Northern School of Contemporary Dance (NSCD) deals with all personal information in a responsible manner that respects personal privacy. As the Data Controller, The School follows guidelines published by the Information Commissioner’s Office (ICO) and is responsible under the principles of the General Data Protection Regulations (GDPR) for the use of personal data you submit to us.
How to contact our Privacy Officer
Our Privacy Officer advises the School on how to comply with the data protection legislation and manages and coordinates requests made under GDPR.
Email: Dataprotection@nscd.ac.uk
Privacy Officer
Northern School of Contemporary Dance
98 Chapeltown Road
Leeds
LS7 4BH
NSCD takes your privacy very seriously. This privacy notice explains how we use your personal information and your rights regarding that information. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations.
If you believe we are not applying the law appropriately, you can complain to the Information Commissioners Office at https://ico.org.uk/make-a-complaint/
This notice was last updated 30 October 2024.
As your employer, Northern School of Contemporary Dance (NSCD) needs to hold and process information about you for normal employment purposes. The information we hold and process will be used for management and administrative purposes only, to enable us to run the School and manage our employment relationship with you effectively and lawfully. This Privacy Notice applies when you are employed by us, are working for us, if you undertake a secondment hosted elsewhere, undertake a sabbatical and after you leave.
The types of information we will collect, store and use about you include:
Most of the information we hold about you will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees.
Data will be stored in a range of different places, including your personal file, the School HR information system and in other IT systems, such as the School’s email system.
The GDPR requires that we only use or process your personal data with specific legal basis, as set out in Article 6.
The School needs to process data to enter into an employment contract with you and to comply with our contractual obligations, (GDPR Article 6 (b)) for example, processing your salary payments. NSCD also need to process your data in order to comply with legal obligations (GDPR Article 6 (c)), for example, reporting salary and tax data to HMRC or payment of maternity pay.
The School needs to process employee’s personal data to pursue its legitimate business interests (GDPR Article 6(f)) in addition to ensuring the performance of your employment contract. Processing personal data allows the School to:
If we process special categories of personal data, such as those relating to your ethnicity, religious beliefs, trade union membership, sexual orientation, or gender identity, we will obtain your explicit consent unless this is not required by law or the information is required to protect your health in an emergency (GDPR Article 6 (d)). Article 9 of the GDPR sets out some of the other reasons we are able to use your special category personal data. If we asked for your consent to process a special category of personal data, then we would explain the reasons for the request. You do not have to consent to such use, and you have the right to withdraw your consent at any time, by contacting NSCD’s HR Manager.
The School processes emergency contact details under the basis of legitimate interest to ensure that we can protect and support staff members in an emergency situation. However, as you are providing the name and contact details of your emergency contact to us you should inform them that you have passed on their information to us. Emergency contact details are held securely and will not be used for any other purpose than that stated above.
Your photograph will be used on your staff ID card to ensure secure access to our buildings. In the future, It will also be used as your profile picture associated with our website and your MS 365 account to help staff and students to be able to easily identify you. The School will publish your uploaded profile picture as the default image within your NSCD supported network accounts. You have the right to subsequently edit or remove this image from your MS 365 account if you wish.
Your information may be shared internally, including with members of HR, Payroll, IT, Finance, Leadership team, your line manager and senior managers when the data is necessary for performing their roles or for School business, one example of this may in the production of grant and project proposals that may include financial information.
In some cases it may be necessary to share your personal data, or information that you have told us in confidence, with support staff or third parties for the purposes of safeguarding you, or young people and adults who we consider to be vulnerable. Where this is required, we would always discuss this with you where possible. Further details can be found our policies including the safeguarding policy.
Where the School contracts with external companies to ensure the effective maintenance of information systems, the external companies do so on the basis of written instructions, are under a duty of confidentiality and must ensure that they have appropriate technical and organisational measures in place to keep the data secure
Depending on your role, you may be referred to on the School VLE, website or other School documents produced by you and your colleagues in the course of carrying out your duties, for example, programme/module handbooks, departmental webpages and staff profiles. Please contact the Marketing team if you have any concerns about content on the School websites which constitutes your personal data. You should discuss any staff profiles and pictures with management and marketing teams..
We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual obligations, for instance, we may need to pass on certain information about you to the relevant pension scheme. The School also shares data with third parties that process data on its behalf, for example, the provision of occupational health services. The School shares personal data with HESA to comply with its reporting obligations and to provide statistical returns to HESA as part of benchmarking exercises. Details on how HESA processes your personal data are set out in the HESA Staff Data Collection Notice.
Where an NSCD employee is undertaking a secondment hosted by another organisation, we will retain all of your employee records, however, we will need to share some of your data with the host organisation. This may include your identity and contact details, your right to work in the UK, your emergency contacts, details of health issues requiring adjustments to your work place and equality and diversity information.
The School takes the security of your data very seriously, and has internal policies and controls in place to try and ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessible except by its employees in the performance of their duties.
Where the School asks third parties to process data on its behalf, for example, Occupational Health or pension providers, they do so based on written instructions, are under a duty of confidentiality and must ensure that they have appropriate technical and organisational measures in place to keep the data secure.
Your personal data will be stored throughout your employment at the School, and for a period of six years after you have left the School’s employment. Some types of data, such as pension records, will need to be retained for up to 75 years after you have left. Further information on the School’s approach to record retention can be found in the School’s Records Retention Schedule.
As a data subject, under the GDPR and DPA, you have various rights in relation to your personal data. You have the:
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data.
Right of access
Individuals have the right to access and receive a copy of their personal data, and other supplementary information.
Right to rectification
The UK GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
Right to erasure
The UK GDPR introduces a right for individuals to have personal data erased.
Right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data.
Right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
Right to object
The UK GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.
Rights related to automated decision making including profiling
The UK GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement); and
profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
In most situations, we will not rely on your consent as a lawful basis for processing your data. If we do request your consent to process your data for a specific purpose, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before your consent was withdrawn.
If you wish to make a subject access request or assert any of the rights detailed above, please contact the School’s Privacy Officer.
Certain information, such as contact details, your eligibility to work in the UK and bank details are required to allow the School to enter into an employment relationship with you.
You have certain obligations under your employment contract to provide the School with data. For example, you must report absences from work and you may also have to provide the School with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide that data may mean that you are unable to exercise your statutory rights.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit) or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our staff).
Generally, we do not send your personal data outside the UK. However, in some specific cases, we may transfer the personal data we collect to countries outside the UK in order to perform our contract with you/or a contract with another organisation that requires your personal data i.e. a collaboration agreement with a university based outside of the UK. Where we do this, we will ensure that your personal information is protected by way of an ‘adequacy regulation’ with the UK or by putting alternative appropriate measures in place to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the UK laws on data protection. For example model contractual clauses, data sharing/data processing agreement and binding corporate rules (where applicable).
We will not make any decisions about you automatically using a computer, based on your personal data. All decisions affecting you will be taken by a human being.
