Sound Pop Academy is strongly committed to preserving the privacy of our
members, parents, guardians, staff, volunteers and contractors data and information.
By providing yours and/or your child/guardians personal details set out in ‘how data may be collected’ you opt in to us holding your personal information and data for the purposes set out below.
Who We Are
We may collect information about you in several different ways including when you join as a member, sign up to our newsletter, purchase products or services from us, when you contact us, send us feedback, use our websites or social media channels, complete customer surveys or take part in promotions or competitions run by us. Please take care when submitting information to us, particularly when completing free text fields. Some of our services may be automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.
If you register to use the password protected parts of the Sound Pop Academy Ltd. website such as our members’ area, we will ask you to provide us with certain up to date personal data which we will handle in accordance with the United Kingdom’s data protection legislation. We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff.
We use leading technologies such as (but not limited to) data encryption and firewalls to protect the security of your data. We, all our staff and any third parties hired to provide support services, will be required to observe our privacy standards and to allow us to audit them for compliance.
Information that we gather about you may include your name, gender, contact details (including email address, telephone number and postal address), date of birth, parent and/or guardian information, payment details, social media profiles and sensitive information such as your special access requirements and health information.
This information may also be shared with and/or used by other parties such as our event partners however, we will always seek your approval before any information is passed to any third party outside of Sound Pop Academy Ltd.
Please note that we may ask you to prove your relationship to the young person(s) you sign up to an academy, class, workshop or event. A child is considered to be anyone under the age of 18. We hold all data to ensure Sound Pop Academy Ltd. is as a safe and as reliable as possible for our members.
What data we hold
- Personal, confidential and sensitive data of young people (all of whom would be under the age of 18) who have engaged with us through a workshop, class, event , enquiry or newsletter sign up.
- Personal, confidential and sensitive data of parents and/or guardians (all of whom will be over the age of 18) responsible for minors (under the age of 18) who have engaged with us through a workshop, class, event, enquiry or newsletter sign up.
- Personal, confidential and sensitive data of directors, leaders, staff and volunteers.
- Personal, confidential and sensitive data of our contractors and third party clients.
- Personal, confidential and sensitive data of those applying for Sound Pop Academy paid and
Why we hold data
- To contact parents, guardians and participants with updates, information, news and notices of and about Sound Pop Academy Ltd.
- To contact parents, guardians and participants with updates, information, news and notices of and about their Sound Pop Academy Ltd. membership.
- For the safety and wellbeing of our members, directors, leaders, staff and volunteers.
- To contact directors, leaders, staff and volunteers with updates, information, news and notices of
Sound Pop Academy Ltd.
- To process applications for DBS checks.
- To process applications to local councils and relevant authorities to submit application for licensed
- To be able to continually provide an excellent service to all.
How long we will hold the data for
- For the entirety of a membership.
- Once a membership has been terminated, we will hold the members details as well as their parent
or guardians data until it is deemed unnecessary to keep.
- We may keep some data for longer periods of time so we have contact information for any media
consent previously given.
- For all other data, we will hold this no longer than necessary for the purposes for which the personal
data is processed.
- You have the right to request information regarding your data at any time, please see the ‘Your legal
rights’ section below.
Where we hold data
- Electronically, through softwares and systems we use at Sound Pop Academy.
- Printed registers for sessions, workshops, trips, classes and events.
- Within our or our venues first aid book/report should there be a first aid incident. GDPR approved
first aid forms are used at all of our sessions.
- As contacts on our personal or work devices such as phones, laptops and softwares.
- Secure and reliable third party platforms and services in order for us to run a secure service.
How your data may be collected
- Upon sign up to Sound Pop Academy Ltd. (Academy, workshops, events, classes, enquiries)
- Upon request to join Sound Pop Academy Ltd.
- Through Sound Pop Academy’s mailing list.
- Through Sound Pop Academy Ltd.’s website.
- Upon a First Aid incident.
- Through emails, phone calls, business cards and in person.
- Through social media platforms and channels.
- Through competition entries.
- Through applications to paid and unpaid roles with Sound Pop Academy.
Who has access
- Sound Pop Academy Ltd. directors, leaders, staff and volunteers where and when appropriate
- Third party companies, but only if and when permission has been explicitly given by the parent or
guardian aged 18 and over.
- Parents and/or guardians will have access to theirs and their child’s data as and when requested as
part of the Freedom of Information Act.
How we keep data safe
- We use third party platforms with secure, encrypted systems.
- We will password protect all other internal documents, limiting access to those who solely require it.
- We will only use secure and/or trusted networks whilst online.
- We will ensure that our systems and work devices are secure, password protected and with up to
date security software.
- Only directors, staff or volunteers essential to a class, workshop or other activity will have access to
data, pertinent to the class, workshop or other activity.
- We will not pass details onto any third party, without prior permission and consent.
- All staff, leaders or volunteers who require access to personal data will receive training and/or a
briefing regarding our policies.
Using our website
- What information is being collected: IP address. Cookies if user permission is given.
- Legal Basis for Processing: Explicit consent.
