THE MILL AT SONNING PRIVACY POLICY
We are committed to protecting your personal information and to bring transparent about the information we hold about you. Using personal information allows us to develop a better understanding of our patrons.
What personal information we collect from you
The Mill at Sonning Theatre may us the personal information that you provide to keep you informed about our artistic programme, opportunities to take part in and way to support the theatre. We will store your personal information securely and use it in accordance with the General Data Protection Regulation (GDPR) 2018 and the Privacy and Electronic Communication Regulation (PECR) 2012
Information collected from you
We aim to be clear when we collect your personal information and to use it in ways that you would reasonably expect us to do so. We will collect your personal information including for example, your name, address, telephone number and email address when you:
- Book for a show or an event
- Make a donation though the box office, online, in person at the box office
- Become a friend of The Mill at Sonning theatre ltd
- Join our mailing list
- Make changes to how we contact you
Information about your interaction with us
We keep a record of your booking history and, if relevant, your donation history. When you visit our website or book an event, we collect information about your interaction with us. When we send you a mailing by post or email we store a record of this and for email communication, we keep a record of what emails you have opened, and which links you have clicked.
We also use information from online sources including:
- Social media including Facebook and Instagram; for targeted advertising.
- Google Analytics; to understand how you use our website
- Mailchimp; to send you email communications.
Whether you need to provide personal information
You are not legally obliged to provide The Mill at Sonning with your personal information. However, if we do not have this information it may affect our ability to provide the service or contract requested. For example, if we do not have your contact details, we may not be able to inform you if the performance is cancelled.
How we use your personal information
Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract that we are about to enter or have entered into with you.
- Where we have your consent before using your personal information it that specific situation. Generally, we do not rely on con consent as a legal basis for processing your personal information, but where consent has been given, you have the right to withdraw it at any time by contacting us by telephone, email or post.
For the performance of a contract
When you make a purchase, you are entering into a contract with The Mill at Sonning Theatre. To fulfil this contract, we will collect, process and securely store your personal information to complete your booking. We will use this to keep you informed about essential information related to your transaction. This might include notification of change to the programmed events or issues processing payment.
Consent
There will be circumstances when we will ask for your consent before using your personal information. We will obtain your consent before:
- Sending marketing communications by email relating to shows, events and offers, bookings, and ways to support The Mill at Sonning Theatre.
- Sending marketing communications relating to shows, events and offers, bookings and ways to support The Mill at Sonning Theatre.
In Circumstances where we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We advise you if this is the case at the you withdraw your consent.
Legal obligations
We may be required to disclose personal information to comply with the law or to enforce our legal right.
Friends of The Mill at Sonning
If you support the theatre as a Friend of The Mill at Sonning we will contact you to fulfil the terms of your membership. You will receive information about upcoming shows eligible for priority booking, as well as receiving the regular season programme.
How we keep your personal information safe
Our procedures and the technology we use have appropriate safe guards in place to keep information as secure as possible.
Access to customer information is strictly controlled. The system can only be accessed by The Mill at Sonning staff who need it to do their job and deal with the customers needs. All staff required to adhere to current data protection legislations in line with The Mill at Sonning’s data protection policy and are subject to a duty of confidentiality.
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code. Our Finance data is secured via a managed hosting service delivered by Advanced. All Managed Hosting services are delivered exclusively from Data Centre facilities in England. Customer data is not transferred or stored outside of these facilities. Advanced’s internal networks are segregated to restrict access to areas of the networks that contain sensitive data, with RBAC (Role Based Access Control) further restricting access to specific individuals within certain roles. Advanced deploys market leading next generation firewall appliances to protect the Private Cloud environment from malicious attack. Network devices are managed within a secure management network and servers are secured by firewalls. In both instances SSL/TLS secure encryption protocols are used.
We will not transfer, process or store your personal information anywhere that is outside of the European Economic Area, unless we have a contractual agreement in place that is of an equivalent standard to GDPR. We occasionally employ other organisations to help fulfil our activities and agreed communication with you. For example, we work with a mailing company to send out our season brochure. When we do this, we will only give authority for the personal information to be used for the purpose it has been provided for. We will ensure that any third parties have safeguards in place to keep your personal information secure.
How long we keep your personal information
We store personal information for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of legal, accounting, reporting or booking requirements. We store your personal information so that any subsequent purchases or bookings can be linked back to the record that we hold for you on our system. We retain personal information based on the nature, sensitivity and purpose the personal information was collected for. Any objections you make to how we use your personal information will be stored against your record on our system so that we can comply with your requests.
Your rights to your personal information
You have the right to:
- Request a copy of personal information held about you
- Request that inaccuracies to be corrected
- Request us to stop using your personal information
- Withdraw consent
There is no fee for you to exercise any of these rights.
If you choose to exercise any of these rights, we may need to request certain information from you to help us confirm your identity. This is a security measure to ensure that personal information is not shared with anyone without the right to receive it. We aim to carry out all requests within one month. Occasionally it may take us longer than a month if your request is particularly complex. In this case, we will notify you.
Updating your personal information
To change any of the information we hold about you or to make changes to the way we contact you. Please email
mail@millatsonning.com or by post to:
The Mill at Sonning Theatre Ltd
Sonning Eye
Reading
RG4 6TY
Privacy policy effective from 8th June 2018