Privacy Policy

This privacy and cookies policy (the "Policy" for short) provides information regarding the treatment of information provided to, or collected by, Grays Drama Academy CIC; and applies to: (i) this website, (ii) any direct or indirect engagement with GDA in other ways (such as, email correspondence).

Information collected under this policy may be used in the manner described below by GDA, its subsidiaries, agents, trusted partners and affiliates acting on its behalf (collectively "GDA"). When used herein, the terms "we", "us" and "our" refer to GDA. When this Policy refers to the term "personal information" we mean information that identifies a particular individual, such as a full name, street address, telephone number, photography or email address.

By visiting this website and/or otherwise providing, or allowing your data to be provided, to GDA you agree that (i) you have read and understood this Policy; and (ii) agree to GDA's collection and processing of your personal information in accordance with this Policy.

If you have any questions about the way in which your data is collected, processed or held by GDA, you can contact us via email at info@graysdramaacademy.co.uk, and we will do our best to provide an answer.

From whom does GDA collect Data

We collect information from three groups of people:

1. "Individuals", who have contacted us via email, engaged with us on social media, completed a customer survey or otherwise interacted with us (excluding interaction in the course of business between GDA and such individual);
2. "Website Users", who visit this page; and

Business clients and providers ("B2B"), licensors and rights holders or third parties whom provide us a service and/or any other individual with whom we interact solely in the course of business.

What information does GDA collect

GDA collects two basic types of information personal information (which can be used to identify a specific individual) and anonymous information (which provides analytical information, but cannot be used to identify a specific individual); and may use personal information to create a third type of information aggregate information (i.e. a collection of similar or related data).

Individuals:

GDA collects the information you provide to us when you email us, participate in our activities (such as engaging with our social networks), participate in other activities related to GDA communications and/or content, or otherwise interact with us using one or more devices. Such information shall include but may not be limited to:

• If you email us: name and email address.
• If you interact with us on social media* (and depending on your own privacy settings): Campaign tag information (e.g. hashtags), name, social network ID, image/profile picture, email address, gender, location, date of birth and/or such other information which you have explicitly made available, either by granting access specifically to GDA or by making such information visible to the general public.

*GDA does not control third-party sites or platforms (e.g. Facebook, Twitter, Instagram, MailChimp, SurveyMonkey, and Powster) and this Policy does not apply to them. Please consult the policy of the relevant third party to find out how they collect and use your information.

Website Users:

You make certain information available to us when you visit our websites or use our services via a third-party platform using one or more devices and GDA uses technology such as cookies to collect such information, insofar as we are permitted by law and where applicable, subject to your explicit consent. Such information shall include but may not be limited to:

• User client ID generated by Cookies which are unique to you;
• Referrer information (e.g. location of the link you clicked to reach our page);
• Campaign tag information (e.g. hashtags);
• User agent information (e.g. browser type);
• Device type (e.g. iPhone, iPad, Android);
• Your IP address;
• Country and city location data (based on IP) and User's click events (i.e. where you point and click on our site).

Further information on GDA's use of Cookies can be found below.

B2B:

GDA also collects personal information provided in the course of business, such as names, e-mail addresses, telephone numbers, job titles, and financial/payment information, as may be necessary to perform the functions required for the specific business relationship in question.

How GDA uses your information:

You agree that we may use your information for the following purposes:

• To monitor performance of, optimise or improve our products, services and operations;
• Create anonymous, aggregated statistics about the use of our websites, content, or services which we may share with third parties and/or make available to the public;
• To enforce, protect and defend legal rights (including those of third party rights owners in respect of any content distributed by GDA) and to detect, investigate and prevent activities which may violate our policies or be illegal;

And in accordance with local laws, and choices and controls which may be available to you, we may use information collected from you or devices associated with you to:

Individuals:

• To respond to any enquiry you may have sent to us;
• To ask your opinion on our content or services;
• Provided that you have opted in to such activity:
• Personalise content and experiences.

