Data Protection Policy
Kobika Dance is committed to ensuring that all data collected from customers is obtained and used lawfully and fairly where it is necessary for us to hold this information. This has always been, and continues to be, a high priority at Kobika. Revision of our current data protection policies have been undertaken, and updates have been made to ensure that our Data Protection Policy complies with GDPR guidelines which is required of us from 25th May 2018.
1. Applicable Data
1.1. Personal Data includes, but is not limited to:
· Date of Birth
· Emergency Telephone Numbers
· Medical Conditions
· Financial Information (staff payment and refunds)
· Insurance information if travelling with athletes
1.2. Sensitive Data, referred to as Special Category Data under GDPR, includes, but is not limited to:
· Health Matters
· Medical Information
· Accident Report Forms
The condition set out by the GDPR supporting the necessity for Kobika Dance to collect Special Category Data,
‘Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3’ (Article 9(2))
2. Information recorded by Kobika Dance
· Accident Report Forms
· Communications when students are mentioned by name (i.e. between staff members at Kobika Dance)
· Different classes and teams that athletes and dancers belong to
· Costume/uniform sizes prior to exams, competitions and performances
3. Lawful Processing
3.1. Legitimate Interest
“Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.” (Article 6(1))
· Kobika Dance obtains all personal data under the lawful basis of Legitimate Interest. It is necessary to collect the personal details of its athletes and dancers, and the details of their parents or guardian if under the age of 18, for their protection and safety when in the care of Kobika Dance and its staff.
“Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract” (Article 6 (1) (b)
· Personal Data is also collected under the lawful basis of Contract. It is necessary to have this information to uphold the contractual agreements made between Kobika Dance and our customers which commits Kobika Dance to providing its service on the basis of the customer maintaining agreed payment.
3.3. Special Category Data
· It is necessary for Kobika Dance to collect Special Category Data from its customers, specifically medical information. This is required for the safety of students when participating in Kobika classes, events and excursions. Kobika Dance has a legitimate interest to do so and to relay this information to any Kobika staff who may come into contact with this student at work.
4. Data Processing
The legal basis for processing data will be identified and documented. The processing of data may be undertaken by Kobika staff, chaperones and third parties, where the sharing of personal or sensitive data has been consented to and the third party complies with GDPR.
4.1. Legal Obligations
4.2. Contractual Obligations
· To monitor attendance
· To send requests for payment
· To advertise Kobika Dance events through email, website or social media
· To inform on Kobika Dance news
4.4. Data Processing Forms
· If it is necessary for any individual working for Kobika Dance, through employment or volunteer work, to hold data obtained by Kobika Dance they will be required to read this Data Protection Policy and agree to sign a Data Processing Form to demonstrate their understanding of their responsibility and agree to their obligations.
5.1. Prior to consent being given no data will be processed by Kobika Dance.
5.2. Consent is given through the completion and signing of Registration Forms and Model Release Forms. This is how Kobika Dance obtains all necessary personal and sensitive data.
5.3. Formal consent is required through the signing of these forms, there will be no pre-ticked options.
5.4. A record of this consent is kept and stored securely in both paper and electronic forms.
5.5. Parental consent is required for any child under the age of 18.
5.6. To withdraw consent an email can be sent to email@example.com
5.7. Consent gives permission for images/video footage of yourself/your child to be taken during Kobika Dance classes, workshops, parties, demonstrations, events and shows, and for these images/video footage to be lawfully used for the advertising, marketing and promotion of Kobika Dance.
5.8. Consent also includes the release of photographs/video footage for sale to parents as mementos of Kobika Dance workshops or the rehearsals/shows performed by students of Kobika Dance.
6. The Right to Obtain Information
6.1. Any individual, should they so wish, have the right to access their personal data at any time.
6.2. Individuals have the right to ask for this data to be removed or deleted and if requested this will happen as close to the request as is possible by the administration team.
· This will be within the 30 day legal requirement however please note that this time may vary depending on the request and current commitments Kobika Dance hold.
6.3. Any individual has the right to have any incorrect information about themselves or their child rectified.
6.4. It is the responsibility of the individual to keep Kobika Dance updated on their personal and sensitive data. This can be done by completing a new registration form or through email to firstname.lastname@example.org
7. Right to be Forgotten
At Kobika, we will by proxy honour the ‘Right to be forgotten’ passage of the GDPR legislation and your data will be terminated from our records. We do not use any cloud based storage so your data will be erased from all of our entities.
If you would like us to erase your data from our records please reply to this email with the words ‘opt out
8.1. Staff will at times be required to process data. They will be informed of the new guidelines and Kobika Dance Data Protection Policy and will be required to meet the requirements set.
8.2. Staff should make all efforts to keep data secure when they are in possession of it. This may be done through zip lock cases, lockable filing cabinets or strong passwords.
8.3. Staff are also data subjects. They will be required to consent to the retention and use of their data for their employment.
8.4. Staff are responsible for keeping their personal data up to date and informing Kobika Dance if there are any changes to their personal data.
8.5. Staff hold all right to obtain information and to remove information.
9. Protecting Data
9.1. Computer Security
· Firewall and virus-checking will be installed on all computers owned, rented or leased by Kobika Dance
· All staff at Kobika Dance will protect their computers by downloading the latest patches or security updates
· Kobika Dance will ensure all operating systems are set up to receive automatic updates
· All staff will take regular back-ups of the information on computer systems and keep them in a separate place so the loss of a computer will not mean the loss of information
· Kobika Dance will securely remove all personal information before disposing of old computers (by using technology or destroying the hard disk)
· Kobika Dance has an anti-spyware tool to protect all computers from spyware threats
9.2. Email Security
· All employees will ensure that an email is encrypted if it contains sensitive information.
· All employees will ensure that they are sent to only the intended recipient.
· All employees will ensure that blind Carbon copy (BCC) is used when sending to more than one recipient.
9.3. General Security
· All staff at Kobika Dance will ensure all sensitive and confidential paper waste is shredded.
· Physical security of any premises used by a member of staff will be checked regularly.
10. Data Breaches
10.1. In the unlikely event of a data breach Kobika Dance will contact the Information Commissioners Office (ICO) within 72 hours of this breach is realised.
10.2. Kobika Dance will inform all individuals that they hold data on of the breach and will work quickly with the necessary bodies to resolve the problem.
11. Third Parties
11.1. There are times where it is necessary for Kobika Dance to pass personal and sensitive data on to third parties.
11.2. This includes, but is not limited to:
· Insurance companies and accommodation providers when travelling with students and athletes
· Uniform and costume providers
· Examination Boards
11.3. Kobika Dance will undergo the necessary checks prior to releasing this data to third parties to ensure that their Data Protection Policies comply with GDPR
12. Photo and Video Footage
12.1. Photos and videos may be taken during Kobika Dance classes and training sessions to document sessions or remember choreography.
12.2. The footage will be taken in sessions solely to document choreography or for potential advertising purposes.
12.3. The photographs/video footage may be used in Kobika Dance promotional material including, but not limited to, flyers, posters, newsletters, course leaflets, advertisements, promotional show reels, web site, social media and press releases.
12.4. Registration forms have an opt in tick box where it is asked whether the individual or consenting adult will allow photos or videos being taken during Kobika sessions and at events attended by Kobika.
12.5. All photos and videos will be regularly uploaded onto a secure Kobika owned laptop and then removed from any other devices used to record footage.