You're here: Privacy Statement
By using this website you signify your consent to this Privacy Statement. Do not use this website if you do not agree with the Privacy Statement below.
1. Our Privacy Notice to You
Festival Drayton Centre takes privacy seriously, and we take all reasonable efforts to ensure we comply with the Data Protection Act 1998, the 2003 Privacy and Electronic Communications Regulations (PECR) and the General Data Protection Regulation (GDPR) 2018 when collecting and processing personal information. This policy describes how the Centre collects and uses personal information that you as a customer provide to us.
The Centre is the data controller of your Information for the purposes of the regulations and is a limited trading company registered under number 5775718.
The Festival Drayton Centre operates www.festivaldraytoncentre.com.
2. What Personal Information do we collect and how is it collected?
We may collect the following personal information from you when you join our mailing list, at point of sale, if you join our ‘Friends’ membership scheme or 400 Club, purchase tickets or other products online, visit the Centre or from tracking online or via smart phone devices:
- Full name
- Contact information including home address, email address and telephone number
- Event booking history
- Information about preferences and interests i.e. for live events and screenings
- How you heard about an event
- Contact preferences i.e. opt-in for email, telephone, post
- Bank details where you have arranged a direct debit payment e.g. for Friends membership or 400 Club subscription
- Log data via cookies when you visit our website including your Internet Protocol (IP) address, referring website, what pages your device visited and the time you visited the site
- Emails and correspondence that you may send to us
- Images captured from the CCTV system
This information may be kept as hard copy paper documents, stored electronically on our server as documents, images or emails, and on the cloud network for transactions completed for the sale of tickets, vouchers and ‘Friends’ membership.
3. How do we use your Personal Information and what is the lawful basis for processing?
We may process your Personal Information for the following purposes:
- To fulfil a contract if you have made a booking with us, are buying or renewing a membership or otherwise completing a purchase.
- For the Centre’s legitimate interests to provide information about our events programme and which might include:
- Sending promotional materials such as the What’s On brochure published twice a year, fliers with reminders of forthcoming shows and based on your previous booking history
- Contact by phone or email with up to date information relevant to your booking i.e. in the event of the cancellation of an event or screening
- Where we have your consent to send information by post and/or email with content about forthcoming shows, which may be based on your previous booking history, offers that might be of interest, and how you could support the Centre, including fundraising activities.
- Where we have a contract with you to fulfil a service related to your ‘Friends’ membership subscription and/or 400 Club membership scheme e.g. renewal reminders that payment is due we will email or write to you.
- Data analytics to improve understanding of how people use our website for legitimate interests.
We do not allow anyone outside the Festival Drayton Centre to see any personal data at any time, for any reason, without consent. We never share information with anyone else outside the Centre unless we have permission or are required by law to do so.
4. Third Party Providers
Please remember that when you use a link to go from the Centre website to another website, our Policy no longer applies to your internet browsing.
a) Social media platforms and widgets. Our website includes links to social media platforms hosted by a third party including Facebook, Twitter and Instagram. If you submit any information, communications or materials to us via a social media platform it is done at your own risk without any expectation of privacy. Interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
b) Links to third-party websites. Our website may contain links to external websites managed and maintained by external companies. We cannot take any responsibility for content or privacy practices within these sites. Personal Information submitted to these sites is governed by their privacy policies.
i. The PatronBase database and ticketing software is used to hold customer personal information for the purpose of a transaction, sales history and Friends subscription details (if applicable). If you book online you will be notified if you access the site from a browser that no longer supports PCI security standards.
ii. SagePay for the processing of online transactions. If an online transaction is made with us, through the PatronBase portal, you are giving us permission to provide financial and contact information to complete the transaction; card details are not stored and electronic transactions will be encrypted using SSL technology.
iii. Twice a year customer data (name and address) is forwarded, using a secure transfer method such as File Zilla, to a mailing house for the purpose of distributing the Centre’s What’s On brochure. The company will be regulatory compliant, e.g. ISO27001 accredited, and data will be deleted after the mailing.
iv. To facilitate the sending of e-newsletters the Centre has an account with Mailchimp, a marketing platform. Your email address is uploaded to Mailchimp for the sole purpose of sending e-newsletters from the Centre with information about the live events programme and other developments related to Centre business. Mailchimp never sell on these addresses and you have the option on receipt of a newsletter to unsubscribe from the mail list.
v. To improve the website experience Google Analytics is used to collect, monitor and analyse aggregated and anonymised data.
5. Security of your Personal Information
We take reasonable measures to ensure Personal Information is kept safe and secure: from loss, misuse and unauthorized access, disclosure, alteration and destruction. However data transmission over the internet is inherently insecure and no method of electronic storage is 100% secure. Any transmission of Personal Information from you to us is at your own risk. Once we have received your Information we will use procedures and security features to prevent unauthorised access.
A username and password is required to log in to any system used that holds Personal Information and you are responsible for keeping your password and user details confidential. All personal information stored by us is kept on servers in a secure environment. Only employees and approved contractors/developers we may appoint from time to time and who need the information to perform a specific job are granted access.
If tickets are purchased online, our booking pages, hosted by PatronBase, are encrypted to a high standard meaning that information is secure. The PatronBase site has a SSL certificate which allows secure connections from a web server to a browser and secures credit card transactions, data transfer and logins.
We are fully PCI DSS (Payment Card Industry Data Security Standard) compliant. We never share financial information with anyone else outside the Centre, nor do we store any credit or debit card details.
6. What choices do you have?
You are provided with the opportunity to make a positive opt-in to receive information for marketing and fundraising purposes by email and post.
If at any time you wish to unsubscribe from receiving communications, we include unsubscribe instructions at the bottom of each email communication. Marketing communication preferences can be updated at any time online via your PatronBase account, or by contacting the Box Office.
Should you wish to see a copy of all the information we hold for you, a Subject Access Request should be submitted in writing to the data controller at the Centre.
In summary you have the right to:
- Be informed about the processing of your data
- Have your personal data corrected if it is inaccurate or incomplete
- Object to the processing of your personal data
- Restrict processing of your personal data
- Have your personal data erased (‘the right to be forgotten’)
- Request access to your personal data and how it is processed
- Move, copy or transfer your personal data (‘data portability’)
We will use reasonable endeavours to ensure that Personal Information is maintained and up to date. However, you are requested to inform the Centre of any changes to Personal Information to ensure that it is up to date and we will update or delete Personal Information accordingly, except where there is a requirement to keep transactional data.
7. Notice of Breach of Security
If a security breach causes an unauthorized intrusion into our system that materially affects you as a customer then the Centre will implement its Data Breach Incident Response Plan, notify the supervisory authority and later report the action that was taken in response.
8. How long do we hold Personal Information for?
We are required by law to hold information for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as a data controller for a minimum of seven years. Images from the CCTV system are kept for 28 days.
9. Additional Policies
The Centre has separate Information Security and Acceptable Use of ICT, Cookie, Social Media and CCTV policies available on request. It is not necessary to secure individual consent for the use of non-privacy intrusive cookies improving internet experience (e.g. to remember shopping cart history).
10. Policy updates and questions
If you have any questions about this policy please direct them to the data controller at the Festival Drayton Centre at firstname.lastname@example.org 01630 654444 opt 3.
You have the right to lodge a complaint with the supervisory authority, the Information Commissioner’s Office.
Updated April 2018