Privacy and Cookies

Introduction

Taunton Theatre Association’s Privacy Policy has been updated to comply with GDPR guidelines and Data Protection Act 2018.

Who we are

Taunton Theatre Association Ltd (TTA) is the operator of Taunton Brewhouse.

TTA is registered in England and Wales as a charity (1156472) and company limited by guarantee (8658085). It is partially funded by Somerset West and Taunton Council with occasional project support from Arts Council England, trusts, foundations, business sponsors and individual donors. TTA is committed to protecting your personal data and being transparent about what information we hold about you and how we use it.

Purpose of policy

The purpose of this policy is to give you information about how we collate and use the information we gather from you directly and from third parties and how it is stored.

This policy explains:

  • What information we may collect from our customers
  • Why we collect information about our customers
  • How we keep personal information secure and maintain it
  • How we may use personal information in a lawful manner
  • In what situations we may disclose your details to third parties
  • Our use of cookies to improve customer experience and navigation of our website
  • Your rights to be able to access the personal information we collect
  • Removing your personal data

Why we collect information

Information you give us

When you register on our website, buy tickets, or make a donation, we will automatically store personal data you give us such as your name, email address, postal address, telephone number, and card details. We will also automatically store a record of your purchases and donations.

Information about children under the age of 18

We may hold personal data about young people who register for our classes, workshops, or who take part in our productions. This is to safeguard children in our care and ensure we have accurate information on our records, so we can respond appropriately in case of a medical incident or emergency.

We will obtain the prior consent of the designated adult to storing this information. Such consent can be withdrawn by the designated adult at any time. Children will always be contacted via their designated adult with parental responsibility. Data collected about children under the age of 18 will be deleted from our systems 6 months following their last activity with us.

Information about your interactions with us

When you visit our website and social media sites, we automatically collect information about how you interact with our content and adverts to help us monitor and improve our digital communication. When we send you a mailing, we also store a record of this, and in the case of emails, we keep a record of which ones you have opened and which links you have clicked on.

Debit and credit card information

If you use your credit or debit card to make a purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here.

Patrons are given an option to store their card details for use in a future transaction. This is carried out in compliance with PCI-DSS. Card details are stored in such a way that no-one is able access your full card number. We never store payment cards’ 3 or 4-digit security code.

Information from third parties

We may occasionally receive information about customers from third parties. We may use third party research companies to provide general information about customers, compiled from publicly available data.

Data Protection law recognises that certain categories of personal data are more sensitive such as information about an individual’s health, race, religious beliefs and political opinions. We only collect this type of information about our patrons if there is a clear reason for doing so. As an example, we may collect health information about participants in our programme of classes and courses, so we can respond appropriately to any medical incidents. We do not collect any information about criminal convictions and offences.

How we protect your data

Security of your personal information

We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal data as secure as possible. We will limit access to your personal data to those employees, agents, contractors and other third parties that need to know and ensure that any third parties we use for processing your personal data will only do so on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We will not transfer, process or store your data anywhere that is outside of the European Economic Area unless reassured by our suppliers that the storage of that data is being done in compliance with UK Data Protection requirements.

Maintaining your personal information

We store your personal data indefinitely so that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.

If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account here. Alternatively, please use the contact details at the end of this policy to update and amend your personal details and preferences. Any objections you make to any processing of your personal data will be stored against your record on our system so that we can comply with your requests.

How we could use your information

You will have an option to consent to receiving marketing information.
You will also be asked if you wish to be contacted about our charitable fundraising projects.

Marketing communications

We aim to communicate with you about the work that we do in ways that you find relevant, timely, and respectful. To do this, we use information that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.

In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving them during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.

We may also contact you about our work by telephone. However, we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases (as above).

Other processing activities

We may analyse data we hold about our customers to ensure that the content and timing of communications that we send to you are as relevant as possible. We may also analyse data we hold about our customers in order to identify and prevent fraud.

In order to improve our website, we may analyse information about how our customers use it and the content and adverts that they interact with.

In future, we may use profiling techniques or third-party wealth screening and insight companies to provide us with information about our customers, so that we can communicate in a relevant and timely manner about our fundraising initiatives in order to achieve our charitable aims. Such information is compiled using publicly available data.

Disclosure of Information

In what situations may we disclose your details to third parties?

There are certain circumstances under which we may disclose your personal information to third parties.

These might be (but are not limited to) the following:

  • To our own service providers who process data on our behalf and on our explicit instructions (for example our ticketing system software provider), ensuring that your personal data is stored securely and not passed on to other parties. They will also be subject to a duty of confidentiality.
  • Where we are under a legal obligation to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
  • To specific named visiting companies whose performances you have attended. In these cases, we will always ask for your explicit consent before doing so.

We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Use of Cookies

Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your purchases in your online shopping basket), as well to provide website operators with information on how the site is being used.

We use cookies to keep track of your shopping basket, as well as to identify how the website is being used and what changes we can make to improve the customer experience and navigation of our website. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.

Your Rights

You have a right to request a copy of the personal data that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right. Alternatively, you can update your preferences and personal data by logging in to your account here.

Removing your personal data

We always respect customers interests, fundamental rights, and freedoms. You have the right to ask for your personal data to be removed from our database at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind, however, that if you request to have your data removed it will affect our ability to carry out tasks above that are for your benefit e.g. contact you if a performance is cancelled or notify you of events within your chosen preferences. We try to respond to all legitimate requests within one month.

We may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data. This is a security measure to make sure that personal data is not disclosed to any person who does not have the right to receive it.

Contact Details

We have the right to amend and update this policy from time-to-time, to fully comply with changes in legislation. Please get in touch with us if you have any questions about this policy with regards to how we collect and process customers personal information.

Marketing Department

Email: [email protected]

Taunton Theatre Association Ltd
Taunton Brewhouse
Coal Orchard
Taunton
Somerset
TA1 1JL