1. Who are we? The Regal Theatre
The theatre is run by the M.A.T.A. (Minehead Amateur Theatrical Association) Regal Theatre Company Limited (Company no. 3149984) and is a registered charity (No. 1052714). The company was started by a group of volunteers devoted to maintaining and developing live theatre in the centre of Minehead and the Board of Trustees meets once a month to manage its affairs. Everyone who regularly works in the theatre is a volunteer, and MATA gratefully acknowledges the invaluable contribution they make. Without them, the theatre could not operate.
WAYS TO KEEP IN TOUCH with theatre events, auditions, opportunities and news:
- Become a Friend of the Regal to receive a Regal brochure and newsletter.
- Visit the Regal website (www.regaltheatre.co.uk) to see what’s on and book tickets.
- Send us an email from the website to sign up to receive our regular Regal E-News.
- ‘Like’ our page on Facebook to receive day to day news of events and auditions.
2. Our commitment to your privacy
We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do – both on and off stage. As a not-for-profit organisation, it also helps us to engage with potential donors and supporters.
The purpose of this policy is to give you a clear explanation about how we collect and use the information we receive from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
- What information we may collect about you
- How we may use that information
- In what situations we may disclose your details to third parties
If you have any queries about this policy, please contact our Data Protection Lead at The Regal Theatre. Contact details can be found at the end of this policy.
3. Information collection
3.1 Information you give us
For example when you register on our website, buy tickets, attend activities or make a donation, we’ll store personal information you give us such as your name, email address, postal address and telephone number. We also keep a record of your purchases and donations. We do not keep a record of debit/credit card details.
3.2 Information about your interactions with us
For example, when you visit our website, we may collect information about how you interact with our content. When we send you a mailing we store a record of this, and in the case of emails we may keep a record of which ones you have opened and any links you have clicked on.
3.3 Information from third parties
We may occasionally receive information about you from third parties. For example, we may use third party research companies to provide general information about local demographics, compiled using publicly available data.
3.4 Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our patrons unless there is a clear reason for doing so. (As an example, in seeking parental permission for a young person under eighteen to appear in our amateur drama performances, we may collect health information relevant to their safeguarding. We would only store this with the approval of their parents). We do not collect personal details from young people aged under 18 unless we have the express permission from a parent or guardian.
4. Legal basis
4.1 Contract purposes
When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation of a show or activity, or in the case of problems with your payment.
4.2 Legitimate organisational interests
In certain situations we collect and process your personal data for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing. Other than in the ways described, we will never share your information with a third party.
5. Marketing communications
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we may use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving them during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We may also contact you about our work by telephone however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases (as above).
6. Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
- We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
- We may analyse data we hold about you in order to identify and prevent fraud.
- In all of the above cases we will always keep your rights and interests at the forefront to ensure your own interests or fundamental rights and freedoms are not overridden. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
7. Third parties
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
- To our own service providers who process data on our behalf and on our instructions (for example our ticketing system software provider). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
- Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
- We will never share your information with a third party without first seeking your consent.
8. Our Website
Cookies are small text files that are automatically placed onto your computer by websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used and what improvements we can make. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies and by using our website, you agree that we can place these types of cookies on your device.
You can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. To learn more about cookies, you can visit www.aboutcookies.org. You will also find details on how to block and delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
8.2 YouTube & Vimeo
8.3 Sharing Tools
If you ‘Like’ or ‘Tweet’ using these services, third party websites may set a cookie when you are also logged in to their service (like Facebook or Twitter). We do not control these cookies and you should check the relevant third party website for more information about these cookies.
This site is run over the CloudFlare service for extra security and speed. The ‘cfduid’ cookie is set by the CloudFlare service to identify trusted web traffic and to speed up page load times. These are necessary for the functioning of the site.
This site uses OpenStreetMap to display the site map. It uses a cookie to help speed up map load times. These are necessary for the functioning of the service.
8.6 External Links
We are not responsible for the availability or content of external sites that may have a link from the Regal website. If you find a broken link or if you have any questions or concerns about a link, please contact us.
9. Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard at https://www.pcisecuritystandards.org/. We do not store your any of your credit or debit card numbers.
10. With your explicit consent
For any situations where the purpose is not either for contract purposes or for legitimate business interests as described above we will ask for your explicit consent before using your personal information in any specific situation. We will only use data for a legitimate purpose specified at the time of collection. This data will not be shared with third parties without permission.
11. Your personal information
11.1 Maintaining your personal information
We store your personal information indefinitely such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.
If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively please use the contact details at the end of this policy.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
11.2 Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
11.3 Your rights to your personal information
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can visit their website at https://ico.org.uk/make-a-complaint/
12. Personal data breaches
12.1 A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. Breaches can include:
- access by an unauthorised third party;
- deliberate or accidental action (or inaction) by a controller or processor;
- sending personal data to an incorrect recipient;
- computing devices containing personal data being lost or stolen;
- alteration of personal data without permission; and
- loss of availability of personal data.
12.2 Preparing for a personal data breach
Departments need to:
- Know how to recognise a personal data breach.
- Understand that a personal data breach isn’t only about loss or theft of personal data – mistakes happen.
- Have a prepared response plan for addressing any personal data breaches that occur.
- Have in their department and be familiar with guidance documents concerning data protection and data breaches:
- The Voluntary Arts Network Briefing 173 GDPR Data Protection (shorter/simpler)
- The Guide to the General Data Protection Regulation (GDPR) (p136)
12.3 How the Regal Theatre will respond:
- We will immediately assess the likely risk to individuals as a result of a breach. We will inform affected individuals without delay if it is likely to result in risk to their rights and freedoms, giving full information about the breach and offering advice to help them protect themselves from its effects.
- If any department suffers a security breach and personal data is compromised the ICO will be notified within 72 hours, even if we do not have all the details yet. The ICO is The Information Commissioner’s Officer, the UK’s independent authority set up to uphold information rights in the public interest. The report to the ICO should detail what data has been breached (amount, type of data), the likely consequences and the steps already taken to mitigate the effects.
- All breaches will be documented even if they don’t all need to be reported.
13. Contact details and further information
Address: The Regal Theatre, 10-16 The Avenue, Minehead, Somerset, TA24 5AZ
Telephone: 01643 706430
Email: Contact us via the contact page
Last Update: May 2019