PRIVACY POLICY

Purpose of this Policy

We are committed to protecting your personal information and being transparent about what information we hold about you.

When you purchase a ticket from us or use our services, you trust us with your personal information. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. This is important; we hope you will take time to read it carefully.

Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do – both on and off stage.

The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly.

We use your information in accordance with the GDPR (General Data Protection Regulation) and all applicable laws concerning the protection of personal information. This policy explains:

1.) What information we may collect about you
2.) How we may use that information
3.) In what situations we may disclose your details to third parties
4.) Our use of cookies to improve your use of our website
5.) Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it

If you have any queries about this policy, you can contact us by email on privacy@weymouthpavilion.com or using the contact details at the end of this policy.

Who we are

The Weymouth Pavilion Theatre is operated by Weymouth Pavilion CIC, a non-profit Community Interest Company. Our company registration number is 08587521 with our registered office at 7 & 8 Church Street, Wimborne, Dorset, BH21 1JH.

Information collection

We collect various types of information about you in a number of ways:

Information you give us

For example, when you buy tickets from the Box Office or through our website or make a donation, we’ll store personal information you give us such as your name, email address, postal address and telephone number. We will also store a record of your purchases and donations.

Information about your interactions with us

For example, when you visit our website, we collect information about how you interact with our content. When we send you mail, we may analyse your previous transaction history so the communications we send you are relevant to your interests, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.

Information from third parties

We do not buy or collect any information about you from third parties.

Sensitive personal data

Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We will never collect this type of information about our patrons.

Legal Basis

There are three bases under which we may process your data:

Contract purposes

When you purchase a ticket or Membership, you are entering into a contract with us. In order to perform this contract, we need to process and store your data. For example, we may need to contact you by email, telephone or post in the case of cancellation or rescheduling of a show, or in the case of problems with your payment. If you have purchased a Membership, we will email you to inform you of available priority booking for shows as part of your Membership. When you purchase a Weymouth Pavilion membership you are agreeing to receive marketing communications from Weymouth Pavilion as part of your subscription.

Legitimate business interests

In certain situations, we collect and process your personal information for purposes that are in our legitimate organisational interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.

With your explicit consent

For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.

Marketing Communications

We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what performances you have booked for in the past.

We use our legitimate organisational interest as the legal basis for communications by post, Facebook Advertising and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy or by updating your contact preferences in the ‘My Account’ section on our website. In the case of email, we will give you an opportunity to opt out of receiving them during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy or update your contact preferences in the ‘My Account’ section on our website. When you opt-in for email marketing, your email address may be used to target relevant advertising to you on Facebook and Google.

If you would like to receive marketing emails from us without making a ticket purchase, we will do so only with your explicit Consent when you sign up via the online form on our website.

Other Processing Activities

In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:

1.) We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible (such as your transaction history with us).
2.) We may analyse data we hold about you to help identify and prevent fraud (such as your IP address when you make an online booking).
3.) To improve our website, we may analyse information about how you use it and the content and ads that you interact with.

In all the above cases, we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit

Third Parties

We will never sell your personal data to a third party. There are however certain circumstances under which we may disclose your personal information to third parties. These are as follows:

1.) To our own service providers who process data for the purposes of completing tasks and providing services to you on our behalf. Such services include our ticketing system provider Spektrix, our email partner DotDigital, select mailing houses to send you postal mail) and Facebook (Meta) (for advertising). In these cases, we disclose only the personal data that is necessary for the third party to deliver the service and we require that these third parties comply strictly with our instructions and with data protection laws. It is possible that third parties may themselves engage others (sub-processors) to process your data. Where this is the case, third parties will be required to have contractual arrangements with their sub-processor(s) that ensure your information is kept secure and not used for their own purposes.

2.) Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
3.) To specific named visiting companies whose performances you have attended. In these cases, we will always ask for your explicit Consent before doing so.

You can view the full Privacy Policies of our third party service providers below:

1.) Spektrix: https://www.spektrix.com/en-gb/privacy#:~:text=We%20have%20contracts%20in%20place,for%20the%20period%20we%20instruct.
2.) Dot Digital: https://dotdigital.com/terms/privacy-policy/Stannp mailing house: https://www.stannp.com/direct-mail/privacy-policy
3.) Facebook: https://www.facebook.com/about/privacy/previous

Cookies and using our website

Cookies are small text files that are automatically placed onto your device by some websites that you visit. We and our ticketing partner Spektrix use cookies to monitor traffic levels through our website allow the booking process and access to your online account to function smoothly (for example to keep track of your basket).

Most internet browsers are set to accept cookies by default. If you do not wish for your browser to store these cookies on your computer, you can make these changes in the browser’s settings. Be aware disabling cookies may result in the disabling of certain functionality and features of our website and many other websites that you visit.

Our website also uses Google Analytics to track page visits anonymously so we can see how people interact with our site and make improvements.

Facebook Pixel is integrated within our website, which allows users of the website to see upcoming events and topics of interest when visiting Facebook (Meta) and Instagram. You can change your privacy settings directly with Facebook. https://www.facebook.com/about/privacy/previous

Your debit and credit card information

If you use your credit or debit card to purchase a ticket from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

Your card details are never stored directly by us or our ticketing partner Spekrtix, but on a secure payment gateway. This system uses Tokenism whereby the payment gateway provides Spektrix with a token which we can use to refund payments when necessary without having to retake your card details. Spektrix is PCI-DSS Level 1 certified providing our customers with the highest level of security for financial transactions. You can view their latest PCI compliance certificate at Spektrix support.

Maintaining your personal information

We store your personal information as long as you are an active customer so that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system. If you have not made a purchase or donation to us for six years, your personal details will be securely removed.

If there are aspects of your record that are inaccurate or that you would like to remove, you can do this by logging in to your online account through our website. Alternatively, please use the contact details at the end of this policy.

Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.

Security of your personal information

We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.

We will not transfer, process or store your data anywhere that is outside of the European Economic Area.

CCTV

We employ the use of CCTV in public areas of the Pavilion (including the foyer, Piano Bar and Ocean Room and some outside areas) to ensure the health and safety of our staff, volunteers and customers. These recorded images will not be shared with any third party except where we are under a duty to disclose them to law enforcement agencies.

If you are recorded by our CCTV cameras, you have the right to access that footage. Please bear in mind that recorded footage is stored for 30 days so there is no guarantee that this information will still be held by us at the time you want to access it. For more information please use the contact details at the end of this policy.

Your rights to your personal information

Under the GDPR you have the following rights regarding your personal information:

1.) The right to be informed
2.) The right of access
3.) The right to rectification
4.) The right to erasure
5.) The right to restrict processing
6.) The right to data portability
7.) The right to object
8.) Rights in relation to automated decision making and profiling

You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. This is called a Subject Access Request. Please use the contact details at the end of this policy if you would like to exercise this right.

Contact details and further information

Please get in touch with us if you have any questions about any aspect of this Privacy Policy or if you would like to object to any processing of your personal information that we carry out for our legitimate organisational interests. You can contact us via the details below:

Weymouth Pavilion CIC, The Esplanade, Weymouth, Dorset, DT4 8ED

Email: privacy@weymouthpavilion.com

We may review and update this policy from time to time.

Updated 27.02.24