Privacy Policy

Aldeburgh Cinema Trust – Privacy Policy

Purpose of Policy

Aldeburgh Cinema Trust is committed to protecting your personal data and being transparent about what personal data we hold about you.

Using personal data allows us to develop a better understanding of our customers and turn provide you with relevant and timely information about the work that we do and allows us to fulfil the contracts into which you enter with us.

As a charity, it also helps us engage with potential donors and supporters.

The purpose of this Privacy Policy is to give you a clear explanation about how we collect, store and process your personal data.

We use your personal data in accordance with all applicable laws concerning the protection of personal information. This policy explains:

Who We Are
Personal Data Collection
What Personal Data is Stored
Legal Basis
Failure To Provide Necessary Personal Data
How We Use Your Data and Why
Third Parties
Cookies
How We Keep Your Personal Data Up-To-Date
How We Keep Your Personal Data Safe
Our Data Retention Policy
Your Rights Relating to Your Personal Data
Ask About the Personal Data WE Hold About You
What To Do If You Have a Complaint
Changes To This Privacy Policy

If you have any queries about this Privacy Policy, please contact us using the details in Section 15 of this policy.

Who We Are

Aldeburgh Cinema Trust is a registered charity/ Our registered charity number in England and Wales is 1151433. It is also registered as a company in England and Wales under registration number 8389118.

Aldeburgh Cinema Trust is the Controller (for the purposes of the General Data Protection Regulations (GDPR) of your personal data (referred to as either “Aldeburgh Cinema Trust”, “we”, “us” or “our” in this Privacy Policy).

Aldeburgh Cinema Trust exists to, amongst other services, provide film, live event and festival screenings which are bookable via our Box Office and website. It also operates our supporters’ club, the Friends of Aldeburgh Cinema. Both of these services require the collection, storage and processing of a necessary amount of personal data.

Personal Data Collection

Personal data is collected in a number of ways.

Information you provide

via our website when you join up to our mailing list
when you complete a membership form to join the Friends of Aldeburgh Cinema or renew your membership
via our website or Box Office when you purchase Cinema Tickets
when you have used email or a social media platform to contact us – Facebook, Twitter, Instagram etc
if you have completed a survey, feedback form or questionnaire either online or via a paper survey
via an accident and incident form when you have been involved in an accident or incident on our premises
when you have requested a specific service or information from us

Information about your interactions with us

For example, when an email newsletter or e-shot is sent to you, a record of that is stored, together with a note of which emails have been opened and which links you have clicked on.

Sensitive personal Information

We do not collect or store any “Special Categories of Personal Information” about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Aggregated data

We may also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data, but once in aggregated form it will not constitute personal data for the purposes of GDPR as this data does not directly or indirectly identify you.

CCTV

CCTV operates at Cinema Trust purely for the purposes of security and insurance and is not routinely monitored or reviewed.

What Personal Data Is Stored

You are requested to supply the minimum amount of personal data that is necessary in order to provide the particular service you have requested, or fulfil a contract which you have entered into. For example:

Mailing List

We collect:

Name
Email address

Ticket Purchases

We collect:

Name
Telephone Number
Email address (on some occasions only)

This enables contact with you if there are any changes to a particular screening or event, or if there are any issues with your booking. This data is not routinely used for marketing purposes unless you have already subscribed to one of our services and have provided your consent to receive emails from us.

Friends of Aldeburgh Cinema

We collect:

Full name
Address
Telephone number(s)*
Email address

However, other information may be required in certain circumstances:

Your bank details (to support payment by Direct Debit for subscriptions and donations)
Your address for taxation purposes for the administration of Gift Aid and Gift Aid declaration forms (if different from stated postal address)

Complete credit and debit card information is not stored.

*Not mandatory information

Legal Basis

In respect of each of the purposes for which we use your personal data, we must ensure that we have a legal basis for that use. Most commonly, we will rely on one of the following legal bases:

Where we need to perform a contract, we are about to enter into or have entered into with you (“Contractual Necessity”)
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interest (“Legitimate Interest”). More details about Legitimate Interest can be found below.
Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
Where we have your specific consent to carry out the processing for the purpose in question (“Consent”)

Generally, we don not rely on your Consent as a legal basis for using your personal data (other than in the context of direct marketing-related emails).

