OVO PRIVACY POLICY

CONTENTS

  1. INTRODUCTION
  2. ABOUT US
  3. INFORMATION WE MAY COLLECT ABOUT YOU
  4. HOW WE USE INFORMATION ABOUT YOU AND RECIPIENTS OF YOUR INFORMATION
  5. WHO WE MIGHT SHARE YOUR INFORMATION WITH
  6. COOKIES
  7. HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR
  8. HELP KEEP YOUR INFORMATION SAFE
  9. INTERNATIONAL TRANSFERS OF YOUR INFORMATION
  10. YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU
  11. SHARING DATA DIRECTLY WITH THIRD PARTIES
  12. THIRD PARTY LINKS
  13. CHANGES TO THIS POLICY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

1. INTRODUCTION

1.1. This privacy notice (Privacy Notice) sets out the ways in which we, OVO, collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal data. 

1.2. This Policy applies to users (individually referred to as you) of OVO’s website.

Using our website if you are under 13

1.3. If you are under 13 we will need your parent/guardian’s consent before we can collect any personal information about you. If you do not have that consent, please do not provide your personal information or use our website. 

2. ABOUT US

2.1. We are a  registered Charity in England and Wales nos. 1159409, with our registered address as set out below. 

Address: The Maltings Arts Theatre, Level 2 Maltings Shopping Centre, St Albans, AL1 3HL.

Email: help@ovo.org.uk

3. INFORMATION WE MAY COLLECT ABOUT YOU

3.1. Information that you provide to us. 

3.1.1. We will collect any information that you provide to us when you:

(a) make and change your ticket bookings over the phone, by email or in person at our box office; 

(b) create an account on the website which allows you to: 

(i) purchase tickets; 

(ii) purchase or redeem gift vouchers, 

(iii) purchase food and drink packages; 

(iv) purchase one of our membership/season tickets

(v) indicate your contact preferences such as whether you would like to receive news from us or information about how you can support us; 

(c) update your profile and other account details; 

(d) make a one-off donation on our website; 

(e) submit correspondence to us by post or email; 

(f) subscribe to our newsletter and mailing lists;

(g) fill in a form, conduct a search, respond to surveys, participate in promotions or use any other features of the website;

(h) register to and/or attend an event that we host at the theatre; 

3.1.2. The information you provide to us will include (depending on the circumstances):

(a) Identity and contact data: title, names, addresses, email addresses and phone numbers; 

(b) Account profile data: if you’re registering for an account on the website you will also provide a username, password, delivery and billing address; 

(c) Financial data: if you are using the website to purchase tickets, gift vouchers, memberships, food/drink packages, or any other services we offer from time to time, you will also provide payment details, which may include billing addresses, credit/debit card details and bank account details. This information is processed directly by our third party payment service provider, SagePay, in accordance with this Privacy Notice; 

(d) Survey data: from time to time we might ask if you would be willing to participate in our surveys; if you agree, we will also collect any information that you provide as part of that survey; and

3.2. Information we collect about you:

(a) Information contained in correspondence: we will collect any information contained in any correspondence between us. For example, if you contact us using the “contact us” form on our website or by email or telephone, we may keep a record of that correspondence; 

(b) Transactional data: we will collect information related to your transactions on the website, including the date and time, the amounts charged and other related transaction details;

(c) Website usage data and technical data: we will also collect certain information about how you use our website and the device that you use to access our website, even where you have not created an account or logged in. This will include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the website, date and time of the request, operating system and interface) number of page views, the search queries you make on the website and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on “Cookies” please read paragraph 6 below; 

(d) Imagery: we may capture images of you when we take photographs or film the theatre, productions or any special events we host from time to time. Your image may be included in a crowd shot of the theatre or your image may be specifically captured such as images of audience participation scenes. Photos or film taken of the theatre may include children’s images for which we will ask for parental or guardian consent before using such imagery in any promotional material;

3.3. Information we receive from third parties

3.3.1. In certain circumstances, we will receive information about you from third parties. For example: 

(a)Service providers: we may collect personal information from our website developer, payment services provider, marketing service provider, and other IT service providers (who are based inside the EU);

(b) Website security: we will collect information from our website security service partners who are based inside the EU, about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful;

(c) Customers who have purchased gift vouchers or gift memberships for you: we will collect personal information about recipients of gift vouchers or gift memberships from our customers. This will include the recipient’s email address, and any information which is submitted by the customer as a personal message in the optional text box.

