Abstract image of lines in grey and orange

Privacy policy

The Tung Auditorium is committed to protecting your privacy. We will use the information that we collect about you in accordance with the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation 2020 (UK GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

Who we are

The Tung Auditorium is owned and operated by The University of Liverpool (an exempt charity) incorporated and registered in England and Wales as a Royal Charter Company with company number RC000660 of the Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX. The University’s ICO registration number is Z6390975.

Our data privacy principles are:

  • To provide clear, honest and open information about how we use your data
  • To ensure our staff, volunteers and partners (suppliers and artists) understand these principles and their responsibilities in delivering them

Why do you need my information?

Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do, both on and off stage. The purpose of this notice is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties. We use your information in accordance with all applicable laws concerning the protection of personal information.

This notice explains:

  • What information we may collect about you
  • How we may use that information
  • In what situations we may disclose your details to third parties
  • Our use of cookies to improve your use of our website
  • Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it

What information we collect

We collect various types of information and in a number of ways:

Buying Tickets

You give us your information when you buy a ticket, buy something on our website, sign up for one of our events, make a donation or Gift Aid declaration, or communicate with us. If you have signed up to our Access Register (link to information on access register), we will also note this in your customer record.

Information we collect may include:

  • First and last name
  • Address and postcode
  • Email address
  • Contact telephone number(s)
  • Title
  • Date of birth

We maintain a record of your transaction history, and if you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.

Email, Web Activity and Social Media

We collect information about your interactions with us, for example, when you visit our website, we collect your IP address and information about how you interact with our content and ads. When we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on.

From Third Parties

We occasionally receive information about you from third parties. For example, we may use third party research companies to provide general information about you, compiled using publicly available data.

Sensitive Data

Any data regarding children, disability or medical need, religion, political affiliation, sexuality or ethnicity is regarded as sensitive, and we take steps to ensure that any such information is only collected where necessary. We only collect sensitive data where we have gained your explicit consent, for example where you wish to join our Access Register. It is subject to enhanced security measures, used only for the purposes agreed, and erased when no longer necessary.

What we do with your data

There are four legal bases under which we may process your data:

1. Contract purposes

When you make a purchase from us or make a donation to us, you are entering into a contract with us. In order to perform this contract, we need to process and store your data. For example:

  • Provide you with tickets you have booked or respond to information you have asked for
  • Administer your ticket sale or donation, including processing Gift Aid
  • Contact you if there are any important changes to your booking

2. Legitimate interests

In certain situations, we collect and process your personal data for purposes that are in our legitimate organisational interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way. For example:

  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Occasionally undertake customer research to help us understand how we can improve our services or information
  • Tell you about changes in our services or new services, events, offers, and opportunities to support us that we think you’ll find of interest
  • Analyse your personal information to create a profile of your interests and preferences so that we can contact you with information most relevant to you
  • Analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible
  • Analyse data we hold about you in order to identify and prevent fraud
  • In order to improve our website, we may analyse information about how you use it and the content and ads that you interact with
  • If you are a graduate or supporter of the University we may share your data with our central Alumni Relations team to help ensure we hold accurate information about you and can tailor future communications. The Alumni privacy policy can be viewed here

3. Consent

For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation. For example:

  • Should you wish to join our Access Register
  • Should you request to join our mailing list
  • Should you wish us to share your data with a named third party, such as a promoter, artist or ensemble that you have purchased tickets for

4. Legal Obligation

The law requires us to process certain data in specific ways, such as storing details of financial transactions for a minimum of seven years or disclosing information to the authorities upon receipt of a court order. This processing will always be necessary for legal compliance.

What else we do with your data

We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about. We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving them during your first purchase with us. If you do not opt out, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.

We may also contact you about our work by telephone however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your purchases (as above).

We use cookies to keep track of your basket as well as to identify how the website is being used and what improvements we can make. Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used.

If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here: https://www.pcisecuritystandards.org/pci_security/. We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.

In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms. You have the right to object to any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.

Who will my information be shared with?

There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:

  • To our own service providers who process data on our behalf and on our instructions (for example our ticketing system software provider). In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
  • Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
  • To specific named promoters or visiting companies whose performances you have attended. In these cases we will always ask for your explicit consent before doing so.

Do I have to provide this information and what will happen if I don’t?

You do not have to provide us with any information, but if you do not you will be unable to sign up to our mailing list, purchase tickets online or by telephone. We will also be unable to contact you for any reason, which could include event changes or cancellations.

How long will you keep this data for and why?

Unless you ask us not to, we will use our legitimate interests to tell you about events, priority booking, ticket offers and opportunities to support us for up to five years after your last ticket purchase. You can opt out from these communications at any time via your online account, or by contacting us directly (see below). If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website. Alternatively, please use the contact details at the end of this policy. Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.

You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected. Please use the contact details at the end of this policy if you would like to exercise this right.

How will my information be stored?

We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same.

Will this information be used to take automated decisions about me?

No.

