Welcome to Christmas at Bute Park’s Privacy Notice. You might be viewing this through our website or mobile application (which we’ll collectively call ‘’Platform’’ in short).
We consider the protection of your privacy to be extremely important. We are bound by and use your personal data in accordance with the Data Protection Act 2018 and the General Data Protection Regulation 2016/679 of April 27th 2016 (the “GDPR”).
We want to inform you as much as possible, respect you and give you control over what happens to your personal data and what you share with us.
Our Privacy Notice is designed to make you aware of what data we are collecting and how we collect it.
1.2 What personal data do we collect and how?
We currently collect and process the following information:
- Personal identifiers, contacts (for example, name and contact details, address, age)
- Banking details
- Health data (only in limited cases i.e. if this is required under law)
- Your parent’s details if you are under 18
1.3 Information you give us
We will collect your personal data directly from you when you:
- create and place an order;
- sign up to create an account or log in to your account;
- subscribe to our newsletters or to mailing lists;
- subscribe to a waiting list for an event;
- participate in a competition; promotion or survey;
- send an email, phone or online request to our customer service team or our social media channels; and
- visit our websites and apps
1.4 Other information we collect about you and information we receive from third-party sources
We also receive personal information indirectly, from the following sources:
- From your social media account when you register for an event to our Platform by signing in through it;
- From our trusted ticket agents and service providers to deliver the goods and services requested;
- From other festivals and events within our Superstruct Entertainment Group if you have agreed that you want to hear more from our events;
- From other third parties outside our Group where you have agreed to them to share your information with us for marketing purposes;
- Government, tax or law enforcement agencies.
2.1 What do we use your data for?
- Service and Operational Purposes:
- to provide you with your event ticket or any other goods, services and information that you have requested from us;
- to manage your entry to our events, including age and identification verification;
- to provide you customer service and support, deal with enquiries or update you of changes to our events, our Platform or other services;
- to improve and update our Platform and to make sure that content from our Platform is presented to you in the most effective and optimal manner
- Third-party promotions:
We will share your personal data with third parties for their own marketing and promotional purposes only after you have given us your consent. If you opt-in to any third-party communications, you can opt out at any time by following instructions in the third-party communications received.
- To protect your vital interests
If you feel unwell during the event and visit our first aid tent, we might need to collect some health data.
If you have entered a competition or prize draw that we have organised, we will use the personal data that you have provided to us in order to contact you to let you know whether you have won a competition or prize draw that you have entered and so allow us to both perform the contract for the prize and as necessary for our legitimate interests to allow us to encourage customer demand and develop our business.
- Direct Marketing Purposes (via email/phone)
- Legal Purposes:
We may use your information to enable us to enforce our legal rights, and/or to protect the rights, property or safety of our employees and/or other third parties. To ensure your health and safety during the event we will process any health or mobility information you provide us to comply with our legal obligations.
2.2 Legal grounds for processing your personal information
We will only use your personal data when the law allows us to. Under the DPA 2018 and the GDPR the lawful bases we rely on for processing this information are:
(a) Your consent i.e. for marketing from third parties. You are able to remove your consent at any time by contacting us [see more about your right to withdraw on section 6];
(b) We have a contractual obligation.(i.e. to successfully book and deliver your tickets);
(c) We have a legal obligation (i.e. to detect fraud, or tax purposes);
(e) We need it to perform a public task;
(f) We have a legitimate interest (i.e. for direct marketing when you have bought tickets) and your interests and fundamental rights do not override those interests.
3. Who will your data be shared with?
We share this information with:
- selected third parties that we work with, so we are able put on the events you love and choose to attend. For example, when you register to attend an event we host, we might need to share your information with third party sub-contractors or service providers that help us to put on our Events (such as venue or security staff);
- When required by the travel providers (such as the event organiser, promoter, hotels, transport company) in order to confirm your booking and to fulfil their part of your contract, your personal data may be shared with them;
- We may also share your data with third parties who provide services to us in connection with making your booking such as payment and ticketing providers;
- Other festivals and event organisers within our Superstruct Entertainment Group if you have consented for us to do so;
- Any other third-party outside our Group that you have given your consent to share your information with for marketing purposes;
- Any other third parties and governmental institutions to comply with our legal obligations and enforce our legal rights (i.e. tax obligations).
Before sharing any of your personal data with external providers, we require our providers to sign an agreement confirming that your data will be kept secure.
4. How do we protect your personal data?
We take all reasonable and appropriate technical and organisational measures to protect the security of your personal information throughout the course of our business. Technical safeguards are for example restrictive access, encryption, antivirus software, regular testing and evaluation.
In case we transfer your information to a country which is outside the UK or the EEA we have put in place contractual agreements or other measures with any recipients of your information to ensure your personal data will be equally protected.
5. How long will we keep your personal data for?
Your information is securely stored online via EmailOctopus.
We keep email data for as long this is necessary for the purpose we collected it. We will then dispose your information by removing all files and back-ups from our cloud storage.
6. What are your rights?
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you before you can complain at the relevant Supervisory Authority.
Under data protection law, you can exercise the following rights:
Your right to withdraw consent- You can withdraw your consent at any given time by contacting our DPO.
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances i.e. if your personal data are no longer necessary for the purpose they were collected for or if you withdraw your consent.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances i.e. if you think that the information we process is inaccurate or unlawful.
Your right to object to processing – You have the right to object to the processing of your personal information only if we process the relevant information on legitimate or public interest grounds.
Your right to data portability – You have the right to ask that we transfer the personal information you directly gave us to another organisation, or to you, if we process the relevant information on consent or contract grounds.
Your right to lodge a complaint – You have the right to lodge a complaintto the supervisory authority if our response doesn’t satisfy your request.
For UK the Supervisory Authority is ICO. The ICO’s contact details are:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow
Cheshire SK9 5AF
ICO website: https://www.ico.org.uk
If you are based or the issue you would like to complain about took place in the European Economic Area (EEA), please click here for a list of local data protection authorities in the EEA countries.
7. How to contact us
Please contact us at email@example.com if you wish to make a request or complain or have any questions on how we use your personal data.
8. How do we keep this privacy notice up to date?
We will keep this privacy notice up to date to reflect changes in our products and services. This notice was last updated on 11/10/22. Should this notice change in any fundamental way, a notice will be displayed for 30 days. We recommend checking this page on our Platform from time to time.