This policy (together with our terms of website use and any other documents referred to on it) sets out the basis on which we Tappy Toes Franchise Ltd, Company no 09885729, registered office Yew Tree House, High Street, Hertfordshire, CM22 7HQ, will process any personal data we collect from you, or which you provide to us, in the course of using our site www.tappytoes.com For the purpose of the Data Protection Act 1998 we are the data controller.
When you use our site, there are a number of ways in which you provide information and other data to us. By using the site, you consent to us processing and collecting this data, on the terms and for the reasons which are explained below.
We may use your information to:
If you do not want us to use your information for marketing purposes, please tick the relevant box on the form on which you submit your data. You can also contact us directly by emailing us.
If you do want to receive information from our carefully selected third parties about goods or services that may be of interest to you, please tick the relevant box on the form on which you submit your data.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
We take your privacy very seriously, and will take all reasonable steps to protect your personal data, but please be aware that any data which you send to our site is sent at your own risk.
We may disclose your personal information to any of our group companies (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985) and also to third parties in the following circumstances:
You have the right under the Data Protection Act to access the information which we hold about you. If you wish to exercise this right, please send your request to us by clicking here. In order to meet our costs in responding, we will charge you a fee of £10.
GDPR policy- Tappy Toes Franchise Ltd
General Data Protection Regulation Policy
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection
Directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individual’s data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. RISE Studios is committed to protecting the rights and freedoms of individuals with respect to the processing of children’s, parent’s, visitor’s and staff’s personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed
Tappy Toes provides dance classes for young children and therefore is required to collect and manage certain data. We need to know parent’s names, addresses, telephone numbers, email addresses. We need to know children’s full names, addresses, date of birth along with any medical conditions or SEN requirements.
We are required to collect certain details of visitors to our classes. We need to know visitor’s names, telephone numbers, email address and where appropriate company name. This is in respect of our Health and Safety and Safeguarding Policies.
As an employer Tappy Toes is required to hold data on its Teachers; names, addresses, email addresses, telephone numbers, date of birth, National Insurance numbers, photographic ID such as passport and driver’s license, bank details. This information is also required for Disclosure and Barring Service checks (DBS) and proof of eligibility to work in the UK. This information is sent via a secure file transfer system to UCheck for the processing of DBS checks. DBS Numbers and date of issue are also held on a central staffing record.
2) The right of access
At any point, an individual can make a request relating to their data and Tappy Toes will need to provide a response (within 1 month). Tappy Toes can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection. The individual will have the right to complain to the ICO if they are not happy with the decision.
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However Tappy Toes has a legal duty to keep children’s and parents details for a reasonable time, Tappy Toes retain these records for 3 years after leaving pre-school, children’s accident and injury records for 19 years (or until the child reaches 21 years), and 22 years (or until the child reaches 24 years) for Child Protection records. Staff records must be kept for 6 years after the member of staff leaves employment, before they can be erased. This data is archived securely on Dancebiz (Our online database)and deleted after the legal retention period.
4) The right to restrict processing
Parents, visitors and staff can object to Tappy Toes processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.
5) The right to data portability
Tappy Toes requires data to be transferred from one IT system to another; such as from Tappy Toes to the Local Authority, for performance BOPA licences, and dance Associations for examinations. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Parents, visitors and staff can object to their data being used for certain activities like marketing or research. Tappy Toes will send out Newsletters and marketing material from time to time, to our customers. Please inform us if you do not wish to receive this information. You are also able to unsubscribe from our marketing communication at any time.
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organizations. Tappy Toes does not use personal data for such purposes.
Storage and use of personal information
All paper copies of children’s and staff records are kept in a locked filing cabinet in Tappy Toes head office. Members of staff can have access to these files but information taken from the files about individual children is confidential and apart from archiving, these records remain on site at all times. These records are shredded after the retention period.
Information about individual children is used in certain documents, such as, a weekly register, medication forms, referrals to external agencies and disclosure forms. These documents include data such as children’s names, date of birth and sometimes address. These records are shredded after the relevant retention period.
Tappy Toes collects a large amount of personal data every year including; names and addresses of those on the waiting list. These records are shredded if the child does not attend or added to the child’s file and stored appropriately.
Information regarding families’ involvement with other agencies is stored both electronically on Dancebiz and in paper format, this information is kept in a locked filing cabinet at Tappy Toes Head Office. These records are shredded after the relevant retention period.
Tappy Toes stores personal data held visually in photographs or video clips or as sound recordings, unless written consent has been obtained via the Model Release form/fit to Perform agreement form. No names are stored with images in photo albums, displays, on the website or on Tappy Toes social media sites.
Access to all Office computers is password protected. When a member of staff leaves the company, these passwords are changed in line with this policy and our Safeguarding policy. Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a locked filing cabinet.
GDPR means that Tappy Toes must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them
This Policy was created for Tappy Toes Franchise Ltd in April 2018 Signed on behalf of Tappy Toes Franchise Ltd.
Policy review date: September 2018