1. What Data Do We Gather?
We may gather, store and use the following kinds of personal data:

·         data about your computer and about your visits to and use of this website;

·         data that you provide to us for the purpose of registering with us;

·         data that you provide to us for subscribing to our website services, email announcements, and/or newsletters;

·         Other data that you provide us for specific purposes (such as script submissions)

2. Cookies
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this data. Google’s privacy policy is available here.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For instance, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, though, have a negative impact upon the usability of many websites.

3. Using your Personal Data
Personal information submitted to us via this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.

We may use your personal information to:

·         allow your use of the services available on the website;

·         send you email notifications which you have specifically requested;

·         send to you marketing or fundraising communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);

·         deal with enquiries and complaints made by or about you relating to the website or to Graeae Theatre Company.

We will not without your express consent provide your personal information to any third parties for direct advertising.

We use MailChimp to collect and maintain data collected from this website. MailChimp generates and stores information and other materials about you when you sign up with us. The information generated relating to what you provide to us. MailChimp will store this data.

Your data is always held securely. Access to customer information is strictly controlled.

We may use your personal information (including your name and contact details) to keep our database up to date and for study. Graeae Theatre Company is a charity and we may use the data we hold on our database to better understand our backers, including for fundraising purposes. This can be based on data provided by you or publically available sources. We may share your personal information with other organisations for research and analysis purposes, but will not share data with any third parties for any purposes other than those that will benefit Graeae Theatre Company. We require that such organisations meet our standards for handling information, and that it is only used for the agreed purpose.

Where the organisation relies on consent as the lawful condition for processing, we should be able to demonstrate and describe how we have reviewed our processes and systems to make sure that consent is freely and unambiguously given for specific purposes, and that we can evidence an affirmative action on the part of the data subject to have indicated consent, and such that data subjects can reasonably understand who is using their personal information, what information, and for what purposes, and using which communications channels. Pursuant these goals, Graeae Theatre Company strives to:

1)    Provide a tick box asking for consent whenever collecting information from individuals and record how and when such consent was obtained, retaining this information together with the record collected

2)    Include an unsubscribe link in all email communications and a phone number in all print communications, allowing for the individual to request cessation of such communications

Where ‘legitimate interest’ is the lawful condition for processing, evidence should be given of the process by which the rights and freedoms of the individual have been weighed against the interests of the company, and how consideration/mitigation of the outcomes of the process have been made. To assist us in determining legitimate interest, we have compiled the following Legitimate Interest Test, which covers our processing of collected data:

Purpose

1)    We are required to process the data we collect (such as names, emails, postal addresses etc.) in order to communicate relevant information of interest to our customers and partners, regarding our activities, productions, events and other pertinent materials

2)    Our customers and partners benefit from this processing, as they are kept up-to-date on our latest activities, productions, and news. We also benefit by creating audiences to experience and appreciate our work.

3)    Processing provides the wider public benefit of allowing us to communicate about our work, which seeks to enrich and contribute to society through theatre, and assists us in disseminating this information to the widest possible potential audiences

4)    This public benefit is deeply important for supporting and advancing the cause of fully accessible, Deaf and disabled-led theatre in a sphere that struggles with diversity

5)    Without the ability to communicate with our potential and past audiences and supporters, we would be unable to promote our offerings to the widest possible audience and therefore the appreciation for and participation in our art form would suffer

6)    The data collected would never be used in an unlawful or unethical manner

Necessity

1)    Processing helps to further our purpose and interest through providing us with the raw material necessary for communication with our potential and future audiences, supporters and partners

2)    The processing of data is reasonable because without such processing the data collected would not be useful

3)    There is not another less intrusive way of obtaining the same result, because basic contact details are required in order to carry out our above stated purposes

Balancing

1)    Our relationship with the individuals whose data we process is that of:

a)    Customer

b)    Partner Organisation

c)    Supporter

2)    Some of the data, including email and postal addresses, is sensitive, but it would be reasonable for anyone supplying such information to expect it to be used for communication of information

3)    If needed, we are happy to explain how exactly such data will be used

4)    It is unlikely that, after providing consent, someone would object to their data being used in this way; however, any such objection shall be treated with the utmost seriousness

5)    There is a small chance that by providing such data individuals are open to being contacted through their email or postal addresses if a data breach were to occur; however, the chance of any such breach is minimal given the security systems in place

6)    It is likely that any such breached data would be used for marketing purposes and there prove a nuisance to the individual; however, there is a small possibility of identity theft that would have larger ramifications

7)    We are not routinely processing the data of children. That being said, we from time to time do collect the data of children in relation to our productions and (especially) workshops. Any such data shall be obtained with the express permission of the child’s parent or guardian and treated accordingly.

8)    Some of the individuals whose data is processed by us are vulnerable and therefore any such data should be treated with the utmost sensitivity, discretion and protection

9)    All data shall be safeguarded with the encryption provided through our mailing hosting service (MailChimp) and on our servers

10) Any individual who does not wish to receive further communications from us may opt-out at any time, as indicated clearly with each email or mailing

On balance, it can be concluded that legitimate interests are an appropriate lawful basis for our processing activities.

4. Disclosures
We may disclose information about you to any of our staff, officers, representatives, contractors, or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose your personal data:

·         to the degree that we are required to do so by law;

·         in association with any legal proceedings or prospective legal actions;

·         in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

Except as provided in this privacy policy, we will not provide your information to third parties.

5. Security of your Individual Data
We will take sensible technical and structural precautions to prevent the loss, misappropriation, or modification of your personal data.

Of course, information transmission over the internet is inherently insecure, and we cannot promise the security of data sent over the internet.

You are accountable for keeping your password and user details private. We will not ask you for your password (except when you log into the website).

6. Policy Revisions
We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are content with any changes.

7. Your Privileges
You may instruct us to provide you with any personal data we hold about you. Delivery of such information will be subject to the supply of appropriate evidence of your identity.

You may instruct us not to process your individual information for marketing or fundraising purposes by email at any time. In practice, you will typically either expressly agree in advance to our use of your personal information for marketing or fundraising purposes, or we will provide you with a chance to opt-out of the use of your personal information for marketing or fundraising purposes.

We retain all data collected for a period of two years, after which information which demonstrates dormancy (for example, the subject has not opened an email from us in two years) is purged from the system.

You have the right to complain to the ICO if you think there is a problem with the way your data is being handled.

8. Third Party Websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.