Onyx School of Performing Arts Ltd Data Protection Policy

Onyx School of Performing Arts Ltd is committed to protecting your personal data and complying with GDPR requirements.

Savannah-Raé, Principal of Onyx School of Performing Arts, is the nominated Data Protection Officer (DPO)  responsible for ensuring this policy is followed.

1. Data We Collect

We collect the following personal information to support the safe and effective running of our school:

• Parent/Carer Names
• Child/Children’s Names
• Child’s Gender
• Child’s Date of Birth
• Emergency Contact Details (including relationship to the child)
• Relevant Medical Information we should be aware of
• Home Address (for invoicing purposes)

2. How We Store and Protect Your Data

• Access to this data is restricted to the school Principal, except for medical information and parental/emergency contacts, which are shared with appropriate staff to ensure child safety.
• All data is only retained for as long as necessary and is securely deleted or destroyed once no longer required.
• Onyx School of Performing Arts is registered with the ICO (Information Commissioner’s Office) for Data Protection.

3. How We Use Your Data

• Relevant medical information is shared with staff as necessary to safeguard children’s health and wellbeing.
• Parental and emergency contact details are shared with staff for use in case of an emergency.
• Emails are sent to the primary parent/carer contact for school updates.
• Parent/Carer names and addresses are used for invoicing purposes.

4. Sharing of Data

We will never share your personal information with third parties without your explicit consent, unless required by law.

5. Data Breach Procedure

In the unlikely event of a data breach, Onyx School of Performing Arts will:

• Notify the relevant authorities within 48 hours.
• Take immediate steps to minimise any potential risk to affected individuals.