BET mailing list

Submit your email

BET on Twitter

Loading feed...

Charity number: 1077161

Company number: 3724349

Blue Elephant Theatre Privacy policy.

We use cookies for Google Analytics, but these can be disabled via your browser configuration.

Privacy policy

Blue Elephant Theatre Privacy Policy
Last updated: 22/05/2018

Blue Elephant Theatre (BET) takes the privacy and security of all of its stakeholders – participants, audiences, artists we work with, staff, supporters etc - very seriously and is committed to respecting and protecting personal information. We aim to be transparent about what information we hold about you, whichever way you are connected with us.

The purpose of this policy is to explain how we collect, use and protect any personal information we gain about you. We aim to use your information in accordance with all applicable data protection laws and you can be assured that any information provided will only be used in accordance with this privacy policy.

We will publish any updates to our privacy policy on our website (blueelephanttheatre.co.uk) and we recommend you check this page from time to time. If we make any significant changes in the way we treat your personal information we will make it clear in this policy.

WHO WE ARE – ORGANISATION & DATA PROTECTION OFFICER DETAILS
Blue Elephant Theatre Limited is a registered charity (number 1077161) and a registered company (number 3724349) in England and Wales (number). Our registered office is 59a Bethwin Road, Camberwell, London, SE5 0XT
Blue Elephant Theatre manage one website: www.blueelephanttheatre.co.uk. We also manage social media accounts on Facebook, Twitter, Instagram.
If you have any questions regarding this privacy policy or your personal information, please contact niamh@blueelephanttheatre.co.uk or write to us at: FAO Niamh de Valera, Blue Elephant Theatre, 59a Bethwin Road, Camberwell, London, SE5 0XT.Niamh de Valera is Executive & Co-Artistic Director of Blue Elephant Theatre and the designated Data Protection Officer.

WHAT INFORMATION DO WE COLLECT AND ON WHAT BASIS?
Depending on the reason for interacting with us, we may collect and hold the following information from you:
• Identity Data: includes your first name, last name, title, date of birth, gender and contact details for your parent or guardian if you are under 18. It may also include details of the ethnicity you identify as being.
• Contact Data: includes billing address, home address, email address, telephone numbers.
• Financial Data: includes bank account details if you are making a donation and your preferences relating to Gift Aid.
• Transaction Data: includes details about payments to and from you and details of tickets or services you have purchased from us.
• Supporter Data: includes information relating to memberships, donations, attendance at events and interests.
• Health Data and Emergency Contact Details: if you are working at BET as an employee, artist, freelancer, volunteer etc, we request details of medical conditions we should know about eg allergies and what to do if something happens to you as a result of this. We request the same details of any participants. We also request emergency contact details so we know who to contact should something happen to you or if we have a concern. We may keep details of audience members’ access requirements on their file in our box office system in order to ensure we meet those requirements in future.
• Image Data: includes your image as captured in photographs, video and audio recordings if you participate in a workshop or other event. We make audiences aware of any performances being filmed so they can avoid being captured and all participants and staff are given photo consent forms which they have the option of completing and which indicates how widely their image can be used.
• Technical and Usage Data: Our website uses cookies as it is linked to a Google Analytics account. It shows us how our website is used but is anonymised.
• Social Media: depending on your settings or the privacy policies for social media and messaging services like Facebook, Twitter and Instagram you may give us permission to access information from those accounts or services. We will be able to see your personal information if you ‘friend’ us on Facebook.
• Marketing and Communications Data: includes your preferences in receiving marketing from us

We will only use your personal data when the law allows us to. Our lawful bases for requesting, controlling and processing this data are varied. For marketing and communications, social media, image data etc it is based on consent, which has been freely given. Consent may also include us sharing your details with our partner organisations where you’ve explicitly consented to this. Under our NPO agreement with Arts Council England, we are obliged to enter into datasharing agreements with companies we host who they also fund and to then explicitly offer audience members the opportunity to have their details shared with these companies.

We have a legal obligation to request, control and process some information, eg employee details or when we have to report to or respond to a request from government or their agencies (such as reporting Gift Aid details to HMRC)

We need some information to fulfil our contractual obligations, eg to process payments.

