Privacy Policy

Peculiar Productions Privacy Notice

What is This?

Under the Data Protection Law, we have to tell you what we plan to do with your information. This tells you – simple, really.

Who Are We?

We are Peculiar Productions, an amateur performing arts group based in Cardiff. We’re basically a club of like-minded, okay peculiar-minded, people who get together to do performances and raise money for charities.

How will we use the information about you?

To process your requests to us, for example for tickets. If you’re a member of the company, to give you access to things to help manage the company.

To provide you with information about our events and keep you updated on what we are doing. You can unsubscribe from this information at any time.

We will not share your details except with the organisations that perform processing for us, who can only use your information in ways we tell them. We may also in some very unlikely circumstances be required to share it by law.

You have rights in respect of your data including the right to be supplied information on our uses, to see what data we are holding about you, to request correction or erasure of your data, to object to processing and to complain to the supervisory authority.

We’ll update this notice if we change what we are doing, or if the law changes. The date below will indicate when the notice was last changed.

The rest of this notice gives more detail about what we’re doing and why. If you’re not a privacy nerd these may not be the droids you’re looking for; move along.

 (Last updated 31 August 2021)

Personal Data We Collect

Member of the public

We collect your personal data for the purposes of giving you tickets and for keeping you up to date on what we’re doing. You provide this data when you go to our website, when you fill in a form (online or paper), when you email us, when you speak to us on the phone or face to face or when you order tickets. We get some of it from automatic recording e.g. cookies

Our legal basis for this processing is under Article 6 1(f) of the UK General Data Protection Regulation. This basis is “legitimate interest” – in other words, it’s in our interest to sell tickets and make sure people come to our events!

We will only keep your data as long as we need it. For information relating to individual shows, that’s 6 years after the show (for accounting purposes). For your contact details, that’s until you tell us you no longer want to hear from us, or until it’s clear that you’re no longer using those details (e.g. if your email address no longer exists).

Company Members

In addition to the data we may collect from you as a member of the public, we collect your data for the purposes of running the company. This includes:

  • Detailed contact information
  • Details of roles you’re performing / auditioning for and your preferences
  • Data about performances e.g. director “notes”
  • Data about equipment / costumes etc., you’re holding for us
  • Information about other interactions as required.

The legal basis for this information is again Article 6 1(f) of the UK GDPR – “legitimate interest”. The retention period for each of these items varies – for example, details of roles performed will be kept indefinitely as part of the company archive; details relating to individual events will not be kept longer than 1 year. Contact information will be kept as long as you are a member of the company, and after this will revert to being treated in the same way as public information.

How We Use Personal Data

As a member of the public, we use data about you to provide you with services, communicate with you, to plan our services, and to personalise your experience.

As a company member, we use the information about you to help us in our plans for world domination, sorry, to help us run the company and ensure your continued engagement, along with legal obligations such as health and safety.

Reasons We Share Personal Data

We use processors – organisations that provide us with services, and these are listed later. Some of these organisations are social media organisation and the relationship with these is based on both of us being users of their platforms; in which case these organisations partly govern the data sharing.

We don’t share your data with anyone not listed unless required to do so by law

How to Control Your Personal Data and Your Rights

If you believe our data about you is incorrect please contact us at

You have the right to demand that we erase data that we hold on you. However, please note that we can only do this if it is not required for further processing; in general, we erase your data as soon as we no longer require it. You may request via email to

You have the right to request that we give you a copy of your data. This is called a “Subject Access Request”. You may request this via email to

You have the right to complain about our processing to the Information Commissioner if you believe we are not processing your data in a proper manner. You can contact the ICO via their website

Cookies and Similar Technologies

Where services are delivered via websites, small amounts of information are sometimes placed on your device e.g. your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally. You can restrict or block cookies, but these may stop parts of the website from working. You’re given choices online regarding this, and more detail is provided on the website.

Our Processors and Companies we Use

We use a number of companies to provide us with services. We have appropriate agreements for processing with some of these, but some are social media organisations with their own policies, so our control is limited to their policy. The current list is:

Name of organisation and website Relationship Information held on our/your behalf Where is my information stored?
Ex Cathedra Solutions Ltd. Processor Website and all related data, our email system. UK
PayPal (Europe) S.à r.l. et Cie, S.C.A.     Processor Payment information when you pay via them; we only receive payment and your contact details and do not receive other details Worldwide
TicketSource (   ProcessorPayment information when you pay via them; we only receive payment and your contact details and do not receive other details Worldwide
The Gate ( information when you pay via them; we only receive payment and your contact details and do not receive other details Worldwide
Google Ireland Ltd.   Sharer / Processor Analytics information including IP addresses, location, device used, pages accessed. Storage of company files and documents. EEA
Facebook Ireland Ltd   Sharer Maintaining contact with members and public; maintaining contact and managing cast and company work. Worldwide
Slack   Sharer Managing crew and committee work Worldwide
The Rocket Scientist Group LLC (Mailchimp) Processor Managing our mailing list US
Zoom LLCProcessorConducting meetings, rehearsals and some online performancesUS
Microsoft Ireland LtdProcessor Conducting meetings, rehearsals and some online performances EEA

Personal Data We Collect

The data we collect can include the following:

Name and Contact details: We collect your name, your address, your email address, your phone number and similar contact details. These are used to provide you with services and to contact you in relation to services.

Device and Usage data: When you connect to us online, we collect data about pages you have visited, completed actions, error messages, IP address details, device operating system, region and language settings. These are used to provide services to you, and to improve our services.

Preferences and account data: Our systems include the ability to create an account using a username/password, mostly restricted to company members. The username is stored to allow us to retrieve your account; the password is NOT stored, but a “hashed” version of it is stored. This “hashed” password cannot converted back into your password,  but allows our systems to confirm the correct password has been entered.

Other Important Privacy Information

Below you will find additional privacy information you may wish to know.

Storage and Processing of Personal Data

Data collected by us is processed worldwide. These uses all comply with the requirements of the UK GDPR.

Security of Personal Data

We use a variety of techniques to ensure the privacy of your personal data and protect it from unauthorised disclosure or access. These include physical security, encryption at rest and in transit, multi-factor authentication and intrusion detection systems.

Retention of Personal Data

We operate a data retention and disposal scheme based on legal and operational requirements; let’s be honest here, we get rid of stuff because we need the storage space for costumes and props… Data is disposed of securely when it is no longer required for processing purposes.

We store personal information about financial transactions for a maximum of 7 years. We store your information about mailing lists until you tell us you don’t want to be on the list. For membership, we keep your details for 3 years after you ceased to be a member.

Changes to the Privacy Statement

We will update this privacy statement whenever a change in our use or a change in law occurs, and in response to your feedback. When it is changed we will update the date given at the top page (How will we use the information about you?). If there are significant changes we will notify you either by a pop-up notice when you logon or directly sending you a notification. We encourage you to periodically review this statement and provide us with feedback on areas you believe we could improve.

How to contact us

For general issues, please contact us via your .

We’re not required to have a data protection officer by law, but we do take looking after your data seriously and all issues raised will be examined.