Privacy Notice

Last updated: January 2026

Broadway Breakthrough is committed to protecting the privacy, dignity and rights of all children, young people, adults at risk, parents/carers, teachers, studios, staff and visitors who engage with our competitions, workshops and events.

This Privacy Policy explains how we collect, use, store and protect personal data. It also outlines your rights under UK data protection law.

This policy should be read alongside Broadway Breakthrough:

1.Who we are (Data Controller Information)

Broadway Breakthrough is a trading name of The International Entertainment Collective Ltd (Company No. SC434231), with its registered office at Unit 2 Fife Interchange North, Sandpiper Drive, Dunfermline, KY11 8EZ.

Data Protection Lead (DPL):
Murray Grant, Creative Director
Email: murray@bythecollectives.global

General enquiries: breakthrough@bythecollectives.global

The International Entertainment Collective Ltd (IEC) is the Data Controller for all personal data processed in connection with Broadway Breakthrough events.

2.What personal data we collect

We only collect the information necessary to run our competitions safely, legally and effective.

Children under 16 must not submit personal data independently; all information must be provided by a parent or guardian.

  • Participants/Competitors: name, date of birth, age category, parent/carer contact details, emergency contacts, medical information, allergies, access needs, photography/video consent, performance footage, registration and payment information, safeguarding or wellbeing notes.
  • Parents/Carers: contact details, consent records and communications with us.
  • Teachers/Studios: contact details, registration information, payment details and safeguarding declarations.
  • Staff, Adjudicators & Volunteers: contact details, PVG/Disclosure Scotland checks, references, right-to-work documentation, contracts and payment information.
  • Website Users: cookies and analytics data, IP address, device and browser information.

3.How we collect personal data

We collect data through:

  • Online registration forms
  • Email and phone communications
  • Photography and video consent forms
  • Safeguarding or incident reporting forms
  • Website cookies
  • Studio submissions
  • Payment processing systems

4.Why we collect personal data

We process personal data to:

  • Manage competition entries and age divisions
  • Communicate event information
  • Ensure safety, safeguarding and wellbeing
  • Manage medical or emergency needs
  • Process payments
  • Allocate awards and adjudication
  • Run workshops and masterclasses
  • Administer photography and media
  • Identify talent for potential invitations to join the Talent Collective or Kids Collective casting platforms
  • Comply with legal obligations
  • Improve our events and services

We do not use personal data for automated decision-making.

5.Lawful bases for processing

We rely on the following lawful bases under UK GDPR:

  • Contract: registration, participation, payments and event communications.
  • Consent: photography, video and optional marketing communications. Consent can be withdrawn at any time by emailing: breakthrough@bythecollectives.global.
  • Legal obligation: safeguarding, PVG checks, incident reporting and tax/employment law.
  • Vital interests: medical emergencies and protection of life.
  • Legitimate interests: event administration, internal recordings, security and fraud prevention.

6.Special category data

We may process special category data such as medical information, safeguarding information, access needs and wellbeing notes.

We rely on: explicit consent, vital interests, legal obligations (safeguarding) or employment law (for staff).

7.Children’s data

We take extra care when processing children’s data. We ensure:

  • Parental/carer consent for under-16s for photography/video
  • Clear, age-appropriate privacy information
  • Children’s rights are respected
  • Safeguarding overrides confidentiality where necessary

8.Photography, video and media

We may capture images and recordings to celebrate achievements, for marketing and promotional use, social media, website content, and archival or educational purposes.

Marketing use always requires explicit consent. Full details are available in our Photography & Media Policy.

9.Who we share data with

We only share data when necessary and lawful.

We may share data with:

  • Safeguarding agencies (Police, Social Work)
  • Medical professionals in emergencies
  • Venues (where required for safety)
  • IT and cloud service providers (Microsoft 365)
  • Payment processors
  • Adjudicators (limited data only)
  • Prize partners (only where necessary)
  • Internal branches of The International Entertainment Collective Ltd (specifically Talent Collective and Kids Collective) to offer platform access and industry connectivity

We never sell personal data.

All third-party processors must comply with UK GDPR and sign appropriate Data Processing Agreements.

10.International transfers

We may transfer data outside the UK only when:

  • The destination country has an adequacy decision, or
  • Appropriate safeguards (e.g. SCCs) are in place, or
  • The transfer is necessary for a contract (e.g. international prize providers)

11.Data security

We use technical and organisational measures to protect data.

Technical Measures:

  • Microsoft 365 secure cloud storage
  • MFA and password protection
  • Encrypted devices
  • Access controls

Organisational Measures:

  • Staff training
  • Secure disposal of paper records
  • Restricted access to safeguarding files
  • No personal messaging apps for under-18s
  • No personal devices for storing data unless authorised

12.Data retention

We retain data only as long as necessary. Examples:

  • Participant records: 7 years
  • Safeguarding records: until age 25
  • Accident reports: until age 21
  • Media (marketing): 5 years or until consent is withdrawn
  • Staff HR records: 6 years after employment ends

Full retention details are available in our Data Protection Policy.

13.Your rights under UK GDPR

You have the right to:

  • Access your data
  • Request correction
  • Request deletion (where lawful)
  • Restrict processing
  • Object to processing
  • Withdraw consent
  • Request data portability
  • Lodge a complaint with the ICO

To exercise your rights, contact the DPL at: murray@bythecollectives.global

ICO website: www.ico.org.uk

14.Data breaches

A data breach includes loss of data, unauthorised access, accidental disclosure or cyber incidents.

In the event of a data breach, we will investigate promptly and notify the ICO where legally required and notify affected individuals where necessary.

15.Contact us

For questions about this Privacy Policy or your data rights, contact:

Data Protection Lead (DPL) at murray@bythecollectives.global.

General enquiries: breakthrough@bythecollectives.global.

Postal address: Unit 2 Fife Interchange North, Sandpiper Drive, Dunfermline, KY11 8EZ.

For information on cookies, see our Cookies Notice.

Terms & ConditionsSafeguarding