Will my data be transferred abroad and why?

Our ticketing system service provider uses servers based in the Republic of Ireland. We will not transfer, process or store your data anywhere that is outside of the European Economic Area.

What rights do I have when it comes to my data?

Under the UK General Data Protection Regulation, you may have the following rights with regards to your personal data:

  • The Right to subject access – you have the right to see a copy of the personal data that the University holds about you and find out what it is used for.
  • The Right to rectification – you have the right to ask the University to correct or remove any inaccurate data that we hold about you.
  • The Right to erasure (right to be forgotten) you have the right to ask the University to remove data that we hold about you.
  • The Right to restriction – you have the right to ask for your information to be restricted (locked down) on University systems.
  • The Right to data portability – you have the right to ask for your data to be transferred back to you or to a new provider at your request.
  • The Right to object – you have the right to ask the University to stop using your personal data or to stop sending you marketing information, or complain about how your data is used.
  • The Right to prevent automated decision making – you have the right to ask the University to stop using your data to make automated decisions about you or to stop profiling your behaviour (where applicable).

Please note that not all rights apply in all situations. To find out more about your rights under the UK GDPR, please visit the Information Commissioner’s website.

To unsubscribe from future communications or change any of your details, you can either log into your Spektrix account or email [email protected]

To request a copy of your data or ask questions about how it is used, contact:

Dan Howarth, Data Protection Officer

  • Email: [email protected]
  • Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX

Who can I complain to if I am unhappy about how my data is used?

You can complain directly to the University’s Data Protection Team by writing to:-

  • Dan Howarth, Data Protection Officer
  • By email: [email protected]
  • Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX

You also have the right to complain to the Information Commissioner’s Office using the following details:

  • The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Telephone: 08456 30 60 60 or 01625 54 57 45
  • Website: ico.org.uk

Last updated 31st January 2022


Data Privacy Notice: Artifax Event

Who does this Data Privacy Notice apply to?

Event organisers who have made a booking for a performance or event at The Tung Auditorium.

Who will own my data once I submit it?

The University of Liverpool

Why do you need my information?

We need your information in order to take bookings for performances and events in The Tung Auditorium, the University’s concert hall, which is part of the Yoko Ono Lennon Centre. Artifax Event manages all data related to room bookings, contact details, contracts and event production information for the concert hall.

What allows you to use my information?

We ask for your contact information so that we can take bookings and issue contracts for your event.

Who will my information be shared with?

Your data will be shared with our data processor, Artifax Ltd, who provides the venue management software we use to store all concert hall information. Only relevant University of Liverpool staff have access to this data, and your data will not be shared outside of the University without your prior consent, unless we are required to so by law enforcement.

Do I have to provide this information and what will happen if I don’t?

We need your contact details for the purpose of correspondence about your event, and to issue contracts and invoices. We will also need comprehensive production information about your event, which may include names and contact details of other relevant individuals that you choose to share with us. These are required for the performance of the contract and we will not be able to produce your event without them.

How long will you keep this data for and why?

We will store this data for as long as is necessary to manage your enquiry and event booking. We are also required by Financial Regulations to store details of all transactions for a minimum of six years from the end of the relevant financial year.

How will my information be stored?

All data will be stored within Artifax Event on secure servers provided by Amazon Web Services.

Will this information be used to take automated decisions about me?

No.

Will my data be transferred abroad and why?

Artifax Event is hosted by Amazon Web Services on servers based in the Republic of Ireland.

What rights do I have when it comes to my data?

Under the UK General Data Protection Regulation, you may have the following rights with regards to your personal data:

  • The Right to subject access – you have the right to see a copy of the personal data that the University holds about you and find out what it is used for.
  • The Right to rectification – you have the right to ask the University to correct or remove any inaccurate data that we hold about you.
  • The Right to erasure (right to be forgotten) you have the right to ask the University to remove data that we hold about you.
  • The Right to restriction – you have the right to ask for your information to be restricted (locked down) on University systems.
  • The Right to data portability – you have the right to ask for your data to be transferred back to you or to a new provider at your request.
  • The Right to object – you have the right to ask the University to stop using your personal data or to stop sending you marketing information, or complain about how your data is used.
  • The Right to prevent automated decision making – you have the right to ask the University to stop using your data to make automated decisions about you or to stop profiling your behaviour (where applicable).

Please note that not all rights apply in all situations. To find out more about your rights under the UK GDPR, please visit the Information Commissioner’s website.

To request a copy of your data or ask questions about how it is used, contact:

Dan Howarth, Data Protection Officer

  • Email: [email protected]
  • Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX

Who can I complain to if I am unhappy about how my data is used?

You can complain directly to the University’s Data Protection Team by writing to:-

  • Dan Howarth, Data Protection Officer
  • By email: [email protected]
  • Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX

You also have the right to complain to the Information Commissioner’s Office using the following details:

  • The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Telephone: 08456 30 60 60 or 01625 54 57 45
  • Website: www.ico.org.uk

Last updated September 2021