When we collect your data from you, we want to be clear about how it will be used and we take every step to ensure that we don’t do anything with your data that you wouldn’t reasonably expect.
- Explain how we collect, store, manage and protect your data
- Outline the types of data that we hold
- Explain how we use that data to provide services to our concert audience, the participants in our learning, community and outreach programmes and our supporters
- Explain how we use that data to support our five core objectives
Understanding our ticket buyers, Friends and donors is an important part of the work that we do; it enables us to better plan our artistic and operational future, including the support we provide for new and established artists and composers.
Apart from through personal contact, much of the understanding we gain about ticket buyers, Friends and donors comes from looking at and combining attendance history, membership purchasing and renewal habits and donation data.
We will only send marketing communications to you if we have a legal basis to do so. You can control the nature of these communications by getting in touch with us or by managing them yourself, on our website; see Enabling contact preferences, below.
How we collect your data
If you supply personally identifiable data to us, we remain responsible for that data, always. We collect it in the following ways:
When you purchase a ticket or membership, talk to us or give to us directly
Whether online, in person or over the telephone, when you buy seats or memberships or when you donate to Wigmore Hall, we will collect and store information about you. When you talk to us it is possible that we might keep a record of what was said, if we think it will be helpful in serving our five core objectives. Payment data is dealt with by third parties (see Payment Processing, below). To protect the payment and personal data that is processed during a transaction, we work to ensure that payment devices and technologies in use online adhere to common standards, like network traffic encryption, physical checks and ensuring that online payment data is handled by the payment processor, not by Wigmore Hall.
When you attend a Learning event
In certain situations, it is necessary for us to process health data of certain individuals attending Learning events. If this is the case, health information is collected via a form, upon which consent for the processing of health data is requested.
When you give to us indirectly
Your information may be shared with us by fundraising organisations like Just Giving. These independent organisations will only share your information with us if you give consent for them to do so when you use their services to support Wigmore Hall. You should check their privacy policies to properly understand how they will process your data.
When you give permission to other organisations to share
If you have given your consent to a third party to share your personal data, and then they supply some or all of that data to us under the terms of the consent you gave, we may add that data to the data we already hold about you.
When we collect information as you use our website or our apps
When you apply to work for the Wigmore Hall Trust
As a successful candidate, the information you provide to us as part of your application will form part of your overall employment record and will be treated on the same basis as all other data we hold about employees.
We retain data relating to unsuccessful candidates for three months following the last contact with the candidate. Thereafter we may choose to retain the data for a further twenty-one (21) months if in their judgement the candidate may be of future interest to us as an employee. After twenty-four (24) months from the last contact, or sooner if the candidate is not considered to be of future interest, we will delete the candidate information, retaining only the name, address (including email address), date of application and the post applied for, and a brief and objective record of the decisions taken. This summary retained candidate information will be held for a maximum of five (5) years from the date of last contact and then deleted. In the event of further contact from the candidate, including a fresh application for employment, the data retention periods described above reset.
Third Party Organisations
When you consent to sharing
You may have given your consent to another organisation, like a business, a charity or a website to share your data with us or simply with third parties including charities. This might have happened when you bought a product or service from them, or when you booked a seat with them or donated to them.
When you book for a Wigmore Hall event in another venue
If we run an event in partnership with another organisation your details may need to be shared for operational purposes. We will be very clear with you about what will happen to your data when you register or book for an event of this kind.
According to your settings for social networks and messaging services like Facebook, Instagram or Twitter, you might give us permission to access some of your information from those services.
Publicly Available Information
We value our relationship with you and we use your personal data to ensure we contact you in the most appropriate way, improve our services and work as efficiently and effectively as possible. Publicly available information may include information found in places such as Companies House and information that has been published in newspaper or magazine articles, or online.
If information about you is publicly available, and it is in the legitimate interest of The Wigmore Hall Trust to take that data into account along with the data we already hold about you, we may combine that publicly available data with the data we hold about you. This information might then be used to carry out research to assess your inclination and capacity to support The Wigmore Hall Trust.
Our responsibilities and legal basis for processing your data
As part of our work we process and store personal information relating to our audiences, supporters, event attendees and project participants. We therefore adhere to the UK Data Protection Act 2018. We ensure that the personal information we obtain is processed (audited, stored, used, transferred, kept updated and destroyed) in accordance with applicable data protection legislation and when that legislation is updated, revised or replaced we review our data processing practices.
- Communicating with our audiences, supporters, event attendees and project participants
- Providing benefits and services to our audiences, supporters, event attendees and project participants
- Furthering the Trust’s charitable mission (which includes fundraising)
- Enabling the Trust to achieve its strategic and operational goals
We may pursue these legitimate interests by contacting you by email or post.
Information about how you can manage the ways that we contact you, including how to opt out from some or all contact from us, is outlined in the Your rights section below.
Whilst we rely on our legitimate interests as the legal basis for the processing of personal data (where this is not overridden by the interests and rights or freedoms of the data subjects concerned) we recognise that it is not the only lawful grounds for processing data. As such, where appropriate, we will sometimes process your data on an alternative legal basis; for example, because you have given us consent to do so.
Collected data and its use by The Wigmore Hall Trust
Attendance reporting and ticket, membership, and donation administration
If you attend a concert, or you buy a membership or donate money to Wigmore Hall, we will usually collect:
- Name, title, contact details including postal address, email address, phone number and links to social media accounts
- You may optionally provide gender information and date of birth. Date of birth information is not optional if you wish to participate in our Under 35s scheme.