Web site users:

• to provide you with access to the relevant website, and provide any services or information that you may have requested from us;
• to improve this website, and ensure that information on it is presented in the most effective and optimal manner;
• for security purposes. This information may be passed to the police or to other appropriate authorities. We base this processing on our legitimate interests to protect you and our company, systems, employees and partners, or on a legal obligation to cooperate with competent authorities.

B2B

• To provide content and/or materials pursuant to a written contractual agreement between us; and checking that a payment is not made fraudulently.

Sharing your imformation with other companies:

We will not share your information with any third party, save for the following circumstances:

• Sharing with our affiliates and group companies where applicable and in connection with the one or more of the uses listed above;
• Here such information is shared with a third party in connection with:
  • The sale of a business;
  • To enforce our Terms of Use or rules;
  • To protect GDA and/or a third-party rights holder's rights or property;
  • To comply with legal process or other cases if we believe in good faith that such disclosure is required by law;
• Where you have directed us to share your information with third-party sites or platforms, including social networks and select third parties with whom GDA works whereby sharing such information is necessary for the purpose of delivering the services that you have requested (e.g. MailChimp, SurveyMonkey, and Powster).

In certain circumstances the above may involve transferring your data outside of the European Economic Area ("EEA"). Whenever we transfer your data outside of the EEA we will ensure that a similar degree of protection is afforded to it by ensuring that the recipient has, or is located in a jurisdiction which has, been approved by the European Commission as being capable of providing the appropriate level of protection, that the recipient has signed a contract in the format approved by the European Commission, and/or, with your express consent to do so.

Please note that once your information has been shared with another company, the information received by such company becomes subject to that company's own privacy practices.

How your information is stored

We use industry standard technological and operational security measures to protect your information against any unauthorised access to or unlawful use. However, no method of transmission over the internet or method of electronic storage is 100% secure and we cannot guarantee its absolute security.

How long is your information kept for?

Save as expressly set out below, we will retain information collected pursuant to this Policy for as long as is necessary to provide you with the services that you have requested from us or for as long as otherwise permitted by law.

Individuals:

Without prejudice to the above, to ensure that we always have the most up to date consent and accurate data from you, GDA will endeavour to contact you by e-mail to seek renewed consent at least once during a specified time period depending on the type of content we are contacting you about and how frequently we are able predict future releases of similar content.:

• GDA will contact subscribers at least once every two (2) calendar years

These e-mail communications will ask you to expressly re-subscribe and provide your current details. If you do not respond, we will assume that you no longer wish to hear from us and will remove you from the mailing list until such time as you actively re-subscribe.

Where your information is stored:

Our servers are situated in the European Economic Area (predominantly the UK and Ireland) and all of the information that we collect about you will be stored on these servers. Save as expressly set out herein, and/or unless permitted by any specific law or regulation, we will not share your information outside of the European Economic Area without your explicit consent.

Your rights, controls and choices:

We provide you with the ability to exercise certain controls regarding its collection, use and sharing of your information. In accordance with local law, your controls and choices may include:

• You may change your choices for subscriptions, newsletters and alerts;
• You may choose whether we share your information with other companies outside of the GDA group so that they can send you offers and promotions about their products and services;

In addition, you have certain rights in respect of the information which we hold about you, including:

• The right to ask us not to process your personal information for marketing purposes;
• The right to request access to the information we hold about you;
• The right to object to processing likely to cause or is causing damage or distress;
• The right to object to decisions being taken by automatic means; and
• The right, in certain circumstances, to have inaccuracies in your personal information rectified, or to have your information blocked, erased or destroyed.

You may exercise your controls and choices by following instructions provided in any communications sent to you or by contacting us via email on info@graysdramaacademy.co.uk. Please be aware that in order to process your request we may first require you to provide further information in order to verify your identity as the owner of such personal information.

General Data Protection Regulations 2018

In accordance with the GPDR Statement.

GDPR stands for General Data Protection Regulation and replaces the previous Data Protection. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018. GDPR states that personal data should be 'processed fairly & lawfully' and 'collected for specified, explicit and legitimate purposes and that individual's data is not processed without their knowledge and are only processed with their 'explicit' consent.

