Aug 01, 2021 03:00 PM
General Data Protection Regulation Policy Statement.
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection Directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. The Performing Arts Academy is committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents, visitors and staff personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1. The right to be informed
The Performing Arts Academy is a registered Performing Arts provider with ISTD and as so, is required to collect and manage certain data. We need to know parent’s names, addresses, telephone numbers, email addresses. We need to know children’s’ full names, addresses, date of birth and Education school, along with any SEN requirements. We are requested to provide this data to Hampshire County Council & other performing council areas; this information is sent to the Local Authority via a secure electronic file transfer system.
We are required to collect certain details of visitors to our Classes. We need to know visits names, telephone numbers, and where appropriate company name. This is in respect of our Health and Safety and Safeguarding Policies.
As an employer The Performing Arts Academy is required to hold data on its Teachers; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers, photographic ID such as passport and driver’s license, bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK. This information is sent via a secure file transfer system to Capita for the processing of DBS checks. DBS Numbers and date of issue are also held on a central staffing record.
2. The right of access
At any point an individual can make a request relating to their data and The Performing Arts Academy will need to provide a response (within 1 month). The Performing Arts Academy can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. If you feel your data is breached in any way you have the right to complain to the ICO (Information Commissioners Office)
3. The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However The Performing Arts Academy has a legal duty to keep children’s and parents details for a reasonable time. The Performing Arts Academy retain these records for as long as you/your child is attending classes and for three months after they stop attending. If kept electronically, data is deleted from our database and paper records are archived until being shredded after the retention period.
If you are still receiving e-mails from us but your son/daughter no longer attends classes its because you ticked the consent form for being part of our TPA Academy database which keeps you up to date on new classes and events.
If you would prefer not to hear from us simply e-mail firstname.lastname@example.org and ‘opt out’ and I will remove you from the mailing list.
4. The right to restrict processing
Parents, visitors and staff can object to The Performing Arts Academy processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.
5. The right to data portability
The Performing Arts Academy requires data to be transferred from one IT system to another; such as from The Performing Arts Academy to the Local Authority, for performance BOPA licences, and dance Associations (ISTD/LAMDA) for examinations. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6. The right to object
Parents, visitors and staff can object to their data being used for certain activities like marketing or research.
7. The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organisations. The Performing Arts Academy does not use personal data for such purposes.
Storage and use of personal information
All paper copies of children's and staff records are kept in a secure office at The Performing Arts Academy, Southampton. Members of staff can have access to these files but information taken from the files about individual children is confidential and apart from archiving, these records remain on site at all times. These records will be kept for the duration that a child is a member of The Performing Arts Academy and will be shredded after 3 months of non-attendance.
Information about individual children is used in certain documents, such as, medication forms, referrals to external agencies and disclosure forms. These documents include data such as children's names, date of birth and sometimes
address. Class registers are stored electronically and are password protected. Pupil’s data and contact details will be removed from registers once they no longer continue attendance.
The Performing Arts Academy collects personal data every year including; names and addresses of those on the waiting list. These records are shredded or deleted, if the child does not attend or added to the child’s file and stored appropriately.
The Performing Arts Academy stores personal data held visually in photographs or video clips or as sound recordings, written consent has been obtained via The Performing Arts Academy Registration Form. No names are stored with images in photo albums, displays, on the website or on The Performing Arts Academy social media sites.
Access to all Office computers is password protected. When a member of staff leaves the company these passwords are changed in line with this policy and our Safeguarding policy. Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a secure office.
GDPR means that The Performing Arts Academy must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them
This Policy was adapted at a meeting at The Performing Arts Academy in Feb 2021 (Review Date: 01/08/2022) Signed on behalf of The Performing Arts Academy
_____________________________ Stacey Wilson
If you have any questions about how your data is used, need to update it, delete it, or would like a copy of the data we hold on you, please contact Stacey Wilson directly.