Privacy Policy
Last updated: December 2024
This Privacy Policy explains how Bailemos Dance School ("we", "our", or "us") collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy applies to the usage of the Bailemos Dance School website and its associated digital services, including class management, attendance tracking, and communication systems.
1. Data Controller Information
The Data Controller responsible for your personal data is:
Bailemos Dance School
Vathylaka 1, Strovolos, 2033, Cyprus
Phone: 96 216020
Email: web@bailemosdanceschool.com
For data processing purposes, Bailemos Dance School acts as both the data controller and data processor.
2. Personal Data We Process
We collect and process the following categories of personal data:
| Data Category | Legal Basis | Purpose |
|---|---|---|
|
Contract Performance & Consent (Art. 6(1)(b) & (a) GDPR) | Account creation, service provision, communication, class management |
|
Contract Performance (Art. 6(1)(b) GDPR) | Class management, attendance tracking, service personalization |
|
Legitimate Interest (Art. 6(1)(f) GDPR) | Security, fraud prevention, service improvement, technical support |
|
Legal Obligation & Legitimate Interest (Art. 6(1)(c) & (f) GDPR) | Compliance, security monitoring, system maintenance |
3. Recipients of Your Data
Your personal data may be shared with the following categories of recipients:
- IT Service Providers: For platform maintenance, hosting, and technical support
- SMS Service Providers: For sending SMS notifications about class changes and updates
- Email Service Providers: For sending email notifications and communications
- Database and Storage Providers: For secure data storage and backup services
- Teachers and Administrators: For class management and attendance tracking purposes
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.
4. Data Retention Periods
Different types of data are retained for specific periods:
Account Data
Retained for the duration of your account plus 2 years after account closure for legal obligations and audit purposes.
Class and Attendance Records
Retained for the duration of your enrollment plus 1 year for reporting and compliance purposes.
Request History
Retained for 1 year after the request date for audit and compliance purposes.
User Files and Reports
Automatically deleted after 2 weeks (14 days) from creation date.
Weekly Reports
Retained for 1 year, then automatically deleted.
Session Data
Automatically cleaned up after 14 days of inactivity or upon session expiration.
Audit & Security Logs
Minimum 1 year retention (immutable for security and compliance purposes).
System Logs
30 days retention with automatic rotation and compression.
5. Your Rights Under GDPR
Under the GDPR, you have the following rights:
- Right to access your data
- Right to rectification
- Right to erasure ('right to be forgotten')
- Right to restrict processing
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to lodge a complaint
To exercise any of these rights, please contact us using the contact details provided above. We will respond to your request within 30 days.
Account Deletion Requests
You can request account deletion through your profile settings. When your account is deleted, we will completely remove all your personal data from our systems, including:
- Account information and profile data
- Class enrollments and attendance records
- Request history (cancellations, extra classes, replacements)
- User activity logs and audit trails
- Notes and absences records
- Password reset tokens and session data
- User-generated files and reports
- All associated file system data
Note: Deletion requests are reviewed by administrators and processed within 30 days. Some data may be retained for legal compliance purposes as required by law.
6. Automated Decision-Making
We do not make any automated decisions about you based on your personal data that would have legal or similarly significant effects. All decisions regarding class management, attendance, and requests are made by human administrators.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication mechanisms
- CSRF protection and input validation
- Rate limiting and DDoS protection
- Comprehensive audit logging
8. International Data Transfers
Your personal data is primarily processed within the European Economic Area (EEA). If any data processing occurs outside the EEA, we ensure appropriate safeguards are in place through:
- Adequacy decisions by the European Commission
- Standard contractual clauses
- Binding corporate rules
9. Cookies and Similar Technologies
This website uses cookies to enhance user experience and provide essential functionality. Cookies are small text files stored on your computer when you visit a website. They are used to:
- Maintain your session and authentication status
- Remember your preferences and settings
- Provide security features (CSRF protection)
- Improve website performance and user experience
You can control cookie settings through your browser preferences. However, disabling certain cookies may affect the functionality of the website.
10. Changes to This Privacy Policy
We reserve the right to update this privacy policy at any time. Any changes will be posted on this page with a revised "last updated" date. We encourage you to review this privacy policy periodically. Significant changes will be communicated to you through email or website notifications.
11. Contact Us
If you have any questions about this privacy policy or our treatment of your personal data, please contact us:
Phone: 96 216020
Address: Vathylaka 1, Strovolos, 2033, Cyprus