Musical Giants Data Protection Policy

At Musical Giants, we respect the privacy of the children attending the Course and the privacy of their parents or carers. Our aim is to ensure that all those using Musical Giants can do so with confidence that their personal data is being kept secure.

Our lead person for data protection is Jenny Milway. The lead person ensures that the Club meets the requirements of the GDPR, liaises with statutory bodies when necessary, and responds to any subject access requests.

Confidentiality

Within Musical Giants, we respect confidentiality in the following ways:

  • We will only ever share information with a parent about their own child.
  • Information given by parents to Musical Giants staff about their child will not be passed on to third parties without permission unless there is a safeguarding issue (as covered in our Safeguarding Policy).
  • Concerns or evidence relating to a child’s safety, will be kept in a confidential file and will not be shared, except with the designated Child Protection Officer.
  • All personal data is stored securely on a password protected computer and/or passcode-locked phone

Information that we keep

Children and parents: We hold only the information necessary to provide a safe environment for children at Musical Giants. This includes child registration information, medical information, parent contact information, attendance records, incident and accident records and so forth. Our lawful basis for processing this data is fulfilment of our contract with the child’s parents. Our legal condition for processing any health-related information about a child, is so that we can provide appropriate care to the child. Once a child leaves our care we retain only the data required by statutory legislation, insurance requirements and industry best practice, and for the prescribed periods of time. Electronic data that is no longer required is deleted.

Sharing information with third parties

We will only share child information with outside agencies on a need-to-know basis and with consent from parents, except in cases relating to safeguarding children, criminal activity, or if required by legally authorised bodies (eg Police, HMRC, etc). If we decide to share information without parental consent, we will record this in the child’s file, clearly stating our reasons. 

We will only share relevant information that is accurate and up to date. Our primary commitment is to the safety and well-being of the children in our care.  

Where we share relevant information where there are safeguarding concerns, we will do so in line with Government guidance ‘Information Sharing Advice for Safeguarding Practitioners’ (www.gov.uk)

Some limited personal information is disclosed to authorised third parties we have engaged to process it, as part of the normal running of our business, for example in order to take online bookings (Bookwhen), and to manage our accounts (Stripe). Any such third parties comply with the strict data protection regulations of the GDPR.

Subject access requests

  • Parents/carers can ask to see the information and records relating to their child, and/or any information that we keep about themselves.  
  • We will make the requested information available as soon as practicable, and will respond to the request within one month at the latest.
  • If our information is found to be incorrect or out of date, we will update it promptly.
  • Parents /carers can ask us to delete data, but this may mean that we can no longer enrol their child on our course, as we have a legal obligation to keep certain data. In addition, even after a child has left our care we have to keep some data for specific periods so won’t be able to delete all data immediately.
  • If any individual about whom we hold data has a complaint about how we have kept their information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).

GDPR

We comply with the requirements of the General Data Protection Regulation (GDPR), regarding obtaining, storing and using personal data.

This policy was adopted by: Musical GiantsDate: 12/08/2021
To be reviewed: 12/08/2022
Signed:Jenny Milway

Written in accordance with the Statutory Framework for the Early Years Foundation Stage (2021): Safeguarding and Welfare Requirements: Information and records [3.67 -3.72].