Purpose: To ensure that Eastern Angles Theatre Company complies with its responsibilities and commitment to staff, suppliers and Customers under the General Data Protection Regulation (EU) 2016/679 and all associated regulations.
Introduction and Background:
- Eastern Angles Theatre Company (EATC) recognises its responsibilities and commitments under the General Data Protection Regulation (EU) 2016/679 and any associated Regulations. The act aims to: -
- Eliminate unlawful use of personal Data by companies who have collected it.
- GDPR includes the following rights for individuals:
- The right to be informed.
- The right of access.
- The right rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- The right to not be subject to automated decision making including profiling.
In Implementing this policy:
- EATC will continue to review this policy to ensure that EATC continue to function within the guidelines set out in the regulations listed above.
- EATC will create a detailed appendix listing the processes that take place to ensure the safe collection, handling and protection of its Data. – See appendix 1
APPENDIX 1 – DATA PROCESSING AT EATC
WHY WE COLLECT PERSONAL INFORMATION
We only collect and process personal data when it’s necessary to carry out our business aims and objectives. We may collect and process personal data to:
- Provide a service you have requested (e.g. booking a ticket).
- Offer you a personalised experience of EATC and the shows we produce.
- Inform you of events or updates if you have asked us for this.
- Contact you if we need to obtain or provide additional information (e.g. cast changes or changes to a performance schedule).
- Keep a record of business-related communications.
- Understand our audiences and their preferences better so that we can engage them in a clearer way, and also use this insight to help our case for support when submitting and evaluating funding applications.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We may collect and retain information which provides information about you that can be used to identify you. The type of personal data that we collect and how it is used depends on where and when it is gathered.
Information provided by you:
- When you make a financial transaction directly with EATC: e.g. when you buy a ticket directly from us or purchase merchandise. We may collect your name and prefix, gender, email address, contact phone number(s), payment card details, delivery address(s), billing address, bank details for direct debit instructions. We will not hold payment information for any longer than it takes to process your transaction.
- When you ask to subscribe to our email newsletter we will collect your email address.
- When you make a donation to EATC we may collect your email address, gender, contact phone number(s), payment details, billing address, gift aid declaration status, and details of the donation given and any specific purpose for the donation.
- If you have any access or dietary requirements.
- When you send an email to EATC, we will keep your email address for correspondence.
- We collect information from feedback forms, both hard copy and online.
- Job-related information, if you apply to work with EATC.
We also keep a record of your interactions with us via our Box Office Systems and Dot Mailer. These will be; what shows you have purchased tickets to, when you have had an active membership, any projects you may have participated in or supported and whether you have received, opened or clicked through any emails we may have sent.
When you visit our website or social media:
- We automatically collect information from your browser when you visit our website. This information includes your IP address, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us and the referring website address.
- When you visit our website, we may assign your computer one or more cookies to facilitate access to our site. Through the use of a cookie, we also may automatically collect information about your online activity on our site, such as the web pages you visit, the links you click, and the searches you conduct on our site. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies. If you choose to decline cookies, please note that you may not be able to sign in or use some of the interactive features offered on our website.
- Cookies are small pieces of information that are stored by your browser on your computer's hard drive. They make it possible for us to manage our websites and provide an online ticketing service.
- Understand how the public engages with our online content. One way we do this is via Google Analytics (e.g. collecting information about what EATC web pages people visit, and for how long). You can go to http://www.google.com/analytics/learn/privacy.htm l to find out more about Google Analytics cookies and how to opt-out of them.
- To offer a tailored experience of our website.
- To allow you to log in, choose and purchase tickets. The cookies used for these functions are temporary cookies that are removed once the transaction has been completed or you log out. It is not possible to purchase anything on our website without accepting these cookies.
- For more information on cookies, please visit: aboutcookies.org; Wikipedia. Please note that we are not responsible for information available on these websites.
- Depending on your settings or the privacy policies for social media you may give us permission to access information from those accounts or services. The majority of this behaviour is anonymised. For more information on how to control your privacy settings for these services, go to the following links:
- Facebook: https://en-gb.facebook.com/full_data_use_policy
- Twitter: https://twitter.com/en/privacy
- YouTube: https://www.youtube.com/static?template=privacy_guidelines&gl=GB
- Instagram: https://help.instagram.com/519522125107875?helpref=page_content
We may also collect information published on social media that is about for evaluation or reporting purposes (e.g. reporting EATC’s impact to funders).
