THEATRICOOL PRIVACY POLICY 2018 

Protecting Your Personal Data 
 
This Data Protection policy will lay out the procedures undertaken by Theatricool to ensure that Theatricool is compliant with relevant data protection legislation. It has been written in accordance with the information provided by the IOC (Information Commissioner’s Office) prior to the release of the GDPR (General Data Protection Regulation). 
CONTENT:  
Last Modified 25th May 2018 
 
1. Establishing a lawful basis for handling data 
 
In accordance with Article 5 (2), This policy will document the ‘lawful basis’ by Theatricool to handle data. This ‘lawful basis’ is set out in Article 6 of GDPR (General Data Protection Regulation). The lawful basis may be as follows: 
 
(1) Where express consent has been given. 
 
Theatricool utilises a mailing list in order to communicate updates for new classes. Express consent must be provide 
in order to be added 
 
(2) Where data is required to enable contractual obligations to be fulfilled. 
 
Theatricool will require personal data in order to enter into a contract such as registering a student. 
 
(3) Legitimate Interests 
 
Data may be collected for legitimate interests such as marketing purposes. This may include the marketing of events. 
 
 
 
2. Data processing must be necessary 
 
 
This policy will ensure that data processing only occurs where necessary and will only be used for achieving a specific purpose. The legal basis of the data collection is determined by the specific purpose and data collection will only occur in a ‘targeted and proportionate’ manner to achieve the purpose of data collection. 
 
 
3. Data controller  
 
The data controller responsible for this website is 'Theatricool Performing Arts School' who can be contacted at 18 London Rd, Colchester, Essex, CO3 4DE.  
 
4. Procedures for ensuring valid consent 
 
Theatricool stores relevant email addresses to enable mailing list communication relating to news and events. Procedures have been adopted to ensure valid consent has been granted. This includes a direct request to be included onto the mailing list using unambiguous and clear language. The request requires a positive email response to ‘opt in’. This is then followed by a subsequent ‘welcome email’ which documents clearly the right to withdraw consent. All further email communication contains an ‘unsubscribe’ welcome email which documents clearly the right to withdraw consent. 
 
5. Consent Reviews 
 
Consent Reviews will take place every twelve months whereby people will be asked if they wish to withdraw from the mailing list. 
 
6. Gathering data for contractural purposes 
 
 
In accordance with S6 s(1) b attending as a student will require the collection of data to enable contractual obligations to be fulfilled. This is a necessary procedure and only minimal data will be collected to enable this to take place appropriately. Such data will include: 
 
Students: 
 
Full name 
Address 
Gender 
Date of birth 
School year 
Email address 
Medical conditions 
 
Parents/Guardians: (If your child is over 16 years of age please ensure you have their permission to share the above information with us.) 
 
Parents/guardians emergency contact details 
Home/business address 
Telephone number 
 
The above specified information will be used by Theatricool for the purposes of administration, research, the provision of teaching, services in singing, dance and drama, the organisation of performances and for the administration of Theatricool's statutory obligations under legislation relating to children. Theatricool do not disclose this information to third parties for marketing purposes. 
 
7. Safeguarding Privacy 
 
Theatricool will ensure privacy by engaging fully with the right to be informed. Privacy notices will include the following: 
 
The purpose of processing the data 
Who it will be shared with 
 
8. Ensuring right of access to personal data 
 
Theatricool will allow a right of access to both personal data and supplementary information free of charge. Any requests for information will be provided within one month of receiving the request. 
 
9. Ensuring right to rectification 
 
Theatricool recognises that an individual has the right to have inaccurate personal data rectified or completed if incomplete. 
 
Requests for rectification can be made either verbally or in writing 
Theatricool will ensure that rectification will occur within one month of the request being made 
 
10. Ensuring right to erasure 
 
Theatricool recognises the rights of individuals to have their personal data erased. 
A request for erasure may be made either verbally or in writing 
Theatricool will respond to the request within one month of receiving a request for erasure of personal data. 
Where data is being processed by Theatricool and a request for erasure is made, the processing of the data will cease 
 
11. Ensuring accountability and governance 
 
In accordance with Article 5 (2) Theatricool ensures accountability and governance through the following procedures: 
 
Regular internal audits 
Appropriate training 
Maintenance of relevant processing documentation 
 
12. Security 
 
Theatricool ensures that all data will be processed and stored securely to meet with GDPR requirements. We use Membermeister and Albert for our invoicing. Our email and website is maintained by Spoton.net Limited (registered company number 06139437 in England and Wales) – they have confirmed their systems and hosting platforms are GDPR complaint at the required level of encryption. Confirmation can be forwarded on request. 
 
Further information is available below detailing information collected on this website using Cookies on our behalf 
Further information is available below on data collected by third parties via this website using Cookies 
 
13. Personal data breaches 
 
Theatricool will report any personal data breaches that risk rights and freedoms of a data subject to the relevant parties involved. All breaches of data will be recorded. 
 