Legitimate Interest

In certain situations, your personal data is collected, stored and processed for purposes that are in our legitimate interest, which means conducting and managing our business to enable us to give you the best service possible. However, this is only done if there is no overriding prejudice to you by using your personal data this way.

When your personal data is processed for our legitimate interests, we make sure to always consider and take account of any potential impact on you (both positive and negative) and your rights under data protection laws. Our legitimate interests do not automatically override your interest; we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Failure to Provide Necessary Personal Data

Where we need to process your personal data either to comply with law, or to perform the terms of a contract we have with you and fail to provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you, or fulfil the service that you have requested.

How We Use Your Personal Data and Why

We aim to communicate with you about the work that we do in ways that you find informative, timely and respectful and to manage any contract into which you enter with us in the best way possible, including the use of necessary personal data.

Please find below some examples of the personal data that we collect, store and use and our legal basis for doing this.

Purpose	Category(ies) of Personal Data Involved	Why We Do This	Legal Basis
Management of mailing list	Identity data Contact data	To register you as a new subscriber to our email newsletters, or to update your details upon request (but excluding the email process)	Legitimate Interest
To process and manage ticket sales	Identity data Contact data	To process, manage and deliver your contract and to answer any historical enquiries	Contractual Necessity
Friends of Aldeburgh Cinema administration	Identity Data Contact Data Banking Details (ONLY for Direct Debit payments)	To process and manage all aspects of Friends of Aldeburgh Cinema membership, including the regular direct mailing of paper programmes, but excluding marketing emails	Legitimate Interest
To send e-newsletters and marketing emails	Identity Data Contact Data	To enable us to keep customers informed on screenings, special events and other offers that may be of interest	Consent
To update official bodies (e.g., Health & Safety Executive)	Identity Data Contact Data	To enable us to provide the necessary information to the relevant official body	Compliance with Law
Monitor customer feedback	Identity Data Contact Data Transactional Data	To form a view of the overall standard of quality of our services and to gather customer opinion and feedback	Legitimate Interest
CCTV	Identity Data	To enable CCTV footage to be reviewed as a result of any serious incident or security breach. CCTV is not routinely monitored.	Legitimate Interest

Legitimate Interest is used as the legal basis for collecting and storing necessary personal data, and is also used as the legal basis for communications by direct postal mailing. IN the case of direct postal mailings, you may object to receiving them at any time using the contact details at the end of this policy.

Your consent us used as the legal basis to use your personal data to send emails to you. We will provide you with an option to unsubscribe in every email that we send you, together with details of where to access our Privacy Policy, or you can alternatively use the correct details at the end of this policy.

When you opt out of receiving our marketing emails and newsletters, this will not apply to necessary service or emails that may relate to e.g., membership renewals or purchase queries.

In all of the above cases your rights and interests are kept at the forefront to ensure they are not overridden by our own interests. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details in Section 15 of this policy.

Please bear in mind that if you object this may affect our ability to carry out tasks that are for your benefit, or which allow us to perform a service that you have requested of fulfil a contract.

Third Parties

There are certain circumstances under which personal data may be required to be accessed by, or shared with, third parties. In these cases, we require that these third parties comply strictly with our instructions and with data protection guidelines:

Recipients	Category(ies) of Personal Data we share/can be accessed	Why we share it/it can be accessed	Location(s)
Our Partners	Identity Data Contact Data Banking Details (ONLY for Direct Debit payments)	Our partners help us to provide our services and help manage our customer relationships (including Box Office, web-site hosting and a Direct Debit payment system.)	UK
Professional Advisors	Identity Data Contact Data Donation Data	Our accountants and auditors provide consultancy and accountancy services, including the administration of Gift Aid claims.	UK
HMRC, regulators and other authorities	Identity Data Contact Data Donation Data	Data is provided to HMRC via our accountants for the administration of Gift Aid claims only	UK
Service Providers	Identity Data Contact Data Technical Data	Our service providers offer us IT, system administration and technical/trouble-shooting services in addition to our email marketing system	UK The United States

We do not share or sell your personal data to any other charity or company for marketing purposes.

One or more of our suppliers may operate outside the European Economic Area (EEA). The EEA being the EU plus Iceland, Liechtenstein and Norway. This requires us to ensure they provide on adequate level of protection in accordance with UK data protection law. Where we use service providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US. By submitting your personal data to us you agree to this transfer, storing or processing at locations outside the EEA.

