top of page

Dance Shack Data Protection Policy


Introduction


Dance Shack is committed to safeguarding the personal data of its students, parents, staff, franchisees, and other stakeholders. This policy outlines our approach to ensuring compliance with data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.


1. Purpose

The purpose of this policy is to:

  • Ensure that personal data is handled lawfully, fairly, and transparently.

  • Protect the rights of individuals whose data we collect, store, and process.

  • Prevent unauthorized access, misuse, or loss of personal data.


2. Scope

This policy applies to:

  • All Dance Shack staff, contractors, and franchisees.

  • All personal data processed by Dance Shack, whether held electronically or in physical records.


3. Key Principles

Dance Shack adheres to the following principles for processing personal data:

  1. Lawfulness, Fairness, and Transparency: Data is collected and processed in a lawful, fair, and transparent manner.

  2. Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

  3. Data Minimization: Only the data necessary for the intended purposes is collected and processed.

  4. Accuracy: Personal data is kept accurate and up to date.

  5. Storage Limitation: Data is retained only as long as necessary for the purposes for which it was collected.

  6. Integrity and Confidentiality: Personal data is processed securely to prevent unauthorized access, loss, or damage.


4. Data We Collect

Dance Shack collects personal data for the following purposes:

  • Students and Parents:

  • Names, addresses, contact details, and date of birth.

  • Medical information (where necessary for class safety).

  • Payment information for tuition and fees.

  • Staff and Franchisees:

  • Employment or contract details, tax information, and references.

  • Contact details and identification documents.

  • Marketing and Enquiries:

  • Names and contact details of individuals expressing interest in our services.


5. How We Use Data

We process personal data for the following reasons:

  • To provide dance and performing arts classes.

  • To manage student enrolment and attendance.

  • To communicate with parents, students, staff, and franchisees.

  • To process payments and administer accounts.

  • To comply with legal and regulatory requirements.

  • To improve services through feedback and analysis.


6. Sharing Data

Dance Shack will not sell, rent, or trade personal data to third parties. However, data may be shared:

  • With service providers (e.g., payment processors or IT support) under strict confidentiality agreements.

  • With regulatory authorities, if required by law.

  • Within the Dance Shack franchise network for operational purposes.


7. Data Security

Dance Shack implements the following measures to protect personal data:

  • Secure storage of physical records in locked cabinets.

  • Encryption and password protection for electronic records.

  • Regular staff training on data protection and confidentiality.

  • Access controls to ensure only authorized personnel can access sensitive data.


8. Data Retention

Personal data is retained for as long as necessary to fulfill its purpose or as required by law. For example:

  • Student records: Retained for 6 years after the student leaves Dance Shack.

  • Financial records: Retained for 7 years for auditing purposes.


9. Individual Rights

Individuals have the following rights regarding their personal data:

  1. Right to Access: Request access to the personal data we hold.

  2. Right to Rectification: Request correction of inaccurate or incomplete data.

  3. Right to Erasure: Request deletion of personal data, where applicable.

  4. Right to Restriction: Request restricted processing of data under certain circumstances.

  5. Right to Data Portability: Request a copy of personal data in a structured, commonly used format.

  6. Right to Object: Object to processing based on legitimate interests or direct marketing.

  7. Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.


10. Data Breaches

In the event of a data breach:

  • Dance Shack will notify affected individuals and the Information Commissioner’s Office (ICO) within 72 hours if the breach poses a risk to individuals’ rights.

  • A thorough investigation will be conducted, and corrective actions will be taken.


11. Accountability and Compliance

Dance Shack takes full accountability for data protection by:

  • Being registered with the Information Commissioner’s Office (ICO) under registration number [Insert Registration Number]. This ensures compliance with UK data protection laws.

  • Appointing a Data Protection Officer (DPO) to oversee compliance.

  • Regularly reviewing this policy and updating procedures as needed.

  • Conducting audits to ensure adherence to data protection regulations.


12. Contact Information

For questions or concerns about data protection, or to exercise your rights, contact:


Dance Shack Data Protection Officer
Email: garth@danceshack.co.uk
Address: Dance Shack, Toll Cottage, Dorking Road, Tadworth, SURREY, KT20 7NY
Phone: 01372 650464


13. Policy Review

This policy will be reviewed annually or whenever there are significant changes in data protection laws or Dance Shack’s operations.


By adhering to this Data Protection Policy, Dance Shack ensures the privacy, security, and trust of all stakeholders, maintaining its reputation as a reliable and responsible organization.

bottom of page