Northern School of Contemporary Dance is registered as a Data Controller with the Information Commissioners Office (‘ICO’). The School’s Registration Number is Z5154553
NSCD takes your privacy very seriously. We are committed to protecting your personal data and informing you of your data rights.
Our Data Manager provides advice and guidance to the School on data protection matters and reports directly to the Leadership team on compliance with our GDPR obligations.
The Privacy Office is the first point of contact for all Freedom of Information and Data Subject Rights Requests. The School’s Privacy Officer is: Glenn Glidden.
Email: Dataprotection@nscd.ac.uk
Privacy Officer
Northern School of Contemporary Dance
98 Chapeltown Road
Leeds
LS7 4BH
If you believe we are not applying the law appropriately, you can complain to the Information Commissioners Office at https://ico.org.uk/make-a-complaint/
The page was last updated on 30 October 2024.
NSCD takes your privacy very seriously. Our privacy notices explain how we use your personal information and your rights regarding that information. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations. We comply with all legislation regarding the protection of your personal data including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We have built-in security measures to reduce the risk of your personal data being misused, lost or stolen. Our secure network requires unique login details and passwords, and only allows access to personal data to those who need it.
NSCD comprises a number of key business areas (Higher Education, Learning and Participation, Riley Theatre, Commercial income generation, National Portfolio Organisation). Each of these has input from key departments (E.g. Marketing, Registry, Finance etc.) which serve these areas and collect a wide range of information for different purposes. For example: personal data will be collected by NSCD whenever you apply for a course or a job or when you request information from us. Personal data is any information that refers to a living and identifiable individual. This could be your name, your contact details, your academic records etc.
The type of personal data we collect will be appropriate to your interaction with us, whether you’re booking a weekly class or a theatre ticket, attending NSCD as a student or making a visit.
NSCD collects personal data for many reasons and will at all times do so in compliance with the principles of GDPR.
As a public body, the most common reasons we process personal data are:
The legal basis for processing data is set out in each of the specific privacy notices above.
Your personal data will only be used by relevant NSCD staff where the data is necessary for them to undertake their designated role. We may also lawfully share information with third parties such as:
Details of who we share data with are set out in each of the specific privacy notices above.
We take data protection very seriously. For services provided locally by Information Services, data is stored on servers located in a secure location on-site. This location is resilient and features security access controls, environmental monitoring, backup power supplies and redundant hardware. Information on these servers is backed up regularly and uses a wide array of technology to ensure data security is continually dealt with to high professional standards. NSCD staff who have access to your information have received data protection training. We only use third party systems to store and process your data and in each case we have completed a risk assessment exercise to ensure your data is secure.
We will keep your information only for as long as we need it and in accordance with our Records Retention Schedule. When we no longer need the information, we will dispose of it securely.
As a data subject, you have a number of rights. You have the:
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data.
Right of access
Individuals have the right to access and receive a copy of their personal data, and other supplementary information.
Right to rectification
The UK GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
Right to erasure
The UK GDPR introduces a right for individuals to have personal data erased.
Right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data.
Right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
Right to object
The UK GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.
Rights related to automated decision making including profiling
The UK GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement); and
profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
If your personal data has been provided by consent you have a right to withdraw that consent at any time.
If you would like to exercise any of these rights, please contact the Privacy Officer.
Generally, we do not send your personal data outside the UK. However, in some specific cases, we may transfer the personal data we collect to countries outside the UK in order to perform our contract with you or to perform a contract with another organisation that requires your personal data i.e. a collaboration agreement with a School based outside of the UK, through our study abroad programme. Where we do this, we will ensure that your personal information is protected by way of an ‘adequacy regulation’ with the UK or by putting alternative appropriate measures in place to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the UK laws on data protection. For example this could include model contractual clauses, data sharing/data processing agreements and binding corporate rules (where applicable).
We will not make any decisions about you automatically using a computer, based on your personal data. All decisions affecting you will be taken by a human being.
