top of page

Judith Keyes School of Dance – Data Protection Policy

1. Introduction

This Data Protection Policy sets out how Judith Keyes School of Dance (“the School”, “we”, “our”, “us”) processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and guidance provided by the Information Commissioner's Office (ICO).

We are committed to protecting the rights and freedoms of our students, parents/guardians, staff, and partners, and ensuring their data is collected and processed lawfully, fairly, and transparently.

2. Scope

This policy applies to:

  • All employees, volunteers, contractors, and service providers.

  • All personal data processed by the School.

  • All activities involving the collection, storage, processing, sharing, and deletion of personal data.

3. Data Protection Principles

We uphold the following principles of the UK GDPR:

  1. Lawfulness, fairness and transparency

  2. Purpose limitation

  3. Data minimisation

  4. Accuracy

  5. Storage limitation

  6. Integrity and confidentiality

  7. Accountability

4. Lawful Basis for Processing

We only process personal data when we have a lawful basis, including:

  • Consent (e.g., marketing, photos/videos)

  • Contract (e.g., enrolment forms, tuition payments)

  • Legal obligation (e.g., safeguarding, health & safety)

  • Legitimate interests (e.g., internal record keeping)

5. Types of Personal Data We Collect

We may collect:

  • Names, addresses, contact details

  • Emergency contact information

  • Medical information (e.g., allergies, conditions)

  • Attendance records

  • Payment and billing details

  • Photos and videos (with consent)

  • ACCESS NI  and safeguarding records (for staff)

  • ​

We do not collect sensitive data unless it is essential and justified under law.

6. How We Collect Data

Data is collected via:

  • Enrolment and registration forms

  • Consent forms (e.g., for media use)

  • Online communications

  • In-person discussions

  • CCTV (see section 12)

7. Data Retention

We only retain personal data for as long as necessary:

  • Student records: 6 years after last contact

  • Accident reports: 3 years minimum

  • Financial records: 6 years

  • Photos/videos: Until consent is withdrawn or for 2 years unless reconsented

A full retention schedule is maintained and reviewed annually.

8. Data Security

We implement appropriate technical and organisational measures:

  • Password-protected devices and software

  • Secure cloud-based storage (GDPR-compliant)

  • Paper records stored in locked cabinets

  • Access limited to authorised personnel only

9. Data Sharing

We do not sell or rent personal data.

We may share data with:

  • Service providers (e.g., class management software, payment processors)

  • Legal authorities when required

  • Insurers (in case of claims)
    All third-party processors are GDPR-compliant and under written contract.

10. Rights of the Data Subject

Individuals have the right to:

  • Access their data

  • Rectify inaccurate data

  • Request erasure ("right to be forgotten")

  • Restrict processing

  • Object to processing

  • Data portability (where applicable)

  • Withdraw consent at any time

To exercise these rights, contact our Data Protection Lead (details below).

11. Consent

We obtain clear and explicit consent for:

  • Marketing communications

  • Use of photos/videos

  • Medical data (when not required by law)

Consent is recorded and can be withdrawn at any time.

12. CCTV and Photography 

  • CCTV is used solely for security and safeguarding.

  • Footage is stored securely and retained no longer than 30 days unless needed for an investigation.

  • Photography/videos for marketing purposes will only be used with signed parental/student consent (if under 18) via Class4Kids

13. Data Breaches

Any personal data breach will be:

  • Contained and assessed immediately

  • Reported to the ICO within 72 hours if risk to rights/freedoms is high

  • Recorded in our data breach log

Affected individuals will be notified where appropriate.

14. Staff Responsibilities

All staff must:

  • Comply with this policy

  • Complete regular data protection training

  • Report suspected breaches to the Data Protection Lead

15. Complaints

If you are concerned about how your data is handled:

16. Contact Details

Data Protection Lead: 
Name: Judith Keyes
Email: judithkeyesdance@gmail.com
Address: Unit 4, 269 Antrim Road, Newtownabbey, BT36 7QN

17. Policy Review

This policy is reviewed annually or when significant changes to legislation or our operations occur.

Last reviewed:  Sunday 29th June 2025
Next review due: 29th June 2026

 

© 2025-6 Judith Keyes School of Ballet

bottom of page