We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to provide membership and the associated services that go with that.
The purpose of this policy is to give you a clear explanation about how we [DANCEHE] collect and use the information we collect from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
What information we may collect about you
How we may use that information
In what situations we may disclose your details to third parties
Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it
Who we are
DANCEHE is a not for profit organisation run on the basis of a club/society. The purpose of existence is to represent its membership. No members of the board are in paid roles and serve on the board under a voluntary basis.
In compliance with the GDPR, we are making it easier for you to understand how we use your data through greater transparency, particularly but not limited to:
How we collect your data
Personal data we hold about you may include your name, email address, postal address, telephone or mobile number and credit/debit card information. We may also hold information from when you have participated in membership subscription, attended one of our training events / conferences or symposiums, provided us with feedback on our services and events, subscribed to our newsletters, subscribed to on-line forums we administrate, and from when you have our website www.dancehe.org.uk.
When you do visit our website, the following information will automatically be collected:
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform;
Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Information we receive from other sources. This is information we receive about you. In this case we will have informed you when we collected that information if we intend to share that data internally. We will also have told you for what purpose we will share and combine your information. We work closely with third parties including, for example, sub-contractors in technical and payment services.
Lawful basis for DANCEHE to collect and process your personal data
There is one applicable available lawful bases for processing your personal data under Article 6 of the GDPR. In compliance with the overarching principles of the GDPR, particularly in terms of transparency, we have determined our bases for processing your personal data in-line with DANCEHE’s purpose and our relationship with you.
Your consent for us to collect and process your data must be unambiguous and involve a clear affirmation action (Positive Opt-in) and specifically bans pre-ticked opt-in boxes. All of our materials, such as XXXX you may sign up for via our website, comply with this and demonstrates how we wish to maintain your trust and your engagement with us through providing you with real choice and control as to what information you receive from us, how we contact you and subsequently process your data. Our online registration form(s) will document accordingly your consent that you have provided, how and when you provided it, and the information we have provided you with regard to your consent. This will include clear information as to how you may withdraw your consent at any time and make this a smooth and easy process for you to do so. We will also advise you as to how and when we may contact you, if applicable, to either reconfirm or update your consent. We will periodically review our Consent Forms to ensure they remain compliant in-line with any future amendments or requirements under the GDPR and advise you of any changes we may make.
How we use your data?
The information you provide will be used by DANCEHE in order to manage your membership as necessary.
The data may also be used by DANCEHE to update you with services that may be of benefit to your membership.
We are using information about you because you have registered to use membership services, if you choose to withdraw your membership, you should do so in writing toXXXXXXXXX, the same data regulations will apply.
We retain your data for 1 year after our last contact with you or your member institution.
All information you provide to us is stored securely and any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We use the data we have collected from and hold about you in the following ways:
to carry out our obligations arising from the membership agreement entered into between you and us and to provide you with the information and services that you request from us; in so doing, will give you the opportunity to positively opt-in;
to notify you about changes to our services or membership;
to ensure that content from our website is presented in the most effective manner for you and for your computer.
to allow you to participate in interactive features of our services, when you choose to do so;
as part of our efforts to keep our sites safe and secure;
to make suggestions and recommendations to you of our site about goods or services that may interest you;
to work on campaigning and influencing government policy;
to share the findings of our research;
to invite people to attend events about developments in the sector;
to distribute information about our membership.
How long we retain your personal data? (our retention policy)
We commit to retaining your personal data for no longer than is necessary this will usually be one year after the membership subscription expires. As feasible, we will erase your personal data as soon as possible; for example, if you have signed up to attend one of our events we shall delete most of the personal information you have shared with us once that event has taken place.
Where it is appropriate for us to retain information such as feedback from one of our events, surveys and research purposes the data we collect will be anonymised. As such, we shall only retain the details and statistics needed to support us in our organisational purpose to continue making improvements for membership.
