Please read this privacy note carefully as it describes what kinds of personal information we collect and how we store, process and delete it.
Last updated: 18 May 2018.
St George’s Bristol is a charity registered in England and Wales (no. 295178). A (non-profit-making) company registered in England and Wales, company no. 205359. The registered office is located at St George’s Bristol, Great George Street, Bristol, BS1 5RR.
The charity’s mission is to be a creative space for music and ideas at the heart of the community.
St George’s promotes classical, jazz, folk, blues and world music, attracting a wide range of people from across the city and neighbouring regions, and developing both traditional and new audiences through innovative programming and vibrant artistic and educational events.
We generate income through ticket and café bar sales, fundraising and venue hire. We secure a range of charitable funds from statutory bodies such as Bristol City Council and Arts Council England as well as various trusts, individual donors and sponsors. As a charity and a non-profit-making company, this income ensures we deliver our programmes world-class music, cover the costs of running the venue and organisation, and undertake educational (and other subsidised) activities.
St George’s Bristol takes its responsibilities to care for your data seriously. We manage your information in accordance with legislation concerning the protection of personal information.
This Notice describes how we collect, process, store and delete personal data. From time to time, we may make changes and adjustments to this Notice and the operational processes it describes. You can find the date that this note was last revised at the top of the document. Where there is a significant change we will notify you so that you can decide whether you wish to continue to use our services.
How we use personal information
St George’s Bristol is a data controller in respect of all information we collect and receive about you when you use our services, whether you are an audience member, artist, performer, hirer, promoter, organisation, producer, sponsor, donor, customer or activity participant. We contract data processors to manage safely and process your data in the execution of our core business purposes.
The data processors we use include: Spektrix Ltd to process our Box Office ticketing, purchase, marketing and fundraising activities; Purple Seven and The Audience Agency; independent companies that provide digital data gathering and insight services.
If you have opted out of marketing communications, we may still get in touch with you, for example to tell you important information about, or changes to, events you have booked. We use your information primarily to improve our services to you, and to better understand the effectiveness of our systems and activities. This includes the security of your data via our box office and website.
Using personal data allows us to develop a better understanding of our customers and audiences which in turn helps us to provide you with relevant and timely information about our work, programmes and services. Understanding customers’ interests and behaviour also helps us to engage with potential donors and supporters, as well those interested in supporting the charity’s work through campaigns, sponsorship and venue hire.
From time to time we may use your data for profiling, research, and targeting purposes. Data profiling helps us to make better decisions about our services, advertising, products, programmes and other content, based on a more informed understanding of how our customers use our services.
Depending on your marketing preferences, we may use your personal information to help determine which offers, discounts, and promotions you would like to receive. Depending on our records of your explicit consent, we may contact you about the ways in which you can support the work of St George’s Bristol.
The information you provide
When you register your details on our website, buy tickets or make a donation, we will store personal information you give us such as your name, email address, postal address, telephone number and credit/debit card details. We also store a record of your purchases and donations. St George’s Bristol is fully PCI-DSS compliant; further details of the financial information we collect and how we safeguard and process it is explained later in this Privacy Note.
Personal data we process may include:
- Biographical information consisting of your name, title, birth date, age and gender
- Your contact details including address, email and phone number
- Your purchase information such as card details and bank details (for Direct Debit).
- Your interests and preferences, including your marketing preferences and Third Parties
- Information about your attendance to events and projects produced by St George’s Bristol, including your purchase history, best seat choices, access requirements, and images of you when you visit the venue (as a member of the audience in promotional information).
- Supporter information such as your membership level, donation history and pledges and gift aid status.
- Records of communications sent to you by St George’s Bristol, such as email and newsletter records, and feedback received by
- Records of communications sent by you to St George’s Bristol, such as booking preferences, hire enquiries or information you tell us in person.
- Your professional activities, including employer details.
- Publicly accessible profile information from the internet, such as Facebook, Linked In and Twitter.
The information we collect when you use our website(s)
The list below details the persistent cookies used by St George’s websites. St George’s first party cookies can only be read by our websites.
Google Analytics Cookies set by one of our websites to enable St George’s to analyse the website using Google Analytics. On some of our sites we may also use the Advertising Features of Google Analytics to find out more about the demographics and interests of our visitors.
When you visit a website and see an advertisement a cookie is placed on your computer or device by, for example DoubleClick (Google’s Internet ad serving business) and then if you visit another site that has ads served by DoubleClick, the same cookie can be read and modified by DoubleClick. By tracking what kind of sites you visit and how you interact with ads for different products and services, Google aims to build up a picture of who you are; your age, gender and interests. Using the Advertising Features of Google Analytics means we receive reports that tell us who Google thinks is visiting our site by age, gender and interests. This information is anonymous and no personally identifiable information is gathered from users. We use this information to report to our funders, such as Arts Council England, and internally for us to better understand how visitors use our websites. We sometimes use Google Analytics to run content experiments on our websites, to test how variations in how we present features perform, in order to better meet our users’ needs. These cookies determine whether a user has been included in the experiment and are deleted at the expiry of those experiments.
WordPress St George’s Bristol website is built on the WordPress open source platform and uses a number of standard cookies in order to function fully, more information can be found here
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about. In the case of email newsletters we keep a record of which ones you have opened and which links you have clicked on. When we send you a postal mailing, such as a season brochure, we store a record of this mailing.