Cookies are small text files that are automatically placed onto your device by some websites that you visit, and as with most organisations, anonymised information is collected about your visits to our website. Cookies can only be read, and therefore used, by a web server.

Cookies are also downloaded by your computer when you visit our website and are stored on your hard drive in order for our website to identify whether you have visited previously, as well as any personal data you have previously provided in the making of a booking. These cookies do not save or store any personal data as such; they take the form of a unique numerical identifier that enables a computer, but not an individual, to be recognised. Cookies do not detect and cannot access any information that you may have on your computer.

Your browser may allow you to disable cookies, but if you choose to do so, this may prevent you from using certain areas of our website.

How We Keep Your Personal Data Up-To-Date

There is a legal obligation under data protection regulations to keep the personal data that is collected accurate and up

-to-date. Amongst other things, it helps us ensure that you are not contacted with inappropriate information and marketing messages, and also prevents us from wasting valuable funds on print and postage.

Your personal data is kept as accurate as possible by the following methods.

By giving you the opportunity at any time to contact us to correct or change your information using the contact details in Section 15 of this policy.
By using information publicly available to us.

How We Keep Your Personal Data Safe

Obligations to keep your personal data safe and secure are taken very seriously.

Access to your personal data is strictly controlled through processes, physical security and technology, and staff members are trained in data protection and have a contractual duty of confidentiality.

Should you make a purchase via our website, our Box Office software provider takes the security of any personal or financial information entered via the website very seriously, in order to prevent loss, misuse or interception of the details you provide. Any such information provided for the purposes of making your purchase is encrypted using a Secure Socket Layer (SSL) connection which incorporates 256-bit Advanced Encryption Standard (AES) before it is transported across the Internet. This ensures it cannot be read by any third party.

Our Box Office provider does not share your card details in full (e.g., long card numbers and expiry dates) and only the minimum information required to administer any booking is made available.

Our Data Retention Policy

There are statutory obligations to keep your personal data for a set period of time in certain circumstances, particularly financial information regarding your donations or Gift Aid contributions. Other personal data is retained as per the table below.

Category of Personal Data	Retention Policy / Period
Personal data for email marketing messages	Until an opt-out is received
Ticket Purchase Data	For one calendar year after purchase (commencing May 25 2018)
Friends of Aldeburgh Cinema	Whilst membership is active For once calendar year after the expiry of the last active membership date* Until a specific membership cancellation/non-renewal instruction is received* *The minimum amount of information is retained in the above instances to answer historic queries unless a request is received for the complete erasure of information. Minimum information means name, postcode and membership no.
Recruitment Activities	All records are erased after completion of each recruitment exercise, unless specific consent has been given by an individual for details to be retained.
Health & Safety	Personal data is kept in line with statutory requirements.
CCTV	For one week.

Our data retention periods are reviewed on a periodic basis and may be adjusted.

Your Rights Relating to Your Personal Data

You have the right to:

Request the access to your personal data
Request correction of the personal data we hold about you
Request erasure of your personal data (this may prevent us from supplying a service of fulfilling a contract into which you have entered with us)
Object to processing of your personal data
Request the restriction of processing your personal data
Request the transfer of your personal data
Withdraw consent (this right only exists where we are relying on consent to process your personal data)

Ask About the Personal Data We Hold About You

You have the right to request a copy of the personal data that we hold about you.

If you would like a copy of some or all of your personal data, please email or write to us using the contract details in Section 15 of policy. We don’t typically charge for providing you with this information, except in relation to requests where the request is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to a person who has no right to receive it.

If we do hold personal data about you, we will:

Give you a description of it
Tell you why we are holding it
Tell you who it could be shared with
Let you have a concise and clear copy of the data

Your personal data should ne as accurate and up-to-date as possible and we will be happy to correct or remove information you think is accurate.

What To Do If You Have a Complaint

If you have a complaint, please contact our manager responsible for Data Protection by:

Writing to General Manager, Aldeburgh Cinema Trust, 51 High Street, Aldeburgh, IP15 5AU
Or sending an email to info@aldeburghcinema.co.uk

If you are not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office at https://ico.org.uk/concerns/.

Changes To This Privacy Policy

This Privacy Policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Aldeburgh Cinema Trust’s collection and use of personal data. However, we are happy to provide any additional information or explanation needed using the contact details in this policy.

We keep our privacy notice under regular review. This privacy policy was last updated April 2023.