Skip To Main Content

Introduction

The Liverpool Institute for Performing Arts (LIPA) is committed to protecting the privacy rights of individuals in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). This Data Protection Policy sets out the procedures and guidelines that LIPA follows to ensure compliance with data protection legislation and to safeguard the personal data that it holds.

Policy Statement

LIPA is committed to protecting the privacy rights of individuals and ensuring that personal data is processed in accordance with the GDPR and the DPA. This policy outlines the procedures and guidelines that LIPA follows to ensure compliance with data protection legislation and to safeguard personal data.

Scope of the Policy

This policy applies to all personal data held by LIPA, regardless of the format in which it is held, and applies to all members of staff, students, contractors and other individuals who handle personal data on behalf of LIPA.

Responsibility

LIPA is responsible for ensuring that personal data is processed in accordance with the GDPR and the DPA. This includes:

  • Ensuring that all personal data is processed lawfully, fairly and transparently;
  • Ensuring that individuals are informed about the processing of their personal data;
  • Ensuring that personal data is accurate, up to date and relevant;
  • Ensuring that personal data is processed securely;
  • Ensuring that personal data is only processed for specified and legitimate purposes;
  • Ensuring that personal data is only kept for as long as necessary; and
  • Ensuring that individuals’ rights under the GDPR and the DPA are respected and upheld.

Data Protection Officer

LIPA has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with data protection legislation and ensuring that personal data is processed in accordance with the GDPR and the DPA. The DPO can be contacted via email at dpo@lipa.ac.uk.

Alternatively, the DPO can be contacted at the following address:

Data Protection Officer

The Liverpool Institute for Performing Arts

Mount Street

Liverpool

L1 9HF

Collection and Use of Personal Data

LIPA will only collect and use personal data for specified and legitimate purposes and will ensure that individuals are informed about the processing of their personal data. LIPA will only process personal data if one or more of the following conditions apply:

  • The individual has given their consent;
  • Processing is necessary for the performance of a contract with the individual;
  • Processing is necessary for compliance with a legal obligation; and
  • Processing is necessary for the legitimate interests of LIPA, provided that such interests do not override the fundamental rights and freedoms of the individual.

Accuracy of Data

LIPA is committed to ensuring that personal data is accurate, up to date, and relevant. LIPA will take reasonable steps to ensure that personal data is accurate at the point of collection and will keep personal data up to date where necessary. Individuals are responsible for informing LIPA of any changes to their personal data and LIPA will update its records accordingly.

LIPA will also take reasonable steps to ensure that any personal data that is found to be inaccurate, incomplete, or out of date is rectified without delay. If an individual believes that their personal data held by LIPA is inaccurate, incomplete, or out of date, they should contact the Data Protection Officer using the contact details provided above.

LIPA will regularly review the personal data that it holds and will take appropriate action to rectify any inaccuracies or update any out-of-date information.

Data Security 

LIPA is committed to ensuring the security of personal data and has implemented appropriate technical and organisational measures to prevent unauthorised access, disclosure or destruction of personal data. LIPA will ensure that personal data is processed securely, including through the use of encryption, access controls, and regular security testing and monitoring.

Data Retention

LIPA will only keep personal data for as long as necessary to fulfil the purposes for which it was collected, and in accordance with any legal, regulatory or contractual obligations. LIPA will regularly review the personal data that it holds and will securely dispose of personal data that is no longer required.

Data Subject Rights

LIPA will respect and uphold the rights of individuals under the GDPR and the DPA, including the right to:

  • Access their personal data;
  • Have their personal data corrected if it is inaccurate or incomplete;
  • Have their personal data erased (in certain circumstances);
  • Object to the processing of their personal data (in certain circumstances);
  • Restrict the processing of their personal data (in certain circumstances); and
  • Data portability (in certain circumstances).

Complaints

If you have any concerns about how LIPA is handling your personal data or if you wish to make a complaint, please contact the Data Protection Officer using the contact details provided above.

LIPA will investigate any complaints that it receives and will take appropriate action to address any concerns raised. If you are not satisfied with the response that you receive from LIPA, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) by visiting their website at https://ico.org.uk/.

Review and Monitoring

This policy will be reviewed periodically to ensure that it remains up to date and effective. LIPA will monitor the implementation of this policy to ensure that it is being followed and that any necessary changes are made.