The General Data Protection Regulation (GDPR) includes rules on gaining and holding your personal information and places an emphasis on making privacy notices more transparent, and accessible.
- What we use personal data for
- How and where the data is held
- Who accesses it and who is it shared with
- Which parties are responsible for it
- How long we will be holding the data
The GDPR says that the information we provide to people about how we process your personal data must be:
- With your positive consent
- Concise, transparent, intelligible and easily accessible
- Written in clear and plain language, particularly if addressed to a child
- Free of charge to you
The Data Controller
Brixton House is the Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 (DPA) and the new General Data Protection Regulation (GDPR).
What information do we collect about you?
We only collect information that’s necessary to carry out our business or to deliver our charitable objectives. Sometimes, the more ways you engage with us, the more data we will require in order to best provide what you need. You can choose to not provide us with the information we need, but this will then impact what we are able to provide.
The GDPR defines personal data as the following:
“Personal information” may include full name, postal address, email address, social media handles, phone numbers, and marketing preferences, photographic images, purchase history, emergency contacts, IP Address and credit card details”.
‘Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;’
‘Special categories’ of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Special category data relating to members can include: racial and ethnic origin, religion, health records etc.
For the purposes of protection all children under the age of 16 will require adult consent.
We collect this information when:
- Purchasing a Ticket (including financial information such as credit card related)
- Registering for classes, training or workshops (including demographic information such as age, gender, etc)
- Making a donation
- Surveys & Competitions
- Cookies, third party links
- Social Media and email communication
- Sensitive Personal Data e.g. contract information , employees and special requirements/needs of young people (such as learning difficulties or emergency contacts)
How will your information be used?
- Customer buying details (ticket sales, merchandise, etc)
- Customer giving details (making a donation online, telephone or at an event)
- Administering finance (e.g. freelance fees)
- Providing parents of younger members with clear understanding of our requirements
- Providing artists with information (e.g. contracts, rehearsals, show dates, show requirements)
- Promoting our services
- Safeguarding and promoting the health and welfare engagers
- Ensuring engagers safety and security
- Providing operational information
- As an Arts Council NPO we use Audience Agency Audience Finder with The Audience Agency to understand, compare and apply audience trends and insight.
How long will your information be held?
Personal information will be stored for a period of no longer than 5 years. You will have the right to have these removed at any time. Archive material based on previous shows or learning or participation activity may remain on our website for considerably longer, at times with public access via the internet.
What is our legal basis for processing your personal data?
GDPR defines six legitimate means for personal data processing by an organization. Personal data processing at Brixton House is supported by one or more of these six means:
|Purpose||Type of Data||Legal Basis|
|To register you as a new customer||Identity Contact Transaction||Consent Contract|
|To register you for a class, workshop or other service||Identity Contact||Consent Contract Legitimate interests|
|To enable you to take part in a prize draw, promotion, competition or complete a survey||Contact Sensitive data||Consent Legitimate interests|
|To make a donation||Contact Identity Financial Transaction||Consent Legitimate interests Legal obligations|
|To manage our relationship with those under 16||Contact Identity Marketing and Communications Sensitive data||Consent Legal obligations Legitimate interests|
|To administer and protect our business and this website (including trouble shooting, data analysis, testing, system maintenance, support, reporting and hosting of data||Technical Profile Marketing and Communications||Legitimate interests|
|To manage payments, fees and charges||Contact Personal Financial Marketing and communications||Consent Legal obligations Legitimate interests|
|To make suggestions or recommendations about upcoming productions and activities that may be of interest||Contact Personal Marketing and communications||Consent Legitimate interests|
Who receives your information?
We take every precaution to protect your information. To this end all personal information stored by us is kept on servers in a secure environment. Save as agreed by you for marketing purposes, only employees and approved contractors/developers we may appoint from time to time, and who need the information to perform a specific job, are granted access to personally identifiable information.
Brixton House will never share, sell, rent or trade your personal data to any third parties for marketing purposes without your prior consent. We will ask for your consent to share personal information with organisations, artists or companies we have co-produced work with that you may have seen in our theatre or in collaboration with Brixton House at another venue. These requests will be specific to the individual organisation so that your consent decision is informed.
Where is data held?
