GDPR, Privacy and Cookies
Adagio College of Performing Arts is dedicated to complying with the new GDPR rules that came into force on March 25th 2018. The following data protection policy applies to our collection of only necessary data that falls within the remit of a Performing Arts College. We retain the information necessary to administer our programs and maintain the well being of our clientele, most of whom are under 18.
On this basis, therefore, the following stipulations are made:
- ACPA will maintain and secure accurate contact details for the parents of its students;
- ACPA will also request a third-party emergency contact for use in the event that we cannot contact a parent – it is assumed that the parent has permission to deliver this third-party information;
- ACPA is required to maintain some information about the health and medical history of our students – this is for their safety and well being.
- ACPA will never share with or sell your data to another organization.
Adagio College of Performing Arts (ACPA) collects and uses information about people with whom it communicates.
This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material. ACPA regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals. To this end ACPA fully endorses and adheres to the Principles of Data Protection, as set out in the General Data Protection Regulation (GDPR) (EU) 2016/679.
Purpose
The purpose of this policy is to ensure that the staff and volunteers of ACPA are clear about the purpose and principles of Data Protection and to ensure that it has guidelines and procedures in place, which are consistently followed.
Principles
GDPR policy pertains to the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerized records as well as manual filing systems and card indexes.
Data users must comply with the data protection principles of good practice, which underpin the Act. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
To do this ACPA follows the eight Data Protection Principles outlined below:
- Personal data will be processed fairly and lawfully
- Data will only be collected and used for specified purposes
- Data will be adequate, relevant and not excessive
- Data will be accurate and up to date
- Data will not be held any longer than necessary
- Data subject’s rights will be respected
- Data will be kept safe from unauthorized access, accidental loss or damage
- Data will not be transferred to another country or territory
The principles apply to “personal data” which is information held on computer or in manual filing systems from which they are identifiable. ACPA’s employees, volunteers and trustees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times.
Procedures
The following procedures have been developed in order to ensure that ACPA meets its responsibilities in terms of Data Protection. For the purposes of these procedures data collected, stored and used by ACPA falls into 2 broad categories:
- ACPA internal data records; Staff, volunteers.
- ACPA external data records; Members, customers, clients.
ACPA as a body is a DATA CONTROLLER under the Act, and the Director is ultimately responsible for the policy’s implementation.
Internal data records
Purposes
ACPA obtains personal data (names, addresses, phone numbers, email addresses), application forms, and references and in some cases other documents from staff, volunteers. This data is stored and processed for the following purposes:
- Recruitment
- Equal Opportunities monitoring
- Volunteering opportunities
- To distribute relevant ACPA material e.g. meeting papers
- Payroll
Access
The contact details of staff and volunteers will only be made available to other staff and volunteers. Any other information supplied on application will be kept in a secure filing cabinet and is not accessed during the day to day running of ACPA.
Contact details of staff and volunteers will not be passed on to anyone outside the ACPA without their explicit consent.
A copy of staff and volunteer emergency contact details will be kept in the Emergency File for Health and Safety purposes to be used in emergency situations e.g. fire/ bomb evacuations. Staff and volunteers will be supplied with a copy of their personal data held by ACPA if a request is made.
The addressee must open all post marked confidential only.
Accuracy
ACPA will take reasonable steps to keep personal data up to date and accurate. Personal data will be stored for 6 years after an employee or volunteer has worked for the ACPA and brief details for longer. Unless the ACPA is specifically asked by an individual to destroy their details it will normally keep them on file for future reference. The Director has responsibility for destroying personnel files.
Storage
Personal data is kept in paper-based systems and on a password-protected computer system. Every effort is made to ensure that paper-based data are stored in organized and secure systems.
ACPA operates a clear desk policy at all times.
Use of Photographs
Where practicable, ACPA will seek consent from individuals before displaying photographs in which they appear. If this is not possible (for example, a large group photo), the ACPA will remove any photograph if a complaint is received. This policy also applies to photographs published on the ACPA website or in a Newsletter.
Discloure and Barring Service
ACPA will act in accordance with the DBS’s code of practice.
Responsibilities of staff and volunteers
During the course of their duties with ACPA, staff and volunteers will be dealing with information such as names/addresses/phone numbers/e-mail addresses of members/clients/volunteers. They may be told or overhear sensitive information while working for ACPA. The Data Protection Act (1988) gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. Staff, paid or unpaid must abide by this policy.
Compliance
Compliance with the Act is the responsibility of all staff, paid or unpaid. ACPA will regard any unlawful breach of any provision of the Act by any staff, paid or unpaid, as a serious matter which will result in disciplinary action. Any employee who breaches this policy statement will be dealt with under the disciplinary procedure, which may result in dismissal for gross misconduct. Any such breach could also lead to criminal prosecution.
Any questions or concerns about the interpretation or operation of this policy statement should in the first instance be referred to the line manager.
Retention of Data
No documents will be stored for longer than is necessary. All documents containing personal data will be disposed of in accordance with standard Data Protection principles.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.