Instagram

Privacy & GDPR Policy

Privacy & GDPR Policy

  1. Introduction

Trio Arts Academy (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. This GDPR Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. 

  1. Data Controller

Trio Arts Academy is the data controller responsible for your personal data.

  1. Personal Data We Collect

We may collect the following types of personal data:

  • Student Information: Name, date of birth, gender, address, contact details (phone number, email address), emergency contact information.
  • Guardian/Parent Information: Name, contact details, relationship to student.
  • Medical Information: Relevant medical conditions, allergies, or disabilities that may affect participation in classes (with explicit consent).
  • Payment Information: Payment details, transaction history.
  • Attendance Records: Class attendance, participation in events.
  • Photographs and Videos: Images and videos taken during classes, performances, and events (with explicit consent).
  • Correspondence: Records of communication with us.
  1. Legal Basis for Processing Personal Data

We process your personal data based on the following legal bases:

  • Contractual Necessity: To fulfill our contractual obligations to provide classes and related services.
  • Consent: When you provide explicit consent for specific processing activities, such as using photographs or videos for promotional purposes or processing medical information.
  • Legal Obligation: To comply with legal obligations, such as record-keeping requirements.
  • Legitimate Interests: When processing is necessary for our legitimate interests, such as managing our business operations, provided that your rights and interests do not override those interests.
  1. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To manage student enrollment and attendance.
  • To communicate with students and parents/guardians.
  • To process payments and maintain financial records.
  • To provide classes and related services.
  • To manage emergency situations and provide appropriate care.
  • To promote the Academy through photographs and videos (with consent).
  • To comply with legal obligations.
  • To improve our services and operations.
  1. Data Sharing

We may share your personal data with:

  • Instructors and staff members who need access to the data to provide services.
  • Payment processors to facilitate transactions.
  • Emergency services in case of medical emergencies.
  • Professional advisors, such as accountants and lawyers.
  • Third-party service providers who assist us with our operations (e.g., website hosting, email services), ensuring their compliance with GDPR.
  • With explicit consent, we may share images and videos for promotional purposes.
  • We will not sell your data to any third party.
  1. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include: 

  • Secure storage of data.
  • Restricted access to personal data.
  • Regular security assessments and updates.
  • Staff training on data protection.
  1. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. We have a data retention policy that dictates the length of time different types of data are held. 

  • Student records will be kept while the student is enrolled and for a set amount of time after they leave the academy in accordance with regulations regarding financial records and potential legal claims.
  • Medical data will be deleted when it is no longer needed.
  • Photographs and videos will be retained according to the consent given.
  1. Your Rights

Under the GDPR, you have the following rights:

  • Right to Access: You have the right to request access to your personal data.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal data in certain circumstances.
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances.
  • Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we are not complying with data protection laws.
  1. Contact Us

If you have any questions or concerns about this GDPR Policy or our data processing practices, please contact us at: 

Trio Arts Academy

info@trioartsacademy.com

07747898424

  1. Changes to this Policy

We may update this GDPR Policy from time to time. We will notify you of any significant changes.

By enrolling in our Academy, you acknowledge that you have read and understood this GDPR Policy.

© Trio Arts Academy 2025. All Rights Reserved.

Scroll to Top