Enquire Now

GDPR Policy

Last updated: 20/08/2024

Introduction

The Starlight Dance Group Ltd is committed to protecting the privacy and personal data of our students, staff, and other individuals we interact with. This policy outlines our approach to compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Scope

This policy applies to all personal data processed by The Starlight Dance Group Ltd, regardless of the format in which that data is stored or whether it relates to past or present students, staff, or other individuals.

GDPR Principles

We adhere to the principles set out in the GDPR, which require that personal data shall be:

  1. Processed lawfully, fairly, and transparently
  2. Collected for specified, explicit, and legitimate purposes
  3. Adequate, relevant, and limited to what is necessary
  4. Accurate and, where necessary, kept up to date
  5. Kept in a form which permits identification for no longer than necessary
  6. Processed in a manner that ensures appropriate security

Lawful Bases for Processing

We process personal data on the following lawful bases:

  • Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
  • Contract: the processing is necessary for a contract we have with the individual.
  • Legal obligation: the processing is necessary for us to comply with the law.
  • Vital interests: the processing is necessary to protect someone's life.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party.

Individual Rights

We respect and uphold the rights of individuals under GDPR, including:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Data We Collect

We collect and process the following types of personal data:

  • Basic information: names, addresses, email addresses, phone numbers
  • Student information: age, dance level, attendance records
  • Sensitive information: medical conditions, ethnicity (where relevant and with explicit consent)
  • Financial information: payment details
  • Images and video recordings of performances (with consent)

Purpose of Data Processing

We process personal data for the following purposes:

  • To provide dance education services
  • To manage our relationship with students and parents
  • To ensure the health and safety of our students
  • To process payments
  • To promote our services (with consent)
  • To comply with legal obligations

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of the effectiveness of security measures
  • Secure storage of all physical and digital records
  • Access controls and authentication measures

Third-Party Processors

We use PayPal to process payments. When you make a payment, your data will be processed by PayPal in accordance with their privacy policy. We ensure all third-party processors we use are GDPR compliant.

International Transfers

We do not transfer personal data outside the European Economic Area (EEA) or UK.

Data Breaches

We have procedures in place to deal with any suspected personal data breach. In the event of a breach, we will notify affected individuals and the ICO where we are legally required to do so.

Consent

Where we rely on consent as a lawful basis for processing personal data (such as for marketing purposes or for using images), we ensure that consent is freely given, specific, informed, and unambiguous.

Children's Data

We collect data about children for the purposes of providing our services. We obtain parental consent for processing children's data where required by law.

GDPR Training

All our staff receive regular training on GDPR and data protection matters.

Data Protection Impact Assessments

We carry out Data Protection Impact Assessments (DPIAs) where required for new projects or changes to existing processes that involve high-risk data processing.

Review

This policy is reviewed annually and was last updated on 20/08/2024.

Contact Information

If you have any questions about this GDPR Compliance Policy or wish to exercise your rights under GDPR, please contact us.