14. Cookies 
 
Cookies are small pieces of text that are stored by your browser. Each cookie has a name and is associated with a particular site. When your browser sends a request to a site (for example, to download a page, image, or video), the computer that responds (known as a server) may tell your browser to set one or more cookies. When your browser makes further requests to the same site it sends the cookies back to the server. This allows the server to remember you as you browse the site, and provide features such as shopping baskets or password-protected areas. For more information on the cookies we use, see our cookie policy. 
First-party cookies 
First-party cookies are set when you interact with our site. Your browser will only send these cookies in requests to our site. 
 
Essential cookies 
These cookies are necessary for our site to work correctly. You can block these cookies through your browser settings, but if you choose to do so some features will no longer work. 
 
w_c 
This cookie is used to remember your cookie preferences. It is created when you change your cookie preferences and expires after thirty days. 
 
__cfduid 
This cookie is used by Cloudflare to distinguish each visitor in order to apply appropriate security features. It is created when you first view our site and expires after one year. For more information, see the Cloudflare section of our privacy policy. 
 
Google Analytics cookies 
These cookies are used by Google Analytics to track visitor interaction with our site in order to produce statistical reports for us. These cookies are created when you first view our site. For more information, see the Google Analytics section of our privacy policy. 
 
_ga 
This cookie is used to distinguish each visitor. It expires after two years. 
 
_gid 
This cookie is used to distinguish each visitor. It expires after one day. 
 
_gat_gtag_UA_34426334_1 
This cookie is used to limit the number of requests sent to Google. It expires after one minute. 
 
Third-party cookies 
Third-party cookies are created by functionality and content on our site that are supplied by other providers. Your browser will send these cookies in requests to the provider of the functionality or content, which may allow the provider to track you across multiple sites. 
 
Other third-party cookies 
These cookies are set by content on our site that is supplied by other providers. You can block these cookies through your browser settings, but if you choose to do so some features will no longer work. 
 
Facebook page widget 
The Facebook page widget creates cookies when the widget loads. For more information, see the Facebook page widget section of our privacy policy. 
 
Twitter profile widget 
The Twitter profile widget creates cookies when the widget loads. For more information, see the Twitter profile widget section of our privacy policy. 
 
Vimeo video player 
The Vimeo video player creates cookies when the video starts playing. For more information, see the Vimeo video player section of our privacy policy. 
 
YouTube video player 
The YouTube video player creates cookies when the video starts playing. For more information, see the YouTube video player section of our privacy policy. 
15. Data collected by third parties on our behalf 
 
Spoton.net 
 
Our site is hosted by Spoton.net Limited (registered company number 06139437 in England and Wales). Spoton.net logs all requests in order determine the causes of reported faults and to detect and block suspicious traffic. The log records the time of the request, your IP address, the requested resource, the referring site (if specified by your browser), and your browser’s user agent string (which will usually include the name and version of your browser and operating system). Log files are deleted after ninety days. 
 
Lawful basis for processing: Compliance with a legal obligation 
Why?: To comply with the GDPR obligation to implement appropriate technical measures to protect data 
 
Cloudflare 
 
Our site is served through Cloudflare. Cloudflare helps our site load faster by storing copies of our content in data centres around the world, and defends our site from attacks by logging requests to detect and block suspicious traffic. For more information on how Cloudflare handles the data it collects, see Cloudflare’s privacy policy
 
Lawful basis for processing: Compliance with a legal obligation 
Why?: To comply with the GDPR obligation to implement appropriate technical measures to protect data 
 
Google Analytics 
 
We use Google Analytics to track visitor interaction with our site in order to produce statistical reports. Google collects details of the pages you view and the time you viewed them, the features of your browser, and your IP address. We have enabled IP anonymisation so that Google will not store your complete IP address. For more information on how Google handles the data it collects, see Google’s privacy policy
 
To opt out of Google Analytics tracking on our site, see the Google Analytics section of our cookie policy. To opt out of Google Analytics tracking on all sites, use the Google Analytics Opt-out Browser Add-on
 
Lawful basis for processing: Pursuance of our legitimate interests 
Why?: To allow us to analyse how visitors interaction with our site in order to improve our site and our services 
 
Other data collected by third parties 
 
Facebook page widget 
When you view a page containing the Facebook page widget, your browser connects to Facebook. For more information on how Facebook handles the data it collects, see Facebook’s privacy policy
 
Google Maps 
When you view a page containing embedded Google Maps, your browser connects to Google Maps. For more information on how Google handles the data it collects, see Google’s privacy policy
 
Twitter profile widget 
When you view a page containing the Twitter profile widget, your browser connects to Twitter. For more information on how Twitter handles the data it collects, see Twitter’s privacy policy
 
Vimeo video player 
When you view a page containing the Vimeo video player, your browser connects to Vimeo. For more information on how Vimeo handles the data it collects, see Vimeo’s privacy policy
 
YouTube video player 
When you view a page containing the YouTube video player, your browser connects to YouTube. For more information on how Google (the operator of YouTube) handles the data it collects, see Google’s privacy policy
BACK TO TOP 
 
Our site uses cookies. For more information, see our cookie policy. ACCEPT COOKIES MANAGE SETTINGS