Privacy

Privacy commitment

Chichester Festival Theatre (CFT) processes your data in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act (2018), Privacy Electronic Communications Regulation (2003) (PECR) and in line with this Privacy Policy.

We are committed to protecting and respecting your privacy. This policy sets out what personal data we collect from you, or that you provide to us, and how it will be used. Please read it through carefully and if you have any queries contact [email protected].

Where we collect information from

When you give data to us directly:

  • Purchase a ticket, make a donation or purchase a membership
  • Sign up to receive communications
  • Complete one of our surveys
  • Participate in one of our events, workshops or classes
  • Apply for a position, paid or voluntary
  • Login to our public Wi-Fi
  • Contact us on one of our online platforms such as (but not exclusively) Twitter, Facebook, Instagram, Trip Advisor, Google
  • Contact us directly by telephone, electronically, post or in person with feedback about your experience
  • When you give your consent for filming and/or photography at one of our participatory workshops or events

When you give data to us indirectly:

  • Purchase tickets through an agent or third party for one of our events or prize draws
  • Browse or purchase items on our website
  • Open and/or follow links and interact with emails and marketing you receive
  • Interact with us or mention us on social media sites
  • When you visit the CFT site or attend a public event arranged by CFT

When you give permission to other organisations to share your data, or it is publicly available:

  • Information from public sources such as Companies House, on the internet or published in newspapers and magazines
  • Third party organisations when you have provided permission for your details to be shared. This could be other organisations we have worked with or a purchased list based on your preferences and profile
  • Your likes and preferences on social media and some websites (depending on your privacy settings on those platforms)
What we collect and how it is used

Personal data

Personal data includes your contact details, date of birth, your contact preferences, details of communications with you, images of you taken at participatory and public events, details of your transactions and your access requirements. This enables us to conduct business with you and provide you with the best service for your needs, and to keep you informed about CFT. It may also be shared with selected suppliers who we contract to deliver a service, for example a mailing centre to distribute our postal mailings.

Special Category data

Special Category Data may be asked for in certain instances; this includes your bank details (if you set up a regular payment), ethnicity, gender identity, medical information and next of kin.

This information is available to a restricted number of staff for whom it is deemed necessary. It is used to process some transactions, in the case of an emergency, or aggregated and anonymised for monitoring and reporting as required by public funding bodies.

Children’s data

We collect and store data for under 16s who participate in our learning, education and participation (LEAP) activities, which includes Special Category Data. Where possible and when appropriate, we obtain consent from the parent/carer of the child before collecting this data. This information is available to a restricted number of staff for whom it is deemed necessary. When the young person reaches 16, consent is sought from the individual.

Purposes of use

Administering purchases

You give us Personal Data, such as your name and contact details and on some occasions your date of birth so we can administer purchases (tickets, subscriptions, memberships, merchandise and donations) made online, in person or over the telephone. If you choose to save the details of your card for future purchases on your account, these details are captured by Opayo (formerly SagePay), our payment provider, and a token is stored on our system in place of the full card number. If you pay for a membership by direct debit your bank details are stored as Special Category Data. All transactions are conducted in accordance with the Payment Card Industry Data Security Standard.

If you make a donation and choose to make a Gift Aid declaration this will be stored against your record and your contact details shared with HMRC.

If you are a member of our Access List, we store Personal Data and Special Category Data you give us about your health and your requirements and needs while you are at the Theatre to ensure we can make your visit as enjoyable as possible and fulfil your ticketing requirements when booking. If you are an Access Member we store the proof of disability information electronically on our local server and destroy any paper copies.

If you have given us information about family members, individuals or organisations you are connected to, this may be stored against your record as a relationship. This enables us to process bookings with a facilitator, for example if you are booking on behalf of one of our Access Members or making a group booking for a school.

If you make a booking over the telephone, we may record your call for training purposes or to review a transaction. Recording is paused when payment details are given so no financial details are captured on the recording.

We may store notes about your previous bookings and your feedback to enable us to address your needs and requirements for future bookings.

On occasion, CFT acts as a ticket agent to sell tickets on behalf of another company, organisation or promoter. These third parties do not have access to our systems, however we may share basic contact information with them to enable them to administer your purchase. A list of third parties we are currently acting on behalf of can be found in the Third Party Events section in our Terms and Conditions on the CFT website along with the information they receive about you.

Fundraising

We use Personal Data you give us when you purchase a ticket, membership, merchandise, make a donation, opt-in to receive communications or participate in a class or event to carry out fundraising activity.

