Electric Theatre Public Fair Processing Notice
The General Data Protection Regulation (GDPR) protects the rights of individuals by setting out certain rules as to what organisations can and cannot do with information about people. A key element to this is the principle to process individuals’ data lawfully and fairly. In order to meet the fairness part of this we need to provide information on how we process personal data.
This Fair Processing Notice satisfies this element of legislation and is designed to highlight the areas of Data Protection which may be of particular concern to prospective, current and former customers, as well as others using our publicly accessible website at www.electric.theatre ; helping those people understand how information about them will be used. It will also provide guidance on your individual rights and how to make a complaint to the Information Commissioner’s Office (ICO), the regulator for data protection in the UK.
More widely, The Electric Theatre is committed to meeting the entirety of its responsibilities to current and former customers under the General Data Protection Regulation (GDPR) and related legislation. We will always ensure personal data is collected, handled, stored, shared, retained and disposed of in a secure manner.
For the purpose of your data protection, The Electric Theatre is the recognised ‘controller’ of your data. A number of legal entities trade as The Electric Theatre. These include The Electric Theatre Guildford Ltd and ACM Commercial Ltd. Regardless of which legal entity you liaise with, we make the same Data Protection Officer available to you, who can be contacted about any of the content held herein via:
Data Protection Officer
The Academy of Contemporary Music Rodboro Buildings
Telephone: +44 (0) 1483 500 800 Email: email@example.com
The legal basis by which we will process and may have already processed data about you:
When we collect or process data about you, we have to observe the requirements of the General Data Protection Regulation (GDPR).
Under the General Data Protection Regulation our legal bases for processing this information about you as a customer will be that processing is necessary:
- “For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.” This means the information is needed for the delivery of services pertaining to your interest in The Electric Theatre.
- “For compliance with a legal obligation.” This means The Electric Theatre may be legally required to share some information about you, for example with our auditors for financial monitoring purposes.
- “To protect the vital interests of a data subject or another person.” This means that in some rare circumstances it may be necessary to share information about you, for example to the emergency services.
If you gave The Electric Theatre data via its publicly accessible website before May 25th 2018 (the date on which GDPR came into effect), it is important for you to remember that your personal data was already protected another way, by way of The Data Protection Act (The DPA). The DPA established a framework within which information about living individuals can be legally gathered, stored, used and disseminated. At its core were eight Data Protection Principles, which The Electric Theatre and other organisations needed to abide by. These specified that personal information must be:
- Processed fairly and lawfully, and only if certain conditions are met
- Obtained for specified and lawful purposes, and not used for purposes other thanthose for which it was gathered
- Adequate, relevant and not excessive
- Accurate and where necessary kept up to date
- Kept for no longer than necessary
- Processed in accordance with individuals’ rights
- Kept secure
- Not transferred outside the European Economic Area unless certain conditions are met
GDPR builds on these requirements and states that from 25 May 2018 information must be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
GDPR also requires that:
- “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
These protections apply to information in electronic form and also many types of data in paper form. Further information about the Data Protection Act and the General Data Protection Regulation is available from the Information Commissioner’s Office at www.ico.org.uk .
How and why does The Electric Theatre use personal data?
The largest volume of personal data The Electric Theatre processes on its public facing website is in relation to customers. The primary purposes we process information about these individuals include:
- to enable us to collect interest from prospective customers wishing to visit The Electric Theatre;
- to enable us to communicate marketing and operational messages to you via multiple platforms including social media, email and SMS;
- to enable us to administer customer-related functions from ticket purchase to after-sales and in-event services;
- to plan and account for the use of the services provided;
- to produce information including statistics for relevant external agencies such as Guildford Borough Council, who is the landlord of the The Electric Theatre venue that we operate by way of lease.;
- to provide support services, including financial and technical resources;
- to monitor, develop and update The Electric Theatre systems to ensure they continue to operate effectively and securely;
- to monitor equality and diversity objectives within The Electric Theatre and;
- to gather feedback from prospective, current and former customers.
The Electric Theatre also processes personal data in relation to prospective venue hirers and staff. This is undertaken to facilitate recruitment activity of hirer and staff, alike, and in the case of staff, to administer the requirements The Electric Theatre must meet as an employer in line with UK law.
