You Can Dance AcademyYCDA

Last updated: 30 May 2026

Compliance & data rights

How we meet UK GDPR expectations: your rights, how to request data removal, retention, breaches, and safeguarding limits.

Overview

You Can Dance Academy is the data controller for personal information processed through our website, member portal, and mobile app.

We process data lawfully, fairly, and transparently. This page supplements our Privacy policy and Data collection practices.

Your rights (UK GDPR)

Subject to exemptions, you may have the right to:

  • Be informed — clear notices (this site and app).
  • Access — know what we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — deletion when no longer needed and no overriding reason to keep it.
  • Restrict processing — limit use in certain circumstances.
  • Data portability — receive a copy in a structured, commonly used format where applicable.
  • Object — to processing based on legitimate interests or direct marketing.
  • Withdraw consent — where processing relies on consent (e.g. optional push alerts).
  • Automated decisions — we do not make solely automated decisions with legal effect about members.

How to make a request

Signed-in members: open Your data rights in the portal or app, choose the request type, and submit. We log the request and email our team.

Anyone may also email youcandanceacademyuk@gmail.com from the address on your account (or explain your relationship to the family if you are a support contact).

We may ask for reasonable identity checks before releasing or deleting data. We respond within one month in most cases; complex requests may be extended by up to two further months with notice.

Deletion & account removal

When you ask us to erase your data we will delete or anonymise member account details, dancer profiles you control, private practice video files we store, notifications, sessions, and support-network links, unless we must keep information for legal or safeguarding reasons.

  • Removing a single dancer profile in the portal deletes that child’s portal data and linked practice videos.
  • Full account erasure is completed by staff after a verified delete request — we invalidate logins and remove personal identifiers from our systems.
  • We may retain minimal records where required (e.g. safeguarding incidents, settled financial disputes, or tax) in line with law.
  • Staff accounts (teachers/admins) must contact us for removal; self-service erasure applies to member (parent) accounts only.

Retention (summary)

Typical retention periods:

  • Active membership — account and class data while enrolled.
  • Session tokens — until expiry or sign-out.
  • Server security logs — short rolling period.
  • Data subject request records — up to three years for accountability.
  • Safeguarding-related notes — as advised by policy and law.

Processors & international transfers

We use UK/EU-appropriate providers (hosting, email, push) under data processing terms. Where data leaves the UK, we rely on appropriate safeguards (e.g. UK IDTA or adequacy) as required.

Personal data breaches

If a breach is likely to risk your rights, we will notify the ICO where required and tell affected members without undue delay, with advice on protective steps.

Children & safeguarding

Parents provide dancer information. We may refuse erasure that would harm a child’s safeguarding record or an ongoing investigation. Concerns about a child’s welfare should be reported to us and, where appropriate, local authorities.

Complaints

Contact youcandanceacademyuk@gmail.com first. You may complain to the Information Commissioner’s Office (ico.org.uk) if you remain dissatisfied.