Privacy Policy
Last Updated: 5th June, 2024
Ciné Schools is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. In order to do so we need to collect some personal data, store it and process it within our business activities. The policy is designed to comply with the terms off the GDPR, introduced in 2018.
Ciné Schools is both a data controller and a data processor. We mostly utilise the services of external processing agents, however due to the nature of the outcomes of our Clubs and Camps, producing video works, we do process and store video data and other digital media on a regular basis.
We hold and store some personal data to safely run our courses and clubs, as well as for company records and communications (such as names and addresses), other data (such as credit card details) are processed by secure external providers and we do not hold or store the details ourselves.
There are some key principles to which we commit:
-
We only collect and store data essential to running our business activities
-
We do not buy or resell your data from or to data merchants
-
We only use your data in the manners described within this policy and for the purpose of safely and effectively running Ciné Schools Film Academy and other camps and holiday clubs
-
We strive to keep all your data safe and secure, we don’t share it with anybody beyond the scope of this policy
-
Where we send marketing communications, these will be about our services, opportunities and partnerships you may be interested in as an existing or potential customer.
-
We will always respect your preferences and we will always give you the opportunity to opt out of any communications.
We routinely collect and store the following personal data, relating to Customers and Prospective Customers:
-
First Names and Surnames
-
Personal Addresses
-
Telephone Numbers
-
Email Addresses
-
Names of Customer’s Child/Children
-
Dates of Birth
-
Details of Medical, Access Support or Other Safeguarding Requirements of Customer’s Children*Δ
-
The Names of Schools Attended by Customer’s Children*
-
Customer Purchases and Purchase Histories*
-
Browsing Data and Website Interactions
-
Video/Photographic/Audio Recordings of Work Featuring Customers’ Children
* = Customers only
Δ = Sensitive Data
Sensitive Data
Under the GDPR, Sensitive Data is any data that reveals:
-
Racial or ethnic origin
-
Political opinions
-
Religious or philosophical beliefs
-
Trade union membership
-
Genetic data
-
Biometric data for the purpose of uniquely identifying a natural person
-
Data concerning health or a natural person’s sex life and/or sexual orientation
We frequently ask for and safely hold details of any medical/health conditions, as well as details of any access support needs, for the children taking part in our activities. This is so that we can meet the Safeguarding and Health and Safety standards expected of us as a provider of children’s activities and childcare. For instance, in the event of a participant requiring urgent medical attention, we can inform the relevant parties of any information that may prove vital to their care and treatment.
We do not collect any other Sensitive Data.
Credit Card Data
We process payments by credit and debit card, either through our secure online booking pages, or over the phone.
When provided over the phone, the data is entered into a Virtual Terminal and then processed by our credit card transaction suppliers, namely Worldpay and Stripe. This is undertaken by authorised personnel, each of whom have been trained specifically in this process.
Credit card data is stored by our external Processors, namely PayPal, Worldpay and Stripe. These providers are PCI SS compliant and treat your data as secure. We do not store any credit card data ourselves and all data provided to us is immediately destroyed, following PCI SS compliance standards.
Video Data & Digital Recordings
As part of our business activities, we also routinely capture, process, publish and store photographic material, audio and video recordings of our Customer’s children and their likenesses. This is in line with our core activities as a provider of children’s filmmaking activities and essential to our business purpose.
For further details refer to our Contributor Release Form, which can be found here: https://www.cineschools.com/releaseform.
Data Use
All the data we collect is essential for us to be able to effectively deliver our business activities and also to ensure we’re meeting the standards of our Safeguarding Policy and the best practice advice relating to Child Safeguarding more broadly.
We use the data to produce Academy and Studio registers, and to provide customers with information relating to these activities. We also use the data to deliver the outcomes of the productions, specifically video products and photographs for viewing afterwards.
We also retain and use this data for ongoing communications within our community of customers, schools, other partners and potential customers. These include newsletters, promotions and other information that may be of interest to our community, by email, and through social media. These communications will be limited to relevant courses, and will not be used to promote unrelated products or services. All recipients will have the chance to opt out at any time and we will respect their preferences.
We store data for seven years in order to comply with business and tax regulations. Customers are able to request a copy of any data at any point. After seven years customers have the right to request data is deleted. Any data relating to child safeguarding will not be erased in order to ensure compliance with child safeguarding regulations.
We regularly review our records and the way we collect and store data to ensure records are up to date and correct.
Data Acquisition
Data is collected directly from the Customer or Prospective Customer through our website, www.cineschools.com. It may be entered directly into our database via our website forms or where permission is given into our digital marketing tools used for ongoing communications with Customers (old and new) as well as partners and their members of staff. Otherwise, it may be provided to us over the phone and entered into the system by one of our team. It may also be provided directly to Ciné Schools staff at events face-to-face.
