Update from the Information Commissioner’s Office, 17 march 2020 - Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing. Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.
COVID-19 Privacy notice
This privacy notice is an addendum to the council’s main privacy statement and notices, and it explains how West Suffolk Council (as Data Controller) may use your personal data, specifically in relation to the COVID-19 (coronavirus) pandemic. COVID-19 Privacy notice
This privacy statement covers www.theapex.co.uk, www.buryfestival.co.uk, www.moyseshall.org, www.weststow.org and www.whatsonwestsuffolk.co.uk websites processed by or on behalf of West Suffolk Council.
We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our patrons. In turn we can provide you with relevant and timely information about the work that we do - both on and off stage. It also helps us to engage with potential donors and supporters.
The purpose of this statement is to give you a clear explanation about how we (and all of our subsidiaries) collect and use the information we collect from you directly, and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
West Suffolk Leisure and Culture are funded by West Suffolk Council. West Suffolk Council is a Data Controller and can be contacted at: West Suffolk House, Western Way, Bury St Edmunds, Suffolk, IP33 3YU. Tel: 01284 763233. The Data protection Officer is Leah Mickleborough and can be contacted at the same address.
If you have any queries about this statement, please contact the Data Protection Officer at email@example.com
We collect various types of information and in a number of ways:
For example when you register on our website, buy tickets or make a donation, we’ll store personal information you give us. This will include information such as your name, email address, postal address, telephone number and card details. We will also store a record of your purchases and donations.
For example, when you visit our website, we collect information about how you interact with our content and adverts. When we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our patrons unless there is a clear reason for doing so. (For example, we could be requested to collect health information about participants in our programme of classes and courses.)
There are three bases under which we may process your data:
When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.
In certain situations we collect and process your personal for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing:
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We use our consent organisational interest as the legal basis for communications by email. In this case we will give you an opportunity to opt in for receiving them during your first purchase with us. We will provide you with an option to unsubscribe in every email that we subsequently send you, or alternatively you can email firstname.lastname@example.org
We may contact you by a telephone call related to your purchases (as above).
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this statement. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely. this is in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). Find more information about this standard: https://www.pcisecuritystandards.org/
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.
We store your personal information indefinitely such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.
If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website or alternatively you can email email@example.com
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. In the first instance, please contact the Data Protection Officer at firstname.lastname@example.org
Please get in touch with us if you have any questions about any aspect of this privacy statement. If you object to any processing of your personal information that we carry out for our legitimate organisational interests, please contact the Data Protection Officer at email@example.com
Cookies are small pieces of information that are stored by your browser on your computer's hard drive. They make it possible for us to provide our online ticketing service and track visitor statistics, such as returning visitors.
For information on how we use CCTV please visit our CCTV page.