- Information about what prompted you to transact with us
- Your preferences regarding receiving marketing information from Wigmore Hall
- If you bought seats for a concert presented by or featuring an Arts Council England National Portfolio Organisation, your preferences as to whether we can share your contact data with that National Portfolio Organisation
- If you bought a gift membership, we would process the name and contact details of the recipient of the gift membership as well as your name and contact details in relation to the payment
- If you opted to pay for your membership by Direct Debit, we would process your bank account number and sort code in accordance with the Direct Debit Guarantee, Mandate and associated regulations
- Payment card data is not stored or processed by Wigmore Hall, but we do provide means to collect and transfer credit card data to third parties for payment processing. The nature of the data and the parties involved are described in more detail later in this policy
- If you participate in a Learning event, we will usually process anonymised attendance data
Wisely investing in marketing by grouping customers and sending direct communications
We routinely group people in our database, based upon their buying or giving habits, their address data, publicly available information about them, or combinations of these things. We use these groupings when we send out marketing, fundraising campaign materials and news. Working in this way helps us to keep our costs down; we send out fewer letters and emails, and those we do send go to the people most likely to respond to them.
Taking account of health issues
Where necessary, health data collected for certain Learning event participants may be verbally shared with staff. The forms upon which this data is collected are encrypted in storage and deleted after the event has taken place.
Using CCTV as a security measure and an essential operational tool
We use CCTV both as a security measure and as an essential part of the operation of the hall. There are cameras in the auditorium, public spaces and key backstage routes for the:
- Prevention and detection of crime
- Protection of the Trust buildings and assets
- Reinforcement of the perception of safety and reduction of the fear of crime
- Assistance in day to day operations of the Hall e.g. monitoring unmanned entrances, assessing the requirement for extra staff in busy periods, monitoring of the platform without disturbing artists in rehearsal, monitoring of the platform during concerts from backstage
- Protection of audiences, staff and artists and of their private property
When necessary, CCTV data may be supplied to the police, regulatory bodies or legal advisors. Otherwise, recordings are retained for a fixed period before being deleted.
Enabling contact preferences
We will sometimes write to you or send you emails about the progress we are making, upcoming concerts, livestreams, events or fundraising campaigns.
Sharing your stories
We invite individuals to tell us about their experiences with us at concerts, learning and study events, outreach projects and at special events. If we have the explicit and informed consent of the individuals concerned, or their parent or guardian if they are under 18, this information may be made public by us at events, in materials promoting our artistic programme, campaigning and fundraising work, or in documents, such as our annual report.
Access to your personal data is limited to those at Wigmore Hall whose responsibilities require access to our customer relationship management systems. Where appropriate, sensitive data (e.g. data relating to children or vulnerable adults) is further limited to selected, appropriately skilled or trained staff members.
We carry out a periodic information audit, which helps us to maintain controls on the personal information we store. We track the source of the information, our legal basis for processing it and the controls that are in place to ensure its’ accuracy, accessibility, security and timely removal.
Transferring and sharing data
In order to perform some of our day to day operations, personal data is sometimes securely transferred to and subsequently processed by external companies. Where external companies process your personal data (for example mail and email addresses, to send out brochures or emails on our behalf), we ensure that the data is encrypted where appropriate and that proper controls are in place regarding how those companies manage the personal data they collect or have access to.
If one of these companies runs their operations outside the European Economic Area (EEA), although they may not be subject to same data protection laws as a company based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with UK data protection law by requesting and checking their data policies and associated documents and checking for an adequacy decision between the EEA and that company’s country of origin. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
For example, our marketing emails are dispatched by a company in the US. That company has provided documentation to prove that they are compliant with the data protection framework built to cover data sharing between the EU and the US (called the EU-US Privacy Shield). An adequacy decision is in place for the EU-US Privacy Shield, so that company is recognised by the European Commission as providing adequate protection for your data.
In order to comply with the terms of our public funding agreement, our attendance data is securely transferred to an aggregator, anonymised and pooled with other public-funded organisations for reporting and analysis purposes.
We may need to pass your details, if required, to the police, regulatory bodies or legal advisors.
Arts Council National Portfolio Organisations
We have data sharing agreements in place with some Arts Council England National Portfolio Organisations. These agreements set out our expectations and requirements regarding how they manage the personal data we share with them. If you buy seats for a concert presented by or featuring an Arts Council England National Portfolio Organisation, and you give your consent at the time of booking for us to share your contact data with that National Portfolio Organisation, your data will be securely made available to them, including any updates made to your data and contact preferences in our systems. Each organisation will contact you separately to explain their own data protection processes and privacy policies before they send you any direct marketing.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
Keeping your information up to date
We appreciate your help in keeping us informed of changes to your contact details. In addition to updates provided by you, we may use the Post Office’s National Change of Address database and, if applicable, updated information provided to us by Arts Council England National Portfolio Organisations with whom you have consented to us sharing your data.
You have a right to ask for a copy of the information we hold about you and we will endeavour to provide this information within 40 days. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you want to access your information, send a description of the information you want to see and proof of your identity by post to Wigmore Hall, 36 Wigmore Street, London W1U 2BP. We do not accept these requests by email and we may contact you directly for confirmation of the request before providing any information. This extra confirmation is in place to safeguard against identity fraud.
For further information see the Information Commissioner’s guidance.
Changes to this Policy
For further assistance, please see our FAQs