As with all our processes and practices, we will ensure all our staff have a comprehensive understanding of our Retention Policy and to ensure any changes to it are communicated efficiently. Similarly, we will have mechanisms in place so all of our delivery partners and other third party processors understand our Retention Policy and commit to our expectations of their treatment of your personal data.
How we share your data with other relevant professional bodies/other third parties
We are committed to only sharing the data we have collected from you with third parties as and when required in-line with our organisational purpose and in delivery of our service provision (i.e. membership & events). We will ensure our delivery partners and third-party processors fully understand and commit to complying with the agreements they enter into with us as to how they treat your personal data, including how it is stored and for how long it is retained.
Your right to be Informed
Your right to be informed about the collection and use of your personal data is a key transparency requirement under the GDPR. DANCEHE commits to this by providing information regarding the purpose we process your personal data, our retention periods for that data and who it may be shared with. We will be reviewing all this information to ensure that it is concise, transparent, intelligible, and easily accessible. To maintain your trust in us, we will periodically review our privacy information and provide notification of any substantive amendments.
Your right to be forgotten (also referred to as right to erasure)
Under Article 17 of the GDPR, you have the right to be forgotten (to have your personal data erased or to stop the processing of your data) though this is not absolute, it relates particularly, but is not limited, to when:
Your personal data is no longer necessary for the purpose we originally collected it for (i.e. Membership)
Our lawful basis for holding your data was through Consent and you wish to withdraw consent;
We have to anonymise or erase your personal data (from feedback forums and surveys) in-line with our Data Retention Policy.
We will respond to you without undue delay and within one month calculated from the day following receipt or your request (consideration applied to bank holidays). Requests are to be made in writing and satisfactory identification will need to be provided. There is generally no fee for you to exercise your Right to be Forgotten unless, we consider it manifestly unfounded or excessive.
Your right to rectification
Under Article 16 of the GDPR you have the Right to Rectification should you consider we have collected inaccurate or incomplete personal data on you. The latter may involve a supplementary statement to the incomplete data. You may make a request for rectification verbally or in writing and we will respond to you without undue delay.
Your right to data subject access
You have the right to data subject access to your personal data and any supplementary information we may have collected. This allows you to be aware of and verify the lawfulness of our collection, retention and processing of your information. You have the right to obtain from us:
confirmation that your data is being processed;
access to your personal data;
other supplementary information
Data subject access requests are to be made in writing and appropriate identification will be required. We will generally provide you with your information in a commonly used, secure, electronic format, but we will endeavour to meet any other format you may require.
Under GDPR we can refuse to comply with a Subject Data Access request, should it be manifestly unfounded or excessive including if the request is repetitive in nature. Under such circumstances, we will provide you with sound justification of our decision with undue delay. While it is unlikely that we would refuse such a request, should this situation arise we will remain committed to providing you with further support and inform you as to your right to make a complaint to the ICO (or other relevant supervisory authority). We will provide you with a copy of the information you request free of charge. However, under GDPR, we may charge a reasonable fee if the request is manifestly unfounded, excessive, repetitive or for requests for further copies of the same information.
Your right to object
You have the right to object, on grounds relating to your particular situation, to us collecting and processing your personal data if:
our processing is based on legitimate interests of the performance of a task in the public interest/exercise of official authority (including profiling);
we use your data for direct marketing (including profiling);
our processing is for purposes of scientific/historical research and statistics.
Should you exercise your right to object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds that override the interests, rights and freedoms of an individual or if the processing is for the exercise of defence of any legal claims.
This does not apply to your Right to Object to us processing your personal information for direct marketing where there are no exemptions or grounds for us to refuse your request. If we receive such a request from you, we will deal with your objection without undue delay and free of charge.
If, however, we are conducting research where the processing of your personal data is necessary for the performance of a public interest task, we are not required to comply with an objection to the processing.
Your right to positively opt-In or unsubscribe
We will always meet your right to positively opt-In through appropriate means, such as preferences that require your affirmation. You can unsubscribe from any of our newsletters, bulletins or other mailing lists at any time and we shall continue to make this obvious and easy for you to do.