General Data Protection Regulations 2018
In accordance with the GPDR Statement:
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018. GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals.
What we do at Bluebirds Ballet School;
Bluebirds Ballet School is committed to protecting the rights and freedoms of individuals with respect to the processing of children’s, parents, visitors and staff personal data. The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
- We do not disclose or sell personal data to third parties.
- We do not disclose personal data to other members of The School and their families.
- The School uses ThinkSmart Software as its back-office software (data processor) that in its turn does not disclose or sell personal data to third parties (a separate statement from ThinkSmart will follow).
- The School uses contact numbers and emails for newsletters, updates, whole school and individual communication, invoices and general information. Such data is stored on our back-office system and not on teachers’ or administrators’ personal devices. We do not store hard (paper) copies
- Teachers access contact numbers via the back-office software, which is protected by individual passwords. Phone numbers are accessible via the software for the use of emergency contact only.
- Teachers should not be contacted directly on their personal phones; all contact/communication should be channeled via the office, to ensure we comply with the regulations.
Student information (name, date of birth and class level) is used for the following purposes: weekly registers, medication forms, class progression and examination documentations. Such information is stored on the back office system or on The School’s desktop – which are both password protected. Should ever a document be printed (in case of emergency or for organisational purposes), such document will never include a contact number or address. Such hard-copy records are shredded after the event.
Bluebirds Ballet School collects personal data every year including; names and addresses of those on the waiting list. These records are deleted if the child does not attend or added to the child’s online file and stored appropriately on the back-end system.
Bluebirds Ballet School stores photographs, video clips or sound recordings. The School has now password protected its photo gallery on its website. Parents will be asked if The School can publish a photo or video containing their child (i.e. permission will be requested). However, it should be noted that no names are/will be stored with images in photo albums, displays, on the website or on The School’s social media sites.
Access to the ThinkSmart software, The School’s email account, website, personal data, social media accounts, newsletters and examination details are password protected and is not available to members of the public, members of The School or its teachers. The Principal and Commercial Director have sole access to all this data. When a member of staff leaves Bluebirds Ballet School all passwords are changed in line with this policy. Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a locked filing cabinet.
GDPR includes 7 rights for individuals:
1) The right to be informed
Bluebirds Ballet School is registered with Royal Academy of Dance (RAD) and as so, is required to collect and manage certain data. The School collects parent’s and or guardian’s names, addresses, emergency telephone numbers and email addresses. We also collect children’s’ full names, addresses, date of birth along with any medical requirements and are stored via a secure back-office software as detailed above. This is in respect of our Health and Safety and Safeguarding Policies. As an Employer of Self Employed practitioners, Bluebirds Ballet School is required to hold data on its teachers such as names, addresses, email addresses, telephone numbers and bank details. Information such as Disclosure and Barring Service checks (DBS), personal Public Liability insurance, First Aid Certificate’s, Membership details and any qualification’s. This information stored via a secure electronic backoffice system or on The School’s secured desktop. No paper records exist.
2) The right of access
At any point an individual can make a request relating to their data and Bluebirds Ballet School will need to provide a response (within 1 month). Bluebirds Ballet School can refuse a request, should we have a lawful obligation to retain data, but we will inform the individual of the reasons for the rejection.
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Bluebirds Ballet School has a legal duty to keep student and parents details for a reasonable time*. Bluebirds Ballet School retain any records relating to student’s accident and injury records for 19 years (or until the child reaches 21 years), and 22 years (or until the child reaches 24 years) for Child Protection records. Self Employed teaching records will be erased when the member of leaves their position. No hard copy information exists. In the eventuality that a hard-copy has been printed (emergency only), such information is destroyed by means of shredding.
* Bluebirds Ballet School holds personal data while the student is registered at The School. The School requires a written notice (email) of four (4) weeks to leave The School to put into action the erasure of your data. If records of this is not found, The School will continue to use your data for School purposes only.
4) The right to restrict processing
Parents, visitors and staff can object to Bluebirds Ballet School processing their data. This means that records can be stored but must not be used in any way, for example General Emails about School news and updates and Teachers2Parents text service. In this situation, The School has no obligation to refund any classes missed or cancelled due to ‘lack of communication’. It will be the parents’ responsibility to ensure they are informed about the Termly event’s happening at The School.
5) The right to data portability
Bluebirds Ballet School requires data, for example registration details to be transferred from student, to The School. The School also needs to provide data such as student DOB and exam numbers to be able to enter students in RAD Exams and Auditions. In this case recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Parents, visitors and staff can object to their data being used for certain activities like marketing or research. It should be noted that at Bluebirds Ballet School we do not use such data for marketing and research!
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing-based organisations such as social media companies. Bluebirds Ballet School does not use personal data for such purposes.
The School’s Policy and Regulations will be published on its website prior to 25th May 2018.
This Policy was issued by Nicole Becker (Commercial Director) and Emma Dalton (Principal and Director) of Bluebirds Ballet School of Dancing in May 2018.
Policy review date: October 2018