Last Revised October 2018
1. DATA CONTROLLER
1.1 For the purpose of the DPA and GDPR the Data Controller is Trinity Laban Conservatoire of Music and Dance (Trinity Laban or the Conservatoire). Our Registration Number in the Data Protection Public Register is Z6341141.
1.2 Trinity Laban is committed to protecting your personal information and being transparent about what information we hold in accordance with the Data Protection Act and the General Data Protection Regulations.
Our Data Protection Officer is the Director of Operations and Business Enterprise, who can be contacted on 020 8305 4372 or at Trinity Laban Conservatoire of Music and Dance, King Charles Court, Old Royal Naval College, Greenwich, London SE10 9JF or DataProtection@trinitylaban.ac.uk.
2. OVERVIEW
This Policy is in addition to the Conservatoire’s Privacy Policy and applies specifically to information held about clients of Trinity Laban Health. This privacy policy applies to the Trinity Laban Health Clinic’s website at www.trinitylaban.ac.uk/health (the “Website”). We at Trinity Laban Health take your privacy seriously. This policy covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”), that comes into force on 25th May 2018.
3. PRIVACY STATEMENT
3.1 Your privacy is important to Trinity Laban Health. We developed this privacy statement to inform you how we use the personal data we collect from you via paper records and our MindBody Online page. This is the only part of our website that collects any data on you and the only data collected is that which is provided by you.
3.2 “Personal data” is information relating to an identified or identifiable natural person.
3.3 By using the Website you consent to this policy.
4.INFORMATION WE COLLECT
4.1 We will collect personal data on this Website only if it is directly provided to us by you the user via the registration form, for example your name, e-mail address, telephone number and gender, and any other personal information you freely give in both the appointment option message and registration information, and therefore has been provided by you with your consent. 4.2 We will collect sensitive personal data on your medical history, and record information after your treatment on what has been medically diagnosed and what treatment has taken place during your session. Anything you disclose during a treatment may be recorded in your notes if deemed appropriate. The clinic uses both electronic and paper records where your data may be stored. Page 2 4.3 We also use analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).
5. LAWFUL BASIS AND HOW WE USE YOUR INFORMATION
5.1 We may hold and process personal sensitive data that you provide to us in accordance with the DPA and GDPR.
5.2 We will use staff data for all purposes associated with the administration of the service provider /customer contract and relationships. The purposes for which we may use your data (including sensitive personal information) we collect during a customer’s association with us include:
- maintaining customer records
- administering finance (e.g. customer sales)
- providing health treatments and services
- complying with statutory requirements (e.g. monitoring equal opportunities and processing and responding to subject access requests and information requests and complying with our obligations under our publication scheme)
- carrying out research, surveys and statistical analysis (including using third party data processors to carry out benchmarking and surveys for us)
- providing operational information
- promoting our services and other operational reasons on our website where appropriate, handling external business calls via our reception team and any enquiry service we may use and taking or commissioning photographs or films on campus or at TL events for promotional purposes)
- safeguarding and promoting the welfare of customers
- ensuring the safety and security of our customers
- preventing and detecting crime
- dealing with complaints
- carrying out audits.
5.3 The information that we collect and store relating to you is primarily used to enable us to provide our services to you, and to meet our contractual commitments to you. 5.4 If you have consented, we may use the information you have given to contact you with services and products that we can provide.
6. DISCLOSURE OF YOUR INFORMATION
We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.
7. WHERE WE STORE AND TRANSFER YOUR DATA
7.1 As we use remote servers, which may be based outside of the EEA, for our Website and Email system, the information you provide to us via the registration form may be transferred to and stored in countries outside of the European Economic Area (EEA) – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
7.2 A transfer of your personal data may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the DPA and GDPR. If you use our service while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services.
7.3 We do not use or disclose sensitive personal data, such as race, religion, medical history or political affiliations, without your explicit consent. 7.4 We will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website. 7.5 You have the right to opt out of our processing your personal data for marketing purposes by contacting us at a.williams@trinitylaban.ac.uk
8. SECURITY
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
9. THIRD PARTY LINKS
You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
10. USE OF COOKIES
10.1 Our Website uses cookies. We use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our Website. Such information will not identify you personally – it is statistical data about our visitors and their use of our Website. This statistical data does not identify any personal details whatsoever. 10.2 We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the service that we provide to you. All computers have the ability to decline Page 4 cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. 10.3 Please note that should you choose to decline cookies, you may be unable to access particular parts of our Website. Where we work with advertisers on our Website, our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website.
11. YOUR RIGHTS
11.1 The DPA and GDPR give you the right to access information held about you by us. Please write to us or contact us by email if you wish to request confirmation of what personal information we hold relating to you. You can write to us at the address detailed in clause 2, above, or by email to a.williams@trinitylaban.ac.uk. There is no charge for requesting that we provide you with details of the personal data that we hold. We will provide this information within one month of your requesting the data.
11.2 If you have not entered into a contract with us to provide you with health services, you have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to us at the address detailed in clause 2, above, or by email to a.williams@trinitylaban.ac.uk
12. CHANGES TO THIS POLICY
We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data. 13.
CONTACT
We welcome any queries, comments or requests you may have regarding this Privacy Policy.
Please do not hesitate to contact us at Trinity Laban Conservatoire of Music and Dance, King Charles Court, Old Royal Naval College, Greenwich, London SE10 9JF.
Email a.williams@trinitylaban.ac.uk