Privacy Notice

Effective Date: 09/02/2021

The Royal Academy of Dance (RAD) (including Royal Academy of Dance Enterprises Ltd) is committed to protecting the privacy and security of your personal information in accordance with the Data Protection Act 2018 and any replacement legislation which may come into effect. We take care to protect the privacy of our customers, students, visitors and users of our products that communicate (online or offline) with us, in store, events, over the phone, through email, through our websites and social media platforms.

We have developed this privacy notice to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.

RAD is the data controller for the personal information we process unless otherwise stated. We are registered with the Information Commissioner’s Office (the ICO) with registration number Z5872158.

You can contact us by either phone, email or post.

Our main trading/postal address:
36 Battersea Square
London
SW11 3RA

Phone: +44 (0)20 7326 8000
Email: info@rad.org.uk

Our Data Protection Officer is:
The DPO Centre Ltd.
50 Liverpool Street
London
EC2M 7PY

Email: DPO@rad.org.uk
Phone: +44(0) 203 797 1289
Website: www.dpocentre.com

This Privacy Notice explains:

  • How, when and why we collect personal information
  • How we use the information
  • How long we keep it
  • When and how we may share it with others
  • How we keep it secure, and
  • Your privacy rights and how the law protects you

We only use personal information if we have an appropriate reason (lawful basis) to do so and this includes sharing information outside the Royal Academy of Dance.

How Do We Collect Your Information?

We may obtain information about you when you:

  • Complete an online, electronic or paper application form
  • Speak to us on the telephone or in person
  • Email us
  • Visit our website(s)
  • Make a payment or donation
  • Make a booking for an event, class or workshop
  • Complete a survey online or paper version
  • Sign up to a RAD mailing list
  • Contact us through the online library catalogue
  • Apply for a job vacancy with us
  • As described in separate department privacy policies

(The above list is representative and not exhaustive.)

What Type of Information Do We Collect from you?

The personal information we collect may include your:

  • Name
  • Date of birth/age
  • Gender
  • Home address
  • Email address
  • Telephone number
  • Nationality
  • School/business name
  • School/business address
  • Credit/debit card information
  • Health or disability information (or other ‘special data’)
  • Emergency contact name, number and relation to you
  • Membership of professional bodies or associations
  • Dance teaching experience and/or skills, qualifications (dance, dance teaching, languages etc.)
  • IP (internet protocol) address

(The above list is representative and not exhaustive).

Lawful Basis for Processing Personal Data

In order to process personal data, we rely on the following lawful bases:

  • Consent
  • Contractual obligation
  • Vital interests
  • Legal obligation
  • Our legitimate interests

More information on how different departments within the RAD use the above lawful bases to process personal data can be found in their separate privacy policies below.

Where we process special category personal data (e.g. health information, race, ethnic origin etc) we will ensure the correct lawful basis and special condition are applied. If you do have any concerns to how we use a lawful basis and special condition you can contact us using our details as described in this notice or you can contact our Data Protection Officer as also described above.

How Is Your Information Used?

We use your information to:

  • Process an application that you have made for an activity (membership, CPD, class, course or programme of study) or event
  • Process an order for a product or other service
  • Process a payment (or credit) for a product or service
  • Process entries for competitions and bursaries
  • Seek your views or comments on the services we provide
  • Notify you of changes to our services
  • Send you communications/publications which you have requested and that may be of interest to you, which may include information about new products, services, events, and activities
  • Handle an enquiry or complaint you have made
  • Invite you to attend an event, seminar or conference
  • Ask you to support our work by making a donation or becoming a sponsor or supporter of the RAD, and
  • To contact you in an emergency.
  • As described in separate department privacy policies.

(The above list is representative and not exhaustive).

Recruitment and Criminal Data Processing

From time to time we will advertise on our website vacancies which may arise. For the recruitment and selection we will require personal data to determine a pool of suitable applicants. See more information on data processing for recruitment.

Due to the nature of our organisation, we carry out criminal background checks in instances such as before we offer positions to those who may have to work with children or other vulnerable groups, apply for certain RAD memberships or when you apply to one of our courses. In order to carry out such checks we will engage with a third-party company called Due Diligence Checking Ltd. We do this to ensure the vital interests of our students and other legal obligations such as safeguarding.

You can review our Criminal Records Checks and Recruitment of Ex-Offenders policy.

More information can be found in the separate department privacy policies. If you have any questions or concerns about this you can contact us using our details mentioned above.

Children

We are particularly concerned to protect the privacy of children. We are confident that our systems and processes are designed to be fair to children, to protect their rights and freedoms, and to be fully in line with their reasonable expectations and those of their parents. We take responsibility for identifying the risks and consequences of processing children’s data. Sometimes we may need to check your age, which might mean we need to contact your parent or guardian.

Safeguarding

The RAD has a statutory and moral duty to safeguard and promote the welfare of all children, young people and vulnerable adults receiving education and training with us. More information can be found in our Safeguarding Policy & Procedures.

Who Has Access to Your Information and Data Sharing

RAD does not sell, rent or buy your information to or from other organisations.

We will not release your information to other organisations unless in exceptional cases when we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

Also due to the nature of our organisation departments within RAD may share your data with each other to help fulfil orders, answer queries or help with educational aspects with your time with us to name as a few examples. This may also involve data sharing with other RAD offices across the globe. Where data sharing is required, we ensure there is a legitimate purpose to do so and we have consulted with our Data Protection Officer.

