Sarah Jillian Cox - Data Protection Policy 2018
This Data Protection policy details the procedures followed by Sarah Jillian Cox to ensure compliance with relevant data protection legislation. It has been written in accordance with the information provided by the Information Commissioner’s office prior to the release of the GDPR.
1. Establishing a lawful basis for handling data
Lawful basis is set out in Article 6 of GDPR. Where data is required to enable contractual obligations to be fulfilled, personal data will be requested in order to enter into an agreement for the purchase of music lessons and/or performance engagements, and other matters related to the professional agreement.
Where work is undertaken in conjunction with an outside institution, information will be collected to enable legal obligations to be fulfilled to that institution in terms of GDPR.
2. Data processing
Data processing will only be used where necessary to achieve a specific purpose, targeted and proportionate to the nature of the agreement.
3. Procedures for ensuring valid consent
Relevant contact data will be stored to enable mailing list and personal communication relating to lesson scheduling, invoicing and the organisation of examinations, concerts or other information which is of direct relevance to the client.
4. Gathering data for contractual purposes
Booking for singing lessons and/or performance engagements will require the collection of data to enable the mutual obligations to be fulfilled, and only minimal data will be collected to enable this to take place appropriately. Such data will include email addresses, home/business addresses and telephone numbers.
The specified information also enables appropriate invoicing to take place. Data will be stored for accountancy purposes. At no point will data be passed on to any other organisation.
5. Legal Obligations and the collection of data
Relevant data will be collected when acting in conjunction with outside institutions and organisations by agreement with the client. This involves adherence to relevant legislative codes of conduct. Any collection of special category data will be in accordance with the specific institution’s policy.
6. Safeguarding Privacy
Personal data required for the agreed obligations to be fulfilled will only be used for the purposes of communication with the client and for invoicing, and under no circumstances will data be used for any other purpose or passed on to any other organisation.
7. Ensuring right of access to personal data
Right of access to both personal data and supplementary information will be facilitated free of charge. Any requests for information will be provided within one month of receiving the request.
8. Ensuring right to rectification
An individual has the right to have inaccurate personal data rectified or completed if incomplete and requests for rectification can be made either verbally or in writing and rectification will occur within one month of the request being made.
9. Ensuring right to erasure
Individuals have the right to have their personal data erased. A request for erasure may be made either verbally or in writing and the holding and processing of the data will cease
10. Rights related to automated decision making including profiling
No automated decision or profiling is used.
All data, electronic or paper, will be processed and stored securely to meet with GDPR requirements
12. Personal data breaches
Any personal data breaches that risk rights and freedoms of a data subject to the relevant parties involved will be reported to the client and all breaches of data will be recorded.