- Hard copies of data are held in fireproof, lockable cabinets
- Data will be kept secure on a single encrypted server
- Digital password encrypted computers hold the files and systems that contain electronic files. Some information on young people and safeguarding, known donors, artists and companies are only accessed by certain authorised staff (according to need to access information or organisational seniority) with permissions set and controlled by an external IT management company (currently Virtual IT)
- When retaining supporters/ donors confidential information we intend to keep Gift Aid Declarations and cheques received as scanned PDFs attached to your record on our database to prove we received them. Hard copies will be kept on file in fireproof lockable cabinets
Updating your information
If you have not received an opt-in notification via email, we offer the following options for updating information in our database:
E: firstname.lastname@example.org Mail: Brixton House Theatre, 385 Coldharbour Lane, London SW9 8GL
Call: Box Office at 0207 582 7680 (Lines closed during Covid restrictions)
Please include any information that would help us identify you in our database, such as complete contact information (name, postal address and email address).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We will respond within 1 month.
Website and Cookies
As with most other Internet sites, our web servers record the Internet Protocol (IP) address of each visitor. This IP address tells us from which domain (such as google.com) you are visiting, but not your e-mail address. We use the information to help diagnose problems with our server, to administer the website more effectively and to gather broad demographic information. When providing this personally identifiable information, you are indicating to us your consent that we use it in accordance with the terms and provisions of this policy. This site utilises cookies to keep track of the visitor’s basket and for other purposes.
What are cookies?
Cookies are small text files that a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website, or another website, to recognise your device the next time you visit. Web beacons or other similar files can also do the same thing. We use the term “cookies” in this policy to refer to all files that collect information in this way.
Cookies can serve many functions. For example, they can help a site to remember your username and preferences, analyse how well a website is performing, or allow a site to recommend content the owner believes will be relevant to you.
Certain cookies contain personal information – for example, if you click to “remember me” when logging in, a cookie will store your username. Most cookies won’t collect information that identifies you.
What sort of cookies are there?
Generally, cookies perform up to four different functions:
1. Essential cookies
Some cookies are essential for the operation of a website. For example, some cookies allow the site to identify subscribers and ensure they can access the subscription only pages. If a subscriber opts to disable these cookies, the user will not be able to access all of the content that a subscription entitles them to.
2. Performance Cookies
Many sites utilise cookies to analyse how visitors behave and to monitor website performance.
3. Functionality Cookies
These cookies to allow a site to remember your preferences.
4. Third party cookies
Most companies use Google Analytics to help monitor website traffic. Google Analytics collects information such as pages you visit on this site, the browser and operating system you use and time spent viewing pages. The purpose of this information is to help improve sites for future visitors.
Social plug-ins for Twitter and Facebook may also set or retrieve cookies on your machine if you are logged in to these websites, or have previously downloaded cookies controlled by these sites.
Can a website user block cookies?
As we’ve explained above, cookies help you to get the most out of our website. However, if you do wish to disable our cookies then please do. Just remember that if you do choose to disable cookies, you may find that certain sections of our website do not work properly.
Third party use of hyperlinks information and other services
Brixton House website often contains links to other sites belonging to artists, theatre companies, venues or collaborating partners. Unless otherwise explicitly stated, we are not responsible for the privacy practices or the content of other websites accessed by a link from Brixton House’s website, including such sites’ use of any information and use of any marks.
By clicking on these sites you understand and agree that your access to or use of those services is a matter entirely between you and the third parties. Brixton House shall have no liability whatsoever for any such access or use of information or purchased products or services.
Brixton House has implemented security measures to protect against the loss, misuse and alteration of the information under our control. A firewall protects the secure areas of our site.
What are your rights?
Under certain circumstances, you have rights under data laws in relation to your personal data.
These include the right to:
- Request a copy of the personal data which we hold about you.
- Request that we correct any personal data if it is found to be inaccurate or out of date.
- Request your personal data is erased where it is no longer necessary to retain such data.
- Object to the processing of your personal data where applicable, i.e. where processing is based on legitimate interests, direct marketing and processing for the purpose of research and statistics.
- Request a restriction is placed on further processing, where there is a dispute in relation to the accuracy or processing of your personal data.
- Request transfer of your personal data.
- Right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data.
You can see more about these rights at: ico.org.uk
Any requests or objections should be made in writing to:
Data Protection Officer, email@example.com
Mail: Brixton House Theatre, 385 Coldharbour Lane, London SW9 8GL
How to make a complaint
If you are unhappy with the way in which your personal data has been processed, you may in the first instance contact firstname.lastname@example.org
Updated December 2020