Savoy Swing Italy
Privacy Policy
How we collect, use, and protect your personal information
Last Updated: May 2026This Privacy Policy explains how Savoy Swing Italy ("we", "us", "our", the "School") collects, uses, stores, and protects your personal data. We are committed to full compliance with the EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679, the Italian Personal Data Protection Code (Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018), and applicable guidelines from the Italian Data Protection Authority (Garante per la protezione dei dati personali).
Please read this policy carefully. By registering with or attending our school, you acknowledge that you have read and understood it.
Article 1
Data Controller
The Data Controller for your personal data is:
Savoy Swing Italy
Email: savoyswing.it@gmail.com
We have not appointed a Data Protection Officer (DPO), as we do not meet the mandatory threshold under Article 37 GDPR. However, all data protection enquiries should be addressed to the contact above.
Article 2
What Personal Data We Collect
We apply the principle of data minimisation (Article 5(1)(c) GDPR) and collect only what is strictly necessary for each purpose. The categories of personal data we may collect include:
2.1 — Identification & Contact Data
- — Full name
- — Date of birth (to verify age eligibility for certain classes)
- — Email address
- — Phone number
- — Postal address (billing and correspondence)
- — Fiscal code / Codice Fiscale (required for Italian tax receipts)
2.2 — Class & Activity Data
- — Course or workshop registrations
- — Attendance records
- — Dance level and progression notes
- — Instructor feedback (where recorded)
2.3 — Payment & Financial Data
- — Payment method (card type, bank transfer reference — we do not store full card numbers)
- — Transaction records, invoices, receipts
2.4 — Health Data (Special Category — Article 9 GDPR)
- — Physical limitations, injuries, or conditions voluntarily disclosed to ensure your safety in classes
Health data is special category data under Article 9 GDPR and is processed only with your explicit written consent. It is accessible only to instructors who need it to ensure your safety and is never shared externally.
2.5 — Media & Image Data
- — Photographs or video recordings taken during classes, events, or performances (only with separate, specific consent)
2.6 — Communication Data
- — Email correspondence with the school
- — Messages sent via our website contact form or messaging services
2.7 — Technical Data (Website)
- — IP address, browser type, device information, pages visited (via cookies — see our separate Cookie Policy)
Article 3
Purposes of Processing & Legal Bases
Under Article 13 GDPR, we must inform you of the legal basis for each processing activity. We process your data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Registration and enrolment in classes, workshops, and events | Art. 6(1)(b) — Performance of a contract |
| Billing and invoicing, issuing fiscal receipts under Italian law | Art. 6(1)(c) — Legal obligation (D.P.R. 633/1972; Italian tax law) |
| Scheduling and class management (attendance lists, level groupings) | Art. 6(1)(b) — Performance of a contract |
| Safety and health accommodation during physical dance activities | Art. 9(2)(a) — Explicit consent; Art. 6(1)(f) — Legitimate interest (duty of care) |
| Communication about your bookings, schedule changes, cancellations | Art. 6(1)(b) — Performance of a contract |
| Photography/video for internal documentation or school promotion | Art. 6(1)(a) — Consent (freely given, specific, separately obtained) |
| Compliance with legal obligations (tax, accounting, labour law) | Art. 6(1)(c) — Legal obligation |
| School safety and security (incident records, access) | Art. 6(1)(f) — Legitimate interest |
| Direct marketing communications (newsletters, promotions) | Art. 6(1)(a) — Consent (separate marketing consent required — see Marketing Consent Policy) |
Legitimate Interests: Where we rely on legitimate interests (Art. 6(1)(f)), we have carried out a balancing test to confirm that our interests do not override your rights and freedoms. You may request details of this assessment or object to processing on this basis at any time.
Article 4
How We Process and Use Your Data
Your data is used exclusively for operating and improving our dance school. Specific processing activities include:
- — Creating and managing your student account or registration profile
- — Confirming bookings and sending class reminders
- — Processing payments and issuing Italian-compliant fiscal receipts
- — Organising students into appropriate class levels
- — Enabling instructors to provide appropriate teaching and accommodations
- — Managing waiting lists for fully booked classes
- — Responding to your enquiries and complaints
- — Maintaining student attendance records for insurance and legal compliance
- — Archiving financial records as required by Italian fiscal law (minimum 10 years)
Article 5
Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share data only with third parties that are strictly necessary for running our school activities, and only to the minimum extent required.
