General Data Protection Regulations (GDPR) Information for Schools
Who we are
Bristol Music Trust Ltd is a national arts organisation and charity registered in England & Wales (no. 1140898). A non-profit-making company limited by guarantee. Registered in England no. 7531978. Our registered office is: Bristol Beacon, Bristol, BS1 5AR.
Bristol Beacon is a live performance venue based in Bristol city centre that houses flexible event spaces, meeting rooms and a café & bar.
Beacon Music Centre is the name for our Creative Learning and Engagement centre where Bristol’s Music Education Hub is run from. Beacon Music Centre houses performance and learning spaces, an instrument and sheet music library and video broadcast studio.
Our income comes from ticket sales, commercial hires, commercial partnerships, sponsorship, individual donations and funding from trusts and foundations, Arts Council England, Department for Education and Bristol City Council.
In this General Data Protection Regulations guide all references to Bristol Music Trust (BMT) refer to Bristol Beacon and the Creative Learning and Engagement part of BMT run from Beacon Music Centre.
- Who we are
- How we use the data we collect
- What information we collect
- How and when we use the information we collect
- The legal bases on which we use the information
- How we keep your details safe and secure
- BMT as a charity and how we respect our donors
- Special category information
- Offensive or inappropriate content
- Education & community
- Our fundraising promise
- Can I find out what personal information Bristol Music Trust holds about me?
Schools and Bristol Plays Music (BPM)
Schools book musical and education activities with Bristol Beacon by completion of a Music Tuition Booking Form.
The booking form creates a contractual agreement between schools and Bristol Music Trust Ltd. It explains how Bristol Music Trust is GDPR compliant and how, as Joint Data Controllers with schools, personal information is managed and protected.
What is a Data controller?
A Data controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is, or are to be, processed.
Subject matter, duration, nature and purpose of data
- Children and young people, parents/legal guardian(for some activities), teachers, participants
- Information about how long data is kept can be found in BMT Retention Policy
- Data is collected for use in registers, timetables/schedules, participation in events, instrument hire
- Invoicing to parents at some schools and for attendance at music centre activities
Categories of data subjects
Type of personal data being processed
- Pupil handbooks
- Pupil reports
- Medical forms
- Body of Persons Approval (BOPA)
- Anonymised demographic information
Pupil names, age/year group/dates of birth, school, gender, home contact details (for some events only), ethnicity, SEND
- For safeguarding purposes and to record progression of pupils’ attainment.
- To inform tutors of any medical conditions of pupils.
- To comply with Bristol City Council performance licensing requirements, where applicable.
- Photographic record of events for documenting and marketing purposes.
- To respond to enquiries from funders and Department for Education
Obligations and rights as Joint Data Controllers
- Schools will provide a registers of pupils, including SEND/health information where appropriate
- BMT will only use personal data for the purposes outlined above (as directed by schools)
- In line with BMT retention policy all personal data will be deleted at the end of the event or contract term.
- All BMT employed and freelance tutors adhere to BMT policies, including Data Protection Policy, Security Policy and Retention Policy.
As Joint Data Controller, BMT uses SpeedAdmin to process bookings for our education workshops and young people’s learning and engagement. This affects schools and music centres with direct billing to parents.
We use Spektrix as our Box Office ticketing system, and to report on your order history, donation history, membership status, and to show trends in sales patterns.
The BMT Privacy Notice covers the data rights of individuals, secure processing, reporting and communicating data breaches, and the conducting of impact assessments where relevant.
Refer to Retention Policy for information on how BMT deletes or returns personal data to schools at the end of the event or contract term.
Access to Data
As joint data controllers, schools are entitled to inspect how shared data is used and kept secured.