This policy was last updated on Wednesday 02 June 2021.
Pioneer Theatres Ltd own and operate Theatre Royal Stratford East (“TRSE”, “We”, “our”) and is registered with the Information Commissioners Office in respect of our obligations to safeguard your personal data and your privacy.
TRSE is committed to protecting and respecting your privacy and this Notice (together with our terms and conditions) sets out the basis on which any personal data we collect from you, or that you provide to us over the internet, telephone, in person or in writing will be processed by us and the purposes for which it will be processed by us.
TRSE takes reasonable steps to ensure the safety and security of your data and will never sell it onto any other individual or company.
This Notice tells you how and why we collect your personal data and how we treat it.
- For the purposes of the General Data Protection Regulation 2016 and the Data Protection Act 2018 (together referred to in this Privacy Notice as ‘the GDPR’), the data controller is Pioneer Theatres Ltd, a company limited by guarantee, registered in England and Wales. Registered address Theatre Royal Stratford East, Gerry Raffles Square, London E15 1BN, company number 556251, charity number 233801.
- For the purposes of the GDPR, TRSE’s General Manager is the nominated representative.
INFORMATION WE MAY COLLECT FROM YOU
- information that you provide by filling in forms on our website, stratfordeast.com. This includes information provided by you when you use the webchat service, information provided when you create an account with us, consent to our marketing communications services, or when you place orders for tickets, memberships, or sign up to education programmes or other events;
- if you contact us by post, email or telephone, we may keep a record of that correspondence to enact a request made by you or to make investigations;
- we may ask you to complete surveys or to take part in research but you are free to decline such requests;
- details of transactions you carry out through our website, in person and over-the-phone and of the fulfilment of your orders;
- we do not store or process your card payment details.
NHS Test and Trace
We are required by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing. By maintaining these records and sharing them with NHS Test and Trace where requested, we can help to identify people who may have been exposed to coronavirus.
Methods of capture:
Lead booker captured at point of purchase (or on arrival if missing)
Other bookers to be captured on arrival (either on the app or on a paper form)
Attendees using the CrowdEngage e-ticket service can register there too
Theatre Royal Stratford East is the data controller for your personal data, and is responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
NHS Test and Trace have asked Theatre Royal Stratford East to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace. We will only share information with NHS Test and Trace if it is specifically requested by them.
The information we collect for the purpose of contact tracing will not be used for any other purposes and will be destroyed by us 21 days after the date of your visit.
In addition, during the coronavirus pandemic, if NHS Test and Trace request information about visitors to our building, we will share the following data for each customer who booked a ticket for a date which NHS Test and Trace enquire about:
- Contact phone number, email address or, if neither are available, then postal address
- Date and time of performance attended
The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue are subject to. The legal obligation to which we’re subject means that we’re mandated by law to support the NHS Test and Trace service in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.
Your information will always be stored and used in compliance with the relevant data protection legislation. For more information on how the NHS Test and Trace system works click here.
LEGAL BASIS FOR PROCESSING
Our main legal basis for processing personal data is where it is necessary for the purposes of the legitimate interests pursued by TRSE to process your information. We can do that so long as we do not interfere with your fundamental rights or freedoms. Processing includes disclosure of personal information to third parties.
The other reasons we can rely upon to process your personal information under GDPR is as follows:
- With your consent (i.e. agreement) to us processing your personal information. Under the GDPR, consent is a legal basis for processing personal information. You can withdraw your consent at any time. This is explained further below in the section entitled ‘Your rights under GDPR’.
- Where we are under a legal obligation or an obligation under a contract to process/disclose the information
- For the purposes of assisting the police and other investigating bodies for the purposes of the prevention or detection of crime and/or investigating fraud
USING OUR WEBSITE
MONITORING OF WEBSITE USERS
We may monitor aggregated user traffic to help us develop and improve our website.
IP ADDRESSES AND OTHER SITES
- We may collect information about your computer, including your IP address, operating system and browser type, for system administration and to report aggregated information to our stakeholders.
- Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
- For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. The cookies we use are essential for the site to operate.
- Cookies are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most internet browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit org
- TRSE website makes use of three particular types of cookies:
- Session Cookies: These are cookies that are an essential part of our ticketing website that enable you to purchase tickets with us. These are necessary for our website to function properly, so if you do decide to turn cookies off then you will be unable to add tickets to your basket or log in to your account.
