Continuing To Protect Your Data
You may be aware that a new EU General Data Protection Regulation (GDPR) came into effect from 25 May 2018.
Derby Theatre has always been dedicated to protecting customers’ data and personal information, and we want you to know that this respect for your data and privacy is continuing as we adapt to the requirements of the new regulations.
Remember, you can change your preferences anytime by visiting the Preference Centre or calling the Box Office on 01332 593939.
The University of Derby Theatre Limited (Derby Theatre) is a registered charity that produces and presents theatre productions and delivers a range of educational and community activities that benefit adults and children in Derby, Derbyshire and beyond. Derby Theatre and its parent company, University of Derby, are committed to protecting your personal information and respecting your privacy. We want to maintain the trust and confidence of every one of our audience members, learners, supporters and associates, as well as everyone who uses the Derby Theatre website.
Registering with Derby Theatre has many benefits. By doing so you can manage your personal information and receive information about our work. You can register with us at any time on our registration page. Once registered you can also update your preferences at any time by logging into your account or speaking to a member of our team.
Please read this policy carefully to understand how we will treat your personal data. If you would like to read more about how our parent company, the University of Derby, processes personal data, you can read more here.
Who is the Data Controller for Derby Theatre
A Data Controller is a person or persons who determine why and how personal data is processed. Because the University of Derby has a number of separate operating businesses, it has more than one Data Controller. Derby Theatre is the Data Controller of your personal information and is registered as a Data Controller with the Information Commissioner’s Office (ICO): ZA180831.
Who is the Data Protection Officer for Derby Theatre
The Data Protection Officer (‘the DPO’) is the nominated person internally with responsibility for monitoring our compliance with GDPR and for informing and advising us of our obligations in relation to the processing of personal data. The DPO is our point of contact with the ICO, the UK’s data protection supervisory authority, and is the person to whom you should direct any questions regarding your information or its use. Our nominated Data Protection Officer is James Eaglesfield.
University of Derby Theatre Limited (‘Derby Theatre’) is a charitable company limited by guarantee incorporated in England and Wales (Company number 06858792) and a registered charity (Charity number 1129005).
Contact details for Derby Theatre:
15 Theatre Walk
St Peters Quarter
Telephone: 01332 593900
Email via our website www.derbytheatre.co.uk/contact-us
How we collect your personal information
We collect your personal information when you interact with us. By personal information we mean the personal data that you provide to us e.g. by filling in forms on our website.
This could be when you buy a ticket to a performance, workshop or other event from us – online, by phone or in person – or it could be when you sign up to receive information from us – by email, post or social media – or correspond with us generally through one of the above channels or otherwise. We also look at how people use our website so that we can improve the experience we offer, whether its booking tickets or finding out information about our programme and activities.
We collect information in a number of ways which are listed below:
1) When you create an account at www.derbytheatre.co.uk. Your account enables you to do the following:
- Buy tickets for performances, workshops and other events
- Make a donation
2) Register for special interest lists e.g. In Good Company, Youth Theatre, Summer School, our ERDF Big House programme, and other activities.
3) Contact us by phone to book tickets.
4) Book tickets in person at the box office.
5) Contact us by post, e.g. writing to give us feedback on your experience
6) Visit our website: In line with our information security standards, we monitor website behaviour through Google Analytics. We collect information about how each visitor uses our site. These are then used to compile reports and to help us improve our site. Information is collected in an anonymous form, including:
- the number of visitors to the site
- where visitors have come to the site from
- the pages visited
Derby Theatre wants to provide you with the best possible service. We are always looking for ways to improve. This includes improving our website so that it provides the information that you need, on a regularly updated basis and in an easily accessible way.
7) Sometimes we may also get data about you from third parties, such as touring companies performing at Derby Theatre whose work you may have seen elsewhere.
8) We are contractually obliged by our funders to share data about participants in our ERDF programme with third parties, including Nottingham City Council and The Ministry of Housing, Communities and Local Government. If you are a current or potential participant in the programme and would like further information on how and what data is collected and shared, please email email@example.com
Cookies on our website
To improve and keep our website up-to-date, we collect information about your visit and we may share some of this information with our third party data analytics service providers to help us improve our website. When this website data is shared with third parties, it will be provided as anonymised, aggregated data with personal data no longer identifiable.
