1 Our approach
1.2 This Policy should be read in conjunction with the Terms and Conditions of use for https://www.istd.org/ (the “Website”) of which it forms part (the “Terms”). If you do not agree with this Policy or the Terms, you must not use this Website or submit information to us through or in connection with this Website.
1.3 If you have any questions about this Policy or would like any further information please write to Keith Stephenson, Data Controller at The Imperial Society of Dance Teachers, Imperial House, 22/26 Paul Street, London EC2A 4QE or email us at email@example.com
1.4 If you are an employee or worker of ISTD, the information about how we handle your personal information as an employee is provided in your employment or temporary worker contract and in the Privacy Notice for Employees/Workers on our Website.
2 What information do we collect
2.1 Personal data means any information relating to a person who can be identified either directly or indirectly (“Personal Data”). It may include name, address, email address, phone number, credit or debit card number and IP address.
2.2 We will use, store or otherwise process any of your Personal Data in accordance with the terms of this Policy, including but not limited to, your name, postal address, e-mail address, telephone number, bank details, credit or debit card number, IP address, details of your qualifications and any other Personal Data collected on registration with ISTD, subscription to DANCE magazine and through surveys, to the extent reasonably necessary to provide the offerings that are available to you by us.
2.3 Where your information is given to us by a dance school for the purposes of registering you for examinations we may also process any of your Personal Data in accordance with the terms of this Policy, including but not limited to, your name, postal address, e-mail address, telephone number. Such Personal Data will also be processed on behalf of the relevant dance school in accordance with the agreement between ISTD and that dance school.
2.4 You may give us information about yourself when you complete a ‘contact us’ form on our website https://www.istd.org/contact-us/. This may include your name, email address, address, phone number, company and any other additional information that you may choose to provide to us.
2.5 You may give us information about yourself when you complete an event or course registration form on our Website. This may include your name, email address, phone number, company and any other additional information that you may choose to provide us with.
2.6 When you visit our site, we may automatically collect the following information:
2.6.1 technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
2.6.2 information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
3 Special category data
3.1 As part of the registration for examinations we may also process special category data, this is defined as an individual’s (i) race; (ii) ethnic origin; (iii) politics; (iv) religion; (v) trade union membership; (vi) genetics; (vii) biometrics (where used for ID purposes); (viii) health data; (ix) sex life; and (x) sexual orientation. (“Special Category Data”). This would be most relevant where it was necessary to request extenuating circumstances or reasonable adjustments be made prior to entry into an examination.
3.2 As part of the registration for events as outlined at Clause 2.5 we may also process Special Category Data. For example, if a course or event was a residential or day course we would require certain medical data to formulate emergency procedures (if required) and to ensure that any health and safety needs are covered.
4 Childrens data
4.1 This website is not intended for children and we do not knowingly collect data relating to children. However, if you are under 13 years of age and you provide us with information on an application form (online or printed) your parent(s) or guardian(s) must give their permission.
4.2 We do not knowingly send marketing communications to persons under the age of 18. To the extent that ISTD does process children’s personal data, it will take steps to ensure an enhanced level of data protection.
5 How we will use your personal data
5.1 We will only process your Personal Data, in accordance with applicable law, for the following purposes:
- internal record keeping;
- creating and maintaining your teacher profile;
- dealing with your enquiries and requests, including booking examinations;
- assessing and administering qualifications;
- assessing examinations and administering grades;
- personalising your interaction with us;
- enabling our consultants, suppliers and service providers to carry out certain functions on our behalf, including conducting examinations, verification, technical, logistical or other functions;
- ensuring the security of your account and our organisation, preventing or detecting fraud or abuses of our Website;
- resolving any disputes, if you lawfully exercise your rights or if you wish to dispute the outcome of an examination or other assessment, for example, or any other part of our offering;
- carrying out marketing campaigns and sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our offering, which we consider may be of interest to you;
- developing and improving our offering, for example, by reviewing visits to our Website and its various subpages; and
- to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
5.2 We will take reasonable steps to ensure the Personal Data that we store is accurate, complete and up-to-date.
6 Grounds for processing
6.1 To process your Personal Data lawfully we need to rely on one or more valid legal grounds. The grounds we may rely upon include:
6.1.1 your consent to particular processing activities. For example, where you have consented to us using your information for marketing purposes;
6.1.2 our legitimate interests as a charity (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your Personal Data to prevent or detect fraud or abuses of our Website;
6.1.3 our compliance with a legal obligation to which ISTD is subject. For example, we have a duty to investigate and respond to complaints made against us and may need to process your Personal Data as part of such investigation; or
6.1.4 if you are an exam candidate, because processing your Personal Data is necessary for the performance of a contract.