If you make a donation or become a member of one of our philanthropic membership schemes, we may ask if you would like your name to be credited in publicity materials and donor attribution boards displayed in public areas at CFT.

We may conduct further research or use profiling or wealth screening techniques to ensure communications are relevant and timely and to provide an improved experience for our supporters. Profiling also allows us to target our resources effectively. We do this because it allows us to raise more funds, sooner, and more cost-effectively than we otherwise would.

When building a profile we may analyse geographic, demographic and other information relating to you in order to understand your interests and preferences. In doing this we may use third party sources. We build a profile using the information you have given us and publicly available information. Data gathered from this research is stored as Personal and Special Category Data.

You can opt out of your data being used for this purpose by contacting: [email protected].

LEAP events and classes

If you participate in learning, education and participation (LEAP) projects, workshops or events, we may ask for additional Personal Data such as your age, the school you attend and information about your next of kin. We also ask for medical information and emergency contact details; this is classed as Special Category Data. We do this to ensure that staff are aware of any specific needs of participants and so we can quickly contact relevant people in the case of an emergency.

Marketing

Electronic and postal

Based on your contact preferences we use your details to keep you up to date about forthcoming events and your purchases at CFT. You can opt out of this at any time by visiting My Account and updating your preferences or by contacting [email protected].

When you book for a performance that is produced or co-produced by a company other than CFT, we may ask if you wish to opt-in to receive information directly from them. If you choose to do this we will inform you once this information has been passed on and the company in question will then contact you to give you the option to opt-out.

We sometimes use segmentation based on postcodes, booking history and your interactions with us to assist us with sending you relevant information about news, offers and opportunities to support CFT.

On occasion we may obtain your details from a third party that you have given permission to share your details. If we contact you based on this, we will always state where this information comes from in the first communication and give you a clear opt-out option.

Online

Depending on your device’s privacy settings and those on other websites and apps you use, we may aggregate information you give us directly or indirectly to target advertising and social media posts. For example we may create a specific campaign to be shown on social media to people in the PO19 postcode area aged between 16 and 25, or an advert to target specific people who have visited a particular page on our website.

How a website tracks you depends on the privacy settings on the device you are using and any privacy settings you have set up with individual sites and apps. To find out more about this, what types of tracking we use and how you can opt out visit our Cookies page.

Reporting and analysis

We use the data you give us directly and indirectly to report on sales and audiences at CFT and to improve your experience. This reporting is created from aggregated data and is not attributable to individuals.

Our website

When you visit our website we may automatically collect technical information about your session including the Internet Protocol (IP) address that connects your device to the internet, the type of device you use, your browser, operating system, whether you made a purchase and from where you have arrived at our site. We do not link this information to anything that identifies individuals. This information enables us to analyse how the website is used, where improvements can be made and to report to funding and public bodies.

We use essential and non-essential cookies on our website. A cookie is a small text file of letters and numbers that gets put onto your computer when you visit a website. This allows the site to distinguish you from other users. Essential cookies are required to login or to purchase items from our website. Non-essential cookies are used to track how you use and interact with our website and for analytical purposes and to monitor the efficacy of digital advertising. Cookies are not normally linked to information that allows us to identify individuals. Alongside cookies we use tracking pixels which follow your activity after clicking a link from a third party site. This does not allow us to personally identify you, but may be used by the third party site. For more details on how and which cookies we use and how you adjust the settings on your device and specific apps please visit our Cookies page.

Surveys and promotions

We carry out promotions and surveys on a regular basis; as part of these we may ask you to disclose personal information. Participation is entirely voluntary and you have a choice whether to disclose Personal or Special Category Data. The data you supply is aggregated for reporting purposes and not attributed to individuals.

Segmentation

We use segmentation based on postcodes to report to funders and public bodies about the audiences who attend at CFT. The segmentation is applied by The Audience Agency and is created using data from Experian.

On site

We have closed circuit television on the CFT site. These cameras record activity for your, and our, security 24 hours a day.

At some performances and events we, or an approved third party, may take photographs or record film for CFT’s archive, publicity or marketing purposes. Images and film may also be shared with and used by organisations to report on activity they have supported (for example funders or sponsors), or by organisations that promote Chichester Festival Theatre as a world-class attraction. We will always place signage in the area if there is a photographer or filmmaker present.

  • At participant based classes or workshops we will always seek your consent.
  • At public events such as performances, audience members may request to not be included in any images or film by speaking to a member of staff.

