Spitalfields Music Privacy Notice for Audiences & Donors
Spitalfields Music is committed to protecting your personal information and being transparent about what information we hold about you. The purpose of this notice is to explain how we collect and use the information we collect from you.
We use your information in accordance with all applicable laws concerning the protection of personal information. This notice explains:
• What information we may collect about you
• How we may use that information
• In what situations we may disclose your details to third parties
• Information about how we keep your personal information secure, how we maintain it and your rights to be able to access it.
If you have any questions about this notice, please contact the Chief Operations Officer using the details below.
Who we are
Spitalfields Festival Ltd, trading as Spitalfields Music, is a charitable company limited by guarantee in England and Wales (Company number: 3138347, Charity number: 1052043). Spitalfields Music is the data controller of your personal information.
We will only collect information when you interact with us. We collect various types of information and in a number of ways.
• Information you give us, for example, when you register on our website, buy tickets or make a donation we’ll store information you give us, including your name, email address, postal address, telephone number and card details. We will also store a record of your purchases and donations.
• Information about your interactions with us, for example how you interact with content on our website. We keep records of mailings we sent you and in the case of emails we also keep a record of which you have opened and which links you have clicked on.
• We may occasionally receive information about you from third parties. This could include third party research companies who provide general information compiled using publicly available data. For example, this could include searching the internet for details of whether customers work in the local area.
• We may collect sensitive personal data, recognised under Data Protection law as information about health, race, religious beliefs and political opinions. We do not usually collect this type of information unless there is a clear reason for doing so, for example if we need to request health information from participants in a workshop. We may also request this information as part of data gathering for surveys. In these cases, data would be anonymised and could not be linked back to a specific individual.
When you attend events, we may take photographs of the audience group which may include identifiable individuals. These photographs could be used for several different purposes, including marketing, reporting and archiving. We will always give notice of photography at our events and our photographers will be clearly identifiable. Photographs will not be linked to individuals by name without prior consent.
The purpose of processing your data
As a participant, we only collect information that we need to carry out our business. We need personal details from you in order to fulfil our obligations to you. This includes providing you with information about the organisation, and your interaction with us on projects and may also extend to understanding how best to support you in order to participate in one of our projects.
The basis under which we process any data could be one of three ways, there are examples of each below.
When you make a purchase from us or give us a donation, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example, we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.
In certain situations we collect and process your personal data for purposes that are in our legitimate organisational interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. Below there are descriptions of instances in which we may use this basis for processing.
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving them during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently sent you, or you can alternatively use the contact details at the end of this policy.
We may also contact you about our work by telephone however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases.
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyse data we hold about you in order to identify and prevent fraud.
In order to improve our website we may analyse information about how you use it and the content and ads that you interact with.
We may use profiling techniques or third party wealth screening and insight companies to provide us with information about you that will help us to communicate in a relevant way with you, in particular when we are approaching you about potential philanthropic support. Such information is compiled using publicly available data about you.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by our interests. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
To our own service providers who process data on our behalf and on our instruction (for example our ticketing system software provider). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies). Please note this could include information required for Test and Trace purposes to help stop the spread of COVID-19.
To specific named partner companies whose performances you have attended. In these cases we will always ask for your explicit consent before doing so.
Our online sales system is powered by Spektrix Ltd and requires cookies to be enabled or for a cookie exception for “system.spektrix.com” to be added. Cookie technology is used to keep track of your order as you proceed through the online booking process. The system.spektrix.com cookie expires as soon as you close your browser.
Visiting spitalfieldsmusic.org.uk with your browser set to accept cookies, indicates that you consent to receiving cookies from us for purposes as described above.
Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried our securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here.
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.
Maintaining your personal information
We store your personal information indefinitely such that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.
If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively please use the contact details at the end of this policy.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
Collecting information for NHS Test and Trace purposes due to COVID-19
Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
Rights to your personal information
You have the right to request a copy of the personal information that we hold on you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
Contact details and further information
Spitalfields Music, Oxford House, Derbyshire Street, London, E2 6HG
Tel: 07311 622393