Privacy & Cookie Policy

Please see below to find out how we use cookies and process personal data.

Purpose and Statement:

Doodle Dance is committed to ensuring the data processed remains safe and secure.

This policy has been written in line with legislative change, including both the Data Protection Act (1998) and the EU’s General Data Protection Regulation (GDPR).

Doodle Dance has determined the lawful reasons with which it processes personal data:

  • Legal obligation – GDPR Article 6(1)(c)
  • Legitimate interest – GDPR Article 6(1)(f)
  • Contract – GDPR Article 6(1)(b)

There is also some limited data we process with consent from the Data Subject; Consent – GDPR Article 6(1)(a).

While Doodle Dance avoids sharing data with third parties at most times, some data is shared in accordance with our business practices. The sharing of data with third parties will always be

consensual with the data subject and/or their parent/guardian, and only if Doodle Dance is satisfied that their Data Protection policy is GDPR compliant. The main purpose of sharing data to third parties would be to the emergency or child protection services to support safe guarding or continuation of first aid/emergency intervention.

Main Aims for the policy:

  • Specify the data Doodle Dance collect, how it is stored/protected and the reason for collecting it
  • State how Doodle Dance use personal data in processing
  • Disclose who has access to the data and how long we retain information for
  • Explain Data Subject’s rights with Doodle Dance data including access, rectification and erasure

Distribution:

  • To be sent to all Doodle Dance Artists, Associate Artists, Trainee Artists and FUEL members and volunteers as part of induction, training and ongoing delivery
  • To be displayed on the Doodle Dance website within Policies
  • To be held in our shared documents via google as well as personal/work files.
  • This policy will be sent directly to members of the public on request
  • Confirmation of receipt of information – Signed statement from recipient to be held on file

Review and monitoring of policy:

  • Reviewed annually or in instances of legislative change. Any member noticing areas of concern or change Jo Cone must be made aware and changes implemented.
  • Monitoring is part of Management and Supervision

The following policy is based on the below principles:

The GDPR includes the following rights for individuals:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making including profiling

General Principles

Doodle Dance is committed to providing fair and understandable privacy policies in relation to personal data.

Doodle Dance will, at all times, keep data in secure locations (including, but not limited to, encrypted and access restricted files) and not retain data unnecessarily or past the retention length as set out in this policy.

Visitors to our website

Where we collect personal data via our website, we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it.

Google Analytics

When someone visits our website www.doodledance.org.uk we make use of the Google Analytics service to collect standard information about visitors to the sites and their behaviour (e.g. what pages they viewed). The data provided by Google Analytics is anonymised and in no way enables us to identify individual visitors, however, Google Analytics will place a cookie on your device to enable the service. For more information about how Google Analytics cookies work on websites visit: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Cookies may also be used for the following reasons:

Our website uses WordPress as the content management system (CMS). WordPress uses a number of cookies for the functionality of the site. Details about what cookies WordPress may place on your device can be found here: https://wordpress.org/support/article/cookies.

If you wish to not allow cookies, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Online forms

If you fill out one of our website forms a notification email is sent to the relevant team within our company. No copy of the data you submit is stored anywhere. As our site uses SSL (https) the data you submit using the contact form will be encrypted once you press the “Submit” button.

Website Hosting

We use a third-party supplier (Clook) to host our website. Whilst generally they would have no need to access our website content or database, it is possible they may from time to time mainly for support queries. We are assured the hosting provider is GDPR compliant.

People who call our office: our contact details can be found on our website, therefore:

Any information taken from a call will only be used internally and may be sent through our internal email system. No information will be shared with a 3rd party unless confirmed with any caller prior to this information being passed on.

People who contact us via email: our email details can be found on our website, therefore:

All emails are received via Microsoft office via gmail and hotmail and information is only stored in our email account and not backed up to any other system. Information may be obtained from correspondence and stored within file, form, table stored as part of a document in google drive. Any information taken from an email to be stored elsewhere will be confirmed prior to the information being extracted. No information will be shared with a 3rd party unless confirmed with any caller prior to this information being passed on.

