St Mary’s University, Twickenham
Privacy Notice for The Exchange Twickenham

The Purpose

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We are collecting your basic personal data such as your name, email address/contact details via our Third-party Ticketing system TicketSource or Mailing List in order to process your request for Tickets to a performance or events held at The Exchange. If you have signed up for our Mailing List your personal data will be used for marketing purposes for The Exchange only and We will only collect data that we need in order to provide and oversee this service to you.

Legal basis for processing your data

We must have a legal basis for processing all personal data. In this instance, the legal basis is Consent: You have given us your consent for processing your personal data. We will only send you marketing communications about our productions and events if we have record of you having agreed to receive communications, or if we believe there is a legitimate interest (see Opting into and out of marketing communications below). If you have given us your contact preferences (by post, email or telephone), we will only use your preferred method of contact.

Opting into and out of communications: When purchasing tickets, you are given the opportunity to opt-in to receiving news and information from The Exchange/St Marys University. You will only be contacted in this regard if the relevant box has been ticked, or if you have not specified whether you would like to receive information, in line with ‘legitimate interest’ rules for postal communications and the ‘soft opt-in’ rule for email communications. To opt out please contact us via email exchangetwickenham@stmarys.ac.uk or if you have signup up to our mail list and would like to opt out of marketing communications at any time by clicking the ‘unsubscribe’ link included in each email, or by updating your contact preferences.

Other communications: If you have opted out of marketing communications, we may still get in touch with you. For example, we may email you to give you important information about the events you’ve booked or to tell you about any changes. You may be included in our market research (such as our audience survey, which we use to improve our service) even if you have opted out of marketing communications. You will be given the opportunity to opt out in any message you receive from us.

What we do with it and who we share it with

All the personal data you submit is processed by staff at St Mary’s University, Twickenham. (Access to your personal information is limited to staff who have a legitimate need to see it for the purpose of carrying out their job at St Mary’s University, Twickenham.) Access by a Third Party to your personal data you’ve submitted is only shared if you have informed us that this is permitted by opting into receiving information by a Third party, who will be clearly listed.

Data transfer: We do not transfer your personal data outside the European Economic Area (EEA).

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have established procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We store papers in lockable cabinets in our offices when not being actively used and we
have a secure document storage facility for archived papers. Our offices are secure and only personnel holding appropriate security passes can access areas where personal data are stored. When necessary, we dispose of or delete your data securely. We ensure that our employees, agents and contractors are aware of their privacy and data security obligations and we take reasonable steps to ensure that employees of third parties working on our behalf are aware of their privacy and data security obligations. We limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know

How long do we keep it for

Your data will be retained by the University for 7 years. After this time, data will be securely deleted.

What are your rights?

You have the right to request to see a copy of the information we hold about you and to request corrections or deletions of the information that is no longer required.

If you provide consent for us to use your personal data in the ways outlined above you have the right to subsequently withdraw you consent.

In some circumstances you may have the right to object to the processing of your personal data, to request it is erased where it is no longer required for the stated purposes, or that inaccurate information about you is corrected.

You have the following rights:

• access to your data
• rectification
• erasure
• restriction of use
• objection to use
• data portability

If you wish to exercise any of these rights, please submit your request to GDPR@stmarys.ac.uk

Complaints

If you wish to raise a complaint on how we have handled your personal data, you can contact the University Data Protection Officer who will investigate the matter.

Our Data Protection Officer can be contacted at GDPR@stmarys.ac.uk

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO