Peculiar Productions Privacy Notice
What is This?
Under the Data Protection Law, we have to tell you what we plan to do with your information. This tells you – simple, really.
Who Are We?
We are Peculiar Productions, an amateur performing arts group based in Cardiff. We’re basically a club of like-minded, okay peculiar-minded, people who get together to do performances and raise money for charities.
How will we use the information about you?
To process your requests to us, for example for tickets. If you’re a member of the company, to give you access to things to help manage the company.
To provide you with information about our events and keep you updated on what we are doing. You can unsubscribe from this information at any time.
We will not share your details except with the organisations that perform processing for us, who can only use your information in ways we tell them. We may also in some very unlikely circumstances be required to share it by law.
You have rights in respect of your data including the right to be supplied information on our uses, to see what data we are holding about you, to request correction or erasure of your data, to object to processing and to complain to the supervisory authority.
We’ll update this notice if we change what we are doing, or if the law changes. The date below will indicate when the notice was last changed.
The rest of this notice gives more detail about what we’re doing and why. If you’re not a privacy nerd these may not be the droids you’re looking for; move along.
(Last updated 9 March 2019)
Personal Data We Collect
Member of the public
We collect your personal data for the purposes of giving you tickets and for keeping you up to date on what we’re doing. You provide this data when you go to our website, when you fill in a form (online or paper), when you email us, when you speak to us on the phone or face to face or when you order tickets. We get some of it from automatic recording e.g. cookies
Our legal basis for this processing is under Article 6 (f) of the General Data Protection Regulation as included in UK law by the Data Protection Act. This basis is “legitimate interest” – in other words, it’s in our interest to sell tickets and make sure people come to our events!
We will only keep your data as long as we need it. For information relating to individual shows, that’s 6 years after the show (for accounting purposes). For your contact details, that’s until you tell us you no longer want to hear from us, or until it’s clear that you’re no longer using those details (e.g. if your email address no longer exists).
In addition to the data we may collect from you as a member of the public, we collect your data for the purposes of running the company. This includes:
- Detailed contact information
- Details of roles you’re performing / auditioning for and your preferences
- Data about performances e.g. director “notes”
- Data about equipment / costumes etc., you’re holding for us
- Information about other interactions as required.
The legal basis for this information is again Article 6 1(f) of GDPR – “legitimate interest”. The retention period for each of these items varies – for example, details of roles performed will be kept indefinitely as part of the company archive; details relating to individual events will not be kept longer than 1 year. Contact information will be kept as long as you are a member of the company, and after this will revert to being treated in the same way as public information.
How We Use Personal Data
As a member of the public, we use data about you to provide you with services, communicate with you, to plan our services, and to personalise your experience.
As a company member, we use the information about you to help us in our plans for world domination, sorry, to help us run the company and ensure your continued engagement, along with legal obligations such as health and safety.
Reasons We Share Personal Data
We use processors – organisations that provide us with services, and these are listed later. Some of these organisations are social media organisation and the relationship with these is based on both of us being users of their platforms; in which case these organisations partly govern the data sharing.
We don’t share your data with anyone not listed unless required to do so by law
How to Control Your Personal Data and Your Rights
If you believe our data about you is incorrect please contact us at email@example.com
You have the right to demand that we erase data that we hold on you. However, please note that we can only do this if it is not required for further processing; in general, we erase your data as soon as we no longer require it. You may request via email to firstname.lastname@example.org
You have the right to request that we give you a copy of your data. This is called a “Subject Access Request”. You may request this via email to email@example.com
You have the right to complain about our processing to the Information Commissioner if you believe we are not processing your data in a proper manner. You can contact the ICO via their website https://www.ico.org.uk.
Cookies and Similar Technologies
Where services are delivered via websites, small amounts of information are sometimes placed on your device e.g. your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally. You can restrict or block cookies, but these may stop parts of the website from working. You’re given choices online regarding this, and more detail is provided on the website.
Our Processors and Companies we Use
We use a number of companies to provide us with services. We have appropriate agreements for processing with some of these, but some are social media organisations with their own policies, so our control is limited to their policy. The current list is:
|Name of organisation and website||Relationship||Information held on our/your behalf||Where is my information stored?|
|Ex Cathedra Solutions Ltd. https://excathedra.solutions||Processor||Website and all related data, our email system.||UK|
|PayPal (Europe) S.à r.l. et Cie, S.C.A. https://Paypal.co.uk||Processor||Payment information when you pay via them; we only receive payment and your contact details and do not receive other details||Worldwide|
|TicketSource (https://www.ticketsource.co.uk/)||Processor||Payment information when you pay via them; we only receive payment and your contact details and do not receive other details||Worldwide|
|The Gate (https://www.thegate.org.uk/)||Processor||Payment information when you pay via them; we only receive payment and your contact details and do not receive other details||Worldwide|
|Google Ireland Ltd. www.google.com||Sharer / Processor||Analytics information including IP addresses, location, device used, pages accessed. Storage of company files and documents.||Worldwide|
|Facebook Ireland Ltd www.facebook.com||Sharer||Maintaining contact with members and public; maintaining contact and managing cast and company work.||Worldwide|
|Slack www.slack.com||Sharer||Managing crew work||Worldwide|
|The Rocket Scient Group LLC (Mailchimp) https://mailchimp.com||Processor||Managing our mailing list||US|
Personal Data We Collect
The data we collect can include the following:
Name and Contact details: We collect your name, your address, your email address, your phone number and similar contact details. These are used to provide you with services and to contact you in relation to services.
Device and Usage data: When you connect to us online, we collect data about pages you have visited, completed actions, error messages, IP address details, device operating system, region and language settings. These are used to provide services to you, and to improve our services.
Preferences and account data: Our systems include the ability to create an account using a username/password, mostly restricted to company members. The username is stored to allow us to retrieve your account; the password is NOT stored, but a “hashed” version of it is stored. This “hashed” password cannot converted back into your password, but allows our systems to confirm the correct password has been entered.
Other Important Privacy Information
Below you will find additional privacy information you may wish to know. Enfield is committed to maintaining the privacy of your personal information. If you have any issues with our privacy, please contact Complaints and Information via the website or via email.
Storage and Processing of Personal Data
Data collected by us is processed worldwide. These uses all comply with the requirements of the GDPR.
Security of Personal Data
We use a variety of techniques to ensure the privacy of your personal data and protect it from unauthorised disclosure or access. These include physical security, encryption at rest and in transit, multi-factor authentication and intrusion detection systems.
Retention of Personal Data
We operate a data retention and disposal scheme based on legal and operational requirements; let’s be honest here, we get rid of stuff because we need the storage space for costumes and props… Data is disposed of securely when it is no longer required for processing purposes. The retention scheme is available on the council website.
Changes to the Privacy Statement
We will update this privacy statement whenever a change in our use or a change in law occurs, and in response to your feedback. When it is changed we will update the date given at the top page (How will we use the information about you?). If there are significant changes we will notify you either by a pop-up notice when you logon or directly sending you a notification. We encourage you to periodically review this statement and provide us with feedback on areas you believe we could improve.
How to contact us
For general issues, please contact us via your firstname.lastname@example.org .
We’re not required to have a data protection officer by law, but we do take looking after your data seriously and all issues raised will be examined.