Privacy Policy
General Data Protection Regulation Policy
Statement – Lindsey Pollard Dance will never share information about individuals or families without their permission.
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individual’s data is not processed without their knowledge and is only processed with
their ‘explicit’ consent. GDPR covers personal data relating to individuals. Lindsey Pollard Dance is committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents, visitors and staff personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed
Lindsey Pollard Dance is required to collect and manage certain data from customers. We need to know participants’ full names, date of birth, any medical conditions, contact number and email address, as well as emergency contact names, telephone numbers and their relationship to the participant.
2) The right of access
At any point an individual can make a request relating to their data and Lindsey Pollard Dance will need to provide a response (within 1 month). Lindsey Pollard Dance can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Lindsey Pollard Dance has a legal duty to keep details for a reasonable time.* This data is archived securely onsite and shredded after the legal retention period. Lindsey Pollard retain participants’ records, any accident and injury records and safeguarding records for 1 year after leaving our school.
4) The right to restrict processing
Participants’ can object to Lindsey Pollard Dance processing their data. This means that records can be stored but must not be used in any way, for example competition applications, reports or for communications.
5) The right to data portability
Lindsey Pollard Dance requires data to be transferred from one IT system to another; such as from Lindsey Pollard Dance to the Local Authority, for performance licences. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Participants’ can object to their data being used for certain activities like marketing or research.
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organisations. Lindsey Pollard Dance does not use personal data for such purposes.
Storage and use of personal information
All paper copies of participants records are kept in a locked office and in a locked filing cabinet at the Principals home address. Members of staff will only have access to these files with permission and full confirmation from the Principal (Lindsey Pollard) but information taken from the files about participants is confidential and apart from archiving, these records remain on site at all times. These records are shredded after the retention period.
All computer based records are kept on a password protected computer and under encrypted and password protected files.
Information about individuals is used in certain documents, such as, a weekly registers & medication forms. These documents include data such as names, date of birth and an emergency contact number but no addresses. These records are shredded after the relevant retention period.
Lindsey Pollard Dance collects a large amount of personal data every year including; names and addresses of those on our waiting lists and interest list. These records are shredded or deleted if the individual does not attend any activity related to Lindsey Pollard Dance or added to the individual’s file and stored appropriately.
Lindsey Pollard Dance stores personal data held visually in photographs or video clips or as sound recordings. No names are stored with images in photo albums, displays, on the website or on Lindsey Pollard Dance social media sites.
Access to all Office computers are password protected. When a member of staff leaves the company these passwords are changed in line with this policy and our Safeguarding policy. Any portable data storage used to store personal data, e.g. USB memory stick/laptops are password protected and/or stored in a locked office and within this office a locked filing cabinet.
GDPR means that Lindsey Pollard Dance must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them.