We are committed to protecting your personal information and being transparent about what information we hold about you. The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
What information we may collect about you
How we may use that information
Information about how we keep your personal information secure, how we maintain it and your rights to be able to access it
If you have any queries about this policy, please contact us by emailing firstname.lastname@example.org
INFORMATION WE COLLECT
We collect various types of information and in a number of ways:
Information you give us
For example when you send us an email via our contact form you are asked whether you want to sign up to our newsletter. If you do so Mailchimp then sends you an email to confirm your subscription. Only by confirming through this email will we have your details stored securely on mail chimps servers. If you have filled in a loyalty card form when you have dined with us your information will also be stored in this way. Personal information you give us such as your nam and email address. We do not store any customer’s financial details.
Information about your interactions with us
For example, when we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.
Sensitive personal data
The law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not collect this information.
There are three legal points that mean we may process your data:
When you make a purchase to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation, or in the case of problems with your payment.
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that special situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful.
To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about. We use our legitimate organisational interest as the legal basis for communications by email. We will give you an opportunity to opt out of receiving these communications during your first purchase with us. Then going forward, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We will not contact you via post, phone or text for marketing purposes. As part of our service to you, we may contact you by email or telephone to provide essential information related to your reservation.
OTHER PROCESSING ACTIVITY
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyse data we hold about you in order to identify and prevent fraud.
In order to improve our website we may analyse information about how you use it and the content and ads that you interact with.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
To our own service providers who process data on our behalf and on our instructions (for example our ticketing system software provider). In these cases we require that these third parties comply strictly with our instructions and with GDPR laws, for example around security of personal data.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
We do not pass on or sell your data to any companies or third parties. We may share anonymous information, such as a postcode with no attaching data, with other organisations including Arts Council England and the Audience Agency, who use this to analyse our audience development programmes and ticket sales.
Cookies are small text files that are automatically placed onto your device by some websites that you visit.
They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used.
For more information about cookies, visit aboutcookies.org
If you use your credit or debit card to purchase from us:
We will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard (https://www.pcisecuritystandards.org/pci_security/). We give the option for you to store your card details safely for use in future transactions. This is carried out in compliance with PCI-DSS and in a way where none of our staff members can see your full card number. We never store your 3 or 4-digit security code.
We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same and that they will only process your personal information on our instructions. The third parties will also be subject to a duty of confidentiality.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area, unless we have a contractual agreement in place that is of an equivalent standard to GDPR.
MAINTAINING PERSONAL INFORMATION
We store your personal information indefinitely such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.
If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively please use the contact details at the end of this policy.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same. We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
CONTACT US + FURTHER INFORMATION