5.1 — Data Processors (Art. 28 GDPR)
We use the following categories of third-party service providers who process data on our behalf under a signed Data Processing Agreement:
- — Payment processors — to securely handle transactions
- — Email communication platforms — only if you have given marketing consent
- — Cloud storage / Google Workspace — for internal administrative files (access-controlled)
- — Accounting software / commercialista (accountant) — for Italian tax compliance
5.2 — Legal Authorities
We may disclose your data to Italian public authorities (tax authorities — Agenzia delle Entrate, law enforcement, courts) where required by law or by a binding legal order.
5.3 — Insurance
Attendance records and basic identification data may be shared with our liability insurer in the event of an accident or injury claim.
5.4 — No International Transfers Without Safeguards
If any third-party service provider is located outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses under Art. 46 GDPR, or adequacy decisions under Art. 45 GDPR) before any transfer occurs.
Article 6
Data Retention
We retain your personal data only for as long as necessary for the purpose for which it was collected, or as required by law:
| Data Type | Retention Period | Basis |
|---|---|---|
| Student registration / active membership | Duration of relationship + 2 years after last activity | Contractual / legitimate interest |
| Fiscal records, invoices, payments | 10 years | Italian tax law (Art. 2220 Codice Civile; D.P.R. 633/1972) |
| Attendance records (for insurance) | 5 years | Legitimate interest (liability) |
| Health/injury disclosures | Duration of enrolment, then deleted | Explicit consent (withdrawn on deletion request) |
| Photos / videos | Until consent is withdrawn | Consent |
| Marketing communications | Until consent is withdrawn | Consent |
| Email / enquiry correspondence | 2 years | Legitimate interest |
After the retention period, data is securely deleted or anonymised.
Article 7
Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR (Chapter III). You may exercise these rights at any time, free of charge, by contacting us at savoyswing.it@gmail.com. We will respond within 30 days (extendable to 90 days in complex cases, with notice).
Right of Access (Art. 15)
You can request a copy of all personal data we hold about you and information on how it is being used.
Right to Rectification (Art. 16)
You can ask us to correct inaccurate data or complete incomplete data we hold about you.
Right to Erasure (Art. 17)
You have the right to request deletion of all your personal data ("right to be forgotten"), subject to legal retention obligations.
Right to Restriction (Art. 18)
You can ask us to restrict processing of your data while a dispute is pending or while you exercise other rights.
Right to Portability (Art. 20)
For data processed by automated means based on consent or contract, you can request a machine-readable copy of your data.
Right to Object (Art. 21)
You can object at any time to processing based on legitimate interests, including profiling, and to direct marketing.
Withdraw Consent (Art. 7(3))
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint
You have the right to complain to the Garante per la protezione dei dati personali (www.garanteprivacy.it) or any EU supervisory authority.
Right to Erasure — Important Note: We will fully erase your data upon request. However, certain data may be retained where we are legally required to do so (e.g., fiscal records for 10 years under Italian tax law). We will always inform you clearly of which data must be retained and why.
Article 8
Security of Your Data
We implement appropriate technical and organisational security measures under Article 32 GDPR to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include:
- — Password-protected and access-controlled systems
- — Encrypted data storage and transmission (SSL/TLS)
- — Limited access on a strict need-to-know basis
- — Regular review of third-party service provider security practices
- — Physical security of any paper records
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Garante and, where required, inform you directly without undue delay, in accordance with Articles 33–34 GDPR.
Article 9
Children and Minors
Where minors under the age of 14 enrol in our classes (the age threshold under Italian implementation of Art. 8 GDPR), we require verifiable parental or guardian consent before collecting any personal data. Parents or guardians may exercise all data subject rights on behalf of their children.
We do not knowingly collect data from children under 14 without parental consent. If you believe we have inadvertently collected such data, please contact us immediately for deletion.
Article 10
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, our practices, or the services we offer. When we make significant changes, we will notify you by email or by posting a prominent notice on our website. The date of the most recent revision is shown at the top of this page.
Contact Us About Your Data
For any questions about this Privacy Policy or to exercise your rights, please contact us:
- — Email: savoyswing.it@gmail.com
To lodge a complaint with the Italian supervisory authority:
Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Roma —
www.garanteprivacy.it