Privacy Statement
Elgin Town Hall for the Community Ltd is committed to protecting your personal information and being transparent about what information we hold about you. Using personal information allows us to develop a better understanding of our customers and, in turn, to provide you with relevant and timely information about the work that we do. As a charity, it also helps us to engage with potential donors and supporters. The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties.
We will use the information that we collect about you in accordance with all the applicable laws concerning the protection of personal information. They are the General Data Protection Regulation 2016 and the Privacy and Electronic Communications Regulations 2003. This policy explains:
- What information we may collect about you
- How we may use that information
- In what situations we may disclose your details to third parties
- Our use of cookies to improve your use of our website
- Information about how we keep your personal information secure, how we maintain it for you and your rights to be able to access or amend it.
Who We Are
Elgin Town Hall for the Community Ltd is a private limited company by guarantee (company number SC532377) and a registered charity (Scottish charity number SC048440). Elgin Town Hall for the Community Ltd has a number of project funding partners at any one time – from the public sector, business, trusts and sponsors. The rest of our income comes from sponsorships, donations and commercial activities such as the fees from hires, ticket sales, conferences and events, catering and hospitality.
Objectives and Activities
The charitable objectives for which Elgin Town Hall for the Community Ltd is established are:
- To develop Elgin Town Hall into a thriving community building, creating a lively and creative atmosphere to boost the range of activities and arts available to the local community.
- To provide a multi-purpose hireable facility for the local community to use.
Our Commitment to You
- To provide clear, honest and open information about how we use your data.
- To give you the choice about how we use your data.
- To use your data appropriately and in a way that would be reasonably expected by you.
- To only share your data with other organisations where you have given your consent for us to do so, or where we need to do so to fulfil our contract with you.
- To be accountable and responsible: to take active steps to protect your data from harm, and to have separate and enhanced procedures for the use of sensitive data (such as data relating to children or disability).
- To ensure our staff and partners understand these principles and their responsibilities in delivering them.
Your Rights
You have the following rights related to your personal data:
- The right to withdraw consent at any time
- The right to request a copy of personal information held about you
- The right to request that inaccuracies be corrected
- The right to request us to stop processing your personal data
- The right to lodge a complaint with supervisory bodies such as the Information Commissioner’s Office or Fundraising Regulator
- The right to erasure of personal data
- The right to restriction of processing
- The right to data portability
What information we collect
Elgin Town Hall for the Community Ltd is the data controller for any data we hold about you. We collect various types of information and in several ways:
Information you give us
We will store personal information you give us, such as your name, your email address, postal address, and telephone number, when you register on our website, buy tickets or make a donation. We will also store a record of your purchases and donations, including what you have purchased, the value of the purchase, and when the purchase was made.
Information about your interactions with us
We collect information about how you interact with our content and ads when you visit our website and social media. When we send you a mailing, we store a record of this, and in the case of emails, we keep a track of which ones you have been sent and whether you open them or click on any links in them. In this way, we can make sure we are sending you the most relevant information. We also use social media to broadcast messages and updates about events and news. On occasion we may reply to comments or questions you make to us on social media platforms. You may also see adverts from us on social media that are tailored to your interests. Depending on your settings or the privacy policies of social media services like Facebook or Twitter, you might give third parties permission to access information from those accounts or services.
Information from third parties
Occasionally, we may ask for information about you from third parties. For example, we may use third party research companies to provide general information about you from publicly available data.
Sensitive personal data
Data protection law recognises that some categories of personal information are more sensitive, such as medical information, race, religious beliefs and political opinions. We do not usually collect this type of information about our customers unless there is a clear reason to do so. In some cases, we might collect observational data about our audiences when we are asked to do so by bodies such as the Scottish Government – in this example, we would not associate the information with any individual person. Any such information is only collected where necessary, is subject to enhanced security measures, used only for the purposes agreed, and erased when no longer necessary. Where we need to process any sensitive data that specifically relates to you as an individual, we will obtain your specific consent for this.
Legal basis
Elgin Town Hall for the Community Ltd may process your data using one of three legal bases.
Performance of a contract: When you make a purchase from us or donate, you are entering into a contract with us. We need to process and store your data to perform this contract. For example, we may need to contact you by email or telephone in the case of a show cancellation or if there is a problem with your payment.
Legitimate interest: We collect and process your personal for purposes that are in our legitimate business interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.
