Data

1. INTRODUCTION

Defibrillator takes the privacy of all of its customers and supporters very seriously and is committed to respecting and protecting your personal information. We aim to be transparent about what information we hold about you, whichever way you are connected with us.

The purpose of this policy is to explain how Defibrillator collects, uses and protects any personal information we collect about you.

Collecting personal data helps us to develop a better understanding of everyone who engages with us – from theatre attendees and website users to our members and supporters. This allows us to work more effectively and helps us provide you with a better, more tailored service that we hope encourages you to get closer to our work and enjoy everything we have to offer.

We use your information strictly in accordance with all applicable data protection laws and you can be assured that any information provided will only be used in accordance with this privacy policy.

We will publish any updates to our privacy policy on our data webpage (defibrillator theatre.com) and we recommend you check this page from time to time. If we make any significant changes in the way we treat your personal information we will make it clear in this policy.

2. WHO ARE WE?

Defibrillator is a registered company in England and Wales (number 8107683). Our registered office is 27 Old Gloucester Road, London, WC1N 3AX.

Defibrillator currently manages three websites – defibrillator theatre.com, thehotelplays.co.uk and insignificanceplay.com.

3. HOW TO CONTACT US

If you have any questions regarding this privacy policy or your personal information, please contact info@defibrillatortheatre.com or write to us at: Data Enquiries, Defibrillator, 27 Old Gloucester Road, London, WC1N 3AX

4. HOW TO CHANGE OR ACCESS THE INFORMATION WE HOLD ABOUT YOU

The accuracy of your personal information is important to us and you can help keep our records up to date by telling us when your contact details and other personal information changes, and if you change your mind about how we contact you.

Every email we send you will include details on how to change your communications preferences or unsubscribe from future communications.

It is important the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

If you would like to update the details we hold or change your contact preferences you email us at info@defibrillatortheatre.com

5. WHAT INFORMATION DO WE COLLECT?

5.1        Depending on the reason for interacting with us, we may collect and hold the following information from you:

  • Identity Data: includes your first name, last name, title, date of birth, gender and contact details for your parent or guardian if you are under 16.
  • Contact Data: email address
  • Social Media: depending on your settings or the privacy policies for social media and messaging services like Facebook, Twitter and Instagram you may give us permission to access information from those accounts or services.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Data Hygiene: occasionally we may screen our database against recognised data hygiene files such as National Change of Address file and cleanse our files or correct inaccurate data. We may also update inaccurate data if the information is available.

5.2        We will collect and aggregate on an anonymous basis information about you and your use of our services with information about other users of our services, such as statistical or demographic data,   for analysis, reporting to stakeholders (such as Arts Council England) and to better understand our customers. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature on one of our websites. However, if we combine or connect any of this type of data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

6. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

Directly from you: We collect personal information from you at multiple touch points, for example when you book for a performance or an event, participate in a workshop or attend another event, speak to or email a member of our team, register for an account on our websites, make a donation, join as a member, subscribe to an email newsletter, respond to a survey, request marketing or fundraising information to be sent to you, enter a competition, provide feedback to us, fill out a form or provide any other information in any way.

From other organisations or publicly available sources: For example, we may receive personal information about you from:

  • Ticket agents who transfer personal data to us when you book a ticket for a production or other event at the Almeida Theatre
  • Analytics providers such as Google or social media platforms such as Facebook and Twitter based outside the EU
  • Publically available sources such as newspapers or online, such as Companies House or the Charity Commission.

We use this information to help us give you the best possible experience.

7. VISITING OUR WEBSITES

When you visit one of our websites we may automatically collect the following information:

  • The IP address used to connect your computer to the Internet – we do not ordinarily link IP addresses to any of your personal information, which means that you remain anonymous even though the IP address is used to produce analytics information.
  • Other technical information including your login information, browser type and version, time zone setting, browser plug-in types and versions, your device, operating system and platform.
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including time and date), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and/or website.
  • You can set your browsers to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly. Please see our cookies policy for further information on how we use cookies on our websites: https://almeida.co.uk/terms-conditions,

Our websites may contain links to websites, plug-ins and applications that are operated by third parties.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control those websites and this Privacy Policy does not apply to those websites. Please consult the terms and conditions and privacy policy of those websites to find out how they collect and use your personal data and to establish whether and for what purpose they use cookies.

