This Data Protection policy will lay out the procedures undertaken by Theatricool Ltd to ensure that Theatricool is compliant with relevant data protection legislation. It has been written in accordance with the information provided by the IOC (Information Commissioner’s Office) prior to the release of the GDPR (General Data Protection Regulation).
CONTENT:
Last Modified 5 January 2024
1. Establishing a lawful basis for handling data
In accordance with Article 5 (2), This policy will document the ‘lawful basis’ by Theatricool Ltd to handle data. This ‘lawful basis’ is set out in Article 6 of GDPR (General Data Protection Regulation). The lawful basis may be as follows:
(1) Where express consent has been given.
Theatricool Ltd utilises a mailing list in order to communicate updates for new classes. Express consent must be
provide in order to be added.
(2) Where data is required to enable contractual obligations to be fulfilled.
Theatricool Ltd will require personal data in order to enter into a contract such as registering a student.
(3) Legitimate Interests
Data may be collected for legitimate interests such as marketing purposes. This may include the marketing of events.
2. Data processing must be necessary
This policy will ensure that data processing only occurs where necessary and will only be used for achieving a specific purpose. The legal basis of the data collection is determined by the specific purpose and data collection will only occur in a ‘targeted and proportionate’ manner to achieve the purpose of data collection.
3. Data controller
The data controller responsible for this website is ‘Theatricool Ltd’ who can be contacted via our website or by emailing sally@theatricool.co.uk
4. Procedures for ensuring valid consent
Theatricool Ltd stores relevant email addresses to enable mailing list communication relating to news and events. Procedures have been adopted to ensure valid consent has been granted. This includes a direct request to be included onto the mailing list using unambiguous and clear language. The request requires a positive email response to ‘opt in’. This is then followed by a subsequent ‘welcome email’ which documents clearly the right to withdraw consent. All further email communication contains an ‘unsubscribe’ welcome email which documents clearly the right to withdraw consent.
5. Consent Reviews
Consent Reviews will take place every twelve months whereby people will be asked if they wish to withdraw from the mailing list.
6. Gathering data for contractual purposes
In accordance with S6 s(1) b attending as a student will require the collection of data to enable contractual obligations to be fulfilled. This is a necessary procedure and only minimal data will be collected to enable this to take place appropriately. Such data will include:
Students:
- Full name
- Address
- Gender
- Date of birth
- School year
- Email address
- Medical conditions
Parents/Guardians: (If your child is over 16 years of age please ensure you have their permission to share the above information with us.)
- Parents/guardians emergency contact details
- Home/business address
- Telephone number
The above specified information will be used by Theatricool Ltd for the purposes of administration, research, the provision of teaching, services in singing, dance and drama, the organisation of performances and for the administration of Theatricool’s statutory obligations under legislation relating to children. Theatricool Ltd do not disclose this information to third parties for marketing purposes.
7. Safeguarding Privacy
Theatricool Ltd will ensure privacy by engaging fully with the right to be informed. Privacy notices will include the following:
The purpose of processing the data
Who it will be shared with
8. Ensuring right of access to personal data
Theatricool Ltd will allow a right of access to both personal data and supplementary information free of charge. Any requests for information will be provided within one month of receiving the request.
9. Ensuring right to rectification
Theatricool Ltd recognises that an individual has the right to have inaccurate personal data rectified or completed if incomplete.
Requests for rectification can be made either verbally or in writing
Theatricool Ltd will ensure that rectification will occur within one month of the request being made
10. Ensuring right to erasure
Theatricool recognises the rights of individuals to have their personal data erased.
A request for erasure may be made either verbally or in writing
Theatricool will respond to the request within one month of receiving a request for erasure of personal data.
Where data is being processed by Theatricool and a request for erasure is made, the processing of the data will cease
11. Ensuring accountability and governance
In accordance with Article 5 (2) Theatricool Ltd ensures accountability and governance through the following procedures:
Regular internal audits
Appropriate training
Maintenance of relevant processing documentation
12. Security
Theatricool Ltd ensures that all data will be processed and stored securely to meet with GDPR requirements. We use Membermeister and Quickbooks for our invoicing. Our email and website is maintained by Spoton.net Limited (registered company number 06139437 in England and Wales) – they have confirmed their systems and hosting platforms are GDPR complaint at the required level of encryption. Confirmation can be forwarded on request.
Further information is available below detailing information collected on this website using Cookies on our behalf
Further information is available below on data collected by third parties via this website using Cookies
13. Personal data breaches
Theatricool Ltd will report any personal data breaches that risk rights and freedoms of a data subject to the relevant parties involved. All breaches of data will be recorded.
14. Cookies
Cookies are small pieces of text that are stored by your browser. Each cookie has a name and is associated with a particular site. When your browser sends a request to a site (for example, to download a page, image, or video), the computer that responds (known as a server) may tell your browser to set one or more cookies. When your browser makes further requests to the same site it sends the cookies back to the server. This allows the server to remember you as you browse the site, and provide features such as shopping baskets or password-protected areas. For more information on the cookies we use, see our cookie policy.
15. Data collected by third parties on our behalf
Spoton.net
Our site is hosted by Spoton.net Limited (registered company number 06139437 in England and Wales). Spoton.net logs all requests in order determine the causes of reported faults and to detect and block suspicious traffic. The log records the time of the request, your IP address, the requested resource, the referring site (if specified by your browser), and your browser’s user agent string (which will usually include the name and version of your browser and operating system). Log files are deleted after ninety days.
Lawful basis for processing: Compliance with a legal obligation
Why?: To comply with the GDPR obligation to implement appropriate technical measures to protect data
Cloudflare
Our site is served through Cloudflare. Cloudflare helps our site load faster by storing copies of our content in data centres around the world, and defends our site from attacks by logging requests to detect and block suspicious traffic. For more information on how Cloudflare handles the data it collects, see Cloudflare’s privacy policy.
Lawful basis for processing: Compliance with a legal obligation
Why?: To comply with the GDPR obligation to implement appropriate technical measures to protect data
Google Analytics
We use Google Analytics to track visitor interaction with our site in order to produce statistical reports. Google collects details of the pages you view and the time you viewed them, the features of your browser, and your IP address. We have enabled IP anonymisation so that Google will not store your complete IP address. For more information on how Google handles the data it collects, see Google’s privacy policy.
To opt out of Google Analytics tracking on our site, see the Google Analytics section of our cookie policy. To opt out of Google Analytics tracking on all sites, use the Google Analytics Opt-out Browser Add-on.
Lawful basis for processing: Pursuance of our legitimate interests
Why?: To allow us to analyse how visitors interaction with our site in order to improve our site and our services
Other data collected by third parties
Facebook page widget
When you view a page containing the Facebook page widget, your browser connects to Facebook. For more information on how Facebook handles the data it collects, see Facebook’s privacy policy.
Google Maps
When you view a page containing embedded Google Maps, your browser connects to Google Maps. For more information on how Google handles the data it collects, see Google’s privacy policy.
Twitter profile widget
When you view a page containing the Twitter profile widget, your browser connects to Twitter. For more information on how Twitter handles the data it collects, see Twitter’s privacy policy.
Vimeo video player
When you view a page containing the Vimeo video player, your browser connects to Vimeo. For more information on how Vimeo handles the data it collects, see Vimeo’s privacy policy.
YouTube video player
When you view a page containing the YouTube video player, your browser connects to YouTube. For more information on how Google (the operator of YouTube) handles the data it collects, see Google’s privacy policy.