Other data is requested, controlled and processed based on legitimate interest, described by the Information Commissioners Office as being most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. Examples include:
- Retaining audience members’ details to speed up booking in future and allow us to analyse booking trends in order to improve our communication and marketing
- For the management of our business, including keeping financial records, to allow us to pay suppliers and to charge, invoice or refund customers
- To record and investigate health and safety and other incidents which have happened at the Blue Elephant
We are obliged to report to our funders (and occasionally other stakeholders) about users of our services and collect and aggregate anonymous information for them. We consider this to fall under legitimate interest.

YOUNG PEOPLE
We are especially committed to protecting the privacy of any young person who participates in a Blue Elephant Project or engages with the Blue Elephant in another way. Our website contains information on our participation opportunities but is not designed to attract young users in particular or to encourage them to share data. If you are under 16, please ensure that you obtain your parent/guardian’s consent before and whenever you provide personal information.
Personal data relating to young people will be held securely on our server and in locked filing cabinets.

HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
Directly from you: We collect personal information from you when you do the following: book for a performance or an event, participate in a workshop, speak to or email a member of our team, register for an account on our websites, make a donation, join as a member, subscribe to an email newsletter, respond to a survey, request marketing or fundraising information to be sent to you, enter a competition, provide feedback to us, fill out a form or provide any other information in any way.
Automatically: Our website is connected to a Google Analytics accounts which uses cookies to record data
From other organisations or publicly available sources: For example, we may receive personal information about you from:
• Ticket agents (specifically Ticketweb, Eventbrite and Outsavvy) who transfer personal data to us when you book a ticket for a production or other event at/organised by Blue Elephant Theatre
• Analytics providers such as Google or social media platforms such as Facebook and Twitter

OUR WEBSITE
When you visit our websites, Google Analytics uses cookies to automatically collect some information about how you interact with our website. You can set your browsers to refuse all or some browser cookies, or to alert you when websites set or access cookies. Our website contains links to other websites, generally to the websites of companies producing shows at Blue Elephant and websites that have reviewed our shows. Clicking on those links may allow third parties to collect or share data about you. We do not control those websites and this Privacy Policy does not apply to those websites. Please consult the terms and conditions and privacy policy of those websites to find out how they collect and use your personal data and to establish whether and for what purpose they use cookies.

SHARING OF YOUR PERSONAL INFORMATION
We may also share your personal information with other venues or organisations with whom the Blue Elephant Theatre works, but only if you have given your explicit consent to this.

We use Mailchimp (which operates within the Privacy Shield) to send e-newsletters and so email addresses and names are shared with our secure account with them.

We require all other organisations with whom we share your personal information to respect the security of your information and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes.

We might also have to share your information if we have to by law or where we need to protect you or other people from harm.
Other than as expressly set out in this Privacy Policy, we will not sell, rent, trade or distribute your personal information to third parties without your express consent or are required by law to do so.

HOW TO CHANGE OR ACCESS THE INFORMATION WE HOLD ABOUT YOU
The accuracy of your personal information is important to us and you can help keep our records up to date by telling us when your contact details and other personal information changes, and if you change your mind about how we contact you.

Every email we send you will include details on how to change your communications preferences or unsubscribe from future communications.
It is important the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

If you would like to update the details we hold or change your contact preferences you can contact us at 020 7701 0100/niamh@blueelephanttheatre.co.uk

OPTING OUT
You can ask us to stop sending you marketing information at any time by contacting us directly via phone (020 7701 0100) email (niamh@blueelephanttheatre.co.uk) or by following the opt-out links on any marketing message sent to you.

Where you opt out of receiving marketing information, this will not apply to personal data provided to us when you purchase a ticket or other service from us. Under GDPR, you have the ‘right to erasure’. Opting out of receiving marketing emails etc is not the same thing. Blue Elephant Theatre should be contacted directly if you would like to exercise your right ‘to be forgotten’. BET has one month to respond to a request. Please note that this right is not absolute and only applies in certain circumstances.

HOW WE PROTECT YOUR INFORMATION
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Your personal information is contained behind secured networks and is only accessible by persons who have special access rights to such systems, and who are required to keep the information secure and confidential. All financial transactions are processed through a gateway provider and are not stored or processed on our servers.