3.3.2. We might also receive information about you from third parties, such as other theatre or arts organisations, if you have indicated to such a third party that you would like to hear from us. 

4. HOW WE USE INFORMATION ABOUT YOU AND RECIPIENTS OF YOUR INFORMATION

4.1. We will use your information for the purposes listed below either on the basis of: 

4.1.1. performance of your contract with us and the provision of our services to you; 

4.1.2. your consent (where we request it); 

4.1.3. where we need to comply with a legal or regulatory obligation; or 

4.1.4. our legitimate interests or those of a third party (see paragraph 4.3 below). 

4.2. We use your information for the following purposes: 

4.2.1. To provide access to our website: to provide you with access to our website in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);

4.2.2. To register your account: when you sign up to use our website, we will use the details provided on your account registration form (on the basis of performing our contract with you);

4.2.3. To process and facilitate transactions with us: we will use your information to process ticket bookings, transactions, donations and other payments, to allow you to redeem gift vouchers or gift memberships, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due);

4.2.4. Relationship management: to manage our relationship with you, which will include notifying you about changes to our terms of use or privacy policy, your membership where applicable (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated);

4.2.5. User and customer support: to provide customer service and support (on the basis of our contract with you or on the basis of our legitimate interests to provide you with customer service), deal with enquiries or complaints about the website and share your information with our website developer, IT support provider, payment services provider or marketing service provider as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our website users and to comply with our legal obligations);

4.2.6. Marketing: to keep in contact with you about our news, events, new website features products or services that we believe may interest you, provided that we have the requisite permission to do so, and sharing your information with our marketing services provider (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);

4.2.7. Publicity: to promote our theatre and productions which may include photographs or films of the theatre in which you may appear. We may use such photographs or films in our printed and online publicity, social media and press releases (on the basis of our legitimate interests in promoting our services); 

4.2.8. Advertising: to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business and to inform our marketing strategy);

4.2.9. Analytics: to use data analytics to improve our website, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy);

4.2.10. Suggestions and recommendations: to share your information with selected third parties such as suppliers and partners, to enable them to contact you with information about things that may interest you (where we have your consent to do so);

4.2.11. Research: to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of products and services to our website users);

4.2.12. Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and

4.2.13. Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so), and for the purposes of public health and any other legal obligations. 

4.3. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:

4.3.1. personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you; 

4.3.2. detecting and preventing fraud and operating a safe and lawful business; 

4.3.3. improving security and optimisation of our network, sites and services; and 

4.3.4. seeking support (as a registered charity) and promoting fundraising or legacy campaigns.

4.4. Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 9 below. 

5. WHO WE MIGHT SHARE YOUR INFORMATION WITH

5.1. In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:

5.1.1. Partners and collaborators: other theatres or production companies which we collaborate with from time to time such as in relation to a new production or for the purposes of running a competition or promotion where we have your permission to do so; 

5.1.2. Our service providers: Service providers we work with to deliver our business, who are acting as processors and provide us with:

(a) website development and hosting services provided by Buffalo and Spektrix who are based in the UK;

(b) IT, system administration and security services provided https://www.ionos.co.uk/

(c) marketing services provided by DotDigital based in the UK and advertising services (including the Google Adwords service), analytics providers (including Google Analytics) which are all based in the USA. 

