Purpose Of Policy
We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do – both on and off stage. As a charity, it also helps us to engage with potential donors and supporters.
The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
• What information we may collect about you.
• How we may use that information.
• In what situations we may disclose your details to third parties.
• Information about how we keep your personal information secure, how we maintain it and your rights to be able to access it.
If you have any queries about this policy, please contact the Marketing Manager (Data Controller) here at the Cheese & Grain or email: firstname.lastname@example.org
Who We Are
Cheese & Grain is a not for profit social enterprise and registered charity, overseen by a Board of Trustees.
Our registered charity number in England and Wales is 1108074 and we are also registered as a company in England and Wales under registration number 473751.
We collect various types of information and in a number of ways:
Information you give us
When you register on our website, buy tickets or donate, we’ll store personal information you give us such as your name, email address, postal code, telephone number, date of birth and card details.
Card details are collected securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find out more information on this standard here: https://www.pcisecuritystandards.org/pci_security/
We will also store a record of your purchases and donations.
Information about your interactions with us
When you visit our website, we collect information about how you interact with our content and ads.
When we send you a mailing, we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not collect this type of information about our patrons.
There are three bases under which we may process your data:
1. Contract purposes
When you make a purchase from us or donate to us, you are entering into a contract with us. To perform this contract, we need to process and store your data. For example, we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payments.
2. Legitimate business interests
In certain situations, we collect and process your personal information for purposes that are in our legitimate organisational interests. However, we only do this if there is no overriding prejudice to you by using your personal information this way. We describe below situations where we may use this basis for processing.
3. With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about (permission to contact by email, permission to contact via post).
We ask for your consent to contact you via post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy or access your account online and amend your contact preferences. In the case of email, we will also give you an opportunity to opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We may also contact you by telephone, but we will always get explicit consent from you before doing this. Please bear in mind that does not apply to telephone calls that we may need to make to you related to your purchases (as above).
Other Processing Activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisation interests:
• We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
• We may analyse data we hold about you to identify and prevent fraud.
• In order to improve our website, we may analyse information about how you use it and how you access the content and interact with it.
• We may use profiling techniques or third-party wealth screening and insight companies to provide us with information about you that will help us to communicate in a relevant way with you when we are approaching you about potential philanthropic support. Such information is compiled using publicly available data about you.
In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
• To our own service providers who process data on our behalf and on our instructions (for example our ticketing system software provider). In these cases, we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
• Where we are under a duty to disclose your personal information to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well as to provide website operators with information on how the site is being used.
Cookies help to improve your visit to our website by helping with the following:
• Remembering settings, so you don’t have to keep re-entering them whenever you visit a new page.
• Remembering information, you’ve given (e.g. your postcode) so you don’t need to keep entering it.
• Measuring how you use the website so we can make sure it meets your needs.
Please note that cookies can’t harm your computer and we do not store personally identifiable information in cookies we use on Cheese & Grain website.
Your Debit And Credit Card Information
If you use your credit or debit card to purchase from us or to donate, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find out more information on this standard here: https://www.pcisecuritystandards.org/pci_security/
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members can see you full card number. We never store your three or four-digit security code.
Maintaining Your Personal Information
We store your personal information indefinitely such that for any subsequent purchases you make we can link them back to a single unique record that we hold for you on our system.
If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively, please use the contact details at the end of this policy.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
Security Of Personal Information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
Your Rights To Your Personal Information
You have a right to request a copy of personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.
Contact Details And Further Information
Marketing Manager (Data Controller)
Cheese & Grain , Market Yard, Justice Lane, Frome, Somerset BA11 1BA