• Explain how we collect, store, manage and protect your data
• Outline the kind of data that we process
• Explain how we use personal data to manage the people with whom we work
• Explain how we use personal data to provide services to our audiences, the participants in our learning, community and outreach programmes and our supporters
• Explain how we use personal data to support our five core objectives

We will only send marketing communications to you if we have a legal basis to do so. You can control the nature of these communications by getting in touch with us or by managing them yourself, on our website; see Enabling contact preferences, below.

Our marketing communications include information about upcoming concerts, our digital programme, news, campaigns, artistic, learning opportunities and outreach work. If you would like to receive these communications but have not opted in, or think you may have accidentally opted out, please contact us on 020 7935 2141 or at preferences@wigmore-hall.org.uk.

If you supply personally identifiable data to us, we become responsible for that data.

Whether online, in person or over the telephone, when you buy seats or memberships or when you donate to Wigmore Hall, we will collect and store information about you. When you talk to us, it is possible that we might keep a record of what was said, but we will always carefully consider whether the benefit to our charitable objectives is legitimately balanced against your right to privacy before doing so.

In certain situations, it is necessary for us to process health data of certain individuals attending Learning events or participating in Learning projects. This data is ‘Special Category’ under the UK Data Protection Act 2018 and processed accordingly.

Some Learning projects make use of third-party platforms for surveying, online interaction and engagement and to share project-related content. As part of the project process, the use of platforms is explained to participants and consent is sought.

Your information may be shared with us by fundraising organisations, like Donr, who provide our text giving service, or Just Giving. These independent organisations share your information with us as described in their own privacy policies. We will always link to these privacy policies where we use their services. If you have supported us through a third party, you can check their privacy policy to properly understand how they process your data.

If you have given your consent to a third party to share your personal data, and then they supply some or all of that data to us under the terms of the consent that you gave, we may add that data to the data we already hold about you.

Just Giving privacy policy

Donr privacy policy

When you apply to take part in, or take part in The Wigmore Hall / Independent Opera International Song Competition or the Wigmore Hall International String Quartet Competition, you will be required to provide digital media, for example images and video of yourself, contact details and copies of government-issued identification to us. This data encrypted and not accessible by any third-party whose services we might use to deliver the application processes. We destroy the data when it is no longer required. Access to the data is limited within Wigmore Hall to those individuals who require it.

Cookies

Our website, like most others, uses “cookies” to make it function. A cookie is a small text file, containing information about how you arrived at a website, the pages you may have visited or information about your device.

The purpose of cookies is threefold:

1. To manage your session on our website. A cookie might indicate whether you have logged in yet, what is in your shopping basket, whether you are using a phone, a tablet, laptop or desktop computer, and what browser you are using. This information is used to make the website function properly on your device and ensure that the technical enhancements in which we invest will be as helpful as possible to the greatest number of people.
2. To help us detect bugs in our code. Cookies help us work towards addressing problems, errors and bugs, making our website performant on as many devices, operating systems and browsers as is practical, so our audiences and supporters can get to the information and services they need, as easily as possible. In fact, many services our website provides, like many other websites, would not function without the use of cookies.
3. To help us to understand how our website is being used. We use analytics services provided by third parties to help us understand how people use our site, and to help us connect our marketing efforts to online sales. By doing this, we can save money on marketing and ensure that the enhancements we make to the site are worthwhile.

There are more details about our use of cookies in our Cookie Policy.

Fonts

Like many websites, the fonts on our website are supplied by the Google Font system. This means that when you access our website, the font files are downloaded from Google. They are then ‘cached’, which means that they are kept so that they do not need to be downloaded again. In order to supply the fonts, Google will collect and store data, but only what is needed to serve fonts efficiently. You can read more about the personal data side of how Google serve fonts here: Google Fonts FAQ.

Video Library

We record viewing data in our encrypted customer database, in the same way as ticket bookings are stored. We use the data to better target our promotions and for analysis, as we look to grow our digital programme.

Restaurant Bookings

Restaurant bookings are made through a third party service called Open Table. In order to provide this service, Open Table processes some personal data, which is collected upon making a booking (name, email address, phone number), along with some standard technical data, as is usual on most websites. Open Table's privacy policy is here: (https://www.opentable.co.uk/legal/privacy-policy).

As a successful candidate, the information you provide to us as part of your application will form part of your overall employment record and will be treated with the same care and confidentiality as the data we hold about our employees.