The types of information we collect
We only collect the information that's necessary to carry out our business, provide the services you have requested and keep you informed. You can choose not to give us certain information, but this may limit the service we offer e.g. you may not get to hear about an event you would have liked to have attended.
The type of information we collect depends on where and when it is collected.
Information we obtain directly from you:
When you create an account with us, register on our website or purchase tickets from us online, by post or by phone we need to collect information from you in order to provide the service you are requesting.
We may collect:
- Prefix and name
- Email address
- Date of birth
- Contact phone number(s)
- Payment card details. Please note, we will not hold payment information for any longer than it takes to process your transaction.
- Delivery address(s)
- Billing address
- Access needs
If you are a student we may also collect:
- Name of college/university
- Area of college/university
- Course name
- Course faculty
- Course level
- Course end date
When placing advance orders for pre-show food and drink, we collect:
- Prefix and name
- Contact phone number
- Email address
When visiting our website we may collect the following information:
Your device’s Internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), services you viewed or searched for, page response times, and length of visits to certain pages.
Information we obtain independently from you:
Third Party Organisations
We may combine information you have given to us with this additional information available from external sources. This will only be done when you give permission to the relevant third party organisations to share the data they hold on you, or if the data is already publicly available.
From time to time we may screen our database against recognised data hygiene file such as National Change of Address file and cleanse our file or correct inaccurate data. We may also update inaccurate data if the information is available.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you may give us permission to access information from those accounts or services.
Information available publicly
We may include information found in places such as Companies House and information published in articles/ newspapers.
Why we collect your personal information and how we use it
The information we hold on you will be used in a number of ways. The main ones are to provide a service you have requested, offer you a personalized experience, understand your needs as an audience member better, inform you of events or provide updates you’ve asked for or contact you if we need to obtain or provide additional information (e.g. changes to your booking).
Specifically, we use your information we collect in the following ways:
To carry out our business and to provide a service or carry out a contract with you:
- To fulfil ticket, merchandise, donation and membership requests.
- Process payments. Please note that Derby Theatre does not store any Credit Card or other payment information once the transaction has been completed.
- Provide the best possible customer services and to help us with internal administration.
- Contact you with important information relating to your booking or purchase, such as confirming your order, reminding you of an upcoming performance you’ve booked for or letting you know about cast changes or building works that may affect your visit.
Where we have your consent:
- Send you updates via email about what’s on, offers and news or about supporting us.
- Email you about a specific topic you’ve requested to hear more on such as learning activities or other participatory projects.
- Share your details with other arts organisations whose work you may have seen at or in collaboration with Derby Theatre. These organisations will contact you to let you know how they collected your data and to check that you’re still happy to hear from them. You will always be able to opt out of their communications by contacting them directly.
- If you do not want to receive information by post or email about events, offers, our fundraising activities or customer research, you have the option to change any of your contact preferences at any time by logging into your account online.
Where we have justifiable reason (including legal obligation and legitimate interest):
- Learn about your interests and preferences so that we can contact you with information that is relevant to you.
- Help us target our marketing communications and adverts so that they’re more relevant to you.
- Use your pseudonymised details (where the most identifying fields within a database are replaced with artificial identifiers, or pseudonyms) to show you advertising on such Social Media platforms as Facebook and Instagram or via other third party advertising that may appear on other websites you use. The information shared with these platforms is pseudonymised to protect your personal data.
- For classifying our audience into groups or segments, using booking and publicly available information. These segments help us to understand our audience better and ensure we’re sending relevant messages to each group.
- Measure and understand how our audiences respond to a variety of marketing activity so we can ensure our activity is well targeted, relevant and effective.
- Undertake consumer research: we may contact you to ask you to participate in consumer research either via an online or telephone survey or in person. You are under no obligation to participate in research and, should you provide any further information, Derby Theatre will inform you how any further information will be used.
- Analyse and continually improve the services we offer including our artistic output, our website and our other products.
- To help us run the test version of our website that we use internally to pilot new features and ensure the smooth running of our web services.
- To keep our database accurate and relevant, for example, using National Change of Address.
- The use of CCTV recording equipment in and around our premises for monitoring and security purposes.
- Detect and reduce fraud and credit risk.
