Using personal information about you allows us to develop a better understanding of our audiences, and in turn to provide you with relevant and timely information about what is happening at the cinema. This page explains how we use data, the laws and regulations which apply to it and what your rights are.
The Data We Collect
Depending on the nature of your relationship with Tyneside Cinema, we may collect some or all of the following information:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices people use to access our website.
- Profile Data includes username and password, purchases or orders, interests, preferences, feedback and survey responses.
- Usage Data includes information about how people use our website, products and services.
- Email Communication Data is emails between us and you, including when they were sent or received, whether they were opened and what links within them were clicked.
- Donor Profiling Data is information that is lawfully gathered from a number of sources, including publicly available information about someone’s likely ability or willingness to support charitable or public benefit causes such as ours.
- Marketing and Communications Data includes preferences in receiving marketing from us and our third parties, and communication preferences. This also includes us making a note of conversations we have had in person and/or communications sent to Tyneside Cinema. This helps us to manage our relationships and ensures users only receive communications from us that are relevant and timely.
When carrying out survey or equal opportunities activity, we collect a Special Categories of Personal Data about you (this includes details about your race or ethnicity, marital status, sexual orientation, criminal convictions and offences). This data is anonymised and not saved against your personal records.
How We May Collect Your Data
We aim to communicate with you about the work that we do in ways that you find relevant, timely, respectful and never excessive. To do this, we use data that we have stored about you, such as which events you have booked for in the past, as well as any contact preferences you may have told us about. We will obtain consent for any electronic marketing communications sent to individuals.
Tyneside Cinema is a registered charity. Under our legitimate organisational interest, we may contact you by post or occasionally by telephone to seek your support for our philanthropic priorities. This contact will not be more frequent than once per month. Additionally, and only if you have given your consent, we may contact you by email to seek your financial support.
We may use profiling techniques or third-party wealth screening and insight companies such as Experian to provide us with information about you that will help us to communicate in a relevant way with you, such information is compiled using publicly available data about you.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
- To our service providers who process data on our behalf and on our instructions (for example, our ticketing system software provider, Spektrix). We require all third parties to respect the privacy of your personal information and to treat it in accordance with the law.
- We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
- Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example, to government bodies and law enforcement agencies).
- To specific, named visiting companies whose performances you have attended. In these cases, we will always ask for your explicit consent before disclosing your personal information. In accordance with our Data Sharing Policy, we will always ask for your consent to pass on personal details to other Arts Council England (ACE) National Portfolio Organisations and Grants for the Arts recipients in line with ACE data-sharing requirements.
- We may share anonymised personal information with other organisations, particularly Arts Council England and The Audience Agency, who use this to analyse our audience development programmes, ticket sales and self-generated funding to understand the impact of the public investment made in Tyneside Cinema against the sector.
We do not sell personal details to third parties for any purpose.
Generally, we do not rely on consent as a legal basis for processing your personal information and you have the right to withdraw consent to direct marketing at any time by contacting us. You will find the relevant contact details at the end of this policy.
How We May Use Your Data
Under the terms of the GDPR the lawful bases for processing personal information are: we need it to fulfil a contract (e.g. ticket purchase); we need it to pursue our legitimate interests including by communicating with current and potential supporters; and/or, you have given your consent for us to do so. The following is a list all the ways we may use your personal information:
- Where we need to perform the contract, we are about to enter into or have entered into with you. For example, communication about a purchase you have made from us.
- Contacting you to manage the relationship you have with Tyneside Cinema. This will include: notifying you about any changes to a product you have bought from us; asking you to leave a review or take a survey; supplying you with pre-show information that you might need to know before arrival.
- If you opted to hear from us, we will keep you regularly updated about similar products and services via email and about our charitable purpose and future developments including how fundraising benefits the organisation.
- In order to fulfil our purpose as a charitable organisation we will use personal data including contact details and usage data to find potential donors in order to support our philanthropic priorities. We will profile and integrate our data for potential donors using third parties who will support us in this process. This information is lawfully gathered from a number of sources including publicly available information about someone’s likely ability or willingness to support charitable or public benefit causes such as ours.
- To administer, analyse and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), we will seek support and advice from third parties. Data will be anonymised for analytical purposes.
- In order to realise our business aims that ultimately serve our charitable purpose, as an organisation, we will contact peers in the sector and other businesses of whom we already have a or want a relationship with using customer data including contact details. These communications will be tailored accordingly and may include marketing and fundraising. These relationships and communications we consider business to business, as well as relevant and appropriate to the nature of the relationship held, or a prospective one anticipated.
- In order to protect us and users of the building, we will record and store CCTV footage. This is necessary for our legitimate interests to keep everyone safe.
Security Of Your Personal Information
We have put in place appropriate safeguards, both in terms of our procedures and the technology we use, to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same and that they will only process your personal information on our instructions. The third parties will also be subject to a duty of confidentiality.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area (EEA), unless we have a contractual agreement in place that is of an equivalent standard to GDPR.
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard online at https://www.pcisecuritystandards.org/pci_security/.
We store your card details safely for use in future transactions or to issue any refunds required. This is carried out in compliance with PCI-DSS and in a way where none of our staff members can see your full card number. We never store your three or four-digit security code (CVV or CVS).
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your Legal Rights
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can:
- Request access to your personal information: You have a right to request a copy of the personal information that we hold about you. Please use the contact details at the end of this policy if you would like to exercise this right, or any of the rights listed below. If you are a European citizen and consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
- Request correction of your personal information: You have the right to request that we correct the personal information we hold about you, although we may need to verify the accuracy of the new information you provide to us.
- Request erasure of your personal information: You have the right to request that we delete or remove personal information where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request for erasure if there are specific legal reasons, which will be notified to you at the time of your request.
- Object to processing of your personal information: You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing your personal information: You have the right to request that we suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request transfer of your personal information: You have the right to request that the personal information we hold about you is transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent: In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
PLEASE ALSO NOTE THE FOLLOWING:
- No fee usually required: You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- Time limit to respond: We try to respond to all legitimate requests within 31 days. Occasionally it may take us longer than if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Please also contact us if you have any questions about the information, we hold about you or to change your contact preferences with us