Live Theatre Winchester Trust incorporates Theatre Royal Winchester and Hat Fair.
Purpose of policy
We are committed to protecting your personal information and being transparent about what information we hold about you. Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do – both on and off stage. As a charity, it also helps us to engage with potential donors and supporters. The purpose of this policy is to give you a clear explanation about how we collect and use the information collected from you directly and from third parties. We use your information in accordance with all applicable laws concerning the protection of personal information (which includes, from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time) and are responsible as ‘controller’ of that personal information for the purpose of those laws (“Data Protections Laws“).
This policy explains:
- What information we may collect about you;
- How we may use that information;
- In what situations we may disclose your details to third parties;
- Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it.
If you have any queries about this policy, please contact the Data Protection Officer Kirstie Mathieson at Live Theatre Winchester Trust, Theatre Royal Winchester, Jewry Street, Winchester, SO23 8SB or email: firstname.lastname@example.org
Who we are
Live Theatre Winchester Trust is a charity and receives funding from Winchester City Council, Hampshire County Council, Arts Council England as well as various trusts, foundations, individual donors and supporters. Live Theatre Winchester Trust operates Theatre Royal Winchester and Hat Fair. Our registered charity number in England and Wales is 1077139 and we are also registered as a company in England and Wales under registration number 03696681 (“we“, “our” and “us“).
We collect various types of information and in a number of ways:
- Information you give us
Customers: For example when you register on our website, buy tickets or make a donation, we’ll store personal information you give us such as your name, email address, postal address, telephone number and card details. We will also store a record of your purchases and donations.
Participants: We collect personal data in relation to individuals engaging with our workshops, tours, talks and other events and in relation to children taking part in Young Theatre Royal and any other project engaging young people. Parental consent is sought in relation to any young person participating.
Other third parties: We also collect personal data from our artists, contractors, suppliers and volunteers and any other third party engaging with our work.
- Information about your interactions with us
For example, when you visit our website, we collect information about how you interact with our content and ads. When we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on. This assists us to better tailor our communications to you and create an enhanced customer journey for you.
- Information from third parties
We occasionally receive information about you from third parties. For example, we may use third party research companies to provide general information about you, compiled using publicly available data.
- Sensitive personal data
The Data Protection Laws recognise that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our patrons and other third parties unless there is a clear reason for doing so. For example we ask for access requirements from audience members so that provision can be made. We also collect health information about our participants in our workshops and productions so that we have details in case of ill health or emergency whilst participating in a workshop or production.
There are three bases under which we may process your data:
- Contract purposes
When you make a purchase from us, make a donation to us or apply to participate/volunteer in our events you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.
We will also process and store your data if you have entered into a contract with the organisation as a third party (eg artists, contractors, suppliers etc).
- Legitimate organisational interests
In certain situations we collect and process your personal data for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.
- With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about. We use our legitimate organisational interest as the legal basis for communications by post, telephone and email. Before contacting individuals by telephone, we always check the telephone preference service.
In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy.
In the case of email, we will give you an opportunity to opt out of receiving them the first time you create your account with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
You can also self manage your preferences online by logging into My Account and selecting ‘Contact Preferences’.
We may also contact you about our fundraising initiatives by telephone or post on the basis of our legitimate organisational interest. We will always get your express consent to contact you by email regarding fundraising.
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
- To allow us to improve our services;
- We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible. We may analyse data we hold about you in order to identify and prevent fraud;
- In order to improve our website we may analyse information about how you use it and the content and ads that you interact with;
- We may use profiling techniques or third party wealth screening and insight companies to provide us with information about you that will help us to communicate in a relevant way with you, in particular when we are approaching you about potential philanthropic support. Such information is compiled using publicly available data about you; and
- We may take photos and/or film shows and other events which you attend and use these for promotional purposes. If you do not wish to be included please contact us. We will however seek express consent for any photos/filming from participants.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
Automated decision making
We do carry out some profiling based on the booking behaviour of individuals, in order to determine individuals who may be suitable for our ‘Friends Membership’ packages and other fundraising initiatives.
We are of the view that we have a legitimate organisational interest in carrying out such profiling and that it does not have a legal or similar effect on the individual.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
- To our own service providers who process data on our behalf and on our instructions (for example our ticketing system, email marketing and other IT software or support providers). In these cases we require that these third parties comply strictly with our instructions and with Data Protection Laws, for example around security of personal data.
- Where we are under a duty to disclose your personal information in order to comply with any regulatory or legal obligation (for example to government bodies and law enforcement agencies).
- We may share anonymised, pseudonymised and non-personal information with funders, visiting theatre companies and hirers, subcontractors, advertisers and search engine providers.
- To specific named visiting companies whose performances you have attended. In these cases we will always ask for your explicit consent before doing so and we will always enter into a written agreement with such companies regarding their compliance with the Data Protection Laws.
A number of our software providers have their servers hosted outside of the EEA. However the providers have certified their compliance with the EU-US Privacy Shield Framework, which is a mechanism designed to assist companies to comply with data protection requirements when transferring personal data from Europe to the United States.
To the best of our knowledge, understanding and belief your personal information will not otherwise be transferred outside of the EEA or to any country not approved by the European Commission.
Our website, may from time to time, contain links to and from partners’, advertisers’, affiliates’ and social network sites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept responsibility or liability for those policies. Please check those privacy policies before you submit any personal data to those websites as they may not be on the same terms as ours.
Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely.
We optionally allow you to store your card details for use in a future transaction. This is carried out in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.
Maintaining your personal information
Volunteer and participant personal data is generally stored for 7 years. If we have a legitimate organisational interest in holding such data for a longer period of time (for example, as it has alumni value to us) then we will do so, however no data is kept for any longer than is reasonably necessary and always subject to the principle of data minimisation.
For any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system. If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively please use the contact details at the end of this policy. Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
Security of your personal information
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your personal information will do so only in an authorised manner and are subject to a duty of confidentiality.
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our website or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights to your personal information
Under the Data Protection Laws, you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information;
- require us to correct any mistakes in your information which we hold;
- require the erasure of personal information concerning you in certain situations;
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- object at any time to processing of personal information concerning you for direct marketing;
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- object in certain other situations to our continued processing of your personal information; and
- otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, call or write to Kirstie Mathieson, our Data Protection Officer;
- let us have enough information to identify you;
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know the information to which your request relates.
If you would like to unsubscribe from any marketing emails you can also click on the ‘unsubscribe’ button at the bottom of the email.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.
The Data Protection Laws also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
How to contact us