- Who is collecting it: Sound Pop Academy Ltd.
- How is it collected: via (but not limited to) MemberMouse/Google/WordPress/Jot Forms
- Why is it being collected: To better understand the way our customers view and use our website,
to prepare generic statistics.
- How will it be used: To improve the functionality and customer experience when using our
website and to report generic statistics to internal department.
- Who will it be shared with: Generally this information is kept internal to us however, we may share
the statistics with other internal departments, our contractors and event partners if the statistics are
relevant to their products.
- How long we will keep it for: As long as reasonably required.
Important: None of the above collect personal information about you and you are not identifiable via this data.
Systems we use
As you’ll understand, to maintain efficient and professionalism at Sound Pop Academy we rely on certain industry tools to support us. In the interest of transparency, we have listed the systems we use that you may come across. Although we are listing the main systems below, this does not mean that they have access to the same level of data that we hold about you (if at all). If you require more information regarding an individual system/company, please get in touch with us.
- WordPress: This is a content management system that we use to update and manage our website. When you become a member, you will setup a WordPress login.
- MemberMouse: We use this system to manage the online Members’ Area. It ties in with the WordPress software and allows access/privileges to members in relation to their subscription/ payment status.
- Braintree: They provide Sound Pop Academy with a merchant account and a payment gateway. A division of PayPal, this company specialises in website payment systems.
- Google Drive (Docs, Sheets, Forms): This allows us to store day to day admin task results, attendance registers, Google Form results and other materials in a central location online.
- Jot Forms: JotForms allows us to build forms and send them out to our members or staff. We use Jot Forms to share information and collect responses from you that enable us to provide a safe and reliable service, such as contracts, availability and attendance information.
- Charlie HR: Charlie HR is the HR system we use to ensure that our directors, leaders, staff and volunteers details are kept secure and up to date.
We use mailing lists to contact our current members and subscribers who have signed up to receive news and updates. As part of the registration process for our communication mailing lists, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses.
We use a third party provider, MailChimp, to deliver our group email communications. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our emails. For more information, please see MailChimp’s privacy notice. You can unsubscribe from mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails.
When you visit our website a cookies ‘pop-up’ will appear which you will need to action for it to be removed. By continuing to use our website without disabling cookies or blocking Google Analytics you consent to this data being logged.
Our site may use “cookies” to enhance your user experience. This includes information about browsing and purchasing behaviour by people who access our websites.
This includes information about pages viewed, products purchased and the customer journey around our website.
Generally this information is kept internal to us however, we may share the statistics with other internal departments, our contractors and partners if the statistics are relevant to discussion.
The Information Commissioner’s Office website has more information about cookies. If you’d like to see
that, please click here.
Links to other web sites
Sharing your data
We’re serious when we say we’re committed to protecting your privacy – we want to earn and maintain your trust, so we do not sell any of your personal data to any third party. We will never share your data without your prior permission and consent*. We may, however, share your personal data with certain companies who play an essential part in enabling us to provide our products and services to you, such as membership platforms, payment providers, IT and system administration providers and others who help us run our business. You can rest assured that we require all third parties to respect the security of your personal data and to treat it in accordance with the law and we do not allow our third-party service providers to use your personal data for their own purposes. We may also share you details with relevant and local authorities if you submit an application to work or volunteer with us.
We will contact you should we ever believe that there has been a breach of your personal data.
* Should we suspect a young person be at risk or in a vulnerable position, we may share your information with relevant child protection authorities or the police without your consent but, in line with our child protection policy. We will also provide emergency services with data we hold about any young person who requires emergency treatment if in the event of sickness or illness.
Pandemics and Epidemics – eg. Coronavirus
Under the GDPR, information relating to an individual’s health or personal life is regarded as “special category data”. Such data requires careful handling, and often the individual’s explicit consent to processing. However, there are other lawful grounds for using such data, such as the protection of staff, visitors and the wider community.
Therefore, in the event of a global or more localised emergency, we may share your data with local or national government authorities. Data shared may range from names, ages, addresses, contact telephone numbers and email addresses.
An example of how your data may be shared in this way, is the Covid-19 pandemic, where we will fully comply with the government NHS Track and Trace scheme.
If we are contacted by local or national authorities and are requested to share your information, and so long as we deem it to be reasonable to provide this information, we will fully comply. By joining Sound Pop Academy, or by taking part in our classes, workshops and events, you agree to the sharing of your personal information in this way.
Your data is our priority. We do everything possible to minimise any data breach and/or any unlawful online activity through our site. However should our website or any third party platform that we use be subject to a data breach, we will follow the necessary steps to inform you of this.
- Inform relevant people of the data breach.
- Take steps to re-secure sites and/or third party platforms, such as seek advice from our website team
and IT specialists.
- Follow GDPR steps to ensure regulations are met and complied with in the unlikely event of a data breach.
Your Legal Rights – You have the right to:
The GDPR provides you with many rights. We’ve highlighted key sections below but if you require more
information please contact the Information Commissioner’s Office
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.