Participants and Customers

How Doodle Dance collect personal data:

Doodle Dance customers and participants supply their personal data when signing up or making inquiries, for classes, workshops or projects through our registration form either via the website, email, messenger or via paper form.

This is either completed by a parent/guardian, the child themselves if they deemed able to do so or adult participant.

Personal data may also come to us unsolicited via enquiries through our website and to our generic email account.

Why Doodle Dance collect personal data:

To attend Doodle Dance activities participants/parents/guardians must agree to some processing of their personal data.

This is due to Legitimate Interests – GDPR Article 6(1)(f), Legal Obligation GDPR Article 6(1)(c), Contract – Article 6(1)(b) and/or Consent – Article 6(1)(a).

Alternatively Doodle Dance participation is via school/nursery/venue where information is shared on a need to know basis to inform safe delivery. In this case information shared is under the data protection policy of the school/nursery/venue.

Should Doodle Dance be unable to process participant’s data we would be contravening both our Health & Safety and Child Safeguarding policies. We would also be ignoring best practice regarding working with children/vulnerable adults.

Our participants must remain safe at all times, therefore information about participants must be collected in order to create registers and accurate student records. The information is used to support ‘care’ if needed by outside emergency services or to contact next of kin/emergency contact.

Special category data is only collected with the consent of the data subject and when relevant. Special category data Doodle Dance collects includes but is not limited to: Medical/Disability information, Income information, Ethnicity, Gender and Sexuality.

As physical activity providers it is essential that this consent is given should a participant have any medical/disability needs. This allows us to incorporate participants safely into classes. It is also used in assessing if we can incorporate participants safely into classes.

Income information is only collected in instances where a participant applies to attend our classes at a concessionary price. If this financial support is means tested, and therefore subject to documented proof this will be witnessed and possibly copied. Proofs of entitlement to concession are shredded after the entitlement has been noted.

Ethnicity and other sensitive data is to provide information to funding bodies for statistical purposes.

This data is always provided to third parties as quantified data (i.e. cumulative numerical data only with no identifying information relating to any data subject).

What data we collect:

Personal data and some special category is collected. The amount or type is subject to provision. Our provision varies from public classes, in school, nursery or setting/venue workshops, training, online provision, website inquiry, resource selling or provision, collaboration, commission, FUEL collective.

The following information maybe collected to enable this provision to take place. It may be essential to our various provision that we are provided, and allowed to process and store the following:

Participant Personal Data:

  • Full Name – GDPR Article 6(1)(f)
  • Date of Birth – GDPR Article 6(1)(f)
  • Home Address –  GDPR Article 6(1)(f)
  • Sex –  GDPR Article 6(1)(f)
  • Classes attended/Price paid – GDPR Article 6(1)(f)

Participant Special Category Data:

  • Medical Information/History – GDPR Article 9 (a)
  • Disability Information – GDPR Article 9 (a)
  • Ethnicity – GDPR Article 9 (a & j) – further explicate consent sought
  • Gender/Sex – GDPR Article 9 (a & j) – further explicate consent sought
  • Sexuality – GDPR Article 9 (a & j) – further explicate consent sought

Parent/Guardian Personal Data:

  • Name – GDPR Article 6(1)(f)
  • Address – GDPR Article 6(1)(f)
  • Email Address – GDPR Article 6(1)(f)
  • Mobile Telephone Number – GDPR Article 6(1)(f)
  • Work/Home Number – GDPR Article 6(1)(f)
  • Emergency Contact Number – GDPR Article 6(1)(f)

Parent/Guardian Special Category Data:

  • Concession Type – further explicate consent sought
  • Documented proof of financial need – further explicate consent sought
  • Bank Details – further explicate consent sought in the instance of refunds etc.

How data collected is sent internally:

Doodle Dance transports data with all due diligence.