We may disclose your data to certain outside organisations as outlined in this Fair Processing Notice.
We may use copies of the data, including sensitive personal data, which we hold about you for the purpose of testing our IT systems. If your data is used for system testing, it will be copied to a test environment and used with data on other customers to test changes to our IT systems in a realistic way. This is done to ensure that changes will be effective and will not cause loss or damage to data. The data about you which we hold in our live systems will not be affected. Your data will not be kept in the test environment for longer than is necessary for testing purposes. Data in that environment will not be used for purposes other than testing. We will also apply appropriate security precautions to the data.
What personal data does The Electric Theatre collect?
The Electric Theatre collects personal data from customers at various stages. The volume and nature of the personal data collected is described below, but is not limited to the data items specified:
- Details collected by way of our enquiry processes:
- name and address
- contact details (telephone number, email address, social media)
- areas of interest
- disability declarations
- Details collected by way of our purchase processes:
- name and address
- contact details (telephone number, email address)
- Health/Disability declarations (for the purposes of ensuring the accessibility of events)
- Bank/payment information
Some of this information, such as your medical information and information about disabilities, is classed as “sensitive” personal data under the Data Protection Act. Under the General Data Protection Regulation sensitive data covers information consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. Sensitive personal data is subject to extra legal protection and we have to meet an additional set of conditions in order use the data fairly and lawfully.
Sensitive data about you, for example relating to your health, may be shared with restricted departments within The Electric Theatre to ensure that you have access to appropriate services and support. For further information about sensitive personal data, see The Electric Theatre’s Data Protection Policy.
NB If you are under 18, we may also need to collect details from a parent/guardian for the purpose of administering your relationship with The Electric Theatre, and if you are under 13, we will need to specifically collect their consent to collect and process your information.
For safeguarding and crime prevention purposes, we may operate CCTV systems that cover areas you may visit at The Electric Theatre. Please refer to our CCTV policy for more information.
Who else has access to my data?
The Electric Theatre is required to share personal data with certain other organisations in order to meet statutory requirements or to provide services to customers. Sharing will always be undertaken in line with the requirements of data protection law, either through the consent of the individual, or another relevant legal gateway. The personal data that is actually shared will always be limited precisely to what the other organisation needs to meet its requirements or deliver its services.
Although we do not transfer data outside of the European Economic Area (EEA) as a matter of course of usual business, if this disclosure involves the transfer of your data outside the European Economic Area (EEA), we will inform you of this in advance, along with information about the safeguards in place. The data will only be transferred outside the EEA if one of the conditions set down in the Data Protection Act has been met, or in compliance with the conditions of transfer outlined in the General Data Protection Regulation.
The information below outlines the key partners with whom The Electric Theatre shares personal data about prospective customers and prospective staff with:
- National/Local Government Departments and other public bodies:
- Guildford Borough Council to produce a variety of statistical reports about The Electric Theatre that is required to be published in the public interest concerning the lease of a public asset to a private organisation;
- the courts, the police and other organisations with a crime prevention or law enforcement function (subject to the proper entitlements);
- Communications Platforms to facilitate marketing and communications of The Electric Theatre services (governed by GDPR compliant data sharing agreements):
- Facebook for remarketing of The Electric Theatre services to you via its channels;
- Clickatell for SMS (text message) services; and
- DotMailer, Mailchimp and Mandrill for campaign and transactional email services
Personal data may also be disclosed when legally required or where there is a legitimate interest, either for The Electric Theatre or the data subject, taking into account any prejudice or harm that may be caused to the data subject.
The Electric Theatre may also use third party companies as data processors to carry out certain administrative functions on behalf of The Electric Theatre. If so, a written contract will be put in place to ensure that any personal data disclosed will be held in accordance with GDPR legislation.
How long do you keep data for?
The Electric Theatre takes its obligations under GDPR very seriously in terms of not holding onto personal data for any longer than is necessary. The Electric Theatre has a retention schedule in place for the different categories of data it holds. The Electric Theatre retains data about customers for 6 years, for the reasons outlined below:
- to deal with enquiries, complaints, appeals and disciplinary cases;
- to communicate future sales opportunities to prospective customers; and
- to communicate future employment opportunities to prospective staff.
