DanceSyndrome Data Protection and Privacy Statement
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 2018 (the DPA 2018) and the General Data Protection Regulation (the GDPR).
We take your data privacy seriously, as we always have. DanceSyndrome staff are all fully trained in applicable Data Protection legislation and we have gained certification of compliance from an external verifier.
2. Who are we?
DanceSyndrome is a data controller. This means we decide how your personal data is processed and for what purposes.
3. How do we process your personal data?
DanceSyndrome complies with its obligations under the DPA 2018 and GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes: –
- If you haven’t already given us consent to send you our email newsletter, you can do this by email at firstname.lastname@example.org or you can visit the Keeping in Touch page on our website. If you don’t do this, we can’t keep you up to date with our latest news. You can change your mind and opt out at any time.
- We process personal data from our contacts, which covers both potential and prior service users. This information is entered into the system after contact is made between a staff member of DanceSyndrome and a service user.
- We collect personal data for our people as part of the administration, management and promotion of our business activities. Our staff handbook explains further how personal data is held for our staff and partners.
- Where an individual is applying to work for DanceSyndrome, personal data is collected through the application process. Data collected for this purpose will be used for employment and to make informed management decisions and for administration purposes.
- We have a contact form on our website where we may collect your name and email address. We may also collect your opt-in consent to keep you up to date with our news and services.
4. What is the legal basis for processing your personal data?
Under the DPA 2018 and GDPR, the main grounds that we rely upon in order to process your information are the following:
a) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
b) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your Information for the purposes of our legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected.
c) Consent – we may ask for your consent to process your Information in a particular way.
d) Vital interests – we may process personal data on the basis on vital interests if processing is necessary to protect someone’s life.
e) Necessary for contract – we may process your personal data to fulfil our contractual obligations to you, or because you have asked us to do something before entering into a contract (for example, providing a quote).
f) Public Task – We may rely on this legal basis to process data to perform a specific task in the public interest that is set out in law.
5. Sharing your personal data
DanceSyndrome will never sell your data. We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
Personal data held by us may be transferred to:
- Third party organisations that provide applications/functionality, data processing or IT services to us
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
- Third party organisations that otherwise assist us in providing goods, services or information
- Law enforcement or regulatory agencies or those required by law or regulations
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
6. How long do we keep your personal data?
DanceSyndrome will store your data for the duration of the project that you are involved with or until our relationship ends
In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.
7. Your rights and your personal data
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights as follows:
- Individuals may request access to their personal data held by us as a data controller.
- Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.
- Individuals may request that we erase their personal data
- Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
- Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
- Individuals may request information about, or human intervention into, any automated data processing that we may undertake.
If you wish to exercise any of these rights, please send an email to email@example.com.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
If you have any concerns about how we handle your data, please get in touch a member of our team, who have all been trained in these new data protection regulations. You can email firstname.lastname@example.org or call 07597 942494.
DanceSyndrome’s nominated Data Protection Officer (DPO) is Sarah Calderbank who can be contacted directly at email@example.com or 07597 942494.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.