We are committed to protecting your personal information and being transparent about what information we hold about you. Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do - both on and off stage. The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly and from any third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
- What information we may collect about you
- How we may use that information
- In what situations we may disclose your details to third parties
- Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it
WHO WE ARE
Theatre Severn and the Old Market Hall are owned and operated by Shropshire Council. Theatre Severn is a 'data controller.' This means we’re responsible for making sure your personal data is secure, used in an appropriate way and in accordance with General Data Protection Regulation (GDPR).
WHY WE NEED YOUR INFORMATION
Your data helps us to provide you with an efficient and effective service. This data includes personal details (e.g. name, address, e-mail), booking history (e.g. events you have attended), and online data (e.g. IP address). This all helps us keep you informed and enables us to make your experience better.
We collect various types of information and in a number of ways:
Information you give us
For example when you register on our website, buy tickets or make a donation, we’ll store personal information you give us such as your name, email address, postal address, telephone number and card details.
Information about your interactions with us
For example, when you visit our website, we collect information about how you interact with our online content. We also store a record of any mailings you have been sent, and in the case of emails, information is recorded about which ones you have opened and any links you have clicked on.
Information from third parties
While it is not common practice, we may occasionally receive information about you from third parties, compiled using publicly available data only.
Sensitive personal data
We do not usually collect sensitive personal information about our patrons unless there is a clear reason for doing so. [i.e. health information about participants of classes and courses.
There are three bases under which we may process your data:
When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example, to contact you by email, post or telephone in the case of a cancelled performance, to send you pre or post-show email, or in the event of any problems with your payment.
In certain situations we collect and process your personal data for purposes that are in our legitimate organisational interests. However we only do this on the basis that it has no overriding prejudice to you, offers minimal intrusion, and also carries potential benefits for both you and the Theatre and/or the wider community. We describe below all situations where we may use this basis for processing.
With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving them during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
- We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
- We may analyse data we hold about you in order to identify and prevent fraud.
- In order to improve our website we may analyse information about how you use it and the content and ads that you interact with.
- In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy.
As part of the delivery of the Spektrix booking platform, sub-processors are carefully chosen partners who perform an essential role in helping us provide a robust and secure service.
- Mailgun is an application used to manage emails generated by the Spektrix system such as order confirmations and password reset emails.
- Cloudflare will provide caching, load balancing and security services for the Spektrix infrastructure.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
- To our own service providers who process data on our behalf and on our instructions (for example, a mailing house, or ticketing system software provider). In these cases we require that these third parties comply strictly with our instructions and with data protection law around security of personal data.
- Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
- To specific named visiting companies whose performances you have attended. In these cases we will always ask for your explicit consent before doing so.
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of items in your basket when booking online) as well as to identify how the website is being used and what improvements we can make.
YOUR DEBIT AND CREDIT CARD INFORMATION
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here. We never store your 3 or 4 digit security code.
MAINTAINING YOUR PERSONAL INFORMATION
We store your personal information indefinitely such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system. If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively please use the contact details at the end of this policy.
You have the right to see your data at any time. You can also object to how it is used, have it corrected or deleted. Please use the contact details at the end of this policy to submit any requests.
address: Data Protection, Theatre Severn, Frankwell Quay, Shrewsbury, SY3 8FT
If you are not satisfied with our response or believe we are not in accordance with the law please contact the Information Commissioner’s Office (ICO) by visiting their website or by calling their helpline on 0303 123 1113.
This privacy statement was published in May 2018.