This policy explains what information we collect, how and why we use it, how it is stored, any partners we work with, and your rights with regard to any information you share with us. Please read this information carefully. By providing your data, you acknowledge that you have read this policy and understand we will process your data in accordance with its terms.
We promise to use the information we collect about you in accordance with the General Data Protection Regulation (GDPR, 2018), the Data Protection Act (2018) and the Privacy and Electronic Communications Regulations (PECR, 2003).
We aim to be clear when we handle your data, and not do anything you wouldn’t reasonably expect.
What information do we collect?
You may be required to provide personal information when you buy a ticket, join a mailing list, update your preferences, sign up for an event, apply for a job, participate in a project, or supply goods and services to us. We may collect any of the following information from, or about, you:
Date of Birth
Billing/payment information (we keep the last four digits of a card number to help us identify transactions)
Access requirements (for you or your party)
Opinions collected via surveys
Any other information you provide to us by email, letter, telephone, social media, via our websites or apps, or in-person
CCTV security recordings, and possible photography or video at performances/events
Information that is publicly available
This may include health information, such as disability needs for accessing our performances, or other information specific to a job or volunteering role you are applying for. From time to time we might ask customers to take part in surveys to assess ethnicity (amongst other aspects); this is optional and you will always have the right to decline to provide this information.
Through our website, we receive and store certain details through ’ cookies’ which record how the site is being used to help us provide improved services, analyse usage and enable transactions. Cookies are small text documents, stored by your web browser on your device when you visit our websites, which enable an enhanced experience by storing information such as your user details or preferences. You can decide whether or not to allow cookies on your device.
We keep a record of the emails we send you (and that you send us), and we may track whether you receive or open them to ensure we are sending you the most relevant information. We may then track any subsequent actions online, such as buying a ticket.
We use social media to provide updates on our activities and to promote events and projects. We may tailor adverts on social media and elsewhere online relevant to your interests. Depending on your own privacy settings, you may control Circus Cortex’ permission to access information via social media platforms.
We use some online tracking and analysis services such as Google Analytics to find out how our website is being used, which campaigning activities are working best, and how we can improve customer experience.
For certain marketing campaigns, you may receive personalised, online advertising after visiting our website. Many of these online adverts allow a facility to opt out completely or refine your preferences to make advertising more relevant to you.
Data from third parties
We may also obtain or collect personal information about you from third party sources, e.g.:
A family member, friend or colleague contacts us on your behalf, for instance, to purchase a gift membership or gift voucher
We may ask parents/guardians to supply information about under 16s for workshops or projects
If we run an event in partnership with another third-party organisation, your details may be shared in order to help us run that event
If we engage an external supplier for photography or video
If your company or services are recommended to us
Why do we collect this information, and how do we use it?
We will use your information for the following purposes below, either on the basis of performance of your contract; your consent (where we require it); where we need to comply with a legal obligation; or our legitimate interest or those of a third party.
This allows us to obtain a better understanding of our customers, visitors, participants and ticket-buyers to make better business decisions enabling us to operate and market our services more efficiently.
We use the information we collect about you:
to contact you if there is an important change to your booking or visit
to fulfil our contract with you
to keep a record of the relationship we have with you
to process a transaction and carry out the completion of a purchase (your personal information and card details may be passed to third-party service providers; card details will only be used in this way for the purpose of handling an individual transaction)
to inform you about relevant events, services or activities we believe will be of interest, as well as opportunities to support our charitable work
to provide personalised service and ensure the best possible experience when you visit us
to ensure that the information we already hold is accurate and up to date
to improve our products, services and information in the future
to assist us with reporting and analysis for our own needs or the needs of any funding partners
to ensure we know how you prefer to be contacted
to protect against fraud or unlawful activity
to ensure compliance with policies, procedures and laws
to process any recruitment information
to share with approved suppliers (for instance for research and direct mail)
to undertake customer research to help us understand how we can improve our services or information
to promote Circus and its activities (e.g. imagery, quotes from social media etc)
to make recommendations to you about other relevant cultural activities by approved partner organisations (NB: these organisations would not be in possession of your data)
for suppliers, to pay invoices or to contact you about supplying further services to us
Sharing your data with third parties
We will only share data with third-party providers on the legal basis as listed below:
For fulfilment of contract: services such as our ticketing system, email service and mailing houses. And, for suppliers, our finance and administration systems. We have agreements in place with each provider to ensure your data is secure and cannot be accessed or used for any other purpose. Your personal data is never sold to any agencies or companies.
Legitimate business interests: we may make data available to approved suppliers for analysis and research purposes only, e.g. identifying sales trends, assessing campaign effectiveness, or postcode mapping etc. This assists us with reporting and with our strategic planning, helping us to apply our resources more intelligently. All such agencies will be carefully checked and have a separate data sharing agreement with us, including non-disclosure agreements, and their privacy policies will have to be as secure as our own.
How can you update your preferences?
How we keep your data safe?
We are located in the UK. Your data is held in the UK and only accessed by authorised and trained staff. Only employees and approved contractors/developers we may appoint from time to time, and who need the information to perform a specific job, are granted access to personally identifiable information. We will not share any details with any other third parties without your agreement unless required by law. We will ensure information is held securely, and only those who need access to it can see it. We will delete this information when we no longer need it.
