Last Updated May 2018
Purpose of policy
We are committed to protecting your personal information and being transparent about what information we hold about you.
Using personal information allows us to develop a better understanding of our customers and in turn to provide you with relevant and timely information about the work that we do.
The purpose of this policy is to give you a clear explanation of how we collect and use the information we collect from you directly and from third parties.
We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:
What information we may collect about you
How we may use that information
In what situations we may disclose your details to third parties
Information about how we keep your personal information secure, how we maintain it and your rights to be able to access it
Who we are
Top Secret Comedy Club Ltd. We are registered in England and Wales under registration number 07940618 and our registered office is at 3rdFloor, 20Bedford Street, London, WC2E 9HP
We collect various types of information and in many ways:
Information you give us
For example, when you register on our website, buy tickets or sign up to receive our regular newsletter, we’ll store personal information you give us such as your name, email address, postal address, telephone number and card details. We will also store a record of your purchases.
Information about your interactions with us
For example, when you visit our website, we collect information about how you interact with our content. When we send you a mailing we store a record of this, and in the case of emails, we keep a record of which ones you have opened and which links you have clicked on.
Information from third parties
We occasionally receive information about you from third parties. For example, we may use third-party research companies to provide general information about you, compiled using publicly available data.
Sensitive personal data
Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our customers unless there is a clear reason for doing so.
There are three bases under which we may process your data:
When you make a purchase from us, you are entering into a contract with us. In order to perform this contract, we need to process and store your data. For example, we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment.
Legitimate business interests
In certain situations, we collect and process your personal information for purposes that are in our legitimate organisational interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.
With your explicit consent
For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, once opted-in we will give you an opportunity to opt out of receiving emails during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We may also contact you about our work by telephone however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases (as mentioned above).
Other processing activities
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
We may analyse data we hold about you to identify and prevent fraud.
To improve our website, we may analyse information about how you use it and the content and ads that you interact with.
We may use profiling techniques using publicly available data about you.
In all the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.
There are certain circumstances under which we may disclose your personal information to third parties. We do not share (and have never shared) personal data we collect with any third party for marketing or promotional reasons. The only circumstances we would disclose information is for the following:
To our own service providers who process data on our behalf and on our instructions (for example our ticketing system software provider). In these cases, we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
Where we are under a duty to disclose your personal information to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used.
Your debit and credit card information
If you use your credit or debit card to purchase from us, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI- DSS). You can find more information about this standard.
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members can see your full card number. We never store your 3 or 4-digit security code.
Maintaining your personal information
We store your personal information indefinitely such that for any subsequent purchases you make we can link them back to a single unique record that we hold for you on our system. If there are aspects of your record that are inaccurate or that you would like to remove, you please use the contact details at the end of this policy.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.
Security of your personal information
We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area.
Your rights to your personal information
You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected.
A fee (£5 per named person request) is applicable for administration purposes only, we will inform you (in writing only, within 14 days) to the account listed address. Please note a request cannot be processed until payment is received.
The request will cover; personal data being processed, the reason/s it is being processed, and whether it will be given to any other organisations or people.
An individual can also request information about the reasoning behind any automated decisions.
We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 40 calendar days of receipt unless there is a reason for delay that is justifiable under The Data Protection Act 1998, General Data Protection Regulation 2018 (GDPR). However, some types of personal data are exempt from the right of subject access and so cannot be obtained by making a subject access request. For more information, please see ICO Exemptions www.ico.org.uk/for-organisations/guide- to-data- protection/exemptions
If a disabled person finds it impossible or unreasonably difficult to make a subject access request in writing, we will make a reasonable adjustment for them under the Equality Act 2010. This could include treating a verbal request for information as though it were a valid subject access request. We will respond in a format which is accessible to the disabled person, such as Braille, large print, email or audio formats.
How to Access your Personal Information (Subject Access)
The Data Protection Act 1998, General Data Protection Regulation 2018 (GDPR), gives you the right to see the information that The Top Secret Comedy Club Ltd holds about you and why. Requests (sent by email, fax, social media is as valid as one sent in hard copy) must be made in writing (not verbally) and you will need to provide:
Adequate information [for example full name, address, email address, phone number, customer ID, etc.] so that your identity can be verified and your information located.
Copy of Photographic ID
An indication of what information you are requesting to enable us to locate this in an efficient manner.
Information for job applicants
The Top Secret Comedy Club Ltd will process information provided by applicants for the management of their application and the subsequent selection process. This involves providing details to the short-listing and selection panels. Other details are kept helping fulfil our obligations (legally and reporting to our funding bodies) to monitor equality and diversity within the organisation and in the application process.
You can find more information about the use of personal data throughout the application process. Information will be retained on interview performance and the application in line with the retention periods set out.
For more information about your application and personal data we hold use the contact details below.
Security of your information
We take our duty to protect your personal information and confidentiality seriously.
We are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
We have appointed a Data Specialist within the company who is accountable for the management of all information assets and any associated risks and incidents. All our staff are also required to protect your information, and inform you of how your information will be used. This includes, in most circumstances, allowing you to decide if and how your information can be shared. Everyone working for The Top Secret Comedy Club Ltd is subject to the common-law duty of confidentiality. Information provided in confidence will only be used for the purposes advised and consented to by the service user in accordance with the Privacy and Electronic Communications Regulations (PECR) unless it is required or permitted by the law.
Contact details and further information
The Data Specialist,
The Top Secret Comedy Club 170A Drury Lane