DN Academies (“We” or “Us”) is fully committed to safeguarding and promoting the well-being of all students and staff or volunteers associated with Us. Our registered office is DN Studios, The Basement, 4 Hutchison Terrace, Edinburgh, EH14 1QB. For the purpose of this Policy, DN Academies is the data controller and where applicable, the data processor of your information.
This Policy describes how personal data must be collected, handled and stored to meet our data protection standards and to comply with the law.
This Policy together with any other documents referred to on it sets out the basis of:
- What personal data we collect and why
- What we do with your personal data
- How we secure your personal data
- How you can change or request to remove your personal data
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The legal basis in which we process the information we collect is in order for us to provide the Service outlined in our Terms and Conditions. It is in Our legitimate interests which are further explained in ‘How We Use The Information Collected’ section of this Policy.
What information we collect
We will store the following data in relation to students and/or parents/guardians:
- Information collected via our online registration form (including: parent name, email address, contact telephone number, student name, student date of birth, important medical details).
- Occasional class photographs/videos where applicable (as per Photography/Filming Consent);
- observational notes on performance/progress of the students;
- safeguarding concerns.
To comply with GDPR guidelines, personal data will not be kept for longer than is necessary. To comply with the GDPR we agree to:
- store any personally Identifiable data, recorded on paper, securely in a locked drawer or filing cabinet, which is behind at least one locked door;
- store any personally Identifiable data, recorded on a computer/device securely, ensuring at least two passwords and encryption, where possible;
- consider the purpose or purposes of why we hold the information and decide whether (and for how long) it needs to be retained;
- we will securely delete (or shred any hard copies of) information that is no longer required; and
- updating, archiving or securely deleting information every two years.
How we use the information collected
We use the information that we collect in a variety if ways during the operations of our business, including the following:
- To track and acknowledge students enrolled in classes by a password protected register.
- To carry out our obligations during the class timetable.
- To carry out any business essential administrative processes.
- To allow you/your child to participate in extra’s such as exams, performances, competitions, demonstrations.
- To enable DN Dance Babies to provide support to customers and students when requested or required to do so
- Investigate any issues that arise from participating in our classes
- To notify you of any changes to our timetable
- To provide any information you have requested or that we feel may be of genuine interest
to you. These include updates about the services we offer, promotions and general business information. You have the right to opt-out of receiving any promotional information as detailed below under ‘Your Rights’ of this policy.
How we store your data
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the Data Protection Officer. When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for whatever reason:
- When not required, the paper or files will be kept in a locked drawer or filing cabinet.
- Paper and printouts will not be left where unauthorised people could see them (e.g. on a printer).
- Data printouts will be shredded and disposed of securely when no longer required.
- Personal/sensitive data which is stored on USB storage devices will be encrypted – the Data Protection Officer can provide an encrypted USB device, if required.
- When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts.
- If data is stored on removable media (flashdrive), these will be kept locked away securely when not being used.
- Data will never be saved directly to laptops or other mobile devices (such as tablets or smart phones), unless said device is encrypted.
- All servers and computers containing data are securely protected by software and a firewall.
- When working with personal data, staff members will ensure that the screens of their computers are always locked when left unattended.
- Staff members will not have saved copies of personal data on their own computers. It will always be access and updated in the central system ‘Dancebiz’.
The law requires that we take reasonable steps to ensure that data is kept accurate and up to date. DN Academies will take reasonable steps to ensure it is kept as accurate and as up to date as possible.
- Data will be held in as few places as necessary. We not create any unnecessary additional data sets (copies).
- We will take every opportunity to ensure that data is updated.
- We will make it easy for data subjects to update the information that we hold about them.
- Data will be updated as inaccuracies are discovered.
Subject Access Requests
All individuals who are the subject of personal data held by us are entitled to:
- ask what information the company holds about them and why;
- ask how to gain access to it; be informed how to keep it up to date; and
- be informed how the company is meeting its data protection obligations.
If we are contacted by an individual requesting the information held by us, this is called a “subject access request”.
Subject access requests from individuals should be made by e-mail and addressed to the data controller at email@example.com
The data controller can supply a standard request form, although individuals do not have to use this. The data controller will always verify the identity of anyone making a subject access request before handing over any information.
Changes to this Policy