Under the General Data Protection Regulation (GDPR), we have a legal duty to protect any personal data that we collect from you, to be explicit about what purposes we’re using it for and to make it easy for you to opt out from receiving communication from us at any time. In this context, personal data refers to any information relating to an identifiable person, whether directly or indirectly.
This page explains how we protect and respect the data we collect from you.
- Whose information do we collect?
- What personal data do we collect about you?
- How will we use the personal data about you?
- Access to your personal data and correction
- Encryption on payment processing
- Transferring of information out of the European Economic Area (EEA)
- Other websites
- Add additional sections – CCTV and photography if required
- How to contact us
Whose information do we collect
We collect personal information about the following categories of people:
- Audience members
- Café bar patrons
- Gallery visitors
- Participants in learning & engagement activities
- Participants in customer surveys and feedback forms
- Hirers/tenants of spaces in our building
- Supporters – Friends, donors
- Other stakeholders
What personal data do we collect about you?
Depending on which activity you engage with, we may collect some or all of the following information:
- Biographical – name, title, previous last name, date of birth or age, gender, ethnicity, religion, faith, or information that indicates your socio-economic status.
- Contact details – postal address, email address, phone number.
- Access requirements.
- Record of donations or payments (payment for tickets, food and drink and regular donations are managed through a third party – bank account details are retained only for the purposes of processing direct debits and details are held on a secure server).
- Attendance at events, and attendance in areas across the building (gallery, café bar, etc).
We’ll only collect this information when there’s a legitimate reason for doing so.
How will we use the personal data about you?
We collect personal data about you to process any order you make, to enable you to use our services and to let you know if there are any changes to our events or services (for instance a change in start time or very occasionally regarding a cancellation).
Marketing & Fundraising
We’ll also collect personal data about you, if you agree, so we can email you about our forthcoming events and services we think may be of interest to you. We’d also like to contact you from time to time regarding our fundraising activities. We’ll only do this if you’ve given your consent when asked at the initial point of contact. If you’ve consented to receive marketing or fundraising information, you may opt out later. You’ll also be offered the opportunity to opt-out every time we communicate with you. If you have an online account, you can also log in at any time and update your preferences.
In relation to personal data voluntarily given through customer surveys and feedback forms, this data is used to inform future programme plans and improve services and is occasionally shared with stakeholders as it’s sometimes required as a condition of funding. In these instances, all data is anonymised, with no identifiable data being passed on. For the purposes of competitions, personal data is collected for that specific purpose and destroyed after completion.
We’ll never share your personal data with external companies other than those selected to process our customers details for the purposes of ticket or product transactions (Spektrix); room hire (Artifax); and café bar transactions (Tevalis and Qikserve). We’ve put in place contractual arrangements with these organisations to ensure that your data is secure and always protected. Requests for information to be removed from these systems should be made directly to us.
Suppliers who hold contractual arrangements with us include:
Spektrix processing ticket and product purchases.
DotDigital combined with Spektrix to send Newsletters and keep in touch via email.
Artifax processing room and office hires.
Tevalis processing café bar transactions.
Qikserve processing café bar transactions online.
Breathe HR system recording holiday and sickness of our employees.
Sage processing of invoices.
RotaReady rota system which records details of staff contact information and pay.
We won’t share your personal data for marketing purposes with external companies.
We use ‘Cookies’ on our website to allow us to see how our website is used and to improve our services to you. None of this information identifies you personally. For more information see below.
Access to your personal data and correction
You have the right to request a copy of the personal data that we hold about you. If you’d like a copy, please email or write to us at the following address, c/o Data Manager, Chapter, Market Road, Cardiff CF5 1QE.
We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove data you think is inaccurate by contacting us on the address above, by calling our Information Desk on 029 2031 1050 or by emailing [email protected]
Access to your personal data and correction
You have the right to request copies of any of your data held by chapter. If you would like to request this, please email [email protected].
If you no longer want us to use or process your data, you can opt out at any time via the unsubscribe link included in emails or contact the Data Protection team on [email protected].
Transferring of information out of the European Economic Area (EEA)
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted during transit using TLS 1.2 encryption. Where we’ve given you (or where you have chosen) a password which enables you to access certain parts of our site, you’re personally responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the internet and the transmission of information via the internet is not fully secure. Although we’ll use reasonable endeavours to protect your personal data and prevent unauthorised access to it by storing it on a secure server which is password protected and hidden behind a firewall, we can’t guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Messages delivered to us via our ticketing system will be stored within the EEA on our email provider’s servers.
Where your information is stored
Your information is stored on secure, password protected databases and networks. Access to the information is given only to staff with the appropriate authorisation. Data is held mainly in the United Kingdom with some on servers within the European Union.
Cookies are small text files stored by your web browser (eg Internet Explorer, Chrome, Safari, Firefox) on your computer, tablet or mobile phone to enable functionality on a website (for example storing user preferences).
A Cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the Cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log Cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website so that we can tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you don’t. A Cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline Cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline them if you prefer. This may prevent you from taking full advantage of the website.
We may also use pixel tags in order to improve our Facebook and Instagram advertising and make it more relevant to you. You can turn off consent for these tags via your Facebook account. Facebook have published a guide on how you can change these settings, which you can read by clicking here.
Our website uses Google Analytics to collect statistical data – please visit Google Analytics Terms of Service for full details.
We use a mixture of essential and non-essential Cookies as part of the booking process in order to ensure you have the best possible experience.
In order to keep track of your order it’s essential that we store a ‘Session Cookie’ on your computer. This Cookie will last for 24 hours.
A Session Cookie is erased when the user closes the web browser. The Session Cookie is stored in temporary memory and is not retained after the browser’s closed. Session Cookies do not collect information from the user’s computer.
We use a few non-essential Cookies to customise your booking experience and help make it easier and more enjoyable for you. These extra Cookies are used to store things like your login details, so you’ll be automatically logged in each time you visit our site.
Before storing any of these Cookies for the first time, we’ll alert you and ask your permission before proceeding. If you don’t wish to store these Cookies you won’t be able to use that feature, but the rest of the site will continue to work correctly.
Chapter operates CCTV camera surveillance throughout the building and on the perimeter of the premises. The system is in place for the purposes of reducing the threat of crime generally, protecting our premises and helping to ensure the safety of our staff and visitors. The images are stored securely and monitored in a controlled space. Images may be shared with South Wales Police if required for the investigation of crime.
Chapter uses photography and film at events to promote its activities, build new audiences and report to funders. These images may be used on our website, social media channels, in press releases and in written reports to funders. Any events being photographed will be clearly signposted to make you aware at the time. You may request not to be photographed. We will seek parental consent to take photographs of children and young people under the age of 18.
How to contact us
by email – [email protected]
by phone – 029 2031 1050
by post – Data Enquiry, Chapter, Market Road, Cardiff CF5 1QE