Data Protection Policy
1. Introduction
Minims Music Education is committed to protecting the privacy and personal data of all individuals – including children, parents, staff, and volunteers – with whom we interact. This Data Protection Policy sets out how we collect, store, process, and share personal data, and explains the rights of data subjects in line with UK GDPR and the Data Protection Act 2018.
2. Scope and Purpose
This policy applies to:
Personal data of children participating in our sessions
Personal data of parents/guardians
Information about staff, volunteers, and suppliers
Purpose:
To ensure that personal data is handled securely and transparently.
To inform individuals of their rights regarding their personal data.
To ensure compliance with data protection legislation.
3. Lawful Basis for Processing
We process personal data only where we have a lawful basis. Our processing is generally based on:
Consent: Obtained from parents/guardians for the participation of their children.
Contractual Necessity: To administer our services and manage enrolments.
Legal Obligation: To comply with statutory requirements (e.g., safeguarding, HMRC reporting).
Legitimate Interests: To maintain and improve our service and communicate with clients, where this does not override the rights and freedoms of data subjects.
4. Data Collection and Use
Types of Data Collected:
Personal Identification Information: Names, addresses, dates of birth, contact details.
Sensitive Data: Medical conditions, allergies, or special educational needs (collected with explicit consent and used solely for the child's well-being).
Usage Data: Enrolment details, attendance records, and feedback.
Purposes of Processing:
To manage and administer enrolments and billing.
To communicate essential information about sessions.
To maintain safeguarding records.
To improve our programmes and services.
For marketing purposes, only with explicit consent.
5. Data Storage and Security
Security Measures:
We use secure servers, password-protected files, and encryption to protect personal data from unauthorised access, alteration, or disclosure.Access Control:
Only authorised personnel (e.g. the Designated Safeguarding Lead, administrative staff) have access to personal data.Physical Security:
Hard copies of personal data are stored in locked filing cabinets in secure areas.
6. Data Sharing
Internal Sharing:
Personal data is shared only within our organisation on a need-to-know basis.External Sharing:
We may share data with:Safeguarding authorities (if required by law or in safeguarding concerns).
HMRC or other regulatory bodies for statutory reporting.
Third-party service providers (e.g., IT services, payment processors) who are contractually obligated to maintain the confidentiality and security of the data.
Third-Party Disclosures:
No personal data is sold or distributed to third parties without explicit consent, unless required by law.
7. Data Retention
Personal data will be retained only as long as necessary for the purposes for which it was collected or as required by law.
Once data is no longer needed, it will be securely destroyed or anonymised.
8. Rights of Data Subjects
Under UK GDPR, individuals have the right to:
Access: Request access to their personal data.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of their personal data, subject to legal constraints.
Restriction: Request limitations on how their data is processed.
Objection: Object to the processing of their personal data.
Data Portability: Request the transfer of their data to another organisation.
Requests should be submitted in writing to the contact details provided below. We aim to respond within one month.
9. Cookies and Website Use
Our website may use cookies to improve user experience. Information collected via cookies is used in aggregate and does not identify individual users.
Details on our use of cookies can be found in our separate Cookie Policy.