Updated September 2020
Under the General Data Protection Regulation (GDPR), we have a legal duty to protect any personal data that we collect from you, to be explicit about what purposes we are using it for and to make it easy for you to opt out from receiving communication from us at any time. In this context, personal data refers to any information relating to an identifiable person, whether directly or indirectly.
This page explains how we protect and respect the data we collect from you.
Whose information do we collect
We collect personal information about the following categories of people:
What personal data do we collect about you?
Depending on which activity you engage with at Chapter, we may collect some or all of the following information:
We will only collect this information when there is a legitimate reason for doing so.
How will we use the personal data about you?
We collect personal data about you to process any order you make, to enable you to use Chapter services and to let you know if there are any changes to our events or services (for instance a change in start time or very occasionally regarding a cancellation).
Covid 19 – Test and Trace
In light of Covid 19 Chapter is also now legally obliged to collect data to support NHS Test and Trace and when you visit Chapter you will be asked to provide your name and contact details using either:
Chapter is required by law to hold records for 21 days. Records will be stored on the system relevant to your use of Chapter (via ticketing, café bar etc). This reflects the incubation period for Covid 19 (which can be up to 14 days) and an additional 7 days to allow time for testing and tracing. After 21 days, this information will be securely disposed of or deleted. This will be done in a way that does not risk unintended access (for example shredding paper documents and ensuring permanent deletion of electronic files).
If you provide your details directly to Chapter, the following will apply.
We will also collect personal data about you, if you agree, so we can email you about other Chapter events and services we think may be of interest to you. We would also like to contact you from time to time regarding our fundraising activities. We will only do this if you have given your consent when asked at the initial point of contact. If you have consented to receive marketing or fundraising information, you may opt out at a later date. You will also be offered the opportunity to opt-out every time we communicate with you. If you have an online account, you can also log in at any time and update your preferences.
In relation to personal data voluntarily given through customer surveys and feedback forms, this data is used to inform future programme plans and improve services and is occasionally shared with stakeholders and is sometimes required as a condition of funders. In these instances, all data is anonymised, with no identifiable data being passed on. For the purposes of competitions, personal data is collected for that specific purpose and destroyed after completion.
We will never share your personal data with external companies other than those selected to process our customers details for the purposes of ticket or product transactions (Spektrix); room hire (Artifax); café table bookings (Resdiary) and café bar transactions (Tevalis and Yoello). We have put in place contractual arrangements with these organisations to ensure that your data is secure and protected at all times. Requests for information to be removed from these systems should be made directly to Chapter.
Suppliers who we hold contractual arrangements with include:
Processing ticket and product purchases
|DotDigital||Combined with Spektrix to send Newsletters and keep in touch via email.|
|Artifax||Processing room and office hires|
|Tevalis||Processing Café Bar transactions|
|Yoello||Processing Café Bar transactions online|
|Breathe||HR system recording holiday and sickness of Chapter employees|
|Sage||Processing of invoices|
|RotaCloud||Rota system which records details of staff contact information and pay details (to eventually be replaced by RotaReady)|
|RotaReady||Rota system which records details of staff contact information and pay details|
|ResDiary||Processing Café Bar table bookings- credit card details may be required on certain bookings|
Chapter will not share your personal data for marketing purposes with external companies.
We use ‘Cookies’ on our website to allow us to see how our website is used and to improve our services to you. None of this information identifies you personally. For more information see below.
Access to your personal data and correction
You have the right to request a copy of the personal data that we hold about you. If you would like a copy of the personal data that we hold on you, please email or write to us at the following address, c/o Data Manager, Chapter, Market Road, Cardiff CF5 1QE.
We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove data you think is inaccurate by contacting us on the address above, by calling our Box Office on 029 2030 4400, or by emailing email@example.com
Encryption on payment processing
Your payment details are processed by Secure Sockets Layer (SSL). SSL is a security protocol used by Web browsers and Web servers to help users protect their data during transfer. An SSL Certificate contains a public and private key pair as well as verified identification information. When a browser (or client) points to a secured domain, the server shares the public key with the client to establish an encryption method and a unique session key. The client confirms that it recognises and trusts the issuer of the SSL Certificate. This process is known as the ‘SSL handshake’ and it can begin a secure session that protects message privacy and message integrity.
Transferring of information out of the EEA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted during transit using TLS 1.2 encryption. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site. You are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the internet and the transmission of information via the internet are not fully secure. Although we will use reasonable endeavours to protect your personal data and prevent unauthorised access to it by storing it on a secure server which is password protected and hidden behind a firewall from the outside world, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Messages delivered to us via our Ticketing system will be stored within the European Economic Area on our email provider’s servers.
Cookies are small text files stored by your Web Browser (e.g. Internet Explorer, Chrome, Safari, Firefox) on your computer, tablet or mobile phone to enable functionality on a website (for example storing user preferences).
This website includes functionality to interact with social media websites such as Facebook, Twitter, Disqus and uses Share This services that allow interaction with a wide range of third party social media websites. You should be aware that those sites may also set Cookies while you're using this website, again to improve functionality. Chapter is not responsible for these third party Cookies and you have the option not to enable them although this may affect functionality. For more details please consult the privacy policies of the various services in question.
This website includes video/audio content from You Tube or Vimeo you should be aware that those sites may set Cookies while you're using this website, again to improve functionality. Chapter is not responsible for these third party Cookies and you have the option not to enable them although this may affect functionality. For more details please consult the privacy policies of the various services in question.
In direct relation to Chapter’s own website, you can restrict or block the Cookies used by the website through your browser settings but this will impact your user experience. The Help function within your browser should tell you how.
Spektrix Ticket Sales
We use a mixture of essential and non-essential Cookies as part of the booking process in order to ensure you have the best possible experience.
In order to keep track of your order it is essential that we store a ‘Session Cookie’ on your computer. This Cookie will last for 24 hours.
A Session Cookie is erased when the user closes the Web browser. The Session Cookie is stored in temporary memory and is not retained after the browser is closed. Session Cookies do not collect information from the user’s computer.
We use a few Non-essential Cookies to customise your booking experience and help make it easier and more enjoyable for you. These extra Cookies are used to store things like your login details so you will be automatically logged in each time you visit our site.
Before storing any of these Cookies for the first time, we will alert you and ask your permission before proceeding. If you do not wish to store these Cookies you will not be able to use that particular feature, but the rest of the site will continue to work correctly.
How to contact us
by email – firstname.lastname@example.org
by phone – 029 2030 4400
by post – c/o Chapter, Market Road, Cardiff CF5 1QE