Barnstorm Theatre takes your privacy very seriously. Please read through this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When using your personal data we are regulated under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The GDPR applies across the European Union (including in the United Kingdom) and we are responsible as a ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, the Data Protection Act 2018, other relevant EU legislation and our professional duty of confidentiality.
Who we are (Data Controller)
The Data Controller of our website www.barnstorm.ie is Barnstorm Theatre, 3 John’s Quay, Kilkenny, Ireland. We have appointed a Data Compliance Manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice please contact our Data Compliance Manager at firstname.lastname@example.org or please write to The Data Compliance Manager, Barnstorm Theatre, 3 John’s Quay, Kilkenny, Ireland.
Purpose of the Privacy Notice
This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are
collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
From May 2018 you have enhanced rights over how your personal data is held, processed and stored, and Barnstorm Theatre is committed to upholding and meeting these. They include the requirements that data be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up-to-date
- Retained only for as long as necessary
- Processed in an appropriate manner to maintain security.
Personal data we may collect
The types of personal data we may collect when you engage with us are:
- Your name, address, telephone number, fax number
- Electronic details e.g. Email address, mobile phone number
- Information relating to the matter in which you are using our services
- Information to enable us to check and verify your identity if applicable e.g. Date of birth, passport details, driver’s license
This personal data is required to enable us to provide our service to you. If you do not provide the personal data we ask for, it may delay or prevent us from providing services to you.
Disclosure and sharing of personal information
There may be times in which we share personal data about you to third parties. We will only share information to third parties if it is relevant and/or in accordance with our terms of agreement made with you at the time of initial engagement. Third parties may include but are not limited to:
- Third party business support services such as:
- Third party contractors and sub-contractors who provide services to us in relation to your contact with us;
- External accounting service who provide financial support relating to the collection, accuracy, recording and analysis of the company’s financial operations
- External IT service provider. Personal data is only shared when necessary to enable them to provide information technology services to us
- External archive service; our company’s documents may be held securely in a safety vault. We only archive information for a period that is statutory required. It is then securely destroyed
- Regulatory or legal bodies; we may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
- Data will be securely kept for a period to comply with statutory requirements and to comply with any obligations or legitimate interests we may have. We only allow our third party support services to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating personal data to ensure they can only use your personal data to provide services to us and/or to you.
How and why we use your personal data
Under the data protection law, we can only use your personal data if we have a proper reason for doing so.
These may include but are not limited to:
- To comply with our legal and regulatory obligations
- For the performance of our contact with you or to take steps at your request
- For our legitimate interests or those of a third party
Where your personal data is held
Information may be held at our offices, third party agencies, service providers, representatives and agents as described above (see ‘Disclosure and sharing of personal data’).
How long your personal data will be kept
We will not retain your data for longer than necessary for the purposes set out in this policy. We may keep your data for up to 8 years and only keep information after this to comply with any relevant statutory requirements to satisfy our duties as a company.
When it is no longer necessary to retain your personal data, we will delete it securely.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally used, lost or accessed unlawfully.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your information will be stored securely on either our companies’ systems, remote back up or physical copies held in a locked office situated in a securely locked building.
We securely store your personal data by using:
- Secure locked office spaces
- Secure Filing Systems
- Secure IT equipment, password protected.
- Safe methods of disposal
Our website utilises SSL (Secure Sockets Layer), the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems.
In the event that you wish to make a complaint about how your personal data is being processed by Barnstorm Theatre or how your complaint has been handled, you have the right to lodge a complaint direct with the supervisory authority and with Barnstorm Theatre Data Protection Officer.
What are cookies?
Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website, to recognise your device the next time you visit. Web beacons or other similar files can also do the same thing. We use the term “cookies” in this policy to refer to all files that collect information in this way. There are many functions cookies serve. For example, they can help us to remember your username and preferences, analyse how well our website is performing, or even allow us to recommend content we believe will be most relevant to you. Certain cookies contain personal information – for example, if you click to “remember me” when logging in, a cookie will store your username. Most cookies won’t collect information that identifies you, and will instead collect more general information such as how users arrive at and use our websites, or a user’s general location.
What sort of cookies do we use?
Generally, our cookies perform up to three different functions:
- Essential cookies: Some cookies are essential for the operation of our website. For example, some cookies allow us to identify subscribers and ensure they can access the subscription only pages. If a subscriber opts to disable these cookies, the user will not be able to access all of the content that a subscription entitles them to.
- Performance Cookies:. We use other cookies to analyse how our visitors use our websites and to monitor website performance. This allows us to provide a high quality experience by customising our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages. We might also use these cookies to highlight articles or site services that we think will be of interest to the user based on their usage of the website.
We do use Google Analytics on our website, the cookies employed do not contain personally identifiable information. Google Analytics cookies store information, such as the time a visit occurred, if it is a repeat visit, and what site referred the user to the web page. These cookies only use the computer’s IP address for location information.
Google stores the information collected by these cookies on servers in the United States. Google may transfer this information to third-parties where required to do so by law, or where such third-parties process the information on Google’s behalf.
- Functionality Cookies: We use functionality cookies to allow us to remember your preferences. For example, cookies save you the trouble of typing in your username every time you access the site, and recall your customisation preferences. We also use functionality cookies to provide you with enhanced services such as allowing you to watch a video online or comment on a blog.
Can a website user block cookies?
Yes. If you do wish to disable our cookies then please follow the instructions here for your browser. Please remember that if you do choose to disable cookies, you may find that certain sections of our website do not work properly.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, click here.
Access to information
Any formal, written request by a Data Subject for a copy of their personal data (a Subject Access Request) will be referred, as soon as possible, to our Data Protection Officer, and will be processed as soon as possible.
It is intended that by complying with these guidelines, Barnstorm Theatre Company will adhere to best practice regarding the applicable Data Protection legislation.