GENERAL DATA PROTECTION REGULATION 

 

Policy for Body Rock Dance Academy (BRDA) 

 

Statement 

 

GDPR stands for General Data Protection Regulation and replaces the previous Data Protection 

 

Directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018. 

 

How is your data used? 

 

Security and safety is very important to us at BRDA. In line with the new General Data Protection Regulations we have updated our terms of service and how we use and process your data which you can read below. 

 

Your personal data will be handled and processed sensitively by the school Principals Natasha Cross, Tara Nolan and James Leigh. 

 

Personal details are kept only for the purposes of running the school efficiently. Data will be kept secure at all times. We will only submit your information to a relevant third party in the event we have a safeguarding concern and/or we are required by government bodies or law enforcement agencies to do so. The only other place your data is shared is on our fully compliant GDPR online software. 

 

GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. BRDA is committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents, visitors and staff personal data. The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly. 

 

Storage and use of personal information

 

Your information will be obtained directly via e-mail communication and our encrypted online submission form, Facebook messaging (if you choose to contact us that way) or phone call, but never through a third party. All data is stored on our software company DanceBiz which is a fully GDPR compliant online platform. We use this data for registers on a weekly basis, to keep track of attendance, class schedules and invoicing. Staff have access to class registers only via the Dance Biz app on their phones. All staff have password protected moblies and all staff are compliant to the regulations of GDPR. 

 

If at any point you and your child decide to leave BRDA we will delete any past e-mail communication and your information from the database. Once enrolled at the school, our main point of contact is via email. However, we may phone you if necessary. We also have a Facebook page (Body Rock Dance Academy) which you can contact us on and we will reply. Text messages/Facebook messages may be sent to you in the event of class alterations, cancellations, reminders or a last minute update. 

 

Information about individual children is used in certain documents, such as, a weekly register, medication forms, referrals to external agencies and disclosure forms. These documents include data such as children's names, date of birth and sometimes address. These records are shredded after the relevant retention period and kept in a lockable storage case when not in use. In the event we need to pass your information on to any other relevant third parties such as the Imperial Society of Teachers of Dancing in order to register and enter your child for their dance exams or to your local authority in order to process licensing for school productions, then we will seek your permission separately and will only pass on your information if you have have given us your permission. BRDA collects a large amount of personal data every year including; names and addresses of those on the waiting list. These records are shredded if the child does not attend or added to the child’s file and stored appropriately. BRDA stores personal data held visually in photographs or video clips or as sound recordings, unless written consent has been obtained. No full names are stored with images in photo albums, displays, on the website or on BRDA's social media sites. In the event you have completed an enquiry or registration form on the BRDA's website or sent us your personal details by other means and subsequently decide not to proceed with enrolling at the school, we will delete your details from our database at your request. If we do not hear any further communication from you and you have not enrolled at the school within 6 weeks of submitting your information via our enquiry forms, we will assume you no longer wish to join the school and your information will be deleted from our GDPR compliant software. Access to all Office computers is password protected. When a member of staff leaves the company these passwords are changed in line with this policy and our Safeguarding policy. Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a locked filing cabinet. 

 

GDPR means that BRDA must; 

 

* Manage and process personal data properly 

* Protect the individual’s rights to privacy 

* Provide an individual with access to all personal information held on them 

 

GDPR includes 7 rights for individuals 

 

1) The right to be informed  

BRDA is required to collect and manage certain data. We need to know parent’s names, addresses, telephone numbers, email addresses. We need to know children’s’ full names, addresses, date of birth, along with any SEN requirements. We need to know visits names, telephone numbers, and where appropriate company name. This is in respect of our Health and Safety and Safeguarding Policies. As an employer BRDA is required to hold data on its Teachers; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers, photographic ID such as passport and driver’s license, bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK. This information is sent via a secure file transfer system to Capita for the processing of DBS checks. DBS Numbers and date of issue are also held on a central staffing record. BRDA uses Cookies on its website to collect data for Google Analytics, this data is anonymous.

 

2) The right of access

At any point an individual can make a request relating to their data and BRDA will need to provide a response (within 1 month). BRDA can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.

 

3) The right to erasure

You have the right to request the deletion of your data where there is no compelling reason for its continued use. However BRDA has a legal duty to keep children’s and parents details for a reasonable time*, BRDA retain these records for 3 years after leaving pre-school, children's accident and injury records for 19 years (or until the child reaches 21 years), and 22 years (or until the child reaches 24 years) for Child Protection records. Staff records must be kept for 6 years after the member of leaves employment, before they can be erased. This data is archived securely onsite and shredded after the legal retention period.

 

4) The right to restrict processing

Parents, visitors and staff can object to BRDA processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.

 

5) The right to data portability

BRDA requires data to be transferred from one IT system to another; such as from BRDA to the Local Authority, for performance BOPA licences, and dance Associations for examinations. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR. 

 

6) The right to object 

Parents, visitors and staff can object to their data being used for certain activities like marketing or research.

 

7) The right not to be subject to automated decision-making including profiling

 

Automated decisions and profiling are used for marketing based organisations. BRDA does not use personal data for such purposes. 

 

 

This Policy was adapted at a meeting at BRDA in May 2018 

 

Signed on behalf of Body Rock Dance Academy 

 

NATASHA CROSS

TARA NOLAN

JAMES LEIGH

 

Policy review date: May 2020