  • Inquiry and Enrolment forms are sent to Doodle Dance through an encrypted email server directly from our website which has controlled access. Received enrolment forms are stored in google drive for no more than 3 year after the termination of attendance or termination of the project/workshop. However participant maybe asked to join on going mailout where original enrolment forms will be destroyed and updated information will be used on new ‘mailout’ forms. Received paper enrolment forms are kept in  a ‘hidden’ file in bag locked within home, or held on site with class leader. Or stored on my personal computer which is code locked.
  • Communication using messenger and Facebook will be done via Doodle Dance (Jo Cone or other named freelancers/associates etc) only phone, Ipad and computer which are all code locked. These remain with individual or are secured in home.
  • When making Inquiry and communicating via messenger and Facebook customers do so under the guidance of messenger and Facebooks Data protection policy. Doodle Dance can take no responsibility for the sharing of data by these parties.
  • Communication using these methods will remain within Doodle Dance communication history. Conversations will only be deleted on request.
  • Paper based forms are shredded and sometimes composited.

Storage/Retention of data:

Data received through enrolment forms is uploaded manually into our database software. Our database is stored both in pass word secure office-based hardware and backed up regularly in google drive. Access to these files is restricted through password protection and only shared to authorised members.

Registers and emergency contact lists created from student data are stored in encrypted files on office-based hardware and backed up regularly in our encrypted cloud-based server. Access to these files is restricted through password protection and only available to authorised staff members.

Hard copies of registers and emergency contacts are carried by authorised staff members. They are locked away while not in use. When they are no longer in use or out-dated, they are destroyed thoroughly.

Waiting lists are stored either paper based or on an encrypted cloud-based server.

Our standard retention policy (without the data subject’s right to access, rectification and erasure etc.) is THREE YEARS post final attendance.

Exceptions to our retention policy:

  • Financial records are kept for 6 years due to legal obligation
  • First Aid records are kept for 21 years due to legal obligation
  • Photo consent may be kept indefinitely
  • Child Safeguarding records are kept indefinitely on a case-by-case basis, the minimum these will stored for is 6 years due to legal obligation
  • Bank details are deleted after the action concerning them is complete
  • Unsolicited enquiries that do not turn into bookings with current classes are held if permitted after they have been dealt with. This information is then deleted on request.

Third Parties/Data Processors:

Doodle dance does not actively share data with third parties, however there are certain instances where sharing information is crucial to our business processes.

Freelance Teachers:

As many of Doodle Dance teachers are freelance staff, we have confidentiality and data processor agreements in place. Teachers will never be provided with personal details aside from participant’s first names and any medical information that is pertinent to the running of a class (subject to consent from the data subject)

Mail Out:

Doodle Dance is currently researching relevant communication methods to provide newsletters and marketing via email. This will be an optional process, which people consent to during enrolment or sign-up directly through our website. Data Subjects will be able to opt-out and erase/rectify their record stored with at any time.

Doodle Dance will only use a provider which proves they are satisfied that their GDPR regulations are thorough, and the information stored in provider (email addresses) is secure. We will have a processor contract in place, and copies will be available upon request. (THIS WILL BE UPDATED WHEN PROVIDER IS FOUND AND NAMED)

PayPal:

Doodle Dance uses PayPal to process orders through our website.

By purchasing through PayPal you must agree to their own (GDPR Compliant) policies.

Doodle dance is satisfied that their GDPR regulations are thorough, and the information stored in PayPal is secure. We have a processor agreement in place, and copies are available upon request.

Child Safeguarding Concerns:

In the unlikely event Doodle Dance has a safeguarding concern in relation to one of our participants, Doodle Dance are legally required to provide data to either the safeguarding board at the local council or to the safeguarding officer at venue (school, nursery).

Doodle Dance is satisfied that their GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

Event Programmes:

Doodle Dance may occasionally produce programmes for events. These will only ever contain the first name and first initial of a child’s last name (unless otherwise consented to). The name of a child’s school/class may also be included. Participants/their Parent and/or Guardians may choose if they want to be included in the programme when they agree to participate at an event.

