theatricool.co.uk

This Data Protection policy will lay out the procedures undertaken by Theatricool Ltd to ensure that Theatricool is compliant with relevant data protection legislation. It has been written in accordance with the information provided by the IOC (Information Commissioner’s Office) prior to the release of the GDPR (General Data Protection Regulation). 
 
CONTENT:  
Last Modified 5 January 2024 
 

1. Establishing a lawful basis for handling data 

In accordance with Article 5 (2), This policy will document the ‘lawful basis’ by Theatricool Ltd to handle data. This ‘lawful basis’ is set out in Article 6 of GDPR (General Data Protection Regulation). The lawful basis may be as follows: 
 
(1) Where express consent has been given. 
 
Theatricool Ltd utilises a mailing list in order to communicate updates for new classes. Express consent must be  
provide in order to be added. 
 
(2) Where data is required to enable contractual obligations to be fulfilled. 
 
Theatricool Ltd will require personal data in order to enter into a contract such as registering a student. 
 
(3) Legitimate Interests 
 
Data may be collected for legitimate interests such as marketing purposes. This may include the marketing of events. 
 

2. Data processing must be necessary 

This policy will ensure that data processing only occurs where necessary and will only be used for achieving a specific purpose. The legal basis of the data collection is determined by the specific purpose and data collection will only occur in a ‘targeted and proportionate’ manner to achieve the purpose of data collection. 
 

3. Data controller  

The data controller responsible for this website is ‘Theatricool Ltd’ who can be contacted via our website or by emailing sally@theatricool.co.uk 
 

4. Procedures for ensuring valid consent 

Theatricool Ltd stores relevant email addresses to enable mailing list communication relating to news and events. Procedures have been adopted to ensure valid consent has been granted. This includes a direct request to be included onto the mailing list using unambiguous and clear language. The request requires a positive email response to ‘opt in’. This is then followed by a subsequent ‘welcome email’ which documents clearly the right to withdraw consent. All further email communication contains an ‘unsubscribe’ welcome email which documents clearly the right to withdraw consent. 
 

5. Consent Reviews 

Consent Reviews will take place every twelve months whereby people will be asked if they wish to withdraw from the mailing list. 
 

6. Gathering data for contractual purposes 

In accordance with S6 s(1) b attending as a student will require the collection of data to enable contractual obligations to be fulfilled. This is a necessary procedure and only minimal data will be collected to enable this to take place appropriately. Such data will include: 
 
Students: 
  • Full name 
  • Address 
  • Gender 
  • Date of birth 
  • School year 
  • Email address 
  • Medical conditions 
 
Parents/Guardians: (If your child is over 16 years of age please ensure you have their permission to share the above information with us.) 
 
  • Parents/guardians emergency contact details 
  • Home/business address 
  • Telephone number 
 
The above specified information will be used by Theatricool Ltd for the purposes of administration, research, the provision of teaching, services in singing, dance and drama, the organisation of performances and for the administration of Theatricool’s statutory obligations under legislation relating to children. Theatricool Ltd do not disclose this information to third parties for marketing purposes. 
 

7. Safeguarding Privacy 

Theatricool Ltd will ensure privacy by engaging fully with the right to be informed. Privacy notices will include the following: 
 
The purpose of processing the data 
Who it will be shared with 
 

8. Ensuring right of access to personal data 

Theatricool Ltd will allow a right of access to both personal data and supplementary information free of charge. Any requests for information will be provided within one month of receiving the request. 

9. Ensuring right to rectification 

Theatricool Ltd recognises that an individual has the right to have inaccurate personal data rectified or completed if incomplete. 
 
