top of page

If you wish to receive a digital copy of our Privacy Policy please click here

Privacy Notice

Policy created: December 2025.

Policy due for review: January 2027.

This Privacy Notice explains how LastAct Studios / LastAct LTD (“LastAct”, “we”, “us”) collects and uses personal information when you enquire, book classes or workshops, attend sessions, or interact with us.

​

Who we are

LastAct is a performing arts training provider for children and young people (ages 018) based in Formby, near Liverpool, UK.

Data controller: LastAct LTD (“LastAct”)
Address: Old Saw Mills, Marsh Brows, Formby, L37 3PD
Phone: 01704 337337
Email: info@lastact.org.uk

​

The information we collect

Depending on what you sign up for (classes, holiday workshops, afterschool clubs, auditions/applications such as Make Noise / Make Noise 2), we may collect:

  • Parent/guardian details: name, email address, phone number, relationship to the child

  • Child details: name, date of birth/age, school (if relevant), class/workshop choices

  • Emergency and welfare information: emergency contacts, medical information, allergies, access needs, safeguarding-relevant information you choose to share

  • Payment and billing information: amounts due/paid, payment reference details, invoices (we do not store full card details)

  • Photos and video: images/video taken during classes, workshops, performances or events (where permitted)

  • emails, text messages, WhatsApp messages and other messages you send us and our replies

  • Website and form data: information you submit via online forms (including 123FormBuilder)

​

How we use your information

We use personal information to:

  • Process enquiries, registrations and bookings

  • Manage timetables, class lists, registers and attendance

  • Communicate important information about classes, workshops, events and schedule changes

  • Support student welfare and safeguarding

  • Provide a safe environment (including managing medical and access needs)

  • Administer payments, deposits, refunds/credits (where applicable) and accounting

  • Improve our services (for example, reviewing demand for classes/workshops)

  • Send marketing communications

​

Our lawful bases (UK GDPR)

We rely on the following lawful bases, depending on the activity:

  • to provide classes/workshops you book and to administer payments.

  • Legal obligation: where we must comply with legal requirements (for example, certain safeguarding and financial record-keeping obligations).

  • Vital interests: in rare cases, to protect someones life (for example, sharing medical information with emergency services).

  • Legitimate interests: to run our organisation effectively (for example, managing enquiries and improving scheduling), balanced against your rights.

  • for optional activities such as marketing and certain photo/video uses.

You can withdraw consent at any time (see “Your rights”).

​

Marketing

We will only send you marketing (news, offers, updates about classes/workshops) if you have actively opted in.

We use Mailchimp to manage marketing emails.

You can unsubscribe at any time using the link in our emails or by contacting us.

​

Photos and video

We may take photos/videos during classes, workshops, and events.

  • We will ask for your for photo/video use where required.

  • Where we use images for marketing (e.g., website, social media, printed materials), we aim not to identify children by full name.

  • We may share photos/videos on our social channels, including , where permitted.

  • In occasional circumstances (for example, if a parent/carer requests it after a missed event), we may share a photo/video directly with that parent/carer.

  • You can change your photo/video preferences at any time by contacting us.

​

Who we share information with

We do not sell personal information.

We may share information with trusted service providers (“processors”) who help us run our services, for example:

  • Online form provider: 123FormBuilder

  • Website provider: Wix

  • Email provider: Gmail / Google Workspace

  • Scheduling/booking platform: ClassForKids

  • Payment processing: Stripe (where used)

  • IT and storage providers: Google Drive (for secure storage and backups)

  • Marketing email platform: Mailchimp

  • WhatsApp and SMS/text messaging (where used for communications)

We may also share information where required by law, or with emergency services if needed.

​

International transfers

Some of our service providers may process data outside the UK. Where this happens, we use appropriate safeguards required by UK data protection law (for example, standard contractual clauses).

​

How long we keep information

We keep personal information only as long as necessary for the purposes described above, including legal, accounting, or safeguarding requirements.

​

Retention summary

​

Enquiries (no booking)

Up to 12 months

To respond and follow up, then deleted/anonymised where possible.

​

Academy students and class students (booking, attendance, communications)

Up to 5 years after the student last attended

For administration, safeguarding context, and to handle queries.

​​

Holiday workshop attendees

Up to 5 years after the workshop attended

For administration and to contact about future workshops if marketing opt-in exists.

​

Afterschool club attendees

Up to 2 years after the club attended

For administration and to handle queries.

​

Marketing preferences

Until you unsubscribe or ask us to update your preferences

We keep a record of your opt-in/opt-out choice.

​

Photos/videos (where permitted)

Until consent is withdrawn or the content is no longer needed

You can ask us to remove images from our channels where reasonably possible.

​

Safeguarding records

Kept in line with safeguarding best practice and applicable legal requirements

Retention can be longer than other records. If you want exact retention, contact us.

​

Financial records (invoices, payments)

Kept for the period required by UK tax/accounting rules

Typically several years.

​

If you would like more detail on retention periods, contact us.

​

Keeping information secure

We take appropriate technical and organisational measures to protect personal information, including access controls and secure systems.

​

Your rights

Under UK GDPR, you have rights including:

  1. The right to be informed

  2. The right of access

  3. The right to rectification

  4. The right to erasure (in certain circumstances)

  5. The right to restrict processing

  6. The right to data portability (in certain circumstances)

  7. The right to object (in certain circumstances)

  8. Rights related to automated decision-making and profiling

To exercise your rights, contact us at info@lastact.org.uk

​

Complaints

If you have concerns, please contact us first so we can help.

You also have the right to complain to the Information Commissioners Office (ICO): https://ico.org.uk

 

Changes to this notice

We may update this Privacy Notice from time to time. The latest version will be published on our website.

bottom of page