Privacy Policy

Introduction
How we collect your personal information
The types of information we collect
Why we collect your personal information and how we use it
How we handle your information and other organisations
How we protect your data
Your choices
Updates or changes to the Privacy Policy and Further Information

1. Introduction

Central School of Ballet (“Central”) is committed to protecting your personal information.

This Privacy Policy is intended to provide information about how Central will use (or “process”) personal data about individuals including: its staff; its current, past and prospective students; and their parents, carers or guardians (referred to in this policy as “parents”), donors, sponsors and audiences.

This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Staff, parents, students, donors, and audiences are all encouraged to read this Privacy Policy.

This Privacy Policy applies alongside any other information Central may provide about a particular use of personal data, for example when collecting data via an online or paper form.

Central School of Ballet is a charitable company limited by guarantee incorporated in England and Wales. Company number 1657717 Charity Registered Number 285398.

If you have questions regarding your information or its use, please contact our Data Controller via post at The Countess of Wessex Studios 21 – 22 Hatfields, Paris Garden London, SE1 8DJ; by phone +44 (0)20 7837 6332 or email info@csbschool.co.uk

2. How We Collect Your Personal Information

Generally, Central receives personal information from the individual directly (including, in the case of students, from their parents). This may be via a form, or simply in the ordinary course of interaction or communication (such as email or written assessments).

However, in some cases personal data will be supplied by third parties (for example another school, or other professionals or authorities working with that individual); or collected from publicly available resources.

3. The Types of Information We Collect

We collect different types of information depending on how you interact with us and what services you use. This may include:

Personal details such as name, date of birth, gender, ethnicity, nationality, disability status, marital status, contact details, emergency contacts, bank details, passport details, visa details and student ID number;
Special category data such as your racial or ethnic origin, religious or philosophical beliefs, sexual orientation;
Financial details such as tuition fees, scholarships, bursaries, loans, grants and payment details
Academic information such as past, present and prospective students’ academic, disciplinary, admissions and attendance records (including information about any additional needs), and examination scripts and marks;
Personnel files, employment history, CV, references, performance reviews and training record, and information in connection with employment or safeguarding;
(Where appropriate) information about student and staff health and medical records, and contact details for their next of kin;
References given or received by Central about students and staff, and information provided by previous educational establishments and/or other professionals or organisations working with students and staff;
Professional information such as employment history, CV, references, performance reviews and training records;
Staff records data such as contract type, salary range, cost centre allocation, teaching hours and qualifications;
Correspondence with and concerning staff, pupils and parents past and present; and
Still and moving images of students (and occasionally other individuals) engaging in school activities;
Financial information such as tuition fees, scholarships, bursaries, loans, grants, and payment details;
Equality and diversity monitoring information;
Feedback and opinions such as responses to surveys, complaints, and compliments;

4. Why We Collect Your Personal Information and How We Use It

In order to carry out its ordinary duties to staff, students, parents, users, donors and audiences, Central needs to process a wide range of personal data about individuals (including current, past and prospective staff, students or parents) as part of its daily operation.

Some of this activity Central will need to carry out in order to fulfil its legal rights, duties or obligations – including those under a contract with its staff, or parents of its students.

Other uses of personal data will be made in accordance with Central’s legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on individuals, and provided it does not involve special or sensitive types of data.

Central expects that the following uses will fall within that category of its “legitimate interests”:

For the purposes of student selection (and to confirm the identity of prospective students and their parents);
To provide teaching and monitor students’ progress and educational needs;
Maintaining relationships with alumni (see below);
For the purposes of donor due diligence, and to confirm the identity of prospective donors and their background and relevant interests;
For the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as tax, diversity or gender pay gap analysis);
To enable relevant authorities to monitor Central’s performance and to intervene or assist with incidents as appropriate;
To give and receive information and references about past, current and prospective students, including relating to outstanding fees or payment history, to/from any educational institution that the student attended or where it is proposed they attend; and to provide references to potential employers of past students;
To share publicly the achievements of students at Central;
To safeguard students’ welfare and provide appropriate pastoral care;
To monitor (as appropriate) use of the Central’s IT and communications systems in accordance with the Central’s IT Acceptable Use Policy;
To make use of photographic images of students in Central publications, on Central’s website and (where appropriate) on Central’s social media channels and in regional, national and international press, marketing and advertising in accordance with the Central’s Image Consent policies;
To carry out or cooperate with any internal or external complaints, disciplinary or investigation process; and
Where otherwise reasonably necessary for Central’s purposes, including to obtain appropriate professional advice and insurance for Central.
In addition, Central will on occasion need to process special category personal data (concerning health, ethnicity, religion, or sexual life) or criminal records information (such as when carrying out DBS checks) in accordance with rights or duties imposed on it by law, including as regards safeguarding and employment, or from time to time by explicit consent where required. These reasons will include:
To safeguard students’ welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other relevant information where it is in the individual’s interests to do so: for example for medical advice, for social protection, safeguarding and cooperation with police or social services, for insurance purposes or to caterers or organisers of visits who need to be made aware of dietary or medical needs;
To provide educational services in the context of any different abilities and additional needs of a student;
In connection with employment of its staff, for example DBS checks, welfare or pension plans;
As part of any Internal or external complaints, disciplinary or investigation process that involves such data, for example if there are any health or safeguarding elements; or
For legal and regulatory purposes (for example child protection, diversity monitoring and health and safety) and to comply with its legal obligations and duties of care.