Requests for rectification can be made either verbally or in writing 
Theatricool Ltd will ensure that rectification will occur within one month of the request being made 
 

10. Ensuring right to erasure 

Theatricool recognises the rights of individuals to have their personal data erased. 
A request for erasure may be made either verbally or in writing 
Theatricool will respond to the request within one month of receiving a request for erasure of personal data. 
Where data is being processed by Theatricool and a request for erasure is made, the processing of the data will cease 
 

11. Ensuring accountability and governance 

In accordance with Article 5 (2) Theatricool Ltd ensures accountability and governance through the following procedures: 
 
Regular internal audits 
Appropriate training 
Maintenance of relevant processing documentation 
 

12. Security 

Theatricool Ltd ensures that all data will be processed and stored securely to meet with GDPR requirements. We use Membermeister and Quickbooks for our invoicing. Our email and website is maintained by Spoton.net Limited (registered company number 06139437 in England and Wales) – they have confirmed their systems and hosting platforms are GDPR complaint at the required level of encryption. Confirmation can be forwarded on request. 
 
Further information is available below detailing information collected on this website using Cookies on our behalf 
Further information is available below on data collected by third parties via this website using Cookies 
 

13. Personal data breaches 

Theatricool Ltd will report any personal data breaches that risk rights and freedoms of a data subject to the relevant parties involved. All breaches of data will be recorded. 
 

14. Cookies 

Cookies are small pieces of text that are stored by your browser. Each cookie has a name and is associated with a particular site. When your browser sends a request to a site (for example, to download a page, image, or video), the computer that responds (known as a server) may tell your browser to set one or more cookies. When your browser makes further requests to the same site it sends the cookies back to the server. This allows the server to remember you as you browse the site, and provide features such as shopping baskets or password-protected areas. For more information on the cookies we use, see our cookie policy.
 

15. Data collected by third parties on our behalf 

Spoton.net 
Our site is hosted by Spoton.net Limited (registered company number 06139437 in England and Wales). Spoton.net logs all requests in order determine the causes of reported faults and to detect and block suspicious traffic. The log records the time of the request, your IP address, the requested resource, the referring site (if specified by your browser), and your browser’s user agent string (which will usually include the name and version of your browser and operating system). Log files are deleted after ninety days. 
 
Lawful basis for processing: Compliance with a legal obligation 
Why?: To comply with the GDPR obligation to implement appropriate technical measures to protect data 
 
Cloudflare 
Our site is served through Cloudflare. Cloudflare helps our site load faster by storing copies of our content in data centres around the world, and defends our site from attacks by logging requests to detect and block suspicious traffic. For more information on how Cloudflare handles the data it collects, see Cloudflare’s privacy policy
 
Lawful basis for processing: Compliance with a legal obligation 
Why?: To comply with the GDPR obligation to implement appropriate technical measures to protect data 
 
Google Analytics 
We use Google Analytics to track visitor interaction with our site in order to produce statistical reports. Google collects details of the pages you view and the time you viewed them, the features of your browser, and your IP address. We have enabled IP anonymisation so that Google will not store your complete IP address. For more information on how Google handles the data it collects, see Google’s privacy policy
 
To opt out of Google Analytics tracking on our site, see the Google Analytics section of our cookie policy. To opt out of Google Analytics tracking on all sites, use the Google Analytics Opt-out Browser Add-on
 
Lawful basis for processing: Pursuance of our legitimate interests 
Why?: To allow us to analyse how visitors interaction with our site in order to improve our site and our services 
 
Other data collected by third parties 
 
Facebook page widget 
When you view a page containing the Facebook page widget, your browser connects to Facebook. For more information on how Facebook handles the data it collects, see Facebook’s privacy policy
 
Google Maps 
When you view a page containing embedded Google Maps, your browser connects to Google Maps. For more information on how Google handles the data it collects, see Google’s privacy policy
 
Twitter profile widget 
When you view a page containing the Twitter profile widget, your browser connects to Twitter. For more information on how Twitter handles the data it collects, see Twitter’s privacy policy
 
Vimeo video player 
When you view a page containing the Vimeo video player, your browser connects to Vimeo. For more information on how Vimeo handles the data it collects, see Vimeo’s privacy policy
 
YouTube video player 
When you view a page containing the YouTube video player, your browser connects to YouTube. For more information on how Google (the operator of YouTube) handles the data it collects, see Google’s privacy policy