Where we appoint an external party to analyse or process data any such arrangements will be subject to a formal agreement between Circus Cortex and that organisation, to protect the security of your data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will retain your information for as long as is necessary to provide you with the services you have requested or require from us unless (a) we must keep it to comply with applicable laws or evidence compliance with such applicable laws; (b) there is an outstanding issue, claim or, dispute requiring us to keep such information until the issue, claim, or dispute is resolved; or (c) the information must be kept for our legitimate business interests, such as fraud prevention and enhancing users’ safety and security. We will store data in our ticketing system for a maximum of 5 years after your last transaction or communication with us.
Changes to this policy
Your rights include the following:
to be informed of the ways in which we use your information, as we seek to do in this policy
to request us to stop processing your personal data for marketing purposes
you can request a copy of the personal information we hold about you
you can request that inaccuracies are corrected
you can withdraw any consent to direct marketing (refer to the section headed ‘Why do we collect this information, and how do we use it?’ above)
the right to object to our using your information on the basis of our legitimate interests (refer to the section headed ‘Why do we collect this information, and how do we use it?’ above) (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground
in certain circumstances, you can request that we limit or cease processing or erase your personal data
Please note that we may need to retain certain information for our own records and research purposes. We may also need to send you service-related communications.
Do you have any questions or concerns?
Please contact us if you have any questions about this policy, or wish to be removed from any communications or data processing activities:
Email us at: firstname.lastname@example.org
Subject Access Request: If you wish to make a subject access request (SAR), you can contact us through any of these channels in writing. Whilst you are not required to complete it, we can supply you with a SAR form. We will try to respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is particularly complex or if you have made a number of requests in which case we will keep you notified and updated. We will require specific details and proof of identification. This is a free service though we reserve the right to charge for reasonable administrative costs if your request is clearly unfounded, repetitive or excessive.
This policy sets out how we collect, process and hold your personal data if you visit our event ticket shop or otherwise provide personal data to us. We are Show Productions Ltd (T/A Circus CORTEX) of 4 Innovation Drive, Newport, England, HU15 2FW. We are the data controller of your personal data.
This policy affects your legal rights and obligations so please read it carefully. If you have any questions, please contact us at email@example.com or call us on 07967178785.
Personal data we collect
We collect, process, store and use personal data when you book a ticket to an event including your name, address and email address together with payment information. We may also collect personal data that you give to us about other people if you register them to attend an event. You agree that you have notified any other person whose personal data that you provide to us of this privacy notice and, where necessary, obtained their consent so that we can lawfully process their personal data in accordance with this policy.
All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.
You do not need to provide us with any personal data to view our event ticket shop. However, we may still collect the information set under the Data we automatically collect section of this policy, and marketing communications in accordance with the Marketing Communications section of this policy.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Data we automatically collect
When you visit our event ticket shop, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your computer or other device's unique ID number; (b) technical information about your devices such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns. We collect this information using cookies in accordance with the Cookie section of this policy and we use the information we collect on an anonymous basis to improve our event ticket shop, our events and the services we provide, and for analytical and research purposes.
If you opt-in to receive marketing communications from us you consent to the processing of your data to send you such communications, which may include newsletters, blog posts, surveys and information about new events. We retain a record of your consent.
You can choose to no longer receive marketing communications by contacting us at firstname.lastname@example.org or clicking unsubscribe from a marketing email. If you do unsubscribe to marketing communications, it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.
Lawful processing of your personal data
We will use your personal data in order to comply with our contractual obligation to supply to you the tickets to an event that you have booked, including to contact you with any information relating to the event, to deliver the event to you in accordance with any requests you make and that we agree to, and to deal with any questions, comments or complaints you have in relation to the event.
We may also use your personal data for our legitimate interests, including dealing with any customer services you require, enforcing the terms of any other agreement between us, for regulatory and legal purposes (for example anti-money laundering), for audit purposes and to contact you about changes to this policy.
Who do we share your data with?
We may share your personal data with any service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers, event ticketing providers, email communication providers, IT service providers, accountants, auditors and lawyers.
Under certain circumstances, we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party's rights, property, or safety.
We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Where we hold and process your personal data
Some or all of your personal data may be stored or transferred outside of the European Union (the EU) for any reason, including for example, if our email server is located in a country outside the EU or if any of our service providers or their servers are based outside of the EU. We shall only transfer your personal data to organisations that have provided adequate safeguards in respect of your personal data.
A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer. The cookie identifies your browser but will not let a website know any personal data about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.
We also use Google Analytics to monitor how the event ticket shop is used. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits to the event ticket shop, where visitors generally came from, how long they stayed on the event ticket shop, and which pages they visited. Google Analytics places several persistent cookies on your computer's hard drive. These do not collect any personal data. If you do not agree to this you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology.
Where we have given, or you have chosen a password, you are responsible for keeping this password confidential.
However, you acknowledge that no system can be completely secure. Therefore, although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure.
You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data if it is inaccurate or incomplete. You also have the right at any time to require that we delete your personal data. To exercise these rights, or any other rights you may have under applicable laws, please contact us at email@example.com.
Please note, we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
If you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, you should contact the UK supervisory authority: the Information Commissioner, see www.ico.org.uk.
If you register with us, we shall retain your personal data until you close your account.
If you receive marketing communications from us, we shall retain your personal data until you opt-out of receiving such communications.
If you have otherwise booked a ticket with us or contacted us with a question or comment, we shall retain your personal data for 6 months following such contact to respond to any further queries you might have.
If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This policy shall be governed by and construed in accordance with the law of England and Wales, and you agree to submit to the exclusive jurisdiction of the English Courts.
We may change the terms of this policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our event ticket shop after the time we state the changes will take effect, you will have accepted the changes