Purpose of this policy

We are committed to protecting your personal information and being transparent about what information we hold about you.

Using personal information allows us to provide a service to you, and helps us to develop a better understanding of our patrons, in turn providing you with relevant and timely information about the work that we do and to promote Leeds as a vibrant, international cultural city.

The purpose of this policy is to give you a clear explanation about how we store and use the information we collect from you directly and from third parties.

We use your information in accordance with all applicable laws concerning the protection of personal information. This policy explains:

• What information we may collect about you
• How we may use that information
• In what situations we may disclose your details to third parties
• Our use of cookies to improve your use of our website
• Information about how we keep your personal data secure, how long we maintain it for and your rights to be able to access it

If you have any queries about this policy, please contact the Leeds Ticket Hub:

By post: Carriageworks Theatre, The Electric Press, 3 Millennium Square, Leeds, LS2 3AD
By email: tickets@leeds.gov.uk
By phone: (opening hours Wed-Sat, 12pm-5pm) 0113 376 0318

Who we are

Leeds City Council is a registered Data Controller with the Information Commissioner’s Office.

This specific privacy policy relates to Leeds Ticket Hub which is the cultural ticketing office for Leeds City Council. This includes but is not limited to Carriageworks Theatre, Events & Festivals, INDIs Film Festival, Leeds International Beer Festival, Leeds International Concert Season, Leeds International Film Festival, Leeds Museums & Galleries, Leeds Town Hall, Leeds Young Film Festival, Lotherton, Millennium Square, Pudsey Civic Hall, & Temple Newsam.

Your data is collected by Leeds Ticket Hub on behalf of the council and its nominated event partners and promoters to facilitate event access, membership benefits and any donations you may give. Where we sell tickets for partners and promoters, they do not have access to your personal data except for reasons explained below.

Information collection

We collect various types of information and in a number of ways:

Information you give us

For example when you register on our website, buy tickets, purchase memberships or make a donation, we’ll store personal information you give us such as your name, email address, postal address, telephone number and card details. We will also store a record of your purchases and donations.

Information about your interactions with us

For example, when you visit our website, we collect information about how you interact with our content and ads. When we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.

Information from third parties

Sensitive personal data (also known as special category data)

Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions. We do not usually collect this type of information about our patrons unless there is a clear reason for doing so. As an example, we collect health information, where required, to ensure accessibility to our venues and as proof of your eligibility to certain discounts.

Legal basis

There are three bases under which we may process your data:

Contract purposes

When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example, we may need to contact you by email or telephone in the case of a cancelled show, or in the case of problems with your payment.

Legitimate business interests

In certain situations we collect and process your personal information for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. We describe below all situations where we may use this basis for processing.

With your explicit consent

For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.

Where we are processing special category data, this will be through your explicit consent (unless otherwise specified).

Marketing communications

We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.

We use consent as the legal basis for communications by post, SMS and email. You will be asked at the point in which you create your account with Leeds Ticket Hub (either in person, over the telephone or online) to state your preferences for communications. These preferences are individual so you may choose to receive email and not postal or SMS communications for example. You may opt out of these in the following ways

• Postal – please use the contact details at the bottom of this page to opt-out
• Email – we will provide you with easily accessible opt-out buttons on all digital communications. Alternatively you can use the contact details at the end of this page
• SMS – reply to the SMS using the phrase indicated in this message. Alternatively you can use the contact details at the end of this page

In all cases you can also update your preferences in your online account at leedstickethub.co.uk.

We will not contact you by telephone except where we may need to make to you aware of changes related to your purchases (such as event cancellation).

Other processing activities

In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:

• We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.
• We may analyse data we hold about you in order to identify and prevent fraud.
• In order to improve our website we may analyse information about how you use it and the content and ads that you interact with.

In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out the tasks above that are for your benefit.

Third parties

All the data you provide us with is also held by Tessitura Network Inc. – this is the company that provides our ticketing and customer relationship management software. We have a robust Data Processing agreement in place with Tessitura Network Inc. This agreement clearly states that Tessitura Network are not allowed to access or use your Personal Data except as necessary to provide their ticketing and CRM services. They will only process your Personal Data in accordance with our Data Processing Agreement and only on our instruction. Tessitura Network Inc. utilise a UK Amazon Web Services (AWS) server as a sub-processor for your data.

There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:

• To ensure you are granted entry to an event you have booked with us we may share your details via customer lists with event partners/promoters. In these cases we will ensure the partner/promoter will not use your personal data for anything other than granting access to the event.
• To our own service providers who process data on our behalf and on our instructions (for example, Tessitura Network Inc. as our ticketing system software provider). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
• Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies, and law enforcement agencies).
• To specific named visiting or partner companies whose performances you have attended. In these cases we will always ask for your explicit consent before doing so.

Cookies

Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used.

We use cookies to keep track of your basket as well as to identify how our websites are being used and what improvements we can make.

The websites we directly manage are (“Managed Websites” :

• co.uk
• co.uk
• com
• com
• co.uk
• co.uk

We also operate a number of subdomains including a booking domain (“Booking Domain”) this is where all managed websites bring customers too to complete their transactions. Tessitura operations off of a sub-domain my.leedstickethub.co.uk and as such needs to use cookies to transfer you from one of our managed websites to the right page on the booking domain. It brings across the event detail you have selected, plus any cart or session details you have already input.

Your debit and credit card information

If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

You can find more information about this standard on the PCI Security Standards website.

We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your three or four digit security code.

Maintaining your personal information

We store your personal information indefinitely so that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system. However, every 18 months we will ask you to confirm you wish to keep your account ‘active’. An inactive account will not appear in sales staff searches, in marketing email correspondence or any other mailing requests. Your data will still be held for historical reference and financial purposes.

If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively please use the contact details at the end of this policy.

Any objections you make to any processing of your data may be stored against your record on our system so that we can comply with your requests.

Security of your personal information

We have in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same. Your data is held in an Amazon Web Services server as per our agreement with Tessitura Network Inc.

Your rights to your personal information

You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.

Your right to be forgotten

You can request your personal information to be deleted from our system. This can only take place once any upcoming events you have purchased are attended (or refunded) or any memberships you hold come to the end of their active period. When you request this, we will add you to our automated process which anonymises all your details and leaves only a numerical reference to your original account. This process takes place at the end of every calendar month.

Contact details and further information

Please get in touch with us if you have any questions about any aspect of this privacy policy, and in particular if you would like to object to any processing of your personal information that we carry out for our legitimate organisational interests.

Leeds Ticket Hub:

By Post: Carriageworks Theatre, The Electric Press, 3 Millennium Square, Leeds, LS2 3AD
By email: tickets@leeds.gov.uk
By phone: (opening hours Wed-Sat, 10am-6pm) 0113 376 0318

Leeds City Council’s corporate privacy notice, which includes details of the authority’s Data Protection Officer and your information rights, is available for viewing online.