We do not acquire personal data from any data merchants or resellers and we do not typically share or sell any data with external agents. The only exception to this is data connected to the safeguarding and welfare of the children in our care. For instance, we may share the Names of Customers’ Children and details of their Medical, Access Support or Other Safeguarding Requirements with our operational venue partners, or in the event of any disclosures or cause for concern, we may share further details with the relevant authorities and school contacts. Please see the Sparks Safeguarding Children Policy for further information.
Data Storage
The data is stored in our secure CRM database system, where it is held for future reference and business record purposes.
In line with the GDPR, Ciné Schools will undertake checks and seek assurances that any external providers or processors are GDPR compliant and demonstrate a responsible attitude towards Data Protections and Privacy.
We may also keep additional records, such as paper consent forms. These are stored in locked filing cabinets, or they may be scanned and stored digitally on our secure business server.
Consent
We only collect and store your personal data with your consent, which is given at the time of supplying your data to us. Your consent is important to us and we will not use your data in any other way.
You can choose to remove your consent for us to use your personal data at any time and we will respect your preferences. You also have the ‘right to be forgotten’ and the right for the erasure of your personal data from our database.
In the case of potential customers, we will erase your data entirely. Where a customer has a booking record with us, we will only hold onto details of the booking (including a customer name) for our business records. This will apply for a period of up to seven years, in order to comply with other regulations, after which the data will be erased.
Where data is relevant to any Safeguarding or Child Protection issues, this will not be eligible for erasure and we may need to share this data with other appropriate agencies as required.
In cases where children under 18 provide consent that is not also granted by the parent, the parent’s consent will be treated as the primary consent.
Image/Voice/Likeness Data and Usage and consent
As part of our core business activities, we also record and store Images, Voice and Likeness data, mostly in the form of video recordings, but also digital photographs and audio recordings. This is in line with our core activities as a provider of children’s filmmaking activities and essential to our business purpose.
With image/voice/likeness data, which may refer to video footage, audio recordings or photographs, we process (“edit”) the data to form complete creative products (“works”). These works are then typically stored by us as their own entities, along with any composite parts, such as unedited video footage.
Processing
Data is captured onto storage drives (e.g. SD cards) using equipment such as camcorders and then transferred onto password protected computer hard drives. This process takes place offline and is only undertaken by authorised personnel, who receive training in managing these processes.
This work may be undertaken by Ciné Schools ‘Contractors’, using their own equipment. Each Contractor is approved by the Ciné Schools management, is required to be fully DBS (Disclosure and Barring Service) checked and receives specific training/briefings regarding confidentiality and appropriate use of material. Confidentiality and Privacy clauses are included as standard within their contracts.
We request that all video data is deleted by Contractors within three months, following its ‘sign off’ or approval. We also perform checks to ensure that this routinely takes place.
Storage
We store videos on a variety of external Processors (for instance Instagram and Vimeo), as well as offline on hard drives. These are all password protected and encrypted by default. We only use processors who are both reputable and assure of their compliance with the GDPR.
Publishing
We will publish the works, and share them with Customers online. Some videos will be published more widely as demonstrations of our activities and as a record of our creative work, for instance on our website, social media channels, our YouTube channel and submission into film festivals.
We also share photographs on our website, in our email newsletters and on our social media channels. These photos form a record of Film Club and Film Camp activities as well as from Ciné School events and demonstrate our activities and the results of the children’s hard work to our community.
Consent
We specifically seek out Contributor Release consent (extending to voice and likenesses) in perpetuity from the parents or guardians (typically the “Customers”) of the children taking part in our Film Clubs and Film Camps. From 25th May 2018, where children are aged 13 and over, we also seek their additional consent to Image, Voice and Likeness release.
This consent is imperative to our work and we cannot operate without it, therefore it is a key condition when booking to take part. All the details of the consent asked for are contained within the Ciné Schools Contributor Release Form, which can be found here: https://www.cineschools.com/releaseform
In the event of consent refusal, or withdrawal, we will always try to be ‘reasonable’. For instance, it may be possible for a child to take part solely behind the camera, so that their image does not appear in any video data. We will assume that we do not have consent to use an individuals image or voice until we receive a signed Consent Form.
In the event of consent withdrawal, we can only consider the removal of specific image data where there is a genuine case for the safeguarding and protection of a child’s wellbeing, i.e. if a vulnerable child is likely to be identified through the use of their image in a video work. This is due to the difficulty involved in extracting the individual from completed video and photographic content and the negative impact it would have on the quality of the works and the other individuals involved in the production. Where there is a concern connected to Safeguarding or Child Protection, we will explore the possibilities of removing images, however in these instances, it is more likely that the entire work will be withdrawn from publication. Outside of these grounds, we are unable to remove a participant’s Image/Voice/Likeness after their participation, where a Consent Form as previously been signed.
Limitations
We are unable to withdraw or remove Image/Voice/Likeness data where works have already been published and data is already in the public domain, e.g. DVD products featuring specific works, or photographic materials in books or magazines.
Amendments
Discussions regarding best practices regarding the GDPR are ongoing and Ciné Schools will continue to seek advice and update this policy accordingly to ensure GDPR compliance. We will update and make available to policy as updates become available.