-party providers, such as our email service providers, use encryption.