This policy sets out how we collect, process and hold your personal data if you visit our website or otherwise provide personal data to us.
We are London Theatre Direct Ltd, 55 Strand, London, WC2R 0LQ (Registered in England and Wales, number 3800560). We are the data controller of your personal data.
London Theatre Direct is responsible for the processing of your personal information in accordance with the Data Protection Act 2018 (DPA 2018), The Privacy and Electronic Communications Regulations (PECR) 2003 and The General Data Protection Regulation (GDPR) (EU) 2016/679.
The DPA requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO), unless they are exempt. Our registration number with the ICO is Z673567X.
This policy affects your legal rights and obligations so please read it carefully. If you have any questions, please contact us at firstname.lastname@example.org
Personal data we collect
We collect, process, store and use personal data when you book a ticket to an event including your name, address and email address together with payment information in order to facilitate your ticket booking with us. If you chose to log-in to our website using a social media or express checkout method, we store the method of log-in.
We may also collect personal data that you give to us about other people if you register them to attend an event. You agree that you have notified any other person whose personal data that you provide to us of this privacy notice and, where necessary, obtained their consent so that we can lawfully process their personal data in accordance with this policy.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.
You do not need to provide us with any personal data to view our website. However, we may still collect the information set under the Data we automatically collect section of this policy, and marketing communications in accordance with the Marketing Communications section of this policy.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Data we automatically collect
When you visit our website, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your computer or other device's unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns. We collect this information using cookies in accordance with the Cookie section of this policy and we use the information we collect on an anonymous basis to improve our website, the events and the services we provide, and for analytical and research purposes.
If you opt in to receive marketing communications from us you consent to the processing of your data to send you such communications, which may include newsletters, blog posts, surveys and information about new events. We retain a record of your consent.
You can choose to no longer receive marketing communications by contacting us at email@example.com or clicking unsubscribe from a marketing email. If you do unsubscribe to marketing communications, it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.
Lawful processing of your personal data
We will use your personal data in order to comply with our contractual obligation to supply to you the tickets to an event that you have booked, including to contact you with any information relating to the event, to deliver the event to you in accordance with any requests you make and that we agree to, and to deal with any questions, comments or complaints you have in relation to the event.
We may also use your personal data for our legitimate interests, including dealing with any customer services you require, enforcing the terms of any other agreement between us, for regulatory and legal purposes (for example anti-money laundering), for technical reasons, for audit purposes and to contact you about changes to this policy.
Who do we share your data with?
We may share your personal data with service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers, event ticketing providers, email communication providers, IT service providers, accountants, auditors and lawyers.
Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party's rights, property, or safety.
We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Where we hold and process your personal data
Some or all of your personal data may be stored or transferred outside of the European Union (the EU) for any reason, including for example, if our email server is located in a country outside the EU or if any of our service providers or their servers are based outside of the EU. We shall only transfer your personal data to organisations that have provided adequate safeguards in respect of your personal data.
A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer. The cookie identifies your browser but will not let a website know any personal data about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.
We shall process your personal data in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. All personal data is stored under physical, electronic and procedural monitoring and we are equipped with modern monitoring, technical and security mechanisms to provide the maximum possible security against unauthorised access or transfer, loss, destruction or misuse of the data.
All information you provide to us is stored on our secure servers. All payment transactions, all traffic between the user and our servers, all traffic between system components and where applicable, all traffic between our servers and our suppliers are encrypted using SSL.
Where we have given, or you have chosen a password, you are responsible for keeping this password confidential.
However, you acknowledge that no system can be completely secure. Therefore, although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure.
You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data if it is inaccurate or incomplete. You also have the right at any time to require that we delete your personal data. To exercise these rights, or any other rights you may have under applicable laws, please contact us at firstname.lastname@example.org
Please note, we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
If you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, you should contact the UK supervisory authority: the Information Commissioner, see www.ico.org.uk.
If you register with us, we shall retain your personal data until you close your account.
If you receive marketing communications from us, we shall retain your personal data until you opt out of receiving such communications.
If you have otherwise booked a ticket with us or contacted us with a question or comment, we shall retain your personal data for 1 year following such contact or after your chosen performance date to respond to any further queries you might have and/or process your ticket booking and fulfil any related administrative requirements, including financial auditing and fraud prevention. We will retain your name only in our system attached to the tickets you purchased after 1 year for reconciliation, legal, tax and accountancy purposes.
If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This policy shall be governed by and construed in accordance with the law of England and Wales, and you agree to submit to the exclusive jurisdiction of the English Courts.
We may change the terms of this policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our website after the time we state the changes will take effect, you will have accepted the changes.