Rights of the data subject and Doodle Dance compliance with responses:

Any data subject with personal data stored within Doodle Dance is entitled to the rights of:

Access:

You may contact Doodle Dance at any time to access all data held relating to you and/or your child(ren). Doodle Dance will ensure that we respond to a subject access request without undue delay and within two month of receipt. If the information request will also include data regarding others, Doodle Dance has the right to refuse the request or take steps in order to obtain consent from other involved parties.

The right of access does not apply to Doodle Dance’s legal obligations such as Child Safeguarding records.

Rectification:

You may contact Doodle Dance at any time in order to rectify data held relating to you and/or your child(ren). Doodle Dance will ensure that we respond to a rectification request without undue delay and within two month of receipt.

The right to rectification does not apply to Doodle Dance’s legal obligations such as payment record information.

Erasure:

You may contact Doodle Dance at any time in order to erase data held relating to you and/or your child(ren). Doodle Dance will ensure that we respond to an erasure request without undue delay and within two month of receipt.

The right to erasure does not apply to Doodle Dance’s legal obligations such as First Aid records.

Restrict Processing

You may contact Doodle Dance at any time in order to restrict the data we process relating to you and/or your child(ren). Doodle Dance will ensure that we respond to a request to restrict processing without undue delay and within two month of receipt.

However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with Doodle Dance until the restriction is lifted. This is due to Health and Safety and Child Safeguarding.

Data Portability

You may contact Doodle Dance at any time in order to obtain the data we process relating to you and reuse it across different services. Doodle Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.

Please note, this does not apply to Doodle Dance ’s legal obligations.

Objection

You may contact Doodle Dance at any time in order to object to the processing of data relating to you and/or your child(ren). Doodle Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.

However, due to our legitimate interest in most of the data collected- we may have to revoke your membership with Doodle Dance until the restriction is lifted. This is due to Health and Safety and Child Safeguarding.

Any and all verbal requests are noted, and then contacted again either via phone or email to verify the request. Verbal requests will be responded to in the time frames mentioned above.

Photos/Videos of Participants

Doodle Dance sometimes use footage/photos used from projects, performances and classes for marketing purposes both in print media and the website. Participants/their Parent and/or Guardians may choose if they do not wish themselves/their child to be depicted.

Some attendees at events may film/take photos for their own personal use (e.g. parents of other participants). Participants/their Parent and/or Guardians may choose if they do not wish themselves/their child to be depicted.

Social Media:

Doodle Dance regularly share photos/videos or feedback of participants/parent/carer/staff in workshops, events and performances through social media platforms including; Instagram, Facebook, Twitter, Email. These will be shared with limited  identifying information and done by project to project (age, location etc.). There may be times where we will share first names, but only with the explicit consent of the parents.

Staff (Employees/Freelance), Trustees, Volunteers and Potential Staff/Trustees and/or Volunteers

For the purposes of this policy, the aforementioned persons above will be referred to as ‘staff’.

How Doodle Dance collect personal data:

Doodle Dance staff supply their personal data when applying for roles within the company.
This is either completed through an application form or submission of a CV.

Further information is collected when applicants are considered successful. Unsolicited data may come to Doodle Dance in the form of applicants emailing regarding work/volunteer opportunities.

Why Doodle Dance collect personal data:

It is Doodle Dance’s legal obligation to collect staff’s personal data in relation to their employment. This is due to Legal Obligation GDPR Article 6(1)(c) and/or Contract – Article 6(1)(b)

Should Doodle Dance be unable to process staff’s data, we would be contravening UK Employment law, our own self/employment contracts (Freelance) and our own Health & Safety and Child Safeguarding policies.

Special category data is only collected with the consent of the data subject. Special category data Doodle Dance collects includes but is not limited to: Medical/Disability information, Ethnicity, Gender and Sexuality. Doodle Dance’s lawful purpose for collecting this data is both Article 6(1)(b) – contract and

Article 9(2)(b) – employment. This also ensures we are confirming to our Equal Opportunities policy. Any data is always recorded as quantified data (i.e. cumulative numerical data only with no identifying information relating to any data subject).

