We are committed to respecting your privacy and the security of your personal data, and this policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed.
For the purpose of the General Data Protection Regulation (GDPR), and the Data Protection Act 1998, the Data Controller is ‘The Music Arts and Culture Trust Sunderland (MAC Trust)’ the venue owner. The data processor is Pub Culture, the venue operator.
Information we collect from you:
- Information you give through the completion of forms on the website, or as part of the registration and ticket booking process, or when making enquiries for additional information or services.
- This information includes your name, email address, telephone number, address, or any other required data. In the event of any form of contact with us, information and personal details you send us may be retained in our records.
- Transaction Information: Details about your purchases and bookings.
- Financial Information: Credit card details, billing information.
- Additionally, we collect information regarding your website visits, including but not limited to traffic data, location data, weblogs, and other communication data. We may also record the pages and services on the website that you visit and use.
Data Obtained from External Sources
We will acquire personal information from Spektrix, our event booking partner, as they provide us with your personal data when you book one of our events through their platform.
Lawful basis for processing
We rely on your consent as the lawful basis in order to send you email newsletters, or where you have agreed to take part in a survey for the processing of the submitted data.
Performance of Contract
We depend on the "performance of a contract" to gather, utilise, and share your personal data, solely as outlined in this policy, to deliver our services or to receive services from you based on an agreement.
We rely on "legitimate interest" in the following situations:
When delivering our services under an agreement with an organization that has enlisted your services, we gather, use, and share your personal data in accordance with this policy.
If you reach out to us, we utilise and process your contact details to engage with you, addressing your enquiries and providing relevant information in response.
Purposes of Processing
The information you provide to us may be used for the following purposes:
- Providing our service to you.
- Guaranteeing optimal presentation of our website.
- Providing you with requested information, as well as those we believe may be of interest to you.
- Fulfilling our responsibilities with any contracts established between you and us.
- Informing you of any alterations to our service.
Whenever we send you marketing information, whether via email, post or text, we will provide you with an opportunity to object to this use of your personal data. We will not send you email updates or any other marketing communications if you indicate that you do not wish to receive them. You can change your marketing preferences anytime, by contacting firstname.lastname@example.org
We have a legitimate business interest to use photos of our venues and events in marketing documents, communications, in annual reports and on our website or publicity documents. If you visit a venue or attend an event where we may be taking photos, you will see signs notifying you of this. If you are identifiable from any image that we wish to use, we will take every reasonable step to ask for your consent to use this image.
Disclosure of your personal data
Pub Culture will manage your personal data securely to contact you only for the purposes of your relationship with us, and in line with your marketing preferences. We will share this data with our Data Controller (MAC Trust).
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Analytics and search engine providers that assist us in the improvement and optimisation of our website.
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If all, or substantially all, of our assets are acquired by a third party, in which case personal data held by us about our stakeholders will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or to protect the rights, property, or safety of our stakeholders, or others.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not transfer personal data outside the European Economic Area (EEA).
We only keep your personal data as already indicated above, for as long as is necessary for the purposes which it is provided. We will contact you from time to time to make sure you want to stay on our marketing database, and by law we must keep basic information about our stakeholders for six years after they cease being stakeholders for tax purposes.
As we continue to update and revise our data protection procedures and practices, we may update this retention policy. Please check back from time to time or contact us to see how long your data may be held on file.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, for historic, research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We work with third-party suppliers who may also set cookies on our website. These third-party suppliers are responsible for the cookies they set on our website. If you want further information, please go to the website for the relevant third party.
Third Party Links
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You have the right to:
- Request access to your personal data, known as a “data subject access request”.
- Request correction of any inaccurate personal data that we hold about you.
- Request erasure of your personal data where there is no good reason for us continuing to process it. We may not always be able to comply with your request of erasure for legal reasons.
- Object to processing of your personal data where we are relying on a legitimate interest. In some cases, we may demonstrate that we have compelling grounds to continue processing your information which override your request.
- You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request restriction of processing of your personal data while we establish the data’s accuracy; if our use is unlawful; to hold it on file in order to establish, exercise or defend legal claims; while we process your request to object to processing based on a legitimate interest.
- Withdraw consent at any time where we are relying on consent to process your personal data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).