PRIVACY POLICY
Effective from 16/10/2024
This Privacy Policy outlines how Leith Theatre Trust ("LTT", "we", "our") collects, uses, and protects personal information provided through our website or in connection with our services. We are committed to safeguarding your privacy and ensuring compliance with the EU General Data Protection Regulation (GDPR), effective May 2018, the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003.
Who We Are
Leith Theatre Trust is a charity (SC042359) and company limited by guarantee registered in Scotland (SC123456), established to restore and revitalise Leith Theatre, a historically significant Grade B-listed venue. Our mission is to create a sustainable, vibrant cultural hub for the local community and wider audiences. We also have a trading arm, Leith Theatre Trading Ltd (SC693953), which supports our work through sales, location hire and other commercial activities.
What Personal Data We Collect
Personal data means information about an individual who can then be identified. We may collect, store and use personal data about you to ensure we can provide relevant services, communicate effectively and process your transactions. The types of personal data we may collect include:
Identity Data: First name, surname, title, date of birth, gender, photo or video images.
Contact Data: Billing address, delivery address, email address, telephone numbers and emergency contact details.
Financial Data: Bank account and payment card details, donation records, Gift Aid declarations.
Transaction Data: Details about payments to and from you, ticket purchases, donations, and events attended.
Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, operating system and other technology on the devices used to access our website or our WiFi.
Profile Data: Username, passwords, purchase history, preferences, feedback and survey responses.
Usage Data: Information about how you use our website, products and services.
Marketing and Communications Data: Your preferences in receiving marketing materials from us and your communication preferences.
How We Collect Your Data
We collect and store personal data in various ways, including:
Direct interactions: When you create an account, sign up to our newsletter, purchase tickets, make a donation, complete a survey, apply for a position, give us feedback, contact us via our online platforms or participate in our activities. At some events we may take photographs or record film for archive, publicity or marketing purposes. Signage will be places in the area if this is happening and you may request to not be included in any images or film by speaking to a member of staff. If you have an accident on site we will record your contact information and details for HSE purposes. If you visit backstage areas we may record your details to monitor who is on the premises.
Automated technologies: When you interact on our website, social media sites or mailings we may collect Technical Data using cookies, server logs and similar technologies.
Third-party sources: We may receive data about you from third parties such as analytics providers, advertising networks or third party research companies using publicly available data.
Why We Collect Your Data
We may collect your data to:
Process sales, donations and membership applications.
Communicate important updates regarding your purchases or donations.
Send newsletters, event announcements and fundraising campaigns (with your consent).
Manage your participation in events, prize draws and surveys.
Manage our relationship with you and improve our services through surveys and feedback.
Ensure the safety of participants in our events by collecting emergency contact details or medical information where appropriate or if an accident has taken place.
Video or photograph any events at Leith Theatre.
Deliver relevant website content and measure the effectiveness of content and advertisements.
Record backstage visitors.
Claim Gift Aid on any eligible donations and to evidence your declaration and donation.
How We Use Your Information
We will only use your personal data when legally permitted, such as:
To perform a contract: When you purchase from us or make a donation, we need to process your data to fulfil the transaction.
Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests do not override those interests.
Legal obligations: Where we need to comply with a legal or regulatory obligation, for example, proving Gift Aid status.
Data Sharing
There are certain circumstances where we may disclose your personal information:
To our own subsidiary Leith Theatre Trading Ltd., if required for provision of services.
To our service providers who process data on our behalf and on our instruction (eg ticketing and marketing providers). All third parties must respect the privacy of your personal information in accordance with the law and are permitted to process your information only for specified purposes and to our instructions.
Where we are under a duty to disclose your personal information to comply with any legal obligation.
Marketing Communications
We aim to communicate with you about our work in relevant, timely and respectful ways. We may use data that we have stored about you as well as contact preferences you have selected. You will have the opportunity to opt out of receiving communications and will have unsubscribe options in emails sent to you. Alternatively you can use the contact details at the end of this policy to update us.
Fundraising
As a charity, we rely on donations to support our work. We may contact you about donation opportunities to seek your support. You can opt out at any time using the contact details at the end of this policy.
If you make a donation to one of our philanthropic priorities we may ask if you would like your name credited publicly.
Security of Your Personal Data
If you use your credit or debit card to purchase from us or make a donation, this is carried out securely and in accordance with the Payment Card Industry Data Security Standards (PCI-DSS).
We implement appropriate safeguards and organisational measures, such as encryption and secure access controls, to protect your data from unauthorised access or disclosure. We carry out regular reviews of who has access to your data to ensure that your information is only accessible to appropriately trained staff.
We will ensure our third-party providers do the same and that they only process your information on our instructions and with a duty of confidentiality.
Special Category Data
Special Category Data may be asked for in certain instances; this includes your bank details (if you set up a regular payment), ethnicity, gender identity, medical information and next of kin.
This information is available to a restricted number of staff for whom it is deemed necessary. It is used to process some transactions, in the case of an emergency, or aggregated and anonymised for monitoring and reporting as required by public funding bodies.
Paper files with Personal and Special Category Data are kept to a minimum and are stored securely when not in use.
Cookies
We use cookies to improve your browsing experience on our website, monitor site usage and offer tailored content. Cookies allow the site to distinguish you from other users. You can control cookie preferences through your browser settings, although declining cookies may limit some functionalities.
Data Retention
We will retain your personal data for as long as necessary to fulfil the purposes outlined in this policy.
Images and film taken of public and participants may be used for up to ten years for marketing and publicity purposes. After this point it will either be deleted or added to our archive.
If you apply for a job at Leith Theatre and your application is unsuccessful, we delete/destroy the application 6 months after the closing date.
We may keep data for up to five years after your last interaction with us for legal and financial record-keeping purposes. After this period, your data will be removed.
Your Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal information, including:
Right of access: You can request details of the data we hold about you.
Right to rectification: You can correct inaccurate data.
Right to erasure: You can request deletion of your data.
Right to object: You can restrict or object to our use of your data. To exercise your rights, contact us at office@leiththeatre.co.uk.
Right to withdraw consent: You have the right to withdraw your consent to process your personal data.
Please note we may not be able to comply with all requests if there are specific legal reasons or overriding legitimate grounds to use your data. If you withdraw your consent we may not be able to provide certain services to you. No fees are required although we may charge a reasonable fee if your request is clearly unfounded or excessive. We may need to contact you and request specific information to help us confirm your identity and rights of access. We try to respond to all legitimate requests within one month but it may take us longer than a month for complex or numerous requests. In all circumstances we will notify and update you.
Data Breaches
In the event of a data breach that is likely to have a detrimental effect on individuals, we will promptly notify affected individuals and the Information Commissioner’s Office (ICO) within 72 hours, as required by law.
Making a Complaint
If you believe we have mishandled your data, you can lodge a complaint with the ICO:
Website: https://ico.org.uk/concerns
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Changes to This Policy
We may update this policy from time to time. Please check this page for any changes.
Company Details
Leith Theatre Trust
Leith Theatre, 28-30 Ferry Road, Edinburgh, EH6 4AE
ICO Registration Number: ZA242969
Company Registration Number: SC123456
Email: ‘Data Protection’ via office@leiththeatre.co.uk