What are my rights regarding the personal data you hold relating to me?
An individual has the right to be informed about data collection via a Fair Processing Notice. This is that notice.
An individual has the right to ask The Electric Theatre what personal data we hold about them , and to ask for a copy of that information. The Electric Theatre reserves the right to ask you to provide proof of identification and for you to clarify your request if it is unclear in the first instance. You will receive a reply no longer than 30 calendar days from the date you make the request in writing. If you are unhappy with the initial response you can ask The Electric Theatre to undertake a further search if there is specific information you have good reason to believe exists but that hasn’t been delivered to you.
You have the right to rectify data that is incorrect. If you believe The Electric Theatre holds information about you that is factually incorrect please email our HR department to provide the correct information, and The Electric Theatre should update it within one month.
You have the right to be forgotten. Where there is not a legal / statutory obligation for The Electric Theatre to hold data about you, you have the right to be forgotten.
You have the right to data portability where the personal data is processed with the consent of the data subject, not where the personal data has been collected using any of the other legal basis for processing.
You have the right to restrict processing.
You have rights in relation to automated decision making and profiling.
You also have the right to object / withdraw consent from the processing of your personal data by The Electric Theatre at any time , if your consent was sought initially to use your personal data.
You also have the right to complain to the UK Regulator the Information Commissioner’s Office (the ICO) if you believe you request has not been dealt with properly or you have a complaint to raise against The Electric Theatre for any other data protection related issue. A complaint can be raised via the ICO’s website at www.ico.org.uk or by writing to the following address:
The Office of the Information Commissioner Wycliffe House
Cheshire SK9 5AF
How do I exercise my rights under GDPR?
For the purpose of your data protection, The Electric Theatre is the recognised ‘controller’ of your data. A number of legal entities trade as The Electric Theatre. These include The Electric Theatre Guildford Ltd and ACM Commercial Ltd. Regardless of which legal entity you liaise with, we make the same Data Protection Officer available to you, who can be contacted if you would like to exercise any of your rights under GDPR:
Data Protection Officer
The Academy of Contemporary Music Rodboro Buildings
Telephone: +44 (0) 1483 500 800 Email: firstname.lastname@example.org
What are my responsibilities?
The Electric Theatre will make every reasonable effort to keep your details up to date. However, it is your responsibility to provide us with accurate information about yourself when you provide it. It is also your responsibility to let us know of any subsequent changes to your details. You must also abide by The Electric Theatre’s Data Protection Policy when handling any personal data you come into contact with for which The Electric Theatre is responsible.
Our website and your privacy
We have structured our website so that you can visit the website without identifying yourself or revealing any personal information about yourself to The Electric Theatre or any third party. Once you choose to provide us with any information by which you can be identified as a prospective customer or prospective staff member, then you can be assured that it will only be used in accordance with this Fair Processing Notice until and unless notified separately.
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and consider the privacy statement applicable to the website in question.
Box Office Terms and Conditions
Please check that all ticket details are correct as money cannot be refunded and tickets may not be exchanged. In the event that tickets are exchanged, an administration fee may apply.
In the event of unauthorised resale for profit or commercial gain, this ticket will be void.
The management reserves the right to refuse admission and may on occasion have to conduct security checks to ensure the safety of patrons.
The management reserve the right to amend or alter the published details of the event as shall become necessary without being obliged to refund or exchange tickets.
The management shall not be responsible for loss or damage to personal property brought into the venue.
Latecomers will only be admitted to the auditorium at a suitable break in the performance.
The unauthorised use of cameras, video or any other form of recording equipment is strictly prohibited.
Conditions of Behaviour
The Management reserves the right to refuse you entry to and/or eject you from the Event and/or Venue in reasonable circumstances including without limitation;
- For health and safety or licensing reasons;
- If you behave in a manner which has or is likely to affect the enjoyment of other persons at the Event;
- If you use threatening, abusive or insulting words or mannerisms;
- If, in the Management’s reasonable opinion, you are acting under the influence of alcohol or drugs;
- If you fail, when required, to produce proof of identity or age;
- If you refuse to comply with the Management’s security searches;
- If you breach these Terms; or if Your Ticket is void.