- You block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies.
- Except for essential cookies, all cookies expire when you close the browser window.
- By continuing to use our website, you consent to TRSE collecting data via those cookies.
Targeting and Advertising Cookies
- We may use targeting and advertising cookies to serve tailored ads to you based on your previous visits to our website, or based on your demographics or interests as determined by Google*. Google uses the third-party DoubleClick cookie to collect data and serve ads that are relevant to you on the websites of its partners. The cookie does not contain any personally-identifiable information and we do not merge it with any personally-identifiable information collected through the website. Users may opt out of the use of the DoubleClick cookie for interest-based advertising by visiting Ads Settings.
- The website uses Google Analytics Advertising Features for collecting data via Google advertising cookies and anonymous identifiers. The features used are: Remarketing with Google Analytics, Google Display Network Impression Reporting and Google Analytics Demographics and Interest Reporting.
- *How Google determines demographic and interest information
When someone visits a website that has partnered with the Google Display Network, Google stores a number in their browsers to remember their visits. This number uniquely identifies a web browser on a specific computer, not a specific person. Browsers may be associated with a demographic or interest category based on the sites that were visited. In addition, some sites might provide Google with demographic information that people share on certain websites, such as social networking sites. Google may also use demographics derived from Google profiles.
WHERE WE STORE YOUR PERSONAL DATA
- All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- Be aware that the internet and the transmission of information through the internet is not fully secure.
- TRSE will use reasonable endeavours to protect your personal data and prevent unauthorised access to it by storing it on a secure server which is password protected and hidden behind a firewall from the outside world, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
TRSE works in partnership with the following 3rd party organisations who process data to facilitate direct communications, and to analyse anonymised data on our behalf.
- Strict agreements are in place with each company to ensure the safe use and safe storage of the data we supply, with our processes are reviewed regularly to ensure that our systems are as effective as possible.
- These organisations will not contact you directly on behalf of TRSE as part of any agreement with us and your data is supplied to them as instructed by us and is only retained as long as required for the provision of the services you have requested:
Stratford East (Trading) Ltd - a company wholly owned, managed and operated by TRSE
Purpose: Providing catering services at TRSE
Information Shared: Name, address and booking details for the restaurant and interval drinks etc.
Location: Stratford, UK
Spektrix – provide TRSE with a cloud based ticket booking and customer relationship management
Purpose: ticket sales and customer relationship management software
Information Shared: Name, address and booking information, consents
Location: Shrewsbury, UK
Sure Digital Limited - build and support our website and from time to time need access to booking records for diagnostic purposes
Purpose: Website design and development
Information Shared: Name, address and booking information, cookie and visits to our website
Location: Shropshire, UK
DotMailer – an email software tool with data held in the EU. TRSE uses the software to design, deliver and manage email communications to customers.
Purpose: Email communications
Information Shared: Name, Address, booking information and email
Location: London, UK
The Audience Agency - provide summary, anonymous profile reports about TRSE’s audiences. As recipients of funding from Arts Council England we are required to provide this information to Audience Agency.
Purpose: Analysis and audience development
Information Shared: Account and booking information
Location: London, UK
Corporate Mailing Services Ltd - manages TRSE’s bulk mailings to customers
Purpose: Postal communications
Information Shared: Name and address information
Location: Norfolk, UK
Activity Stream - provide TRSE with a cloud-based analysis and insight tool
Purpose: Understanding customer behaviour and identifying marketing and fundraising opportunities
Information Shared: Information you provide when making a purchase (name, contact details, marketing preferences and consents), Location, Gender, Purchase History, Date of Birth, Record of purchases and donations, interactions with email and social media campaigns
Location: Copenhagen, Denmark
TicketCo - provide TRSE with a cloud-based stream ticket booking system
Purpose: Ticket sales for streamed performances
Information Shared: Name, mobile number, email address, booking information
Location: London, UK
CrowdEngage - Provide TRSE with a cloud-based mobile ticketing and ordering system
Purpose: Mobile ticket fulfilment and drinks ordering
Information Shared: Name, mobile number, email address, booking information
Location: Cambridgeshire, UK
USES MADE OF YOUR INFORMATION
We will use information held about you in the following ways:
- to ensure that content from our site is presented in the most effective manner for you and for your computer;
- to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- to carry out our obligations arising from any contracts entered into between you and us;
- to notify you about changes to our service and your visits to TRSE or if you need any additional information to facilitate your visit;
- to provide aggregate information about our users to stakeholders and funders.