If you have an accident while on the premises we will record your contact information and details of your injury for HSE purposes. We may also record your contact details in connection to other queries you may have while on site.

If you visit the backstage area of the theatre, we may record your personal details to monitor who is on the premises.

HR

If you apply for a job, work experience or volunteer opportunity at CFT we collect Personal Data and Special Category Data as part of your application. Equal Opportunities information is requested separately and anonymously and cannot be tracked back to individual applicants.

How we keep your data safe and who has access

In addition to processing data at CFT, we contract external companies to supply services or process data on our behalf such as our caterers, customer relationship management system, payment providers, our bulk email provider, wealth screening and insight companies and the mailing centre used for sending postal communications. These organisations only hold the data for the reason contracted by CFT and do not sell, share or use your data for any other purpose. We carry out comprehensive checks on these companies and take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the Data Protection Act (2018), the General Data Protection Regulation (2016) and the Privacy and Electronic Communications Regulation (2003).

While most of our suppliers store data at a destination within the European Economic Area (EEA), it may be transferred outside the EEA. We, and our contractors, use strict procedures and security features to try to prevent unauthorised access to your data. Suppliers that handle financial data as part of your transaction with CFT are PCI DSS compliant.

We have processes in place and carry out regular reviews of who has access to data to ensure that your information is only accessible to appropriately trained staff and contractors. Special Category Data is only accessible to staff for whom it is deemed absolutely necessary.

Paper files with Personal and Special Category Data are kept to a minimum and are stored securely when not in use.

If legally required we may disclose your information to other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the UK where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or for the purposes of public health or where such disclosure may be permitted or required by law. We will only share your data in other circumstances with your consent.

If there is a breach of data that is likely to have a detrimental effect on individuals (for example, result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage), CFT will notify the Information Commissioners Office within 72 hours of becoming aware of the breach. Any individuals affected will also be notified within this timeframe.

Keeping your information up to date

Please let us know when your details change so we can make sure that our information is current. However, we do have other processes in place to ensure that we keep our records up to date:

  • If we find a record on our system that matches another one and we are sure it is the same person, we may merge the two accounts so we have all your information in the same place.
  • Images and film taken of public and participants may be used for up to ten years for marketing and publicity purposes by CFT. After this point it will either be deleted, or if deemed to be of historical and public interest, added to our archive.
  • We will deactivate your account if there has been no purchase/donation/or a membership with an expiry date in the last 10 years and you have not interacted with our communications - we will delete any Special Category Data.
  • We will remove the postal contact preferences if no purchase/ donation/ membership has been made on your account for 3 years.
  • We will remove the email marketing contact preferences if emails are not opened for 1 year.
  • We will remove the telephone contact preferences if no purchase/ donation/ membership has been made on your account for 3 years.
  • If you apply for a job at CFT and your application is unsuccessful, we delete/destroy the application 6 months after the closing date.
  • If you apply for Work Experience, or to be a volunteer at CFT and your application is unsuccessful, we delete/destroy the application 6 months after receipt.
  • If you have participated in a LEAP event/class or have been a member of Chichester Festival Youth Theatre (CFYT) we remove all Special Category Data 1 year after the event or class, or once you cease to be a member of CFYT.
  • Any documents to support a membership will be destroyed when the membership expires, or when the membership is cancelled.
  • We delete recordings of calls made to the Box Office after 12 months.
  • CCTV records are kept for a maximum of thirty days before being deleted.

You can update your contact preferences at any time by logging in to My Account on our website or by contacting [email protected].

Your rights

If you wish to amend your data, ask us to stop using your Personal and Special Category Data for reasons other than processing your transaction, or erase your Personal and/or Special Category Data please contact us at [email protected].

You have a right to ask for a copy of the information we hold about you. To request this please send an email to [email protected]. We do not make a charge for this, but may charge a reasonable administrative fee if we deem the request to be unfounded or excessive. We endeavour to respond to requests within 30 days.

Changes to this Privacy Policy

We may make changes to this Privacy Policy from time to time. We will post any changes to this page and notify you of any material changes by e-mail if we have permission to do so.

17 March 2020 added: Images and film may also be shared with and used by organisations to report on activity they have supported (for example funders or sponsors), or by organisations that promote Chichester Festival Theatre as a world-class attraction.

24 July 2020 changed: If legally required we may disclose your information to the police, regulatory bodies or legal advisors
to: If legally required we may disclose your information to other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the UK where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or for the purposes of public health or where such disclosure may be permitted or required by law.