For a small number of our audience, where we want to better understand people’s engagement with Derby Theatre and their potential interest in supporting us further:
Before contacting a small number of individuals we may seek additional information including Derby Theatre booking and connections, business network information and publicly available information relating to: residential location, wealth and assets, family*, career, donations to other organisations (including political parties where they are made public by the individual) and hobbies and interests to create a profile of their interests and preferences. This helps us understand the background of the people who may choose to support us and helps us to make requests for gifts to those who may be able and willing to give. We may also use publicly sourced images to help identify individuals who attend our special events. For further information on applied data please see the table below.
* This does not include information about children unless given personally or made public by the individual concerned.
How we handle your information and other organisations
Derby Theatre will never share, sell, rent or trade your personal information to any third parties for marketing purposes without your prior consent. We will ask for your consent to share personal information with like-minded arts organisations whose shows you will have seen here at Derby Theatre or in collaboration with us at another venue.
Some of our service providers may have access to your data in order to perform services on our behalf – payment processing is a good example of this. We make sure anyone who provides a service for Derby Theatre enters into an agreement with us and meets our standards for data security. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing.
We may share your details with:
- Service providers who work on behalf of Derby Theatre for the performance of any contract we enter into with them or you, for example ticketing, payment processing, printers and mailing houses, marketing agencies, database services, website hosting or email delivery service.
- Named third party organisations if you ticked the relevant opt-in box when you purchased tickets. In these instances, we may supply your personal information to that specific organisation only.
- Third party data services, for example Audience Finder and Dotmailer who help us to segment and understand our ticket sales and audience. This assists with reporting to funders and business planning, helping us to make better business decisions.
- Third party advertisers (such as Facebook or Google) to help us identify customers similar to our audience or to serve relevant adverts to you on third party websites. The information shared with these advertisers is pseudonymised to protect your personal data.
Where we store your personal data
Derby Theatre is committed to protecting the personal information you entrust to us. We have put in place appropriate technical and organisational measures to prevent accidental loss, damage or destruction of your personal data, and to protect your personal data against unauthorised, or unlawful use or theft. We put in place strict confidentiality agreements, including data protection obligations, with our third party service providers and data processors.
Your personal data may be transferred outside the European Economic Area (EEA), where processing activities such as technical support, storage and backup may be provided. When this data is sent outside the EEA, we shall ensure its secure transfer and that appropriate safeguards are in place for the processing of your personal data in accordance with this policy and the requirements set out in the GDPR.
If you ask us to stop sending direct marketing communications to you, we will keep the minimum amount of information (e.g. name, address or email address) to ensure we adhere with such requests.
What are your rights?
You should find it easy to access and amend the personal information that we hold on you, or request that we stop contacting you. It’s your data and we want to make sure you feel in control of it.
If you have an online account with us, you can amend your personal details and email contact preferences at any time. Simply sign in on the web site and access your account by selecting your name at the top of the page. Every email we send to you will include details on how to change your communications preferences or unsubscribe from future communications.
Or, if you prefer, you can contact us by phoning, emailing, or writing using our contact details below.
The GDPR also provides you with a number of rights in relation to your personal data. These include rights to the rectification or erasure of your personal data, and to restrict or object to its processing.
If you find that any of the personal data that we hold about you is inaccurate, incomplete or contains errors, please notify us in writing and we shall undertake to make the appropriate corrections at the earliest opportunity.
Should you wish to have some or all of your personal data erased, we will endeavour to do so although there may be instances where legitimate interests or the performance of our statutory obligations prevent us from doing so. The erasure of your personal data could result in an inability to provide you with some or all of our services.
3) Restriction or Objection
If you wish to object to or restrict how your personal data is processed by us, you can do so by writing to us. Please see our contact details below. Please be aware that such requests could result in an inability to provide you with some or all of our services. You also have the right to make a data subject access request.
You may request to be told whether or not personal data about you is being processed by Derby Theatre. If your personal data is being processed, a copy of the personal data that is undergoing processing shall be provided to you.
To make such requests, it is advisable to do so in writing and to address this communication to our Data Protection Officer, c/o IT Services, University of Derby, Kedleston Road, Derby DE22 1GB. You can also email us at firstname.lastname@example.org