Privacy Notice

The Actor’s Lounge Privacy Notice

1. Introduction

This privacy notice tells you what to expect us to do with your personal information.The accuracy of your information is important to us.If any information we hold is innacurate or out of date, please e mail us.

1. Contact details

If you have any questions or would like to contact us you can e mail The Actor’s Lounge Ltd by e mail at: act@theactorslounge.co.uk

1. What information we collect, use, and why

We obtain information about you when you enquire about or apply to our programmes and when you enroll on a course.We also record some information about you or that you give us when you interact with The Actor’s Lounge during your time as a student or alumni, via communication channels like e mail, telephone and post.

We are mindful of the potential risks to students’ privacy. To mitigate these we only collect information that is strictly necessary.Students are informed about what data is collected, how it is used, and their rights regarding their personal information. We have robust systems and procedures in place to store and process data securely, reducing the risk of unauthorised access or breaches.Regular reviews ensure that the information collected remains relevant and necessary. Students retain control over their data through opt-ins, consent processes where necessary, and have access to our data protection policies.

We may process data that is classed as a ‘special category’ of personal data.This might include information about your gender identity, nationality, ethnicity and disability.We must process special categories of data in accordance with more stringent guidelines.Most commonly, we will process special categories of data when the following applies:

• You have given explicit consent to the processing
• We must process the data in order to carry out legal obligations

We do not need your consent if we use special categories of personal data in order to carry out our legal obligations.However, you are able to provide a response of ‘information refused’ when asked about these categories.

TAL does not use automated processes to make decisions about individuals.

We collect or use the following information for student education and welfare:

• Names, address and contact details for students
• Names and contact details for carers/emergency contacts
• Gender
• Pronoun preferences
• Racial or ethnic origin
• Photography and video recordings
• Date of birth
• Your first language or other languages spoken
• Payment details and financial information including transactions
• Special Educational Needs and Disabilities (SEND) or additional support information (includes reasonable adjustments and special educational needs and disabilities)
• Welfare information (includes family and home life circumstances and history)
• Health information (including conditions, injuries and allergies)
• Attendance and reason for absence data
• Progress reports and relevant previous experience
• Information relating to compliments and complaints
• Communications that you send to us

We collect or use the following personal information for dealing with queries,

complaints or claims:

• Names and contact details
• Address
• Witness statements and contact details
• Information relating to health and safety (including incident investigation details and reports and accident book records)
• Correspondence
• Special Educational Needs and Disabilities (SEND) or additional support information (includes reasonable adjustments and special educational needs and disabilities)
• Attendance and reason for absence data

We collect or use the following information for information updates, website or marketing purposes:

• Names and contact details
• Address
• Marketing preferences
• Photographs and Filmed Footage
• Website and app user journey information
• IP addresses
• Records of consent, where appropriate
• Alumni records
• Communications that you send to us: Whether it be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us.
• User Data: information about how you use our website and any online services together with any data that you post for publication on our website or through other online services.
• Technical Data: information about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system.
• Customer Data: includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details.
• Marketing Data: information about your preferences in receiving marketing from us and our third parties and your communication preferences.

We collect data about you when you fill in forms on our site or by sending us emails. We may also automatically collect data from you using cookies and similar technologies. Please see our Cookie Policy for details.

You can use settings in your browser to control, disable or refuse cookies, although this may cause some parts of this website to become inaccessible or function incorrectly. For more information, see our Cookie Policy.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

We may also receive data from third parties such as search engines, analytics providers, advertising networks, technical providers, payment processors and delivery services, such as Google, Facebook, PayPal, Stripe, and others. Many of these are based outside the EU.

If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

You can ask us or third parties to stop sending you marketing messages at any time by following the unsubscribe links on any marketing message sent to you or by emailing us at act@theactorslounge.co.uk

1. Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
• Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.
• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
• Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

1. Our lawful bases for the collection and use of your data

Student Education and Welfare

Our lawful bases for collecting or using personal information for student education and welfare are legitimate interests and in order to undertake our contractual and legal obligations.This enables us to recruit students and provide them with the academic, pastoral, and wellbeing support they require to thrive in their studies and beyond.Collecting information about students allows us to understand their individual needs, enabling us to offer tailored learning resources, make adjustments for disabilities, and give focused support for academic or personal challenges.Access to relevant personal information also helps us identify students who may be at risk and connect them with appropriate welfare services or external support to protect their vital interests. It enables us to maintain student and alumni records and carry out audits and equal opportunities monitoring.

Dealing with Queries, Complaints or Claims

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are legitimate interests.Our legitimate interest in collecting and using personal information to handle queries, complaints, or claims is to ensure a responsive and effective service, addressing concerns fairly and maintaining trust in our organisation.Collecting relevant personal information allows us to thoroughly investigate and resolve queries, complaints, or claims, ensuring that individuals receive appropriate and timely responses.By analysing patterns in complaints or claims, we can identify areas for improvement, enhancing the overall experience for everyone involved. Handling claims and complaints often requires us to meet legal or contractual responsibilities, ensuring compliance and accountability.We only collect the information necessary to resolve the issue at hand and avoid asking for unrelated details. Personal data is handled with strict confidentiality, ensuring it is only accessed by those directly involved in resolving the issue.

Information Updates, Website and Marketing Purposes

Our lawful bases for collecting or using personal information for information updates, website and marketing purposes are consent and Legitimate interests and Performance of Contract. This is to ensure that individuals receive relevant and timely communications about our services, events, or opportunities that may be of genuine interest and benefit to them. All of your data protection rights may apply, except the right to portability.