You have a number of rights under the GDPR:
Access to personal information
Under the GDPR, you have a right to ask us what personal information we hold about you, and to request a copy of your information. This is known as a ‘subject access request’ (SAR). SARs need to be made in writing (we have a subject access form you can use for this purpose), and we ask that your written request is accompanied by proof of your identify. We have one calendar month within which to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible).
Following your SAR, we will provide you with a copy of the information we hold that relates to you. This will not generally include information that relates to your property such as repair logs or details of contractor visits, as this is not considered personal information.
If you need us to correct any mistakes contained in the information we hold about you, you can let us know by contacting us at email@example.com
Erasure (‘right to be forgotten’)
You have the right to ask us to delete personal information we hold about you. You can do this where:
- the information is no longer necessary in relation to the purpose for which we originally collected/processed it
- where you withdraw consent
- where you object to the processing and there is no overriding legitimate interest for us continuing the processing
- where we unlawfully processed the information
- the personal information has to be erased in order to comply with a legal obligation
We can refuse to erase your personal information where the personal information is processed for the following reasons:
- to exercise the right of freedom of expression and information;
- to enable functions designed to protect the public to be achieved eg government or regulatory functions
- to comply with a legal obligation or for the performance of a public interest task or exercise of official authority;
- for public health purposes in the public interest;
- archiving purposes in the public interest, scientific research historical research or statistical purposes;
- the exercise or defence of legal claims; or
- where we have an overriding legitimate interest for continuing with the processing
Restriction on processing
You have the right to require us to stop processing your personal information. When processing is restricted, we are allowed to store the information, but not do anything with it. You can do this where:
- You challenge the accuracy of the information (we must restrict processing until we have verified its accuracy)
- You challenge whether we have a legitimate interest in using the information
- If the processing is a breach of the GDPR or otherwise unlawful
- If we no longer need the personal data but you need the information to establish, exercise or defend a legal claim.
If we have disclosed your personal information to third parties, we must inform them about the restriction on processing, unless it is impossible or involves disproportionate effort to do so.
We must inform you when we decide to remove the restriction giving the reasons why.
Objection to processing
You have the right to object to processing where we say it is in our legitimate business interests. We must stop using the information unless we can show there is a compelling legitimate reason for the processing, which override your interests and rights or the processing is necessary for us or someone else to bring or defend legal claims.
Withdrawal of consent
You have the right to withdraw your consent to us processing your information at any time. If the basis on which we are using your personal information is your consent, then we must stop using the information. We can refuse if we can rely on another reason to process the information such as our legitimate interests.
Right to data portability
The right to data portability allows you to obtain and reuse their personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way. The right only applies to personal data you have provided to us where the reason we are relying on to use the information is either your consent or for the performance of a contract. It also only applies when processing is carried out by us using automated means.
TRSE manages a CCTV system in and around the building. Only authorised operatives have access to the system. Images are recorded for the purposes of crime prevention and public safety.
RECORDINGS OF VISITORS TO TRSE
We or authorised third parties may carry out film and/or sound recording during, before or after a performance and/or in our venue from time to time. Whilst we take reasonable steps to make sure that visitors are notified of such recording when they enter our venue and are given an opportunity to avoid such recording, by attending our venue you consent to you and any persons (including any children) who may accompany you, being included in such recordings and such recordings subsequently being used by us for any reasonable commercial purposes, including without limitation, for marketing and promotional purposes. We will not make any payment to you in respect of your inclusion in such recordings.
RETENTION OF PERSONAL INFORMATION
We will only hold your records during the period of our relationship with you and for a set period afterwards to allow us to meet our legal obligations including resolving any follow up issues between us. We will usually keep records about you for no longer than 6 years
- This policy was last updated on 23 May 2018.
- The Information Commissioner (ICO) is also a source of further information about your data protection rights. The ICO is an independent official body, and one of their primary functions is to administer the provisions of the GDPR. You have the right to complain to the ICO if you think we have breached the GDPR. You can contact the ICO at:
Information Commissioner's Office
Cheshire, SK9 5AF
0303 123 1113