We retain data relating to unsuccessful candidates for three months following the last contact with the candidate. Thereafter we may choose to retain the data for a further twenty-one (21) months if, in our judgement, the candidate may be of future interest as an employee. After twenty-four (24) months from the last contact, or sooner if the candidate is not considered to be of future interest, we will delete the candidate information, retaining only the name, address (including email address), date of application and the post applied for, and a brief and objective record of the decisions taken. This summary retained candidate information will be held for a maximum of five (5) years from the date of last contact and then deleted. In the event of further contact from the candidate, including a fresh application for employment, the data retention periods described above reset.

When we work with freelance professionals and contractors, we will collect enough personal information as is necessary, depending on the nature of the work being undertaken. As with staff, this may include contact details, Disclosure and Barring Service check data and data regarding the right to work in the UK.

Staff are invited to confidentially provide information regarding race, gender, ethnic origin or ethnicity, religion or religious beliefs and sexual orientation. This information is encrypted in storage and access to it is restricted. Periodically it is anonymised, aggregated and transferred to the Arts Council as part of our funding agreement with them. Staff do not have to provide any of this information; it is optional.

We use Microsoft 365 applications and phone services for email and administration. Mailboxes and administrative assets are stored in Microsoft’s UK data centres. Voicemail recordings are stored in Microsoft’s EU datacentres. We do not record telephone calls.

When you consent to sharing

You may have given your consent to another organisation, like a business, a charity or a website to share your data with us or simply with third parties, including other charities. In these cases, we may add that data to the data we already hold about you. This might have happened when you bought a product or service from them, when you booked a seat with them, donated to them or used recruitment services.

When you book for a Wigmore Hall event in another venue

If we run an event in partnership with another organisation, some of your data may need to be shared with them, for operational purposes. We will only share essential data with them, and we will be very clear with you about what will happen to your data, and why, if you register or book for an event of this kind.

Social Media

According to your settings for social networks and messaging services like Facebook, Instagram and Twitter, you may have given us permission to access some of your information from those services. You may also have given permission for those services to access information about your interactions with all the websites you visit, including ours. Please check their privacy policies for more detail.

Learning Projects

Some of our Learning Projects use a platform called :Padlet (https://padlet.com/) to communicate and share project content. Content and profile information on this platform is subject to :Padlet’s privacy policy: https://legal.padlet.com/privacy.

Some of our Learning projects use a platform called Otter.ai to process event transcriptions. You can read about Otter.ai’s approach to privacy and security here: https://otter.ai/privacy-security.

Payment Data

Payment data is dealt with by third parties (see Payment Processing, below). To protect the payment and personal data that is processed during a transaction, we work to ensure that physical payment devices and online technologies adhere to common standards, like network traffic encryption and routine physical checks. Payment data that you enter when using our website to purchase tickets, donate or buy music and memberships is handled directly by the payment processor, not by Wigmore Hall.

Publicly available information may include information found in places such as Companies House and information that has been published in newspaper or magazine articles, or online.

If information about you is publicly available, we may combine that information with the data we already hold about you. This information might then be used to assess your inclination and capacity to support the Wigmore Hall Trust. In doing this, we take the consideration of legitimate interest very seriously indeed, carefully examining the balance of your rights against the interests of the Wigmore Hall Trust, using a specially prepared legitimate interest assessment process.

Whilst we rely on our legitimate interests as the legal basis for the processing of personal data (where this is not overridden by the interests and rights or freedoms of the individuals concerned) we recognise that it is not the only lawful ground for processing data. As such, where appropriate, we will sometimes process your data on an alternative legal basis; for example, because you have given us consent to do so, or to comply with NHS Test and Trace procedures.

Legitimate interest requires an assessment and balancing of the risks and benefits of processing for both Wigmore Hall and for you. In assessing and balancing these risks and benefits, we take into account what we consider to be your reasonable expectations regarding the processing of your data. This places the burden of protecting individuals on us, as we are in the best position to undertake an analysis of risks and benefits, and to devise appropriate mitigations.

We adhere to the UK Data Protection Act 2018, and keep a close watch on changes in legislation. This ensures that the personal information we look after is processed (audited, stored, used, transferred, kept updated and destroyed) in accordance with applicable laws. When legislation is updated, revised or replaced, we review our data processing practices.

The Wigmore Hall Trust processes the information outlined in this privacy policy in pursuit of our legitimate interests in:

• Communicating with our audiences, supporters, event attendees and project participants
• Providing benefits and services to our audiences, supporters, event attendees and project participants
• Furthering the Trust’s charitable mission (which includes fundraising)
• Enabling the Trust to achieve its strategic and operational goals

We may pursue these legitimate interests by contacting you by email or post. Information about how you can manage the ways that we contact you, including how to opt out from some or all contact from us, is outlined in section entitled "Your rights".