Explicit consent: For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
Direct Marketing
Elgin Town Hall for the Community Ltd wishes to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this, we use the data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We use our legitimate business interests as the legal basis for communications by post and email. In the cast of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we provide you with an option to unsubscribe in every marketing email that we subsequently send to you. Alternatively, you can use the contact details at the end of this policy.
In some circumstances, we may contact you about our work by telephone, but only when you have given us your explicit consent to do so. Please bear in mind this does not apply to telephone calls that we may need to make to fulfil any contractual obligations (as above).
Other Processing Activities
In addition to direct marketing, Elgin Town Hall for the Community Ltd also processes personal information in the following ways that are within our legitimate business interests:
- To ensure that the content and timing of communications that we sent you are as relevant to you as possible.
- To identify and prevent fraud.
- To improve our online services by analysing how you use our website and the content and ads you interact with.
- To provide us with information about you that will help us to communicate in a relevant way with you, in particular when we are approaching you about potential philanthropic support. We may use profiling techniques or third-party wealth screening and insight companies. This information is compiled using publicly available data about you.
- To invite peers and contacts to events we hold, such as opening nights.
- To ensure we don’t send unwanted communications to people who have opted out.
- To collate and respond to customer comments.
- To log any customer incidents that resulted in an incident report form being created and contact if required.
- To record CCTV footage to keep our venues safe and secure, these may be kept for up to four weeks and any footage stored of yourself can be requested by contacting us using the below details and may incur a small administration fee.
In all of the above cases, we will always consider the impact of any communication on your fundamental rights and freedoms. You always have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy.
Third Parties
We will not share any personal details with any other third parties without your agreement, unless required in order to fulfil our contract with you or allowed by law. There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
- When it is necessary for them to be able to provide you with products or services that you have requested.
- To our own service providers, who process data on our behalf and on our instruction as the data controller. These providers include our Ticketing and Events Systems providers, Email and Mail distribution services. We have agreements in place with each to ensure that your data is secure at all times and cannot be accessed or used for any other purpose. We also require that these third parties comply strictly with our instructions and with current data protection laws.
- Where we are under a duty to disclose your personal information to comply with any legal obligation, for example, to the police, regulatory bodies or legal advisors.
- To specific named visiting companies whose performances you have attended. In these cases, we will always ask you for your explicit consent before doing so.
Cookies
Cookies are small text files that are automatically placed onto your device when you visit our website. This means that a website will remember you and enable online transactions. We use “cookies” to help us make our site – and the way you might use it – a better experience for you. It also helps us understand how you use our website, where we can make improvements and how best to tell our audiences about events they might be interested in.
Debit and Credit Card Transactions
If you use a credit or debit card to purchase from us or to donate, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). We use Secure Socket Layer (SSL) encryption for all your transactions with Elgin Town Hall for the Community. This system encrypts all your personal information, including credit card number, name, and address, so that it cannot be read if intercepted by a malicious third party.
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members can see your full card number. We never store your 3- or 4-digit security code.
Maintaining your Personal Information
We will retain your data for as long as is legally or practically necessary for our business. We will store all the purchases you make under a single, unique customer record where possible. If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging into your account through our website. Alternatively, please use the contact details at the end of this policy. Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests. Once the necessity to keep your information is past we have a regular programme of data suppression and deletion. This ensures that your data is not held indefinitely on our systems.
Information Security
Elgin Town Hall for the Community Ltd takes information security very seriously. Your data is always held securely. We put in place appropriate safeguards (both in terms of the technologies we use and the policies and procedures we publish) to keep your data as secure as possible. For example, access to customer information is strictly controlled and can only be accessed by people who need it in order to do their job. Certain data, for example sensitive information, is additionally controlled and is only made visible to members of staff who have a reason to work with it. We will ensure that any third parties we use as data processors on our behalf do the same.
Data Transfers
Where personal data must be transferred outside of the European Economic Area, we ensure that adequate security measures are in place. Where we transfer data to North America, with providers such as, but not limited to, Facebook and Twitter, we ensure they comply with EU law or are registered under the EU-US Privacy Shield. You can find out more about Privacy Shield at www.privacyshield.gov/welcome
Contact Us
If you have any queries about this policy, how your data is used, or if you wish to be removed from any communications or data processing activities, please contact the Data Protection Officer:
By mail: Elgin Town Hall for the Community Ltd, 1 Trinity Place, Elgin, IV30 1UL
By email: info@elgintownhall.co.uk