Enter CIC is registered with the Information Commissioner’s Office to process personal data. Enter CIC is a data controller. Registration Number: Z2486288. Our personal information management procedures are GDPR compliant. GDPR = General Data Protection Regulation, the new law that helps to keep your personal information safe. When referencing GDPR, we also include references to the new Data Protection Act 2018.
What we need
- Enter CIC collects basic personal data about our students and their parents/carers (for students under 18).
- We collect minimal personal information about our visitors to our buildings and website.
- We collect basic contact details from those who buy tickets to our performances.
- We collect personal information about our staff and volunteers.
- All personal data we collect is volunteered by the owner of the information or their representative (parent). Usually, this will be on our enrolment form, Image Capture Consent Form, web forms and any other permission forms we use for bespoke trips and visits and performances.
- Typically, we collect name, address, date of birth, some contact details, as appropriate, and other information that allows us to provide the best service.
- We do not process any sensitive information unless this is required to safeguard our staff, volunteers, students, parents and visitors (such as medical information).
Why we need it
- We need to know students’ personal information to provide performing arts classes and opportunities for our students.
- We also need to collect the basic personal information of parents and carers to contact them in certain situations (emergencies and updates).
- We need to process personal information about our staff and volunteers for general administrative purposes.
- We will not collect any personal data from you that we do not need.
- You can also check our registration details for a full list of the data types we collect and the reasons we collect it.
We give you privacy information in a number of ways; in writing, orally, in signage and electronically. This can be at the time we collect personal information, before you give personal information, enter an area, in signs or symbols and on our website. We hope our signage is clear, well-positioned and gives you the information you need in an accessible format you can understand. Please let us know if this is not the case.
Is personal information safely handled?
All the personal data we process is processed securely by our GDPR-trained staff in the UK. Our website’s IT servers are also in UK data centres, so personal data is not shared internationally (see ‘Marketing information’ below). No third parties or unauthorised personnel have access to personal data at Enter, unless the law allows them to access it, or we must share it to safeguard staff, volunteers, students, parents and visitors. Where we do share personal information, this is done using the most secure methods available to us.
Do we share personal information?
Sometimes we need to share personal information with other organisations to carry out a legal obligation, such as make sure students are registered with exam / awarding bodies. Where we share personal information with others as a data controller or data processor, we have a GDPR-compliant Data Sharing Agreement in place to protect personal information.
How long we keep it
We may be required to retain personal information under certain laws, but, we will not keep personal data for longer than we need it.
Deleting personal information
When it comes time to delete personal information (if we’re asked to delete it, or if we no longer need to keep it), we always delete it securely, in line with the GDPR. There may be some exemptions that require us to keep personal information for certain periods of time, even if we receive a request to delete it.
Personal information that is used for marketing purposes will be kept with us until we no longer need it, or you notify us that you no longer wish to receive this information. Sometimes, with permission, we take pictures of our staff, volunteers, students, parents/carers and patrons and post them to social media. The online servers of Facebook, Twitter and Instagram (on which these images are held) are outside the European Economic Area.
What we would also like to do with it
We would like to use your name and email address to inform you of our future projects, offers or opportunities. We may use a third-party service such as MailChimp for this purpose. MailChimp is a GDPR-compliant service. This information is not shared with other third parties and you can unsubscribe at any time by contacting us, or using the links in the electronic communication we send.
What we don’t need
We do not, typically, need sensitive details such as financial and medical information, except where this concerns payment of invoices or the welfare of those using our services and buildings. You are always free to ask us why we need certain information and it is your right to refuse the request, but it may affect the level of service we can provide.
What we will never do
We will never sell your personal information. We will never share it with people who are not authorised to access it. We will never use it for any purposes that you have not agreed to.
What we don’t process at all
We don’t process bio metric information or automated profiling information. We don’t process certain types of data relating to certain protected characteristics as defined in the Equality Act 2010.
When payment is made for tickets via our TicketSource portal, we do not collect financial information, only name and contact information. Such financial information is retained on secure servers by TicketSource and we cannot access it. You can find more helpful information here: https://www.ticketsource.co.uk/kb/terms-of-use. TicketSource is GDPR-compliant. You can opt-in to receiving marketing information, but opted-out is the default setting.
We may collect your browsing information to help us understand what content or pages visitors to our website find useful. We only collect this information with your consent and do not automatically collect your browsing data before consent. Use the Cookie Control link in the bottom of our website to manage your cookie settings.
What are your rights?
You can ask to see a copy of any of your personal information we may be processing. If we are processing your personal data, we will let you know without undue delay and within one month and give you a copy of that data, if that’s what you wish. If at any point you believe the information we process about you is incorrect, you can request to have this corrected or deleted. You can also ask us to stop processing your personal data.
Contacting Enter CIC, the Data Conroller
If you wish to contact us regarding your personal information, you can do so at firstname.lastname@example.org, or use the details on our contact page. Before we begin processing your request we will ALWAYS request to check your identity and any claim of representation you make for access to personal information.
If you are not satisfied with our response you can contact the Information Commissioner’s Office (ICO).
This privacy notice has been prepared using advice and guidance from the Information Commissioner’s Office and was reviewed on 20/04/2018.