GDPR stands for General Data Protection Regulation and replaces the previous Data Protection.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individual’s data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. Harrington Dance Academy is committed to protecting the rights and freedoms of individuals with respect to the processing of children’s, parents, visitors and staff personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
Harrington Dance Academy is registered with the ICO (information Commissioners Office). Certificates are on display in reception.
GDPR includes 7 rights for individuals
1)The right to be informed.
Harrington Dance Academy is a registered Performing Arts provider with IDTA and as so, is required to collect and manage certain data. We need to know parent’s full names, addresses, telephone numbers, email addresses. We need to know children’s full names, addressees, date of birth and Education school, along with any SEN requirements. We are requested to provide this data to Essex County Council, Southend Council and other performing council areas; this information is sent to the local Authority via a secure electronic file transfer system.
We are required to collect certain details of visitors to our academy. We need to know visitor’s names, telephone numbers, and where appropriate company name. This is in respect of our Health and Safety and Safeguarding Policies.
As an employer Harrington Dance Academy is required to hold data on its teachers; names, addresses, telephone numbers, date of birth, National Insurance numbers, photographic ID such as a passport and driver’s licence, bank details. This information is also required for Disclosure and Barring Service (DBS) and proof of eligibility to work in the UK. This information is sent via a secure file system file to capita for the processing of DBS checks. DBS numbers and date of issue are also held on a central staffing record.
2) The right of access
At any point an individual can make a request relating to their data and Harrington Dance Academy will need to provide a response (within 1 month). Harrington Dance Academy can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Harrington Dance Academy has a legal duty to keep children’s and parent’s details for a reasonable time. Harrington Dance Academy retain these records for 3 years after leaving pre-school, children’s accident and injury records for 19 years (or until the child reaches 21 years), and 22 Years (or until the child reaches 24 years) for child protection records. Staff records must be kept for 6 years after the member of leaves employment, before they can be erased. This data is archived securely onsite and shredded after the legal retention period.
4) The right to restrict processing
Parents, visitors and staff can object to Harrington Dance Academy processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.
5) The right to data portability
Harrington Dance Academy requires data to be transferred from one IT system to another; such as from Harrington Dance Academy to the local authority, for performance BOPA licences, and dance Associations for examinations. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Parents, visitors and staff can object to their data being used for certain activities like marketing and research.
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organisations. Harrington Dance Academy does not use personal data for such purposes.
Storage and use of personal information.
Harrington Dance Academy uses Dance Biz a dance school software programme called think smart. Extensive cyber security work has proved that the software is secure and safe. Security results have shown that after 8 years of constant security updates and procedures by the IT team ensures that all costumers data is secure and inaccessible by any unrecognised third parties. All data is stored within think smart software via a cloud based server this server is hosted in the UK and not outside of the EEA. All software is installed on password protected computers and can only be accessed by the data controller.
All paper copies of children’s and staff records are kept in a locked filing cabinet in the office at Harrington Dance Academy.
Information about individual children is used in certain documents, such as a weekly register, medication forms, referrals to external agencies and disclosure forms. These documents include data such as children’s names, date of birth and sometimes address. These records are shredded after the relevant retention period.
Harrington Dance Academy collects a large amount of personal data every year including; names and addresses of those on the waiting list. These records are shredded if the child does not attend or added to the child’s file and stored appropriately.
Information regarding families’ involvement with other agencies is stored electronically which is password protected this information is kept in a locked filling cabinet in the office. These records are shredded after the relevant retention period.
Harrington Dance Academy does not store personal data held visually in photographs or video clips or as sound recordings, unless written consent has been obtained by parents. No names are stored with images in photo albums, displays, on the website or on Harrington Dance Academy’s social media sites.
Access to all office computers is password protected. When a member of staff leaves the company, these passwords are changed in line with this policy and our Safeguarding policy. Any portable data storage used to store personal data, e.g USB memory stick, are password protected and stored in a locked filling cabinet.
GDPR means that Harrington Dance Academy must
The policy was adapted at a meeting at Harrington Dance Academy in May 2018 singed on behalf of Harrington Dance Academy.
Policy Review Date – November 2018