No credit card or payment information is stored by Blue Elephant Theatre.

We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator when we are legally required to do so.

We will do our best to protect your personal information. However, we cannot guarantee the security of your data transmitted to our website before it reaches us, and any transmission is therefore at your own risk. Email is also an insecure method of communication. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

HOW LONG DO WE KEEP YOUR INFORMATION?

We aim to keep and use your personal information in accordance with data protection laws, good practice, legal requirements and our policies.

GDPR considers consent to depreciate. We consider consent to be sent email newsletters containing marketing information to expire on the 31st December following the five year anniversary of being given this consent. Individuals actively sign up to our newsletters by finding this option on our website or filling in a feedback form so it is freely given. We aim to widen access to the arts and increase engagement with our work over the long term and feel that five years is justified for these reasons.

We consider photo consent to depreciate after three years however.

We keep box office data because it is good practice as described by the Audience Agency:

"Good practice, and indeed good customer service, prescribe that it is only necessary to compile the basics of customer records once, the first time a customer makes a transaction with your organisation. During the process, they should receive the appropriate notifications and have the opportunity to give the necessary permissions. Thereafter, all customers should be asked if they have purchased tickets before and their existing record looked up to avoid duplication.

For this reason, even though GDPR requires that data should be kept no longer than is necessary, there remains a legitimate reason to keep the record of all customers on file, as long as there is a chance that they may return to your organisation and be recognised. Data Controllers are obliged to ensure that the data they hold remains relevant by periodically “cleaning” the data to identify and suppress from future communications any obsolete data for individuals whose attendance has lapsed, and who may subsequently have moved address or are deceased.
We keep other data until we are sure it is not needed for legal, audit or insurance reasons and then dispose of it responsibly and securely."

TRANSFERRING YOUR INFORMATION OUTSIDE EUROPE
As part of the services offered to you by the Blue Elephant, your personal information may be transferred to countries outside the European Economic Area (EEA) but we aim to avoid this if at all possible. The computer servers that our website is hosted on is run by Oblong Live and based in the UK.

However, If we transfer your information out of the UK, we will take steps to ensure that your data is treated securely and in accordance with this Privacy Policy and data protection laws by ensuring at least one of the following safeguards is in place:
• We will only transfer your personal information outside the EEA to countries that have been deemed by the European Commission to provide an adequate level of protection of personal data;
• Where we transfer data to certain of our trusted service providers, we may use specific contracts approved by the European Commission which give personal data the same protection as it has in Europe;
• Where we transfer to data to our trusted service providers in the USA, we may transfer data to them if they are part of what is called the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

We currently work with Ticketweb, Eventbrite and Outsavvy who process ticket bookings on our behalf. Ticketweb and Eventbrite have both certified that they adhere to the necessary requirements of GDPR should information be transferred out of the EEA and Outsavvy holds all data in the UK. We transfer data to Mailchimp but it operates within the Privacy Shield.

YOUR LEGAL RIGHTS
You are in control of your personal information. Under certain circumstances you have the right to:
• Request a copy of the personal information we hold about you
• Ask us to correct information that’s wrong, to delete it or to request that we only use it for certain purposes.
• Request that we provide your personal information to you or another organisation in a structured, commonly used and machine-readable format.
• Object to us processing your personal information based on our legitimate interests.
• Change your mind and ask us to stop using your information, for example, unsubscribing from any marketing emails.
• Please be aware that if you ask us to stop using your information we may not be able to provide certain services to you: we will let you know if this is the case. An example would be that we cannot permit a participant under 16 to attend our workshops without having contact details of their guardian.

If you would like to exercise any of your legal rights in relation to the personal information that we hold about you, please email niamh@blueelephanttheatre.co.uk or write to us at: Blue Elephant Theatre, 59a Bethwin Road, Camberwell, London, SE5 0XT.

We may request proof of your identity.

If you have a concern about the way in which we use your personal information, you may also make a compliant to a supervisory authority for data protection matters. In the UK this is the Information Commissioners Office: https://ico.org.uk/concerns/. If you live in another EEA country, you may complain to the supervisory authority in your country.