Tamasha Theatre Company takes the privacy of all its customers and users seriously. We strive to take great care with customer and user information.
Tamasha Theatre Company needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact
This policy describes how this personal data is collected, handled and stored to meet the company’s data protection standard – and to comply with the law.
Tamasha Theatre Company is committed to protecting the privacy of those who use our services. We are the data controller for your personal data and will ensure it is used and stored in accordance with the Data Protection Act (1998), the Privacy and Electronic Communication Regulations (2003) and as of the 25th of May 2018, the EU General Data Protection Regulation (EU 2016/679).
How do we collect your personal data?
When you engage with us as an audience member, donor or as a participant, we collect your information. This could be when you purchase a ticket, make a donation, sign up to a workshop or project, or sign up to our mailing list. These interactions may occur online, in person or over the phone.
We may also collect information from publicly available sources as part of our fundraising practice. This may include obtaining information from individuals working on our behalf such as our development board and from organisations that book fundraising events or have memberships with us for their events.
What data do we collect?
We only collect information that’s necessary to carry out our business or to deliver our charitable objectives. The more ways you engage with us as an organisation, the more data we will require in order to provide the necessary services required. There are occasions where you can choose not to provide us with the information we require, but this will then impact the service we are able to provide.
The information we may collect from you is as follows:
- Prefix and full name
- Email address
- Billing address
- Phone number
- Date of birth
- Payment card details – we do not save these details and only retain the last four digits of your card in our database
- Delivery address
- Bank details for direct debit instructions
- Access requirements
- Dietary requirements (for attendance at fundraising events)
- Contact preferences
- Emergency contact details (for project participants only)
- Job information
This is not an exhaustive list and we may retain different types of information for different individuals based on the service we are providing. For information on how long we retain your data for, refer to the ‘how we protect data’ section of this policy.
We also keep a record of your interactions with us, such as what shows you have purchased tickets to, any workshops you may have participated in or supported and whether you have received, opened or clicked through any emails we may have sent.
We also may collect an automatically populated IP address when you use our website or email service. This public IP address is a unique number which allows a computer, group of computers or other internet connected device to browse the internet. The log file records the time and date of your visit, the pages that were requested, the referring website (if provided) and your internet browser version. This information is collected to help diagnose and manage the website, to audit the geographical make-up of users, and to establish how they have arrived at the website.
Depending on your settings or the privacy policies for social media services like Facebook, Instagram or Twitter, you may give us permission to access information from those accounts or services, such as your behaviour on these services and across our site. The majority of this behaviour is anonymised. For more information on how to control your privacy settings for these services, go to the following links:
Information Available Publicly
We may collect information such as job history, trusteeship, political preferences, locality and philanthropic activities from places such as Companies House, Google, 192.com, and information that has been published in articles / newspapers.
Why do we collect your data and how do we use it?
The main way we use your information is to provide the services you’ve requested. We also use your information to help us better understand our audience’s needs and to inform you about our news. We will only contact you electronically about non-contractually related information when we have your consent to do so.
To fulfil the terms of a contract
To carry out our business and to provide a service or carry out a contract with you:
- To fulfil ticket and product transactions.
- To administer donations and acknowledge the donor’s support
- To invite you to events as per your artists network membership benefits.
- Process payments. Please note that the Tamasha Theatre Company does not store any credit card or other payment information once the transaction has been completed.
- Provide the best possible customer service and to help us with internal administration.
- Contact you with important information relating to your booking or purchase, such as confirming your order, reminding you of an upcoming performance you’ve booked for or letting you know about any unexpected changes that may affect your booking.
Because we have consent. Where we have your consent to:
- Send you updates via email about what’s on, network offers, and news
- Email you about a specific topic you’ve requested to hear more on such as specific productions or opportunities to support our work.
- Advertise via digital advertising platforms about what’s on, offers and news
- Share your details with other arts organisations who have co-produced work you may have seen at or in collaboration with Tamasha. These organisations should contact you to let you know how they collected your data and to check that you’re happy to hear from them. You will always be able to opt out of their communications by contacting them directly.
Because there’s a legitimate interest. We use legitimate interest as a reason to:
- Learn about your interests and preferences so that we can contact you with information that is relevant to you.
- Help us target our marketing and development communications and adverts so that they’re more relevant to you.
- Use your pseudonymised details to show you advertising on such Social Media platforms as Facebook and Instagram or via other third party advertising that may appear on other websites you use. The information shared with these platforms is pseudonymised to protect your personal data.
- Classify our audience into groups or segments, using booking and publicly available information. These segments help us to understand our audience better and ensure we’re sending relevant messages to each group. We may use third party processors to help achieve this. We also submit these anonymously as part of reporting to fundraising and public funding bodies (such as Arts Council England).
- Participate in the Audience Finder initiative or other initiatives as required by our Arts Council England NPO funding. This initiative builds an aggregate picture of local and national audiences across all Arts Council England National Portfolio Organisations. Their tools allow us to understand our audience in a local and national context and helps us to identify new audience opportunities.
- Measure and understand how our audiences respond to a variety of marketing activities so we can ensure our activity is well targeted, relevant and effective.
- Analyse and continually improve the services we offer including our artistic output, our website and our other products.
- Ensure we are maximising our ticket sales wherever possible.
- Help us run the test version of our website and CRM system and ensure the smooth running of our customer services.
- To enable us to fundraise effectively because we are a charity.
