Privacy Notices

Data Protection

Northern School of Contemporary Dance is registered as a Data Controller with the Information Commissioners Office (‘ICO’). The School’s Registration Number is Z5154553

NSCD takes your privacy very seriously. We are committed to protecting your personal data and informing you of your data rights.

Our Data Manager provides advice and guidance to the School on data protection matters and reports directly to the Leadership team on compliance with our GDPR obligations.

The Data Manager is the first point of contact for all Freedom of Information and Data Subject Rights Requests.

The School’s Data Manager is: Glenn Glidden. Our Data Manager can be contacted at dataprotection@nscd.ac.uk

Information you need to know

NSCD takes your privacy very seriously. Our privacy notices explain how we use your personal information and your rights regarding that information. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations. We comply with all legislation regarding the protection of your personal data including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We have built-in security measures to reduce the risk of your personal data being misused, lost or stolen. Our secure network requires unique login details and passwords, and only allows access to personal data to those who need it.

Privacy notices

How to contact our data Manager

Our Data Manager advises the School on how to comply with the data protection legislation and manages and coordinates requests made under GDPR.

Email: Dataprotection@nscd.ac.uk

Data Manager
Northern School of Contemporary Dance
98 Chapeltown Road
Leeds
LS7 4BH

What information are we collecting?

NSCD comprises a number of key business areas (Higher Education, Learning and Participation, Riley Theatre, Commercial income generation, National Portfolio Organisation). Each of these has input from key departments (E.g. Marketing, Registry, Finance etc.) which serve these areas and collect a wide range of information for different purposes. For example: personal data will be collected by NSCD whenever you apply for a course or a job or when you request information from us. Personal data is any information that refers to a living and identifiable individual. This could be your name, your contact details, your academic records etc.

The type of personal data we collect will be appropriate to your interaction with us, whether you’re booking a weekly class or a theatre ticket, attending NSCD as a student or making a visit.

Why are we collecting your data and what is the legal basis for this?

NSCD collects personal data for many reasons and will at all times do so in compliance with the principles of GDPR.

As a public body, the most common reasons we process personal data are:

  • to carry out our official public functions of providing quality dance activities, education, conducting research and programming quality work
  • to comply with our legal and regulatory obligations

The legal basis for processing data is set out in each of the specific privacy notices above.

Who has access to this data?

Your personal data will only be used by relevant NSCD staff where the data is necessary for them to undertake their designated role. We may also lawfully share information with third parties such as:

  • The Student Loans Company
  • Arts Council England
  • University of Kent (our validating University)
  • Joint Information Systems Committee (JISC)
  • Media
  • Police
  • Providers of software we use or event organisers

Details of who we share data with are set out in each of the specific privacy notices above.

How does NSCD protect your data?

We take data protection very seriously. For services provided locally by Information Services, data is stored on servers located in a secure location on-site. This location is resilient and features security access controls, environmental monitoring, backup power supplies and redundant hardware. Information on these servers is backed up regularly and uses a wide array of technology to ensure data security is continually dealt with to high professional standards. NSCD staff who have access to your information have received data protection training. We only use third party systems to store and process your data and in each case we have completed a risk assessment exercise to ensure your data is secure.

How long does NSCD keep your data?

We will keep your information only for as long as we need it and in accordance with our Records Retention Schedule. When we no longer need the information, we will dispose of it securely.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request (this could be in a portable electronic format)
  • require NSCD to change incorrect or incomplete data if you think that it is inaccurate or out of date
  • require NSCD to delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing

If your personal data has been provided by consent you have a right to withdraw that consent at any time.

If you would like to exercise any of these rights, please contact the Data Protection Officer: Dataprotection@nscd.ac.uk

Transfers of data outside the UK

Generally, we do not send your personal data outside the UK. However, in some specific cases, we may transfer the personal data we collect to countries outside the UK in order to perform our contract with you or to perform a contract with another organisation that requires your personal data i.e. a collaboration agreement with a School based outside of the UK, through our study abroad programme. Where we do this, we will ensure that your personal information is protected by way of an ‘adequacy regulation’ with the UK or by putting alternative appropriate measures in place to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the UK laws on data protection. For example this could include model contractual clauses, data sharing/data processing agreements and binding corporate rules (where applicable).

Automated decision making

We will not make any decisions about you automatically using a computer, based on your personal data. All decisions affecting you will be taken by a human being.