01740 655437 exams@entercic.org

Privacy

Enter CIC is a data controller and a data processor. Registration Number: Z2486288. We process personal information under a lawful basis of: Legitimate interests.

If you wish to contact us regarding your personal information, you can do so via the contact page.

Information we collect
  • Enter CIC collects basic personal data about our students and exam candidates, as well as their parents/carers.
  • We collect minimal personal information about our visitors to our buildings (see CCTV below) and website.
  • We collect basic contact details from those who buy tickets to our performances.
  • We collect personal information about our staff and volunteers.
  • We collect personal data of exam candidates and some of this information may be shared with exam boards and other agents to process examinations and subsequent reporting and certification. We may have information shared with
    us by candidates’ learning provider (such as name, exam taking, grades and other information to facilitate our candidate’s exam submission.
  • We collect personal information of people who engage with our projects, competitions, social media campaigns and seasonal events.
  • We process personal information relating to schools and other organisations with which we work alongside, in partnership or as a service or product provider.
  • All personal data we collect is volunteered by the owner of the information or their authorised representative (parent). Usually, this will be on our enrolment form, Image Processing Consent Form, web forms and any other permission forms we use for bespoke trips and visits and performances. It may also include forms determined for our use under a contractual arrangement with a local authority.
  • Typically, we collect name, address, date of birth, some contact details, as appropriate, and other information that allows us to provide the best service.
  • We will process sensitive information (known as Special Category information) when we arrange Access Arrangements with candidates, or when processing is required to safeguard our staff, volunteers, students, parents, participants and visitors (such as medical information).
Why we need personal information

We do not collect any personal data that we do not need.

Students and candidates

We need to know students’ personal information to provide learning programmes and cultural, creative and examination opportunities for our students and other persons who engage with our services.

Parents and carers

We need to collect the personal information of parents and carers (especially of students or candidates under 18) to contact them in certain situations (administrative, safeguarding and updates).

Project Participants and Funders

We need to process personal information relating to project participants to ensure that we are meeting the requirements of public or private funding.

Staff and volunteers

We need to process personal information about our staff and volunteers for general administrative and safeguarding purposes. This may include financial information,  information related to the Disclosure and Barring Service (DBS), or related to the right to work in the UK, etc.

Privacy information we give to you

We give you privacy information in a number of ways; in writing, orally, in signage and electronically.

This can be at the time we collect personal information, before you give personal information, enter an area, in signs or symbols and on our website.

We hope our signage is clear, well-positioned and gives you the information you need in an accessible format you can understand.

Please let us know if this is not the case.

Is personal information safely handled?

All the personal data we process is processed securely by our GDPR-trained staff in the UK.

Our website’s IT servers are also in UK data centres, so personal data is not shared internationally (see ‘Marketing information’ below).

No third parties or unauthorised personnel have access to personal data at Enter, unless the law allows them to access it, or we must share it to safeguard staff, volunteers, students, parents and visitors, or in line with our legal duty to share information.

Where we do share personal information, this is done using the most secure technological and organisational methods available to us.

Sharing personal information
Obligations

Sometimes we need to share personal information with other organisations to carry out a legal obligation, such as make sure candidates are registered with exam / awarding bodies and ensuring volunteers, tutors and chaperones are suitably qualified and DBS-checked, as applicable. We are also obliged to share information that may be relevant to formal investigations carried out by ‘competent authorities’.

Funders

We may also share personal information with local authorities or other parties such as funders who may have supported a project. There may be occasions when a contractual obligation requires us to share personal information.

Sometimes a condition of funding is that we share photographs with funders to prove the project took place. Our funders may display images we have taken on their website or social platforms to show the good projects to which they have provided financial and other support.

Protection

We may also share personal information with agencies to protect the interests of our business, our customers, students, candidates and related parties.