(d) maps services (including Google Maps API), based in the USA;

(e) payment services provided by SagePay based in the UK and Committed Giving (in relation to donations) based in the UK; 

(f) ticketing services provided by Spektrix based in the UK;

(g) identity verification, fraud prevention and detection services based in the UK;

(h) banking services based in the UK;

(i) legal, accountancy, auditing and insurance services and other professional advisers based in the UK;

(j) recruitment service providers based in the UK; 

5.1.3. Marketing parties: any selected third party that you consent to our sharing your information with for marketing purposes; 

5.1.4. Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and

5.1.5. Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the UK where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or for the purposes of public health or where such disclosure may be permitted or required by law.

5.2. We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.

6. COOKIES

6.1. We use cookies to ensure that you get the most out of our website. Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor and simplify your use of the website and our services. For example, a temporary cookie is used to keep track of your “session”. Without that temporary cookie you would have to log on every time you access a new page.

6.2. If you do not wish for cookies to be installed on your device, you can change the settings on your internet browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser. Please note that, if you do set your internet browser to reject cookies, you may not be able to access all of the functions of the website. 

6.3. We use essential cookies to keep track of what you have in your basket, process transactions and to remember you when you return to our site. We also use non-essential cookies to track how you use our site for analytical purposes and to monitor digital advertising.

6.4. If you do not wish to enable cookies, you will still be able to browse the site but you will not be able to login or purchase tickets. To login to your account or purchase tickets from our website your cookie settings need to be enabled to accept cookies from third-party websites. If you are using Safari on a mac or iOS device, cookies need to be enabled ‘For Websites I Visit’

6.5. If you are not sure how to change the cookie settings in your browser or on your device, please click on https://www.aboutcookies.org/

6.6. Our service providers use cookies as described below:

6.7. Spektrix is the booking platform we use to sell tickets. To purchase tickets through our website you need to have third party cookies enabled. If you do not you will not be able to complete your purchase. Spektrix cookies allow you to login, add multiple items to a shopping cart before purchasing tickets, merchandise and making donations. If you are struggling to progress beyond selecting tickets you will need to check your settings are enabled to accept cookies from third parties. Cookies used by Spektrix:ASP.NET_SessionId, .ASPXAUTH, SpektrixClientName, CookieDetection, SpektrixLastContact, ReturningCustomerCookie

6.8. Spektrix Cookies are essential to the running of the website and are outside the scope of Cookie Regulations. They are either “Session” or “Authentication” cookies as described below: 

‘Session’ Cookie This is the cookie used to track your customers through the booking process and is essential to make the site function properly. It is therefore outside of the scope of the Cookie Regulations.

‘Authentication’ Cookie The system sets another cookie when users log in – this allows your users to start the checkout process, or log in, and then go to a different part of your website. It is also essential to the functioning of the site and therefore out of scope.

6.9. Google Analytics allows us to track pages you visit, and basic details about your web browsers. They cannot identify you personally. The data collected enables us to improve areas of our website based on levels of traffic to certain pages. To opt out of being tracked by Google Analytics across all websites visit https://www.google.com/inputtools/ 

6.10. Cookies used by Google Analytics:

The following table describes each cookie set by GA4 JavaScript tags. To learn more about the data that Analytics collects, see https://support.google.com/analytics/answer/6004245

Cookie name

Default expiration time

Description

_ga

2 years

Used to distinguish users.

_ga_<container-id>

2 years

Used to persist session state.

When linked to a Google Ads account, GA4 JavaScript tags set additional cookies used to provide Google Ads with a more reliable way to measure interactions customers have with your business. For more details on these cookies, see our advertising and measurement cookies.

6.11. Google Maps uses cookies to remember your preferences e.g. zoom and position. Cookies used by Google Maps: APISID, HSID, NID, PREF, SAPISID, SID, SS, SSID, NID 

6.12. YouTube, which is owned by Google, uses cookies to measure the number and behaviour of YouTube users, including information that links your visits to our website with your Google account if you are signed in. We are not able to control the cookies set by Google, however there is information about how you can manage these cookies at support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

6.13. Information about your use of our website, including your IP address, may be transmitted to Google and stored on their servers. This cookie does not identify you personally unless you are logged into Google, in which case it is linked to your Google account.