Doodle  Dance is also entitled to obtain and process data in relation to criminal convictions and DBS checks. Most posts within Doodle Dance are exempt from the Rehabilitation of offenders act (1974) by the 1975 and 2001 Exceptions Amendment, as they involve working with vulnerable and/or young people. This is further supported by article 10 of GDPR.

What data we collect:

Personal data and some special category is collected.

It is essential to our business that we are provided, and allowed to process and store the following:

Staff Personal Data:

  • Full Name Legal obligation – GDPR Article 6(1)(c) Legal Obligation
  • Date of Birth – GDPR Article 6(1)(c) Legal Obligation
  • Contact Details – GDPR Article 6(1)(c) Legal Obligation
  • Pension Information – GDPR Article 6(1)(c) Legal Obligation
  • NI number – GDPR Article 6(1)(c) Legal Obligation
  • UTR number – GDPR Article 6(1)(c) Legal Obligation
  • Right to work in the UK – GDPR Article 6(1)(c) Legal Obligation
  • References – GDPR Article 6(1)(c) Legal Obligation
  • Bank Details – Article 6(1)(b) Contract
  • Tax details – GDPR Article 6(1)(c) Legal Obligation
  • Qualifications – Article 6(1)(b) Contract
  • Pay Details – GDPR Article 6(1)(c) Legal Obligation
  • Performance Details – Article 6(1)(b) Contract
  • Annual Leave Details – Article 6(1)(b) Contract
  • Sick/Compassionate/Maternity/Paternity Leave Details – Article 6(1)(b) Contract
  • Safeguarding Concerns – GDPR Article 6(1)(c) Legal Obligation
  • Emergency Contact – GDPR Article 6(1)(b) Contract

Staff Special Category Data:

  • Criminal Record/DBS Checks – GDPR Article 6(1)(c) Legal Obligation & GDPR Article 10
  • Medical/Disability – Article 6(2)(b) Contract & Article 9(2)(b)
  • Ethnicity – Further explicit consent sought- Article 9(2)(a & b)
  • Sexuality – Further explicit consent sought – Article 9(2)(a & b)

How data is sent internally:
Any transfer of data regarding staff is conducted through emails/phone calls/Whatsapp/messenger and/or stored in google drive.

Storage/Retention of data:

All Staff personal data is stored in google files in our and personal computers. All of these files have restricted access to authorised staff only.

Most staff data is retained for 6 YEARS (post-employment).
Exceptions to our retention policy if needed:

  • Pension details are stored for 75 years (post-employment) due to legal obligation
  • Child Safeguarding records are kept indefinitely on a case-by-case basis, the minimum these will stored for is 6 years due to legal obligation
  • First Aid records are kept for a minimum of 21 years due to legal obligation

Unsuccessful applicant data is stored 1 yr post campaign, this includes unsolicited data from potential applicants.

Third Parties/Data Processors:

Doodle Dance does not actively share data with third parties, however there are certain instances where sharing information is crucial to our business processes.

Bank: In order to process payments by BACs, staff’s bank details and names must be added to our online banking system (via app). Doodle Dance is satisfied that their GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

HMRC: In order to fulfil our legal obligations to HMRC, Doodle Dance asks all freelancers to be responsible for their own tax. Doodle Dance would share relevant information if requested by HMRC on genuine inquiry. Doodle Dance is satisfied that their GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

References: In order to supply references for staff members, some personal data must be divulged. This will only be done with the data subject’s consent, as Doodle Dance may not be fully aware of the recipients GDPR policies.

Child Safeguarding Concerns: In the unlikely event Doodle Dance has a safeguarding concern in relation to one of participants and/or staff members, Doodle Dance are legally required to provide data to the safeguarding board at the local council and the Disclosure and Barring service. Doodle Dance is satisfied that their GDPR process are thorough and any data will be stored in a secure environment, and not unnecessarily retained.