8. YOUNG PEOPLE

We are especially committed to protecting the privacy of any young people that engage with or participate in our work. If you are under 16, please ensure that you obtain your parent/guardian’s consent before and whenever you provide personal information.

Personal data relating to young people will be held securely on our CRM and ticketing database. This data will be protected and only accessible to a limited number of staff members.

9. HOW DO WE USE YOUR INFORMATION?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • to perform a contract with you, such as when you book a ticket for a production or other event
    • To comply with a legal obligation, such as when you exercise your rights under data protection law or when we have to report to or respond to a request from government or law enforcement officials (such as reporting Gift Aid details to HMRC) or to meet national security or law enforcement requirements or prevent illegal activity
    • Based on your consent, for example when you have specifically consented for us to use your information. For example this could be to send you updates via email about what’s on, priority booking, Defibrillator news or information about membership or supporting us. This may also include us sharing your details with our partner organisations where you’ve consented to this.
    • Based on your explicit consent when you provide us with information about your health or access needs in order for us to provide you with tailored services, such as a wheelchair accessible space or seating for a captioned performance
    • As necessary for our legitimate interests in providing our services safely and securely in a suitable way which is tailored to your use and interests for the following purposes:
      ➢    To provide you with and improve our services➢    To help us provide you with the best possible customer service and experience

      ➢    To manage and administer our relationship with you, such as by keeping our database up to date, contacting you about administrative matters or responding to your complaints or feedback

      ➢    To fundraise for example by alerting you to opportunities to support Defibrillator through making a donation or becoming a member

      ➢    To enable you to participate in research, a survey or a competition

      ➢    To ensure the security of our websites and other technology systems

      ➢    To learn about your interests and preferences so that we can tailor your experience with Defibrillator and provide you with information that is relevant to you

      ➢    For the purpose of marketing our services including sending marketing communications

      ➢    To learn about our audience and classify our audience into groups or segments, using booking, survey and publicly available information and ensure we are sending relevant messages to each group

      ➢    To use data analytics and research to improve the quality of the services we offer and define our marketing strategy

      ➢    To verify your identity for security purposes

      ➢    To help us ensure our customers are genuine and to prevent fraud

      ➢    For the management of our business, including keeping financial records, to allow us to pay suppliers and to charge, invoice or refund customers

      ➢    For market research and statistical analysis and to analyse the use of our services so that we can improve your experience

Note that we may process your personal information in reliance on more than one of the grounds listed above depending on the specific purpose for which we are using your data

10. SHARING OF YOUR PERSONAL INFORMATION

We may share your personal information with other venues or organisations with whom Defibrillator works, but only if you have given your explicit consent to this.

We require all other organisations with whom we share your personal information to respect the security of your information and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes.

We might also have to share your information if we have to by law or where we need to protect you or other people from harm.

Other than as expressly set out in this Privacy Policy, we will not sell, rent, trade or distribute your personal information to third parties without your express consent or are required by law to do so.

11. OPTING OUT

11.1 You can ask us to stop sending you marketing information at any time by contacting us at info@defibrillatortheatre.com and by following the opt-out links on any marketing message sent to you or by contacting us any time as set out above in Paragraph 3.

11.2 Where you opt out of receiving marketing information, this will not apply to personal data provided to us when your purchase a ticket or other service from us.

11.3 Please be aware that if you opt out, it may be that we cannot provide you with certain services.

12. FUNDRAISING

We encourage support from individuals, companies and foundations who want to help us achieve our mission and reach the widest possible audience.