Central will not sell, rent, trade or distribute your personal data to any third parties for marketing purposes unless we have received your prior permission to do so. Data may be shared with trusted service providers who are authorised to act on Central’s behalf and have entered into data processing agreements with us. These services may include payment processing, event ticketing, database services, website hosting and email delivery services. In these circumstances your data will only be used for the agreed purpose relating to the service that they are providing. We do not transfer any personal data to countries outside of the European Economic Area (EEA).

5. How We Handle Your Information and Other Organisations

For the most part, personal data collected by Central will remain within the organisation and the University of Kent and will be processed by appropriate individuals only in accordance with access protocols (i.e., on a ‘need to know’ basis). Stringent rules of access apply in the context of:

medical records held and accessed by the Head of Medical and appropriate medical staff under their supervision, or otherwise in accordance with express consent; and
Pastoral or safeguarding files.

However, a certain number of students’ relevant information will need to be provided to staff more widely to provide the necessary care and education that the student requires.

Occasionally, Central will need to share personal information relating to its community with third parties, such as professional advisers (medical consultants, lawyers, insurers, PR advisors, accountants), government authorities (HMRC, Office for Students (OfS), police), and appropriate regulatory bodies (the Charity Commission, the Information Commissioner).

Staff, students, and parents are reminded that Central is under duties imposed by law and statutory guidance to record or report incidents and concerns that arise or are reported to it, in some cases regardless of whether they are proven, if they meet a certain threshold of seriousness in their nature or regularity. This is likely to include file notes on personnel or safeguarding files, and in some cases, referrals to relevant authorities such as the LADO or police. For further information about this, please view the Central’s Safeguarding Policy.

We may also disclose your personal information to other organisations such as The Higher Education Statistics Agency (HESA), which is part of Jisc. Jisc is a not-for-profit organisation that provides digital solutions for education and research. HESA collects and analyses data on students and staff in higher education. You can find more information about how HESA processes your personal data on their privacy information page: https://www.hesa.ac.uk/about/website/privacy

Statutory returns to HESA include information on students’ enrolment, progression, completion and destinations after graduation. HESA uses this information for statistical purposes, such as producing official statistics, benchmarking and quality assurance. HESA also shares this information with other organisations that have a legitimate interest in higher education, such as funding bodies, government departments, regulators, and researchers. You can find more information about how HESA handles statutory returns on their data protection page: https://www.hesa.ac.uk/about/regulation/data-protection

Finally, in accordance with Data Protection Law, some of Central’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with Central’s specific directions.

6. How We Protect Your Data

Central School of Ballet is committed to protecting the personal information you entrust to us.

We adopt robust and appropriate technologies and policies, so the information we have about you is protected from unauthorised access and improper use e.g. our own network is protected.

As part of the services offered to you through the Central School of Ballet website, external providers may transfer your personal information to countries outside the European Economic Area (EEA).

By way of example, this may happen if any of the computer servers used to host the website are located in a country outside of the EEA.

Central will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff and student personnel files is up to 7 years following departure from Central. However, incident reports and safeguarding files will need to be kept much longer, in accordance with specific legal requirements.

If you have any specific queries about retention of data, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Data Controller at info@csbschool.co.uk. However, please bear in mind that Central will often have lawful and necessary reasons to hold on to some personal data even following such request.

If you ask us to stop sending direct marketing or development communications to you, we will keep the minimum amount of information (e.g. name, address or email address) to ensure we adhere with such requests.

Central will use the personal data of parents, alumni and other members of Central’s community so that we may keep them informed, by post or email, of Central’s developments, provide opportunities to attend events and performances, and identify ways they can support Central, through financial and non-financial means. We may occasionally submit Higher Education Statistics Authority or other surveys to gain their feedback and views to help improve the service we currently deliver.

We may also keep personal data of alumni within our archives to demonstrate the organisation’s cultural heritage and provide a resource for alumni to support their professional career and/or public image.

Should you wish to limit or object to any such use, or would like further information about them, please contact info@csbschool.co.uk. You always have the right to withdraw consent, where given, or otherwise object to direct marketing or fundraising. However, Central may need nonetheless to retain some of your details (not least to ensure that no more communications are sent to that particular address, email or telephone number).

As a registered charity, we rely on funds raised from a variety of different sources including individuals, companies, charitable trusts and other grant-giving bodies. The generosity of these supporters enables Central to train talented dancers regardless of their economic background.