User data ensures the smooth operation of the website by maintaining relevant content, ensuring website security, and supporting backups. It also facilitates the administration of the website and other online services.

Technical data enhances the user experience by analysing website usage, delivering relevant content and advertisements, and informing the effectiveness of advertising. This supports business growth and guides marketing strategies.

Customer data enables the delivery of purchased goods and services and ensures accurate records of transactions to meet customer needs effectively on the grounds of performance of contract.Customer data is processed strictly for the performance of contracts. Transaction records are stored securely and used only for relevant purposes, ensuring compliance with obligations.Processing is carried out to protect the website and business. Safeguards are in place to prevent unauthorised access or misuse of technical data. Legitimate interests ensure that analysis is conducted responsibly to support growth and strategy.

Communications data is processed to facilitate effective communication with users. It supports record-keeping, ensuring accurate documentation of interactions, and allows for the establishment, pursuance, or defense of legal claims if necessary.The processing of communications data is carried out on the grounds of legitimate interests. Measures are in place to ensure data is handled securely and only used for purposes aligned with legal and operational requirements.

Marketing data is processed on the basis of consent or legitimate interests, ensuring it is used appropriately for advertisements and communication. Data is safeguarded to prevent misuse, and no information is shared with third parties for marketing without explicit consent.Marketing data allows the company to engage customers through competitions, giveaways, and targeted advertisements. It supports business growth by studying customer behavior and refining marketing strategies, while enabling personalised and effective communication with customers.

Consent and Preferences

We respect individuals' preferences by providing clear options to opt in or out of receiving updates or marketing materials. Communications are only sent to those who have chosen to receive them or where there is a clear legitimate interest. Individuals are informed about what information is collected, how it will be used, and their rights to withdraw consent at any time.We only collect the information necessary to deliver meaningful and targeted communications.

Secure Handling

Personal data is securely stored and managed, with safeguards in place to prevent misuse or unauthorised access. Operational needs are balanced with user expectations for privacy by processing only necessary data for functionality and security.

The company adheres to the Privacy and Electronic Communications Regulations (PECR) by limiting communications to users with prior consent or those with an existing relationship with the company.

Users can opt out of communications at any time.

Data is processed on the grounds of legitimate interests to ensure operational continuity and website security. Measures such as backups and secure content administration are implemented to prevent data loss or breaches.

1. Where we get personal information from

• Directly from you
• Publicly available sources

1. How long we keep information

2 years from the date of the start of your first course with us.

1. Who we share information with

Your data will be used by staff and contractors of The Actor’s Lounge for the purposes specified.

We may also seek additional consent for nominating you to a third party for external awards, opportunities or representation.

When you graduate from The Actor’s Lounge you will be offered the opportunity to become a lifelong member of the alumni community.Using the details you have provided, and with your consent, we will continue to contact you about appropriate opportunities.

Third Parties: We only allow third parties to process your personal data for specified purposes and in accordance with our instructions.For example, Third Party Service Providers or where we are required to do so by law or for the purposes of prevention of harm or crime or where we assesss that it is in our legitimate interests to do so.We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law.

1. Data processors

Data processors include:

Spotlight

This data processor does the following activities for us:

Chris Mendes Limited

accreditation of training

Pipedrive

website, marketing and CRM Registration System engineer

Google

CRM Registration System and storage of student data

Microsoft 

communication, storage of e mails and records

Dropbox

storage of records

Apple

communication, transfer of recordings and files

WeTransfer

transfer of recordings and files

Stripe

payment system

Meta

communication, marketing and transfer of recordings and files

Zoom

communication and recordings

Metricool

social media

1. Sharing information outside of the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name & Country the personal information is sent to

How the transfer complies with UK data protection law

Google - US

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

Microsoft - US

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

Dropbox - US

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

Stripe – US

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

Meta – US

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

Apple – US

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

Zoom – US

UK Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

WeTransfer - Netherlands

If your data is transferred to the Netherlands, it remains within the European Economic Area (EEA). The UK Government recognises the EEAas providing an adequate level of data protection under the UK GDPR. This means your data will be handled in compliance with standards equivalent to those in the UK.

Pipedrive – Europe & US

It remains within the European Economic Area (EEA). The UK Government recognises the EEA as providing an adequate level of data protection under the UK GDPR. This means your data will be handled in compliance with standards equivalent to those in the UK. If transferred to the US: Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

Metricool – Europe & US

It remains within the European Economic Area (EEA). The UK Government recognises the EEA as providing an adequate level of data protection under the UK GDPR. This means your data will be handled in compliance with standards equivalent to those in the UK. If transferred to the US: Addendum to Standard Contractual Clauses, The International Data Transfer Agreement (IDTA)

1. Others we share personal information with

• Specialist teachers such as peripatetic contract workers/visiting/deputy tutors
• Insurance companies, brokers or other intermediaries
• Organisations we need to share information with for safeguarding reasons
• Social services
• Emergency services
• Professional advisors, including lawyers, bankers, auditors
• Organisations we’re legally obliged to share personal information with
• Publicly on our website, social media or other marketing and information media
• Government bodies that require us to report processing activities.
• Third parties to whom we sell, transfer, or merge parts of our business or our assets
• Service providers who provide IT and system administration services.

1. Complaints

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow
Cheshire. SK9 5AF

Helpline number: 0303 123 1113 Website: https://www.ico.org.uk/make-a-complaint