Attendance reporting and ticket, membership, and donation administration

If you attend a concert, or you buy a membership or donate money to Wigmore Hall, we will usually collect some of this information:

• Name, title, contact details including postal address, email address, phone number and links to social media accounts
• Gender information. This is optional.
• Date of birth. This is optional, unless you wish to participate in our £5 tickets for under 35s scheme.
• Information about access requirements to support applications to join our access list
• Information about financial circumstances, to support applications for discounted ticketing schemes
• Information about what prompted you to transact with us
• Your preferences regarding receiving news, marketing and campaign information from us
• If you bought seats for a concert presented by or featuring an Arts Council England National Portfolio Organisation, your preferences as to whether we can share your contact data with that National Portfolio Organisation (we are obliged to ask for these preferences under the terms of our Arts Council funding agreement).
• If you opted to pay for your membership by Direct Debit, we will collect and process your bank account number and sort code in accordance with the Direct Debit Guarantee, Direct Debit Mandate and associated regulations
• Payment card data is not stored or processed by Wigmore Hall, but we do provide means to collect and transfer credit card data to third parties for payment processing. The nature of the data and the parties involved are described in more detail later in this policy
• If you participate in a Learning event, we will usually process anonymised attendance data. We may also process data relating to medical conditions, if it is necessary to properly manage your participation in the event or project

Wisely investing in marketing by grouping customers and sending direct communications

We routinely group people in our database, based upon their buying or giving habits, their address data, publicly available information about them, or combinations of these things. We use these groupings when we send out marketing, fundraising campaign materials and news. Working in this way helps us to keep our costs down; we send out fewer letters and emails, and those we do send go to the people most likely to respond to them.

Taking account of health issues

Where necessary, health data collected for certain Learning event participants may be verbally shared with staff, partners and those involved with the delivery of projects. We take the utmost care to respect the rights and freedoms of individuals involved when we consider the information that is necessary to be shared in this way.

Using CCTV and audio streaming as a security measure and an essential operational tool

We use CCTV both as a security measure and as an essential part of the operation of the hall. There are cameras in the auditorium, public spaces and key backstage routes, serving a variety of essential functions:

• Prevention and detection of crime
• Protection of the Trust buildings and assets
• Assistance in day to day operations of the Hall: monitoring unmanned entrances, assessing the requirement for extra staff in busy periods, monitoring of the platform without disturbing artists in rehearsal, monitoring of the platform during concerts
• Protection of audiences, staff and artists and of their private property

When necessary, CCTV data may be supplied to the police, regulatory bodies or legal advisors. Otherwise, recordings are retained for a fixed period before being deleted.

Live audio is only streamed from the platform. The stream is not retained and is accessible only to selected computers on the Trust’s corporate network. As with CCTV, this is in place to enable operational monitoring of the platform without disturbing artists in performance or rehearsal.

Enabling contact preferences

We will sometimes write to you or send you emails about the progress we are making, upcoming concerts, livestreams, events or fundraising campaigns.

If you do not want to hear from us, it is easy to control the communications you receive via your Contact Preferences page in the My Account section of our website, or if you prefer, you can call us on 020 7935 2141 or contact us at preferences@wigmore-hall.org.uk.

We invite individuals to tell us about their experiences with us at concerts, learning and study events, outreach projects and at special events. Wider sharing of these stories can be of tremendous benefit to our fundraising efforts. If we have the explicit and informed consent of the individuals concerned, or their parent or guardian if they are under 18, this information may be made public by us at events, in materials promoting our artistic programme, campaigning and fundraising work, or in documents, such as our annual report.

Access to your personal data is limited to those at Wigmore Hall whose responsibilities require access to our customer relationship management systems. In line with legislation, sensitive data (e.g. data relating to children or vulnerable adults and medical data) is further limited to selected, appropriately skilled or trained staff members.

We carry out a periodic information audit, which helps us to maintain controls on the personal information we store. We track the source of the information, its nature, our legal basis for processing it and the controls that are in place to ensure its accuracy, accessibility, security and timely removal.

Operational

In order to perform some of our day to day operations, personal data is sometimes securely transferred to and subsequently processed by external companies. Where external companies process your personal data (e.g. postal and email addresses, to send out brochures or emails on our behalf), we ensure that the data is encrypted where appropriate and that proper controls are in place regarding how those companies manage the personal data they collect or have access to.