Where we believe there is ‘legitimate interest’, we may seek additional information before contacting individuals or companies to determine whether there is a suitable reason to engage with them, such as a shared interest or potential connection. We may also use public research to better understand the interests of our current supporters and Friends so we may improve our communication and suggest relevant opportunities to increase engagement with us.

We endeavour to tailor communication and improve the experience of our supporters and Friends have with Central. To do this we may segment personal data provided (for example in order to send an invitation to contacts geographically located close to the event location), analyse donations made to Central and access publicly available information to build a profile of interests and preferences (This might include: LinkedIn, Companies House, Charity Commission, amongst other legitimate media sources).

You can request that your data is not used for this kind of profiling and/or unsubscribe from future communications by contacting development@csbschool.co.uk.

7. Your Choices

Individuals have various rights under Data Protection Law to access and understand personal data about them held by Central, and in some cases ask for it to be erased or amended or have it transferred to others, or for Central to stop processing it, but subject to certain exemptions and limitations.

Any individual wishing to access or amend their personal data, or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Data Controller.

Central will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which is one month in the case of requests for access to information.

Central will be better able to respond quickly to smaller, targeted requests for information. If the request for information is manifestly excessive or similar to previous requests, Central may ask you to reconsider or require a proportionate fee, but only where Data Protection Law allows it.

You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal professional privilege. Central is also not required to disclose any student examination scripts (though examiners’ comments may fall to be disclosed), nor any confidential reference given by Central for the purposes of the education, training or employment of any individual.

Requests that cannot be fulfilled

You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals (and parents need to be aware this may include their own children, in certain limited situations – please see further below), or information which is subject to legal professional privilege (for example legal advice given to or sought by Central, or documents prepared in connection with a legal action).

Central is also not required to disclose any student assessment results, nor share any confidential reference given by Central itself for the purposes of the education, training or employment of any individual.

The “right to be forgotten”: we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your (or your child’s) personal data: for example, legal requirement, or where it falls within a legitimate interest identified in this Privacy Policy. All such requests will be considered on their own merits.

Student requests

Students can make subject access requests for their own personal data, provided that, in the reasonable opinion of Central, they have sufficient maturity to understand the request they are making. A student of any age may ask a parent or other representative to make a subject access request on his/her behalf.

Indeed, while a person with parental responsibility will generally be entitled to make a subject access request on behalf of younger students, the law still considers the information in question to be the child’s. For older students the parent making the request may need to evidence their child’s authority for the specific request.

It should be clearly understood that the rules on subject access are not the sole basis on which information requests are handled. Parents may not have a statutory right to information, but they and others will often have a legitimate interest or expectation in receiving certain information about pupils without their consent. Central may consider there are lawful grounds for sharing with or without reference to that student.

All information requests from, or on behalf of, or concerning students – whether made under subject access or simply as an incidental request – will therefore be considered on a case by case basis.

Consent

Where Central is relying on consent as a means to process personal data, any person may withdraw this consent at any time (subject to similar age considerations as above). Please be aware however that Central may have another lawful reason to process the personal data in question even without your consent.

That reason will usually have been asserted under this Privacy Policy, or may otherwise exist under some form of contract or agreement with the individual (eg an employment or student contract, or because a purchase of goods, services or membership of the Friends organisation has been requested).

Whose rights?

The rights under Data Protection Law belong to the individual to whom the data relates. However, Central will often rely on parental authority or notice for the necessary ways it processes personal data relating to students. For example, under the parent contract or via a form. Parents and students should be aware that this is not necessarily the same as Central relying on strict consent as outlined above.

Where consent is required, it may in some cases be necessary or appropriate – given the nature of the processing in question, and the student’s age and understanding, to seek the student’s consent.

Parents should be aware that in such situations they may not be consulted, depending on the interests of the child, the parents’ rights at law or under their contract, and all the circumstances.

In general, Central will assume that students’ consent is not required for ordinary disclosure of their personal data to their parents, eg for the purposes of keeping parents informed about the student’s activities, progress and behaviour, and in the interests of the student’s welfare. That is unless, in Central’s opinion, there is a good reason to do otherwise.

However, where a student seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, Central may be under an obligation to maintain confidentiality unless, in Central’s opinion, there is a good reason to do otherwise; for example where Central believes disclosure will be in the best interests of the student or other students, or if required by law.

Students are required to respect the personal data and privacy of others, and to comply with the Central’s Student IT Acceptable Use policy and Central rules. Staff are under professional duties to do the same covered under the relevant staff policy.

8. Updates or Changes to the Privacy Policy and Further Information

This notice was updated on 27 July 2022.

It is due for review on September 2024.

It may be updated to take into account changes at Central or for example to reflect changes to regulation or legislation.

Updates to this policy will be posted on our website – please check back from time to time. We may also inform you of any changes where we hold an appropriate email address for you.

For our Cookies Policy, please see here.