Agreements

Where the sharing of information may be extensive or highly sensitive, when sharing personal information with others as a data controller or data processor, we have a GDPR-compliant Data Sharing Agreements in place to protect personal information.

Examinations

We may share your results information with you and other third parties. These may include:

  • A parent or person with power of attorney to manage your affairs.
  • An awarding body or regulator for appeals, quality control, etc.
  • A learning provider or other party who is administering your studies / learning journey.
  • A third party who is contributing information to an EHCP in your interests.
  • A funder of your course(s).
  • Other third partes if legislation compels us to do so.
  • Other third parties with whom you’d generally expect us to share information in your interests.
  • A third party when required by a court of law.
How long we keep personal data

We keep ersonal information for no longer than we need it. We may be required to retain personal information for longer due to investigations and legal proceedings. under certain laws, but, we will not keep personal data for longer than we need it. Our CCTV system holds personal data (video images) of tose who visit our site for 30 days.

Disposing of personal information

When it comes time to delete personal information (if we’re asked to delete it, or if we no longer need to keep it), we always delete it securely, in line with the UK GDPR.

We also use certified third-party confidential disposal services where appropriate.

There may be some exemptions that require us to keep your personal information for specific periods of time, even if we receive a request from you to erase it.

Marketing information

Personal information that is used for marketing purposes will be kept with us until we no longer need it, or you notify us that you no longer wish to receive this information.

Sometimes, with permission, we take pictures of our staff, volunteers, students, parents/carers, patrons, project participants and business partners and post them to social media.

The online servers of Facebook, Twitter and Instagram (on which these images are held) may be outside the UK, but within the European Economic Area (Ireland).

We may use your name and email address to inform you of our future projects, offers or opportunities. As permitted by the PECR legislation, this will be related to your previous contact with us.

We may use a third-party service such as MailChimp, which is a GDPR-compliant service.

This information is not shared with other third parties and, after subscribing, you can unsubscribe at any time by contacting us, or using the links in the electronic communication we send.

We work hard to ensure our practices fall within the legal scope of the Privacy and Electronic Communications Regulation (PECR). If you feel we have fallen short of our usual high standards in terms of electronic marketing communications, please get in touch.

What we will never do

We will never sell your personal information and we will never give unauthorised access to your personal information.

Point of Sale (POS) Processing

We do collect financial information through our Point of Sale system. If you choose to pay for our services or products via Credit or Debit Card to our secure Point of Sales device/system, we will collect financial information related to that particular transaction. This may include setting up a limited customer profile on our payment system, which ensures that we are processing only the personal information you give us. It allows us to process future payments more quickly and conveniently for you. We will only keep this information for as long as we need it.

We do not process directly any secure card information, which is carried out by our authorised, legally-compliant merchant/service provider.

Our system fully supports your privacy rights in relation to access, correction (rectification), deletion (right to be forgotten), objection to profiling, restriction of processing or portability of your personal information.

Cookies

We may collect your browsing information to help us understand what content or pages visitors to our website find useful. We only collect this information with your consent and do not automatically collect your browsing data before consent. You are able to manage your settings from the cookie control link available on the appropriate page popup.

Your rights

You can ask to see a copy of any of your personal information we may be processing. If we are processing your personal data, we will let you know without undue delay and within one month and give you a copy of that data, if that’s what you wish. If at any point you believe the information we process about you is incorrect, you can request to have this corrected or deleted. You can also ask us to limit processing your personal data, or to port some of it to another party. More information is available here.

CCTV

We use CCTV for the safety and security of our staff, students, candidates, visitors as well as our property. We process the personal information to prevent and detect criminal activity. We may also use it to monitor authorised access to our building and rooms.

Our CCTV systems can take the form of static cameras on the external and internal areas of our building, as well as on-body or mobile cameras where we see a criminal offence taking place (or imminent) or where a person or persons may be at risk of harm. We do not keep CCTV images for longer than 30 days unless required to by a competent authority, court order or legal requirement.