GDPR covers personal data relating to individuals. Grays Drama Academy is committed to protecting the rights and freedoms of individuals with respect to the processing of children's, parents, visitors and staff personal data. The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

What we do at Grays Drama Academy:

• We do not disclose or sell personal data to third parties.
• We do not disclose personal data to other members of the academy and their families.
• The academy uses contact numbers and emails for newsletters, updates, whole
• school and individual communication, invoices and general information.
• Personal data is stored on My Music Staff locked and password protected

Invoicing system.

• Paper registration forms are stored in a secured filing cabinet at the academy's office.
• Hard copy information is destroyed via secure information shredding service.
• Information about individual children is used in certain documents, such as, a weekly register, medication forms and examination documentations. These documents include data such as children's names, date of birth and emergency contact numbers. These records are shredded after the relevant retention period.
• Grays Drama Academy collects a large amount of personal data every year including; names and addresses of those on the waiting list. These records are shredded if the child does not attend or added to the child's file and stored appropriately.
• Grays Drama Academy stores personal data held visually in photographs or video clips or as sound recordings. No names are stored with images without permission in photo albums, displays, on the website or on Grays Drama Academy social media sites.
• Access to My Music Staff, Academy Email account, Website, personal Data, Social Media Accounts, Newsletters and Examination Details is password protected and is not available to members of the Public or, members of the academy. The principal and teachers have sole access to all this data. When a member of staff leaves the academy, these passwords are changed in line with this policy and our Safeguarding policy.
• Any portable data storage used to store personal data, e.g., USB memory stick, are
• password protected and/or stored in a locked filing cabinet.

GDPR includes 7 rights for individuals

1. The right to be informed

Grays Drama Academy is registered with My Music Staff and is required to collect and manage certain data. The academy collects parent's and or guardian's names, addresses, emergency telephone numbers and email addresses. We also collect children's' full names, addresses, date of birth along with any SEN requirements and are stored via a secure electronic system My Music Staff and paper registration forms are stored in a secured filing cabinet at the academy's office. This is in respect of our Health and Safety and Safeguarding Policies. As an Employer of Self-Employed practitioners, Grays Drama Academy is required to hold data on its teachers such as names, addresses, email addresses, telephone numbers and bank details. Information such as Disclosure and Barring Service checks (DBS), personal Public Liability insurance, First Aid Certificate's, Membership details and any qualification's, chaperone licences. This information stored via a secure electronic system My Music Staff and paper forms are stored in a secured filing cabinet at the academy's office.

2. The right of access

At any point an individual can make a request relating to their data and Grays Drama Academy will need to provide a response (within 1 month). Grays Drama Academy can refuse a request, if we have a lawful obligation to retain data but we will inform the individual of the reasons for the rejection.

3. The right to erasure

You have the right to request the deletion of your data where there is no compelling reason for its continued use. Grays Drama Academy retain any records relating to student's accident and injury records for 19 years (or until the child reaches 21 years), and 22 years (or until the child reaches 24 years) for Child Protection records. Self-Employed teaching records will be erased when the member of staff leaves their position. All hard copy information is destroyed via secure information shredding service.

4. The right to restrict processing

Parents, visitors and staff can object to Grays Drama Academy processing their data. This means that records can be stored but must not be used in any way, for example Academy Newsletters, General Emails about academy news and updates. In this situation, the academy has no obligation to refund any classes missed or cancelled due to 'lack of communication'. It will be the parent's responsibility to ensure they are informed about the Termly event's happening at the academy.

5. The right to data portability

Grays Drama Academy requires data, for example registration forms to be transferred from student, to teacher, to drama principal. The academy also requires to provide data such as student DOB and exam pin number's to be able to enter students in LCM and LAMDA Exams. In this case recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.

6. The right to object

Parents, visitors and staff can object to their data being used for certain activities like marketing or research.

7. The right not to be subject to automated decision-making including profiling.

Automated decisions and profiling are used for marketing-based organisations. Grays Drama Academy does not use personal data for such purposes. This Policy was issued by the Principal Joanne Copeman, owner of Grays Drama Academy in June 2023