The policy is designed to:

1. Protect the rights of individuals by ensuring personal data is processed fairly, lawfully, and securely.

2. Minimise risks to individuals’ personal data, such as loss, unauthorised access, or misuse.

3. Provide individuals with clear information on their rights, including the right to:

• Be informed.

• Access their personal data.

• Request rectification or erasure of their data.

• Restrict or object to data processing.

• Data portability.

4. Ensure compliance with all relevant data protection regulations.

5. Maintain the confidence of individuals in the integrity of Vixen Dance & Fitness.

Types of Data Collected

Vixen Dance & Circus may collect the following personal data:

• Full Name

• Date of Birth/Age

• Gender

• Contact details (email address, telephone number, home address)

• Emergency contact details

• Health/medical information (e.g., relevant conditions or injuries)

• Payment details (e.g., bank account number, sort code)

• Attendance records

Data Collection Methods

Personal data may be collected through:

• Online or paper enrolment forms.

• Verbal communication (in person or via telephone).

• Emails and social media platforms.

• Website bookings or event registrations.

• Class attendance registers.

How Data is Used

Personal data will only be used for legitimate purposes, including:

• Enrolling individuals in classes or events.

• Ensuring health and safety compliance (e.g., for medical needs).

• Processing payments for classes and services.

• Communicating updates, changes, or cancellations regarding services.

• Contacting parents/guardians or emergency contacts if necessary.

Data Retention

• Personal data will be retained only for as long as it is necessary to fulfil the purposes for which it was collected.

• Financial data (e.g., payment records) will be retained for six years in line with HMRC requirements.

• Attendance and enrolment records will be kept for up to three years.

• Medical information will be reviewed annually and deleted if no longer relevant.

Data Sharing

• Personal data will not be shared with third parties without explicit consent unless required by law or in emergencies (e.g., safeguarding concerns).

• Data may be shared with service providers (e.g., payment processors such as GoCardless) to facilitate payments.

• Parents/guardians will be informed if their data needs to be shared with organisations like examination boards or local authorities.

Data Security

• Electronic records are stored securely with restricted access.

• Physical documents are stored in locked facilities with limited access.

• All staff handling personal data will be trained on GDPR requirements.

Individual Rights

Individuals have the right to:

1. Request access to their data (Subject Access Request).

2. Request correction or deletion of inaccurate or outdated data.

3. Restrict or object to certain types of data processing.

4. Lodge a complaint with the Information Commissioner’s Office (ICO) if they believe their data is being mishandled.

Data Breaches

• Any data breaches will be reported to the ICO within 72 hours where required.

• Affected individuals will be informed promptly if their data is compromised.

Contact

For any data protection queries or to exercise your rights, please contact:

Bella Statton

Owner, Vixen Dance & Circus

Email: Vixendancecircus@outlook.com

If unsatisfied with the response, individuals can contact the ICO:

Information Commissioner’s Office

Website: www.ico.org.uk