6.2 To process Special Category Data lawfully we need to rely on different grounds to those that are relevant for Personal Data. We will only process Special Category Data with your explicit consent to the processing. For example, where you have consented to us disclosing details about your health or genetics to the board of examiners.
7 Information for marketing purposes
7.1 Where you act on behalf of an organisation, or where you are an individual who has consented to us using your Personal Data for marketing purposes, we may use your information to conduct marketing and data analysis or to send you information about our Website, updates and news concerning ISTD and information about our offering or offerings jointly provided with or on behalf of other organisations. Alternatively, you may ask us to provide you with such information by contacting us at the details set out in Section 1.3.
7.2 If you stop using the Website or your permission to use the Website is terminated, we may continue to use and disclose your Personal Data in accordance with this Policy (as amended from time to time) and as permitted by law. However, if at any time after you have consented to us using your Personal Data for marketing purposes and you wish us to stop using your information for these purposes, please contact us in writing or via email at the relevant address in clause 7.1.
8 Information security
8.1 The Internet is not a secure medium. However, we have put in place various security procedures as set out in this Policy.
8.2 Please be aware that communications over the Internet, such as emails and online messages are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our control.
8.3 We believe that we have appropriate policies, rules and technical measures to protect the Personal Data that we have under our control (having regard to the type and amount of that Personal Data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
9 Disclosure of your personal information
9.1 There are circumstances where we may wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:
- to our employees and consultants;
- to our trustees;
- to our successors in title to our activities;
- to our auditors;
- to our outsourced service providers or suppliers who assist us in operating our Website and running the charity (including but not limited to IT support service providers), so long as those parties agree to keep the Personal Data confidential;
- subject to your consent, to our marketing partners, who may contact you by post, email, telephone, SMS or by other means;
- to third party service providers and consultants in order to protect the security or integrity of our organisation, including our databases and systems and for business continuity reasons;
- to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, merger, sale, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your Personal Data will be permanently transferred to a successor;
- to legal advisors who may need to advise us or manage or litigate a claim;
- to public authorities or other third parties where we are required by law to do so; and
- to any other third party where you have provided your consent.
10 Internationanl transfer of personal data
10.1 We may transfer your Personal Data to a third party in countries outside the EU for further processing in accordance with the purposes set out in this Policy. In particular, your Personal Data may be transferred to our outsourced service providers located abroad. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.
10.2 We may disclose your information to any person as required by law and specifically to any government agency if we believe in good faith that we must do so to comply with the law or that doing so is required to prevent, detect, investigate or remedy improper conduct potentially affecting ISTD.
11 Retention of personal data
Your Personal Data will be retained for as long as it is necessary to carry out the purposes set out in this Policy (unless longer retention is required by the applicable law). However, we will not retain any of your Personal Data beyond this period and the retention of your Personal Data will be subject to periodic review. We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
12 Your rights in relation to your information
12.1 Data protection law provides you with certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport, and object to the processing of, your Personal Data. You also have the right to lodge a complaint with the relevant data protection authority if you believe your Personal Data is not being processed in accordance with applicable data protection law. Further information about your rights is set out below:
- Right to make subject access request (SAR). You may, where permitted by applicable law, request copies of your Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by contacting us at the details set out in Section 1.3. The request should make clear that a SAR is being made. Please quote your name and address. We should be grateful if you would also provide brief details of the information of which you would like a copy or which you would like to be corrected (see clause 12.3 below) - this helps us to more readily locate your data. We will require proof of your identity before providing you with details of any Personal Data we may hold about you.
- Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data.
- Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.
- Right to object to processing. You may, as permitted by applicable law, request that we stop processing your Personal Data
- Right to erasure. You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so.
- Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website.
14 Linked websites
We are not responsible for the privacy policies and practices of other websites even if you accessed the third party website using links from our Website. We recommend that you check the policy of each website you visit before deciding whether to proceed and contact the owner or operator of such website if you have concerns or questions.
15 Third parties
Where you submit information on behalf of another person, you confirm that you have made that person aware of how we may collect, use and disclose their Personal Data, the reason you have provided it, how they can contact us, the terms of this Policy and that they have consented to such collection, use and disclosure.
16 Compliance with Privacy Laws
ISTD complies with the data protection and privacy laws to which it is subject. You should satisfy yourself that you are familiar with those laws, including any exceptions which may apply under them. You should also be aware that privacy laws in various jurisdictions may change from time to time.
17 Changes to this Policy
We reserve the right to amend or modify this Policy without notice to you and if we do so we will post the changes on this page. It is your responsibility to check our Policy each time before you access our Website for any changes.