We use legitimate business interest as the legal basis for communications by post and email. In the case of postal mailings, you may decline to receive these at any time using the contact details at the end of this policy, also found on the home website. In the case of email marketing, you have the opportunity to opt out during your first purchase with us. If you do not opt out at this stage, we will provide you with an option to unsubscribe in each email that we subsequently send to you, or you can use the contact details at the end of this policy to tell us you would like to opt out.
We may also contact you about our work by telephone, however we will always seek explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you to share important information about your purchases (such as cancellation or postponement of a concert, change in times or travel and traffic issues such as road closures).
Other processing activities
We also process personal data in the following ways that are within our legitimate business interest:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyse data we hold about you in order to identify and prevent fraud.
We may use profiling techniques on the data we hold about you (past purchases or donations, for example) or on rare occasions, employ third party insight companies to provide us with information about you that will help us to communicate in a relevant way with you, when approaching you about potential philanthropic support. Such information is compiled using publicly available data about you.
For education projects, with the exception of public events and projects directly offered to public event ticket holders, we will only request personal data from participants aged 16 and above, and only data that is necessary for the effective running of that specific project, such as name, age, email and telephone contact details. We will store this data for the project duration only and will use it solely for the purpose of effective delivery of the project. We will securely dispose of the data once the project is complete.
For participants aged under 16 we always request parental or school contact data and will never request a minor’s direct personal contact details unless in exceptional circumstances where a written instruction to do so is received from a parent/guardian.
In all of the above cases we will always keep your rights and interests at the forefront of our operations. You can object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this note. Please bear in mind that if you object this may affect our ability to carry out the tasks outlined above.
Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, this will be carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here: https://www.pcisecuritystandards.org/pci_security/
When completing this transaction you will have the option to store your card details for future use. This is carried out in compliance with PCI-DSS. Your full card details are protected, and St George’s Bristol staff members are not able to view full card details. We will never store your 3 or 4 digit security code.
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive than others such as health information, race, religious beliefs and political opinions. We do not collect this type of information about our audiences unless there is a clear reason for doing so (and is collected with explicit consent) for example to provide aggregated and anonymised information to statutory funders such as Arts Council England. This may include information such as cultural or socio-economic segmentation of audience members and visitors.
Maintaining your personal information
We store your personal information for as long as necessary such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system. If there is content on your record that is inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively, you can request this via the contact details at the end of this note. Any requests or objections you make to any aspect of the data processing described above will be stored so that we continue to comply with your preferences.
Security of your personal information
We put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information, for example our mailing house, do the same. Your data is kept securely separate from the website, and the website is HTTP Secure (HTTPS).
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
Your rights to your personal information
You have a right to request a copy of the personal information that we hold about you at any time. You have the right to request that any inaccuracies in this data is corrected. You have the right to stipulate that all records about you are deleted. Please use the contact details at the end of this policy if you would like to exercise your right to do this.
If you no longer wish us to use your data, or wish to amend the type of communications you receive, then you can opt out of our communications at any time via the ‘unsubscribe’ link included in every email.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
To our service providers who process data on our behalf and on our instructions (for example our ticketing system software provider and our mailing house which posts our brochures). In these cases we require that these third parties comply with data protection laws and our instructions, including the secure disposal of records after processing is completed.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
To the subsidiaries described above when it is necessary for them to be able to provide you with products or services that you’ve requested.
To the named visiting companies whose performances you have attended. In this case we will always ask for your explicit consent before doing so.
For staff or contractors where a DBS check is required, they are obliged to submit personal data for processing by a third party. This processing is currently provided by Bristol City Council Screening Services.
Legal basis for the processing of personal data under the General Data Protection Regulation
There are three legal bases under which we may process your data:
Contract purposes: When you make a purchase from us, make a donation or become a member, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of cancellation of a show, to provide you with important information including start times and access, or if there are problems with your payment.
Legitimate business interests: In certain situations we collect and process your personal information for purposes that are in our legitimate business interest, such as sharing information about performances and events which, based on our purchasing history, we believe may be of interest to you. We do this carefully and in a way that we believe does not create any overriding prejudice to you by using your personal information. You have the opportunity to unsubscribe in each email or communication we send to you. You can also object, or exercise your rights under the GDPR, including the right to request your data to be removed in its entirety.
With your explicit consent: When appropriate, we will ask for your explicit consent before we contact you about aspects of St George’s work that you have not expressed an interest in beforehand, such as our fundraising or education activities. We will ask for your consent before using your personal information in that specific situation, such as contacting you with information about the ways in which you can support St George’s fundraising activities. We will update your consent periodically. You have the right to withdraw your consent to be contacted at any time. This can be done via your account, contacting the Box Office or using the contact address provided at the end of this Notice.
Retention periods: We will only retain information for as long as necessary. Records are updated and maintained in line with our retention schedule. We are bound by law to retain certain financial and employee records. These laws override our other retention periods.
From time to time, we will ask you to check and update your contact preferences so that our records are up to date. You can unsubscribe, withdraw your consent or make changes to your preferences at any time.
When personal data is no longer required by the organization, it is deleted or securely destroyed.
Contact details and further information
Please get in touch with us if you have any questions about any aspect of this Notice, or if you would like to request further information about, or object to, any aspect of processing of your personal data described above.
St George’s Bristol, Great George Street, Bristol BS1 5RR
Registered Charity no: 295178