Purpose of policy
The Courtyard (“we”, “us” or “our”) is committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our customers and in turn to provide you with relevant and timely information about the work that we do throughout all aspects of the organisation (including shows, films, workshops, fundraising etc). As a charity that relies on fundraising to support its community work, personal information also helps us to engage with potential donors and supporters in a targeted – and therefore – cost effective way.
The purpose of this policy is to give a clear explanation about how we, The Courtyard Trust (and its subsidiary companies), collects and uses personal information from you directly and from third parties
Personal information is used in accordance with all applicable laws concerning the protection of such information. This policy explains:
- What information we may collect about you
- How we may use that information
- In what situations we may disclose your details to third parties
- Information about how we keep your personal information secure, how it is maintained and your rights to be able to access it
Who we are
The Courtyard is a registered charity and is funded by Arts Council England as well as various trusts, foundations and individual donors and supporters. The Courtyard has over 250,000 visitors per year and offers many facilities and services to customers including live performances, film, workshops, training, food and drink. A full list of services can be found on The Courtyard’s website. The registered charity number in England and Wales is 1067869. The company is registered in England and Wales under registration number 3342581.
We collect various types of information and in a number of ways:
Information you give us
When you register for an account on our website, buy tickets or make a donation, we’ll store the personal information you give us to complete your transaction such as your name, email address, postal address, telephone number and card details. We will also store a record of your purchases and donations. Other information is purely voluntary, but may help us to deliver a better experience or bespoke marketing materials. For example, if you provide us with access requirements or your date of birth.
Information about your interactions with us
We may record details of interactions you have with us. EXAMPLE: When you visit our website, we collect information about how you interact with our content. When we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.
Information from third parties
To make sure you only receive communications which are relevant, we may use third parties who collate publically available general information about you. We may combine this information with information you give to us and desk based research from publicly available sources. This helps us to better understand you and what might be of interest to you. This third party data would only ever be data that is publically available or that you have already given your permission to share. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive). EXAMPLE: We may use profiling techniques from publicly available data, including geo-demographic information and measures of affluence, to better understand our supporters and contact appropriate people who may be able to support us further.
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive, such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our customers unless there is a clear reason for doing so. (EXAMPLE: we may need to collect health information about participants in our programme of classes, courses or Youth Theatre, or to comply with employment law obligations.)
Legal uses made of your information
There are three legal bases under which we may process your data:
When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract, we need to process and store your data. For example, we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.
We will use information held about you to:
- carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
- notify you about changes to our service and your visits to our venue or if you need any additional information to facilitate your visit;
- administer membership records and giving schemes eg for gift aid purposes.
Legitimate business interests
In certain situations, we collect and process your personal data for purposes that are in the organisation’s legitimate interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.
With your explicit consent
For any situations where the two bases above (contract and legitimate interest) are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events or activities you have booked for in the past and any donations you may have made, as well as any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for communications by post & email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy.
We will give you an opportunity to tell us your preferred method of marketing communication during your first purchase with us. If you opt in to email communications, then change your mind, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can use the contact details at the end of this policy to tell us you wish to unsubscribe.
We may also contact you about our work by telephone or text message but we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls or emails that we may need to make to you on a contractual basis related to your purchases or donations (as above).
If ever we wish to provide you with information, products or services we offer that do not fall under the bases of Legitimate Business Interests, we will only ever contact you if you have given explicit consent to do so.
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyse data we hold about you in order to identify and prevent fraud.
In order to improve our website, we may analyse information about how you use it and the content and adverts that you interact with.
We may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration, to report aggregate information and to ensure that content from our site is presented in the most effective manner for you and for your computer. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
We may use information held about you to ensure that our fundraising resources are used in the most cost effective and efficient manner and that any communications we may send you about fundraising are appropriate and will be of interest to you.
In all of the above cases we will always keep your rights and interests at the forefront to ensure your own interests or fundamental rights and freedoms are not over-ridden. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you do object, this may reduce our ability to carry out tasks above that are for your benefit as well as those that could benefit the charity.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
To the subsidiaries described above when it is necessary for them to be able to provide you with products or services that you’ve requested.
To our own service providers who process data on our behalf and on our instructions (EXAMPLE: our ticketing system software provider or mailing houses). In these cases, we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
To specific visiting companies whose performances you have attended. In these cases, we will always ask for your explicit consent before doing so.
To specific residential companies whose business you have participated in. In these cases, we will always ask for your explicit consent before doing so.
Where we act as a third party Box Office for external events and disclosure of your personal data is needed to fulfil contractual obligations. EXAMPLE – In the event that tickets to an external event are left for Care of Box Office, a list of ticket holder names may need to be supplied to the third party event holder so they can be collected on the door. Under these circumstances the third party has agreed to not process your data for any other purpose, unless explicit consent is obtained.
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If The Courtyard or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Please note that Sensitive Personal Data will not be shared with third parties without your consent.
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well as to provide website operators with information on how the site is being used.
Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here.
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4-digit security code.
Maintaining your personal information
We store your personal information indefinitely, unless specifically instructed otherwise, such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.
If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively, please use the contact details at the end of this policy.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our website or email marketing may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Your rights to your personal information
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
Contact details and further information
Data Protection, The Courtyard, Edgar Street, Hereford, HR4 9JR