fbpx

Privacy Policy

Cookies

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers

Privacy Statement

Strike A Light are a charity and we work to bring world class performance to Gloucester for all and offer arts opportunities, in particular to children and young people. In order to do this effectively, we sometimes need to collect, hold and use some personal data (information) from individuals such as name or contact details. This policy explains what we do and why and how we keep your data secure.

You may share your personal data with Strike A Light when you book a ticket, sign up for a workshop or sign up to our mailing list or we may collect data from you in order to fulfil a request e.g. to respond to a question you have raised.
Under the General Data Protection Regulation (GDPR) 2018 we have a legal responsibility to ensure that data is processed lawfully, fairly and in a transparent manner in relation to individuals.

We must ensure that personal data we hold is:

– Collected for specific, clear and legitimate purposes and only used in the ways which were specified when the data was originally collected.

– Relevant and limited only to the data that we need

– Accurate as far as is reasonable and kept up to date where required

– Only kept for as long as is necessary and securely destroyed afterwards

– Processed securely

How we use your data

When you provide us with your data, either via a form on our website (e.g. mailing list sign up or online ticket booking), on a paper form or over email, we will be clear with you about why we need this information,how we store it securely and how we use it.

Box Office data: When you buy a ticket or book for a workshop we use the information you provide to fulfil our obligations to you regarding the event e.g. to send you your ticket, to inform you of changes to the event etc. We also use this information to help us run our events better in future and to ensure we are reaching a broad range of people or fulfil funder requirements so we may email you for your feedback afterwards or ask you to provide monitoring information which we then anonymise and report on. We keep a record of the events you have booked for, the tickets you booked etc to allow us to understand our audiences better, to deliver a better service to you in future and to answer any questions you may have about your past bookings. We may also use the contact information you provide to let you know about other similar events we think you may be interested in. Where this is the case you will have the option to opt out of this at the point of booking.

Mailing list data: When you sign up to our mailing list you will be able to choose what contact information you provide and how we contact you if applicable and what we contact you about. We may also use this data internally for monitoring responses to our mail outs and understanding our audiences better.

If you provide your data to us for any other purposes, we will be clear about what we need and why, how your data will be used and how you can opt out of this where applicable.

Where you give consent for us to use your data, for example, when you sign up to our mailing list, it must be as easy to withdraw consent so we include an ‘unsubscribe button at the bottom of every email we send out.

Sharing data

We do not share your data with any third party organisations for them to contact you, unless you have given specific consent for this. For example, if you come and see a show you may choose to sign up to receive information from that particular performance company as well as from Strike A Light.

We work with GDPR compliant organisations to process your data, for example, we use Mailchimp to be able to send emails to you, track who has unsubscribed and collect consent from people signing up. Those organisations cannot use your data themselves for any other purposes and we remain the data controllers.

How we keep your data secure

We keep your data secure by using GDPR compliant software and organisations to process your data, for example, Mailchimp and GDrive which have built in security settings which we can use to protect your data.

Any documents or software containing your data will be password protected and only certain members of Strike A Light staff will have access to this data if they need it to undertake their jobs.

Your rights

You can withdraw your consent to your data being processed at any time. You can also request to restrict processing e.g. that we can use your data to send you information about one type of activity but not another. You should also be able to quickly and easily request that the data we hold about you is updated and any corrections made.

You also have the right to be forgotten e.g. all data held about you removed, and the right to data portability e.g. for us as an organisation to provide your data in a format which is then suitable to be transferred to another organisation or that we undertake that transfer for you.

If the data is being processed for any other purposes, for example, with Gift Aid records we have a legal obligation to keep them for for 6 years from the end of the accounting period they relate to, then we as an organisation may not be able to fulfil this request but we will explain to you why this is the case.

You can also submit a subject access request, whereby we as an organisation would provide all of the data we hold on you. This must be done free of charge and within one month of the request.

As an organisation we can extend the period of compliance by a further two months where requests are complex or numerous and we will inform you within one months of this and explain the reasons why.

If a request is excessive or clearly without relevant purpose, in particular where it involves repetitive tasks we can choose to charge a reasonable fee, proportionate to the administration incurred or to refuse the request. In the event that a request is refused we will respond within one month to explain the reasons for this decision and inform you of your right to complain to a supervisory authority or take legal action.

For any questions about the way we use data, the data we hold on you or to change or update your preferences, please contact us.

Our full privacy policy which we use to explain how we as an organisation manage data protection, is available here.