1. INTRODUCTION
Defibrillator takes the privacy of all of its customers and supporters very seriously and is committed to respecting and protecting your personal information. We aim to be transparent about what information we hold about you, whichever way you are connected with us.
The purpose of this policy is to explain how Defibrillator collects, uses and protects any personal information we collect about you.
Collecting personal data helps us to develop a better understanding of everyone who engages with us – from theatre attendees and website users to our members and supporters. This allows us to work more effectively and helps us provide you with a better, more tailored service that we hope encourages you to get closer to our work and enjoy everything we have to offer.
We use your information strictly in accordance with all applicable data protection laws and you can be assured that any information provided will only be used in accordance with this privacy policy.
We will publish any updates to our privacy policy on our data webpage (defibrillator theatre.com) and we recommend you check this page from time to time. If we make any significant changes in the way we treat your personal information we will make it clear in this policy.
2. WHO ARE WE?
Defibrillator is a registered company in England and Wales (number 8107683). Our registered office is 27 Old Gloucester Road, London, WC1N 3AX.
Defibrillator currently manages three websites – defibrillator theatre.com, thehotelplays.co.uk and insignificanceplay.com.
3. HOW TO CONTACT US
If you have any questions regarding this privacy policy or your personal information, please contact info@defibrillatortheatre.com or write to us at: Data Enquiries, Defibrillator, 27 Old Gloucester Road, London, WC1N 3AX
4. HOW TO CHANGE OR ACCESS THE INFORMATION WE HOLD ABOUT YOU
The accuracy of your personal information is important to us and you can help keep our records up to date by telling us when your contact details and other personal information changes, and if you change your mind about how we contact you.
Every email we send you will include details on how to change your communications preferences or unsubscribe from future communications.
It is important the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
If you would like to update the details we hold or change your contact preferences you email us at info@defibrillatortheatre.com
5. WHAT INFORMATION DO WE COLLECT?
5.1 Depending on the reason for interacting with us, we may collect and hold the following information from you:
5.2 We will collect and aggregate on an anonymous basis information about you and your use of our services with information about other users of our services, such as statistical or demographic data, for analysis, reporting to stakeholders (such as Arts Council England) and to better understand our customers. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature on one of our websites. However, if we combine or connect any of this type of data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
6. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
Directly from you: We collect personal information from you at multiple touch points, for example when you book for a performance or an event, participate in a workshop or attend another event, speak to or email a member of our team, register for an account on our websites, make a donation, join as a member, subscribe to an email newsletter, respond to a survey, request marketing or fundraising information to be sent to you, enter a competition, provide feedback to us, fill out a form or provide any other information in any way.
From other organisations or publicly available sources: For example, we may receive personal information about you from:
We use this information to help us give you the best possible experience.
7. VISITING OUR WEBSITES
When you visit one of our websites we may automatically collect the following information:
Our websites may contain links to websites, plug-ins and applications that are operated by third parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those websites and this Privacy Policy does not apply to those websites. Please consult the terms and conditions and privacy policy of those websites to find out how they collect and use your personal data and to establish whether and for what purpose they use cookies.
8. YOUNG PEOPLE
We are especially committed to protecting the privacy of any young people that engage with or participate in our work. If you are under 16, please ensure that you obtain your parent/guardian’s consent before and whenever you provide personal information.
Personal data relating to young people will be held securely on our CRM and ticketing database. This data will be protected and only accessible to a limited number of staff members.
9. HOW DO WE USE YOUR INFORMATION?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
➢ To manage and administer our relationship with you, such as by keeping our database up to date, contacting you about administrative matters or responding to your complaints or feedback
➢ To fundraise for example by alerting you to opportunities to support Defibrillator through making a donation or becoming a member
➢ To enable you to participate in research, a survey or a competition
➢ To ensure the security of our websites and other technology systems
➢ To learn about your interests and preferences so that we can tailor your experience with Defibrillator and provide you with information that is relevant to you
➢ For the purpose of marketing our services including sending marketing communications
➢ To learn about our audience and classify our audience into groups or segments, using booking, survey and publicly available information and ensure we are sending relevant messages to each group
➢ To use data analytics and research to improve the quality of the services we offer and define our marketing strategy
➢ To verify your identity for security purposes
➢ To help us ensure our customers are genuine and to prevent fraud
➢ For the management of our business, including keeping financial records, to allow us to pay suppliers and to charge, invoice or refund customers
➢ For market research and statistical analysis and to analyse the use of our services so that we can improve your experience
Note that we may process your personal information in reliance on more than one of the grounds listed above depending on the specific purpose for which we are using your data
10. SHARING OF YOUR PERSONAL INFORMATION
We may share your personal information with other venues or organisations with whom Defibrillator works, but only if you have given your explicit consent to this.