Transferring your information outside of the UK

As mentioned above, due to the nature of our organisation there may be instances where we may need to transfer your data outside the UK. We may need to share your data with other RAD entities or companies who are in the European Economic Area (The EU member states, Norway, Iceland and Liechtenstein), in an adequate listed country or in other third countries who may not have similar data protection laws to the UK. If we need to transfer your information outside the UK we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Notice.

Third-Party Service Providers

We make certain personal information available to third parties who provide services to us. We do so on a ‘need to know basis’ and in accordance with applicable data privacy law. Where we do use third-party service providers we will ensure they have the appropriate data processor/data sharing agreement in place and the agreements contain the appropriate clauses as well.

A list of third-party service providers can be found on our website.

Recognition and Accreditation

If you apply for a university-validated programme, your personal information will be shared with the validating university and government agencies, such as the Higher Education Statistics Agency, as and when required. Please read HESA’s Privacy Policy.

The RAD is recognised to award qualifications on the Regulated Qualifications Framework (RQF) in England by the Office of Qualifications and Examinations Regulation (Ofqual), in Wales by Qualifications Wales, and in Northern Ireland by the Council for the Curriculum, Examinations and Assessment (CCEA). The RAD is also recognised to award qualifications on the Scottish Credit and Qualifications Framework (SCQF), by SQA Accreditation, a part of the Scottish Qualifications Authority.

The RAD is validated by the Council for Dance, Drama and Musical Theatre (CDMT) as an awarding organisation.

We may be required to submit data that includes personal information to one or more of the named organisations in order to comply with their conditions of recognition, maintain the RAD’s status as a recognised awarding body and for quality assurance purposes.

The RAD also offers GCSE, AS and A Level Dance. In order for students to be entered in for their examination, we are required to share their full name, date of birth, gender and UCI and ULN number with the exam board AQA. This is requested by the exam board and no further details are shared. For more information on how your information is used, please see AQA Privacy Notice.

In addition in order for students to be approved for access arrangements (special requirements in order to sit exam e.g. extra time), we are required to share their full name, date of birth, gender, UCI and ULN number and evidence of SEND requirements with JCQ. For more information on how your information is used, please see JCQ Privacy Notice.

Social Media Platforms

If you engage with the RAD on any of our social media channels you should know that we do not collect your personal information it remains within the platform that we are using and so you should familiarise yourself with their privacy notices and policies: Facebook, Twitter, Instagram, LinkedIn and YouTube. The Royal Academy of Dance may use information you provide to share updates, news and events, in the form of customised online advertising. If you send us a direct message, your information remains within the platform unless we ask you to provide us with your contact details to continue the conversation offline or privately, and you consent to do that.

Cookies

More information to how we use cookies and how you can change your consent can be found in our cookie policy.

Security precautions in place to protect the loss, misuse or alteration of your information

The RAD’s website is built in HTTPS. The principal motivation for HTTPS is authentication of the website and protection of the privacy and integrity of the information exchanged while in transit. You can be assured that any personal information that requires extra security (such as credit or debit card details) is encrypted and protected using industry-standard security measures, including the Secure Socket Layer (SSL) protocol.

Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We work closely with our IT Team and external IT support providers to ensure other departments within our organisation have sufficient technical and organisational security measures installed and put into place where needed. If we become aware of any loss, misuse, alteration of your information we will work closely with our IT team, DPO and other parties as necessary to investigate the incident at hand. We have put into place the relevant procedure and policies in place to investigate, mitigate and report (when needed to relevant parties) such instances.

For processing payments

Where you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). Find out more about PCI-DSS. We do not store your card details for use in future transactions.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.

Your Rights to your Personal Data

The right to be informed about our collection and use of personal data

You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website notice. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.

Right to Access Your Personal Information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Data Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If you would like to exercise this right, please contact ipoguedp@rad.org.uk.

Right to Correction Your Personal Information

If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.

If you would like to exercise this right, please contact info@rad.org.uk.

Right to Stop or Limit (Restrict) Our Processing of Your Data

You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

If you would like to exercise this right, please contact info@rad.org.uk.

Right to Erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

If you would like to exercise this right, please contact ipoguedp@rad.org.uk.

Right to Portability

The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine-readable format. It also gives you the right to request that a controller transmits this data directly to another controller.

If you would like to exercise this right, please contact info@rad.org.uk.

For more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public.

Questions and Complaints

Any questions regarding this Privacy Notice and our privacy practices should be sent by email to ipoguedp@rad.org.uk or telephone +44 (0)207 326 8000. You can also contact our Data Protection Officers as listed above.

If you have a complaint about our privacy practices and the way we have collected, used, retained or disposed of your information please contact ipoguedp@rad.org.uk or telephone +44(0) 207 326 8000. Alternatively, you can contact the Information Commissioner’s Office to report a concern by calling their helpline on 0303 123 1113 (in the UK) or visiting https://ico.org.uk/make-a-complaint. If you are based elsewhere within the European Economic Area a list of supervisory authorities can be found here https://edpb.europa.eu/about-edpb/board/members_en)

How Long is Your Information Kept?

We review how long we keep personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations, for example, all financial records are held for 7 years. In other areas of the business we hold your personal information on our systems, only for only as long as is necessary for the relevant activity, or as long as is set out in any relevant contract or agreement you hold with us.

Departmental Privacy Notices

For each area of the RAD’s business we have outlined specifically how we collect, use, store your information and how long we keep it.

Privacy Notice review

We review this notice annually or as and when changes in legislation or internal procedures require it. This notice is reviewed by the Information Management Committee, Executive Board and Board of Trustees.