PRIVACY POLICY
1. Who Are We?
Founded in 1948, the organisation was named “South Westmorland Stage and Screen Society”, and following a number of changes has become “The Heron Theatre”.
The object of the theatre is to present dramatic and kindred arts to the public by means of dramatic and musical performances, films, lectures and the promotion of cultural activities in its own theatre and elsewhere. These rely on the voluntary services and talents of its members who number approximately 400, and upon the contributions of visiting theatrical and music groups including professional companies.
Membership is open to all without any form of discrimination.
2. Our Commitment To Your Privacy
We are committed to keeping the personal details of our members and supporters safe. This policy explains how and why we use your personal data, to ensure that you remain informed and in control of your information.
Any references to The Heron Theatre, or to “we” or “us” refer to The Heron Theatre. We are a charity registered in England & Wales and our registered number is 501134.
We use three key definitions to describe people mentioned in this policy. These definitions are used by the Information Commissioner’s Office, ( The ICO) a body established to uphold information rights.
Data Subject : This is you, one of our loyal members and supporters. As the data subject, we respect your right to control your data.
Data Controller : this is us, The Heron Theatre. With your permission, we determine why and how your personal data is used ( as outlined in this policy).
Data Processor : The Heron Theatre is a data processor as well as any other organisation, who processes your data on our behalf, with your permission. For example, this might be an organisation to whom we
outsource the booking of tickets : Ticketsource. (www.ticketsource.co.uk).
When we share your data with other organisations or individuals in this way, we always set up a written contract with them to protect your data in line with current legislation. The third parties we work with at no point “own” your data, so you will never hear from them independently. We always send your data to partner organisations securely to minimise the risk of it being intercepted by unknown individuals and / or organisations.
We will never sell your personal data.
Should you wish to find out more about the information we hold about you, or about our privacy policy, please contact us at :
Peter Mann
Hon Secretary
The Heron Theatre
Stanley Street
Beetham
LA7 7AS
Telephone 015395 64283 ( answerphone )
Email : secretary@theherontheatre.com
We are run by volunteers and do not have set opening hours. All messages are dealt with as quickly as practicable.
3. Why Do We Collect Your Personal Data ?
We use your personal data to keep in touch with you. We will only ever collect, store, and use your personal data when we have an identified purpose and reason to do so. The ICO refers to this as a
“lawful basis”. Further information about why we collect your personal data is outlined below:
a) To administer your The Heron Theatre membership. We collect your personal data (see section 4 for the kind of data we collect) to administer your membership, which may involve :
Sending your welcome pack when you first join us.
Processing standing order subscription payments (if appropriate).
Sending membership renewals (if appropriate).
Getting in touch should there ever be any membership issues.
The ICO define the lawful basis for processing your data for these purposes as ” contractual”.
b) To send you tickets booked for events. We collect your personal data to send you tickets, information about events which you have booked, and (where appropriate) refunds.
The ICO define the lawful basis for processing your data for these purposes as “contractual”.
c) To send you information about our activities and ask for your opinion.
We also collect your personal data so that we can send you information about our events and activities that we feel will be of interest to you. This includes your membership welcome pack, newsletters, seasonal event listings, feedback, advertising flyers for specific events, and other activities.
From time to time we may also use your personal data to ask for volunteers, to advertise Trustee vacancies, or to ask for your opinion about our work.
This information is in addition to that outlined in sections a) and b) and is defined as “direct marketing” by the ICO.
i) Joint And Family Membership
If you are a joint or a family member of The Heron Theatre, we will address communications to all those listed on your membership. If you wish to update this at any point, please let us know. See section 4d in relation to children under 13 years of age.
ii) Gift Membership
If The Heron Theatre membership is purchased as a gift, we will send the membership pack to the giver to pass on to the recipient. The recipient will then need to activate the membership and provide us with their details.
iii) When Your Membership Ends
Unless we hear from you directly, we will continue to send you information about our activities for up to 12 months after your membership has ended. This is in case your membership or interest ends accidentally : for example by changing your bank account details, or supporting us in a different way.
iv) Direct Marketing
As defined by the ICO we use two different lawful bases for processing your data for ” direct marketing” purposes.
i) Legitimate Interest
This is where we have identified a genuine and legitimate reason for contacting you, which, crucially, does not override your rights or interests. We use legitimate interest to send you the information listed above by post or telephone.
ii) Opt-In Consent
This is where you have given us express permission to contact you by particular communication channels.
We use opt-in consent to send you the information listed above by email, telephone or by post. We respect your right to update the ways we get in touch with you, at any time.
d) To Enable You To Volunteer With Us
If you are a Heron Theatre volunteer, we collect your personal data so that we can keep in touch with you about volunteer opportunities, rotas, and dedicated volunteer events.
As defined by the ICO the lawful basis for processing your data for these purposes is “contractual” when administering your volunteer record, and “legitimate interest” when sending you information about our work.
4. What Personal Data Do We Collect ? How Do We Collect It ?
a) Basic Information
We will usually collect your name, postal address, email address, telephone numbers, and your bank details. Most of the time we collect this from you on the Membership application form directly, or in person, over the telephone, or via email or through Ticketsource booking.
b) Getting To Know You Better
This information may include records of donations or gift aided donations, preferences of how you like to be contacted, ways in which you have helped us by volunteering, and records of events and activities which you have attended.
Sometimes we will collect other information such as gender or your date of birth. When we do so, we will be very clear as to why we are collecting such information and will only do so with your specific consent and permission. This information will be collected from you directly.
c) Sensitive Personal Data
We do not normally collect or store sensitive personal data (such as health, beliefs, or political affiliation) about supporters and members.
When we do so we will be very clear as to our reasons, and will only do so with your specific consent and permission. The data will be collected directly from you. If you are a volunteer, the extra information may include medical conditions, criminal record checks, emergency contacts, and references.
If there is an accident at the Theatre we may also collect sensitive data for legal and insurance purposes. We will take care to ensure that your privacy rights are protected.
d) Children And Young People
In line with data protection law, we will not collect, store, or process your personal details if you are under 13 years of age, unless we have the express permission of your parent or guardian to do so. If we have the permission of your parent or guardian, we will capture your date of birth at the point of joining.
5. How Do We Store Your Data?
a) Security
All of the personal data we process is processed by our volunteers , Trustees, and by Ticketsource in the UK and is stored on Microsoft and Linux servers within the EU in accordance with guidance issued by the
ICO. Electronic data and databases are stored on secure computer systems and we control who has access.
We have detailed data protection procedures which personnel are required to follow when handling personal data.
b) Payment Security
All electronic Heron Theatre/ Ticketsource forms which request financial data use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers. This also applies to debit / credit card payments via Ticketsource.
We cannot guarantee the security of your home computer or the internet, and any online communications (eg email or website) are at your own risk.
c) Data Retention Policy
We will only use and store information for as long as it is required for the purposes it was collected for. There is a continuous review and deletion policy for obsolete data.
6. Your Rights
We respect your right to control your data. Your rights include the right to be informed. If you have any questions about any elements of this policy, please contact us.
If you wish to obtain a copy of the data we hold about you, we will respond to a “subject access request” within one month. You can ask us to remove, correct, restrict your data or be excluded from marketing activity.
7. Complaints Either Generally Or In Relation To Data Protection
The Heron Theatre want to exceed your expectations in everything we do. However we know that there may be times when we do not meet our own high standards. When that happens, please tell us in order that we can deal with the situation and stop it happening again. We take complaints seriously, and guarantee that they will be handled sensitively and in line with data protection requirements.
This policy was last updated in July 2023.