We require all other organisations with whom we share your personal information to respect the security of your information and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes.
We might also have to share your information if we have to by law or where we need to protect you or other people from harm.
Other than as expressly set out in this Privacy Policy, we will not sell, rent, trade or distribute your personal information to third parties without your express consent or are required by law to do so.
11. OPTING OUT
11.1 You can ask us to stop sending you marketing information at any time by contacting us at info@defibrillatortheatre.com and by following the opt-out links on any marketing message sent to you or by contacting us any time as set out above in Paragraph 3.
11.2 Where you opt out of receiving marketing information, this will not apply to personal data provided to us when your purchase a ticket or other service from us.
11.3 Please be aware that if you opt out, it may be that we cannot provide you with certain services.
12. FUNDRAISING
We encourage support from individuals, companies and foundations who want to help us achieve our mission and reach the widest possible audience.
We may do some limited research before contacting certain individuals or organisations to understand if there is a potential connection or shared interest. We also carry out research about our current supporters so we can provide the best experience possible, tailor our communications and suggest relevant opportunities to get closer to our work. We aim to ensure that we are contacting you with the most relevant and timely communications and ultimately provide an improved experience for you. To do this, we use the information that you provide.
We may also:
This activity assists us in understanding more about the people who support us. It also enables us to better understand your interests, anticipate your needs, and to provide exceptional customer service. We may also use your personal information to detect and reduce fraud and credit risk.
Before contacting a small number of individuals we may seek further information including business network information and publicly available information relating to: residential location, wealth and assets, family (excluding information on children unless personally given by the individual concerned), career, donations to other organisations (including political parties where they are made public by the individual) and hobbies and interests to create a profile of their interests and preferences. This helps us understand the background of the people who may choose to support us and helps us to make requests for gifts to those who may be able and willing to give. We may also use publicly sourced images to help identify individuals who attend our special events.
13. HOW WE PROTECT YOUR INFORMATION
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
Your personal information is contained behind secured networks and is only accessible by a very limited number of persons who have special access rights to such systems, and who are required to keep the information secure and confidential. All financial transactions are processed through a gateway provider and are not stored or processed on our servers.
We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator when we are legally required to do so.
We will do our best to protect your personal information. However, we cannot guarantee the security of your data transmitted to our websites before it reaches us, and any transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
14. HOW LONG DO WE KEEP YOUR INFORMATION?
We will only keep your personal information in accordance with data protection law for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where your information is no longer required, we will ensure it is disposed of, deleted or cached in a secure manner.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
15. TRANSFERRING YOUR INFORMATION OUTSIDE EUROPE
As part of the services offered to you by Defibrillator, your personal information may be transferred to countries outside the European Economic Area (EEA). For example, this may happen when the computer servers used to host our websites or our customer databases are located in a country outside the EEA. These countries may not have similar data protection laws to the UK. By submitting your personal information, you are agreeing to this transfer.
If we transfer your information in this way, we will take steps to ensure that your data is treated securely and in accordance with this Privacy Policy and data protection laws by ensuring at least one of the following safeguards is in place:
Please contact us at info@defibrillatortheatre.com or write to us at: Data Enquiries, Defibrillator, 27 Old Gloucester Road, London, WC1N 3AX. if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
16. YOUR LEGAL RIGHTS
You are in control of your personal information. Under certain circumstances you have the right to:
If you would like to exercise any of your legal rights in relation to the personal information that we hold about you, please email info@defibrillatortheatre.com or write to us at: Data Enquiries, Defibrillator, 27 Old Gloucester Road, London, WC1N 3AX
Your request must include your name, email address and postal address and we may request proof of your identity.
If you have a concern about the way in which we use your personal information, you may also make a compliant to a supervisory authority for data protection matters. In the UK this is the Information Commissioners Office: https://ico.org.uk/concerns/. If you live in another EEA country, you may complain to the supervisory authority in your country.