We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do - both on and off stage. As a charity, it also helps us to engage with potential donors and supporters.
The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
If you have any queries about this policy, please contact the team on email@example.com
Horsecross Arts is a charity and receives funding from Creative Scotland, Perth and Kinross Council and The Gannochy Trust, other trusts, foundations and individual donors and supporters. Our registered charity number in Scotland is SC022400 and we are also registered as a company in Scotland under registration number SC301328.
We are registered as a data controller under the Data Protection Act 1998, and our Data Protection Register number is: Z9675473
We collect various types of information and in a number of ways:
Information you give us
For example when you register on our website, buy tickets, make a donation, apply for a job, sign-up to newsletters or participate in audience surveys and feedback forms we’ll store personal information you give us such as your name, access requirements (for example if you require wheelchair access), email address, postal address, telephone number and card details in a secure personalised wallet (should you wish to do so), Gift Aid status and contact preferences. We will also store a record of your purchases and donations. For security reasons we use CCTV in our premises at Perth Concert Hall and Perth Theatre. If you are a parent or carer booking for a dependent we will also ask for their name and age plus a contact detail of a second responsible adult in case of an emergency.
Information about your interactions with us
For example, when you visit our website, we collect information about how you interact with our content and ads. When we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.
Information from third parties
We occasionally receive information about you from third parties. For example, we may use third party research companies to provide general information about you, compiled using publicly available data.
For our classes and workshops we occasionally receive information from third parties about you/your dependant. For example, if school pupils are attending a workshop in one of our venues the school may provide emergency contact details and, where relevant, sensitive personal data about an individual (see the section below for further details).
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our patrons unless there is a clear reason for doing so. To ensure we can provide the best service possible for participants attending our classes/workshops we request and store some sensitive personal data. This includes information on any health conditions and/or disabilities, information on any special educational needs and information on any home-life situations that may affect your/your child’s experience/participation (for example, adults permitted to pick-up a child at the end of a session).
There are three bases under which we may process your data:
When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.
Legitimate business interests
In certain situations we collect and process your personal data for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below situations where we may use this basis for processing.
With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation. This will include asking for your consent for filming, photography or sound recording at any of our participatory workshops or events.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful and will include direct mail letters or emails about the event, workshop, class or project. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving them during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We may also contact you about our work by telephone however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases (as above).
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible. We may analyse data we hold about you in order to identify and prevent fraud.
In order to improve our website we may analyse information about how you use it and the content and ads that you interact with.
We may use profiling techniques or third party wealth screening and insight companies to provide us with information about you that will help us to communicate in a relevant way with you, in particular when we are approaching you about potential philanthropic support. Such information is compiled using publicly available data about you.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here.
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.
We store your personal information indefinitely such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.
If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively please use the contact details at the end of this policy.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your or your child’s personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your or your child’s data anywhere that is outside of the European Economic Area unless it is with an organisation such as Facebook, Google, Mailchimp or Dotmailer who are a part of the EU privacy shield initiative. More details on this certification can be found at www.privacyshield.gov/welcome.
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
This Policy will be reviewed on a regular basis. It may be updated to take into account changes at Horsecross Arts or to reflect changes to regulation or legislation.
30 Jul 2018
Perth Concert Hall