Publicly Available information:
We may include information found in places such as Companies House and information that has been published in articles/newspapers.
HOW DO WE COLLECT THIS DATA?
- When you book a ticket directly on EATC’s website. When you book a ticket from the website of one of our venue partners or access their website via a link on our website, the booking transaction is between you and them, and we do not receive your data directly when you book.
- When you attend a workshop or similar activity related to a production.
- When you complete a feedback form either online of a hard card copy and send it back to us.
- When you post something about EATC on social media (e.g. Twitter). We may record the post for use in publicity or for evaluation purposes. We may also collect and track anonymised data on our social media audiences to better understand the groups of people who engage with us online. We use this to ensure we engage with audiences and groups of people who are new to us.
- When you send an email to us.
- When you give us your information in person (e.g. if you ask a staff member to subscribe you to our email newsletter).
- If you buy merchandise through EATC’s website.
- If you make a donation to EATC.
- If you attend a fundraising event
Via publicly available information such as:
· Companies House
· Charities Commission
· Information published in articles / newspapers
· From time to time, we may also get data about you from third parties. This will normally be from other artistic venues where you have seen EATC’s work and your data will only be shared with us if you have given the organisation permission.
HOW WE USE PERSONAL INFORMATION:
In the normal course of running our business, and to provide a service or carry out a contract with you:
- To fulfil ticket, merchandise, donation and membership requests.
- To process payments.
- To provide the best possible customer service and to help us with internal administration.
- To contact you with important information relating to your booking or purchase, such as confirming your order, reminding you of an upcoming performance you’ve booked for or letting you know about cast changes or building works that may affect your visit.
Where we have your consent:
- To share your details with other arts organisations whose work you may have seen at The Sir John Mills Theatre or The Undercroft. These organisations may contact you to let you know how they collected your data and to check that you’re still happy to hear from them. You will always be able to opt out of their communications by contacting them directly.
- To contact you regarding fundraising events or other fundraising activity.
Where we have justifiable reason (including legal obligation and legitimate interest):
- To continue to send you updates via email about what’s on, offers and news or about supporting us.
- To analyse and continually improve the services we offer, understand your interests and preferences so that we can contact you with information that is relevant to you and adapt our marketing communications so that they’re more relevant to you.
- To use your anonymised details to show you advertising on social media platforms like Facebook or via other third-party advertising that may appear on other websites you visit.
- To classify EATC’s audience into groups or segments, using booking and publicly available information. These segments help us to understand our audience better and ensure we’re engaging with each group in the most relevant and welcome way possible.
- To undertake research: we may contact you to ask you to participate in consumer research either via an online or telephone survey or in person. You are under no obligation to participate in research and, should you provide any further information, EATC will inform you how this will be used.
- To keep our database accurate and relevant.
HOW WE MANAGE, KEEP AND PROTECT YOUR DATA.
- Personal data stored by us is kept on servers and computers in secure environments. These include Microsoft SharePoint, Google Documents, Spektrix, and work computers. All storage and data processing applications and the machines used to host them are password-protected. Some of our service providers may have access to your data to perform services on our behalf – payment processing is a good example of this. Our card payments are processed by third parties who are accredited with the Payment Card Industry Data Security Standard (PCI-DSS).
- Only employees and approved contractors/developers appointed by EATC who need the information to carry out their duties have access to this.
- EATC will never share, sell, rent or trade your personal information to any third parties for marketing purposes without your prior consent.
- We will ask for your consent to share personal information with like-minded organisations - e.g. Arts Organisations who perform at The Sir John Mills Theatre or Undercroft or organisations we have co-produced a show with.
- There may be other instances when we are obliged to share personal data or when requested by the police or a regulatory or government authority investigating illegal activities.
- If you ask us to update your personal information we will do so.
- You may request a copy of the information held about you by us.
- You may request that we delete your data, but where we are required to maintain the integrity of our records we may choose to anonymise your data instead. If you would like to stop all contact from us we will need to keep limited personal data in order to comply with this request.
- You can opt out of receiving information from us. This can be done by e-mail using the unsubscribe link in our marketing emails or using the contact details on EATC’s website.
- If you wish to make a complaint, please contact us using the contact details on our website. If you are not happy with our response, you have the right to lodge a complaint with the supervisory authority, The Information Commissioner’s Office – www.ico.org.uk.