If one of these companies runs their operations outside the European Economic Area (EEA), although they may not be subject to same data protection laws as a company based in the UK, we take steps to make sure they provide an adequate level of protection in accordance with UK data protection law by requesting and checking their data policies and associated documents and specific legislation and checking for an adequacy decision between the EEA and that company’s country of origin.

For example, our marketing emails are dispatched by a company in the US. That company has provided documentation to prove that they are compliant with the data protection framework built to cover data sharing between the EU and the US (called the EU-US Privacy Shield). An adequacy decision is in place for the EU-US Privacy Shield, so that company is recognised by applicable legislation as providing adequate protection for your data.

In order to comply with the terms of our Arts Council funding agreement, our attendance data is securely transferred to an aggregator called the Audience Agency, where the data is anonymised and pooled with other public-funded organisations for reporting and analysis purposes.

Payment Processing

When you make an online payment to Wigmore Hall using a credit card or PayPal, the payment data is processed by a third-party payment gateway, called Windcave. We do not store the payment data, but we do store other transactional data, as described in this policy. Windcave uses the payment data to authorise payment with your card issuer or with PayPal, and it is retained to allow for further administration of transactions, like refunds, and for reporting. Windcave’s privacy policy is here: https://sec.windcave.com/pxmi3/privacy-policy.

Disclosure and Barring Service (DBS)

When working with musicians and partners who are not on the DBS update service (https://secure.crbonline.gov.uk/crsc/check), we will transfer data to a third party, currently Atlantic Data, so that the required checks can be performed.

Atlantic Data’s privacy and security policy can be found here: https://policydocuments.disclosures.co.uk/Privacy_Statement.pdf

Legal

We may need to pass your details, if required, to the police, regulatory bodies or legal advisors.

Contact information of ticket buyers may be shared with the NHS Test and Trace service if it is requested.

Arts Council National Portfolio Organisations

We have data sharing agreements in place with some Arts Council England National Portfolio Organisations. These agreements set out our expectations and requirements regarding how they manage the personal data we share with them. If you buy seats for a concert presented by or featuring an Arts Council England National Portfolio Organisation, and you give your consent at the time of booking for us to share your contact data with that National Portfolio Organisation, your data will be securely made available to them, including any updates made to your data and contact preferences in our systems. Each organisation will contact you separately to explain their own data protection processes and privacy policies before they send you any direct marketing.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

Sharing with our partners

In order to properly manage the care of individuals participating in projects and events, it is sometimes necessary to share data classed as ‘Special Category’ under the UK Data Protection Act 2018 with professionals or organisations delivering the projects on behalf of or in partnership with Wigmore Hall. In these cases, we will always ensure that consent is in place before sharing.

Sharing is done using secure means, and we ensure that everyone with whom we share data for these purposes has signed a data sharing agreement, which sets out the method of sharing and the rules for retention, rectification and erasure of data and includes a blank copy of the consent agreement signed by the individuals.

Other circumstances

We will only ever share your data in other circumstances if we have your explicit and informed consent

We appreciate your help in keeping us informed of changes to your contact details. In addition to updates provided by you, we may use the Post Office’s National Change of Address database and postcode database. If applicable we will also use updated information provided to us by Arts Council England National Portfolio Organisations with whom you have consented to us sharing your data.

You have a right to ask us to stop processing your personal data. If it’s no longer necessary for the purpose for which you provided it to us (e.g. processing your donation or membership, booking seats for a concert or registering you for an event) we will do so. If you have any concerns, you can call us on 020 7935 2141 or contact us at preferences@wigmore-hall.org.uk.

You have a right to ask for a copy of the information we hold about you and we will endeavour to provide this information within 40 days. If there are any discrepancies in the information we provide, please let us know and we will correct them.

If you want to access your information, send a description of the information you want to see and proof of your identity by post to Wigmore Hall, 36 Wigmore Street, London W1U 2BP. We do not accept these requests by email and we may contact you directly for confirmation of the request before providing any information. This extra confirmation is in place to safeguard against identity fraud.

If you have any questions please send them to preferences@wigmore-hall.org.uk.

For further information see the Information Commissioner’s guidance.

We may change this privacy policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on the Wigmore Hall website or by contacting you directly.

If you have any questions, comments or suggestions, please let us know by contacting The Data Protection Manager, Wigmore Hall, 36 Wigmore Street, London W1U 2BP or emailing preferences@wigmore-hall.org.uk.