More Information on Fundraising:
- a) Current Audience and Current Donors
Tamasha is a registered charity and social enterprise that generates income through several different sources, including voluntary contributions from its audience and other funders. Donations and sponsorship help every element of Tamasha’s work, from our productions to our mission to nurture young and emerging artists through the Tamasha Developing Artists Programme.
We are committed to fundraising best practice and abide by the Fundraising Regulator’s key principles and behaviours of a fundraising organisation: to be legal, open, honest and respectful. We undertake to comply with relevant laws and regulations, including the Proceeds of Crime Act, Data Protection, Tax and Gift Aid legislation, and Charity Commission guidance. We will ensure that our fundraising communications are relevant to their audience and provide appropriate opportunities for people to support our work, should this form of engagement be of interest.
Who do we share your data with?
Tamasha will never share, sell, rent or trade your personal information to any third parties for marketing purposes without your prior consent. We will ask for your consent to share personal information with organisations we have co-produced work with. These requests will be specific to the individual organisation so that your consent decision is informed.
We use a number of data processors in order to help us provide the services you request. These organisations are obligated to act on our instruction in relation to their use of your personal data and do not have any control over your data in their own right. We make sure anyone who provides a service for Tamasha enters into an agreement with us and meets our standards for data security. Your data is not used for anything other than the clearly defined purpose relating to the service that they are providing.
Examples of what data we may share and/or who we may share it with are as follows:
- Name on card, credit card number, billing address, CVV amount of transaction and order number in order to process credit card transactions
- Name on bank account, bank account number, sort code, amount of direct debit, frequency and customer number in order to process direct debit transactions.
- Name on bank account, bank account number, sort code and amount on any cheque made payable to Tamasha
- Name and email address with Mailchimp in order to produce e-marketing campaigns and pre & post show emails (e-marketing campaigns require consent)
Service providers who aggregate data in order for us to do benchmark reporting across the industry, specifically:
- The Audience Agency for the purposes of the Audience Finder initiative. For more information on the data they collect, please refer to the following links on their website: www.theaudienceagency.org/insight/data-collection-in-audience-finder & www.theaudienceagency.org/insight/data-control-in-audience-finder
- List of major donors to funding bodies (we always respect anonymity where requested)
- Third party advertisers (such as Facebook or Google) to help us identify customers similar to our audience or to serve adverts they deem relevant to you on third party websites. The information shared with these advertisers is pseudonymised to protect your personal data.
- Where required to do so (for example, if required to do so by the ‘know your donor’ principles under charity law or a court order), or when requested by the police or a regulatory or government authority investigating illegal activities
Tamasha is not responsible for the privacy notices and practices of other websites even if accessed using links from tamasha.org.uk and recommends that you check the policy of each website you visit and contact its owner or the Data team if you have any concerns or questions.
Despite all our precautions, no data transmission over the internet is 100% secure. So, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention to the fact that you do so at your own risk.
How do we protect your data?
Tamasha is committed to protecting the personal information you entrust to us. We adopt robust and appropriate technologies and policies, so the information we have about you is protected from unauthorised access and improper use e.g. your online account is encrypted and our own network is protected.
As part of the services offered to you through the Tamasha website, the personal information you provide may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen if any of the computer servers used to host the website are located in a country outside of the EEA. If Tamasha transfers your personal information outside of the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this privacy notice.
Tamasha may transfer your data to the USA to organisations such as Facebook or Google. The USA has weaker data protection laws than that of the EEA and therefore we will ensure that only organisations who are a part of the EU privacy shield initiative will handle your personal information. More details on this certification can be found at www.privacyshield.gov/welcome.
At times, Tamasha will be required to hold your data on our internal servers in form of spreadsheets or information documents. Our servers are held on site behind a firewall that is designed to monitor and control the flow of traffic between internal and external networks. The server and firewall are housed in a secure room with limited keyed access. Access to the server via VPN is strictly monitored and limited to essential staff.
We will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. We will not keep more information than we need. The retention period will vary according to the purpose. For further information about how long we will keep your information, please contact us using the contact details outlined in this notice.
If you ask us to stop sending direct marketing communications to you, we will retain the information required (e.g. name, address or email address) to ensure we adhere with such requests. You should find it easy to access and amend the personal information that we hold on you, or request that we stop contacting you. It’s your data and we want to make sure you feel in control of it.
How do I manage my data?
You can contact us by phoning, emailing, or writing using our contact details below.
Every email we send to you will include details on how to change your communications preferences or unsubscribe from future communications.
You can request full details of personal information we hold about you under the Data Protection Act 1998, or after 25 May 2018, The General Data Protection Regulation, by contacting us. Please send a description of the information you would like to see, together with proof of your identity to email@example.com.
At any time you have the right to ask Tamasha to amend or to stop how it uses your personal information including for marketing purposes. You can do this by phoning, emailing or writing to us using our contact details below. You have the right to get information held about you by us corrected. If you have any concern about the accuracy of your personal data, please let us know using the below contact details. If you would like us to remove the personal information we hold about you, please contact us using the below contact details.
By email: firstname.lastname@example.org
By phone: 020 7749 0090
By post: Tamasha, 26 Crowndale Road, London, NW1 1TT
You have the right to lodge a complaint with the supervisory authority, The Information Commissioner’s Office: www.ico.org.uk
How do I find further information?
Further information on data protection regulations and laws can be found here:
- Data Protection: https://ico.org.uk/for-the-public
- Fundraising Regulator: www.fundraisingregulator.org.uk/code-of-fundraising-practice/code-of-fundraising-practice