We may do some limited research before contacting certain individuals or organisations to understand if there is a potential connection or shared interest. We also carry out research about our current supporters so we can provide the best experience possible, tailor our communications and suggest relevant opportunities to get closer to our work. We aim to ensure that we are contacting you with the most relevant and timely communications and ultimately provide an improved experience for you. To do this, we use the information that you provide.

We may also:

  • Break down the information we hold on our database (for example, we might send information to a specific group of people who live in the same area)
  • Analyse donations
  • Make use of additional geo-demographic information and measures of affluence
  • Record the reasons you have chosen to donate to us, events you have attended and other relevant information about your involvement with us.

This activity assists us in understanding more about the people who support us. It also enables us to better understand your interests, anticipate your needs, and to provide exceptional customer service. We may also use your personal information to detect and reduce fraud and credit risk.

Before contacting a small number of individuals we may seek further information including business network information and publicly available information relating to: residential location, wealth and assets, family (excluding information on children unless personally given by the individual concerned), career, donations to other organisations (including political parties where they are made public by the individual) and hobbies and interests to create a profile of their interests and preferences. This helps us understand the background of the people who may choose to support us and helps us to make requests for gifts to those who may be able and willing to give. We may also use publicly sourced images to help identify individuals who attend our special events.

 

13. HOW WE PROTECT YOUR INFORMATION

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Your personal information is contained behind secured networks and is only accessible by a very limited number of persons who have special access rights to such systems, and who are required to keep the information secure and confidential. All financial transactions are processed through a gateway provider and are not stored or processed on our servers.

We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator when we are legally required to do so.

We will do our best to protect your personal information. However, we cannot guarantee the security of your data transmitted to our websites before it reaches us, and any transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

14. HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information in accordance with data protection law for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where your information is no longer required, we will ensure it is disposed of, deleted or cached in a secure manner.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

15. TRANSFERRING YOUR INFORMATION OUTSIDE EUROPE

As part of the services offered to you by Defibrillator, your personal information may be transferred to countries outside the European Economic Area (EEA). For example, this may happen when the computer servers used to host our websites or our customer databases are located in a country outside the EEA. These countries may not have similar data protection laws to the UK. By submitting your personal information, you are agreeing to this transfer.

If we transfer your information in this way, we will take steps to ensure that your data is treated securely and in accordance with this Privacy Policy and data protection laws by ensuring at least one of the following safeguards is in place:

  • We will only transfer your personal information outside the EEA to countries that have been deemed by the European Commission to provide an adequate level of protection of personal data;
  • Where we transfer data to certain of our trusted service providers, we may use specific contracts approved by the European Commission which give personal data the same protection as it has in Europe;
  • Where we transfer to data to our trusted service providers in the USA, we may transfer data to them if they are part of what is called the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Please contact us at info@defibrillatortheatre.com or write to us at: Data Enquiries, Defibrillator, 27 Old Gloucester Road, London, WC1N 3AX. if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

16. YOUR LEGAL RIGHTS

You are in control of your personal information. Under certain circumstances you have the right to:

  • Request a copy of the personal information we hold about you
  • Ask us to correct information that’s wrong, to delete it or to request that we only use it for certain purposes.
  • Request that we provide your personal information to you or another organisation in a structured, commonly used and machine-readable format.
  • Object to us processing your personal information based on our legitimate interests.
  • Change your mind and ask us to stop using your information, for example, unsubscribing from any marketing emails. Please be aware that if you ask us to stop using your information we may not be able to provide certain services to you: we will let you know if this is the case.

If you would like to exercise any of your legal rights in relation to the personal information that we hold about you, please email info@defibrillatortheatre.com or write to us at: Data Enquiries, Defibrillator, 27 Old Gloucester Road, London, WC1N 3AX

Your request must include your name, email address and postal address and we may request proof of your identity.

If you have a concern about the way in which we use your personal information, you may also make a compliant to a supervisory authority for data protection matters. In the UK this is the Information Commissioners Office: https://ico.org.uk/concerns/. If you live in another EEA country, you may complain to the supervisory authority in your country.