Website Biography: Doodle Dance’s website includes staff biographies, these are available for public viewing. Consent it sought before any/all staff profiles are added to the website.

Rights of the data subject and Doodle Dance compliance with responses:

Any data subject with personal data stored within Doodle Dance is entitled to the rights of:

Access

  • You may contact Doodle Dance at any time to access all data held relating to you. Doodle Dance will ensure that we respond to a subject access request without undue delay and within one month of receipt. If the information request will also include data regarding others, Doodle Dance has the right to refuse the request or take steps in order to obtain consent from other involved parties.
  • The right of access does not apply to Doodle Dance’s legal obligations such as confidential Child Safeguarding records.

Rectification

  • You may contact Doodle Dance at any time in order to rectify data held relating to you. Doodle Dance will ensure that we respond to a rectification request without undue delay and within one month of receipt.
  • The right to rectification does not apply to Doodle Dance’s legal obligations such as payment record information.

Erasure

  • You may contact Doodle Dance at any time in order to erase data held relating to you. Doodle Dance will ensure that we respond to an erasure request without undue delay and within one month of receipt.
  • The right to erasure does not apply to Doodle Dance’s legal obligations such as First Aid records.

Restrict Processing

  • You may contact Doodle Dance at any time in order to restrict the data we process relating to you. Doodle Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
  • However, due to our legitimate interest and legal obligations in most of the data collected- we may not be able to restrict processing.

Data Portability

  • You may contact Doodle Dance at any time in order to obtain the data we process relating to you and reuse it across different services. Doodle Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
  • Please note, this does not apply to Doodle Dance ’s legal obligations.

Objection

  • You may contact Doodle Dance at any time in order to object to the processing of data relating to you. Doodle Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
  • However, due to our legitimate interest and legal obligations in most of the data collected- we may not be able to accept your objection.

Rights related to automated decision making including profiling

  • You may contact Doodle Dance at any time in order to object to profiling relating to you). Doodle Dance will ensure that we respond to a request to restrict processing without undue delay and within one month of receipt.
  • Please note, this does not apply to Doodle Dance’s legal obligations.
  • Doodle Dance has a lawful reason for profiling; Legitimate Interests and consent.
  • None of Doodle Dance’s decision making is automated. Profiling is only used in circumstances where a staff member has a criminal conviction.

Any and all verbal requests are noted, and then contacted again either via phone or email to verify the request. Verbal requests will be responded to in the time frames mentioned above.

Training and Data Protection in Practise

All members of staff (PAYE, Freelance and Voluntary) must agree to this Data Protection policy prior to accepting a contract of employment.

Training is supplied as part of management and supervision. It is also included in all induction and training periods.

Doodle Dance is making inquiry to be registered as a Data Controller with the Independent Commissioners Office (ICO). If needed The registered Data Protection Officer (DPO) will be Jo Cone.

Complaints and Data Breeches 

Complaints:

Complaints in regard to the handling of any personal data can be made directly to Doodle Dancer’s DPO:

  • Jo Cone
  • Email: doodledancejo@gmail.com
  • Telephone:07947374222

If you feel that your complaint was not handled in the correct manner, or still have concerns, you may escalate the complaint by contacting the Independent Commissioner’s Office (ICO).

ICO Telephone Number: 0303 123 1113

Data Breeches:

If Doodle Dance experiences a data breech of any kind, we have a legal obligation to report this to ICO within 72 hours. The data breech will be reported by the DPO. In the instance they are unavailable to report the breech, the next most senior staff member shall do so.

Doodle Dance will also inform all the victims of the data breech as soon as possible if there is a high risk of adversely affecting individuals’ rights and freedoms.

Doodle Dance will store and record all data breeches.

Why not get in touch and see how we can help?

Whether you are a parent/carer, teacher, Nursery Manager or dance artist we would love to hear from you. We are always interested to discuss bespoke delivery, CPD, blog contributions, arts/children well being campaign support or project collaborations and commissions. Together lets support more children to ‘Make Their Mark!’

Get in touch