6.14. Cookies used by YouTube: SID, LOGIN_INFO, use_hotbox, PREF, SSID, HSID, watched_video_id_list, __utma, __utmz, demographics, VISITOR_INFO1_LIVEData, YSC 

6.15. For more information, visit www.facebook.com/policies/cookies

6.16. You may choose to remove or block cookies at any time by adjusting your browser settings, but in some cases, this may impact your experience of our website.

6.17. Our website may contain content and links to other sites that are operated by third parties that may also operate cookies. We don’t control these third party sites or cookies and this Privacy Notice does not apply to them. Please consult the terms and conditions and Privacy Notice of the relevant third party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies.

7. HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR

7.1. We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as: 

7.1.1. ensuring the physical security of our offices, warehouses or other sites;

7.1.2. ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;

7.1.3. maintaining a data protection policy for, and delivering data protection training to, our employees; and

7.1.4. limiting access to your personal information to those in our company who need to use it in the course of their work. 

7.2. We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example, 

7.2.1. we archive our email and paper correspondence regularly and destroy information older than 7 years after our relationship with you has ended;

7.2.2. we retain information relating to ticket orders, refunds and website user queries for approximately 7 years; 

7.2.3. in the event of a cancellation, we will retain affected customer contact details until tickets are exchanged in accordance with our Refund Policy (please see section 5.7 of our Terms and Conditions), or until you ask us to remove your details. Please note if you ask us to remove your details we will no longer be able to honour the Cancellation policy; 

7.2.4. we retain information relating to our members/ season ticket holders and supporters for 5 years after our relationship with you has ended; 

7.2.5. we retain information relating to Corporate Sponsors for 3 years after you have ceased to be a Corporate Sponsor;

7.2.8. We maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently.

8. HELP KEEP YOUR INFORMATION SAFE

8.1. You can also play a part in keeping your information safe by:

8.1.1. choosing a strong account password and changing it regularly;

8.1.2. using different passwords for different online accounts;

8.1.3. keeping your booking references and passwords confidential and avoiding sharing your login with others;

8.1.4. making sure you log out of the website each time you have finished using it. This is particularly important when using a shared computer; 

8.1.5. letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission; 

8.1.6. keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software.

9. INTERNATIONAL TRANSFERS OF YOUR INFORMATION

9.1. Our company is located in the UK.

9.2. Some of our external third party service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

9.3. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:

9.3.1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

9.3.2. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

9.3.3. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

9.4. Our external third party service providers are currently located in the UK and USA.

9.5. Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

10. YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU

10.1. You have certain rights in respect of the information that we hold about you, including: 

10.1.1. the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;

10.1.2. the right to ask us not to process your personal data for marketing purposes; 

10.1.3. the right to request access to the information that we hold about you; 

10.1.4. the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect; 

10.1.5. in certain circumstances, the right to ask us to stop processing information about you; 

10.1.6. the right to lodge a complaint about us to the UK Information Commissioner’s Office (www.ico.org.uk)

10.1.7. in addition to your right to lodge a complaint about us to the UK Information Commissioner’s Office (www.ico.org.uk), you will also be able to lodge a complaint with the relevant authority in your country of work or residence; 

10.1.8. the right to withdraw your consent for our use of your information in reliance on your consent (refer to paragraph 4 to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Notice; 

10.1.9. the right to object to our using your information on the basis of our legitimate interests (refer to paragraph 4 above to see when we are relying on our legitimate interests) (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;

10.1.10. the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances; and

10.1.11. the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.

10.2. How to exercise your rights

10.2.1. You may exercise your rights above by contacting us using the details in paragraph 2 of this Privacy Notice, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing or by updating your marketing preferences by logging into your account and navigating to the section entitled “Contact Preferences”.

10.2.2. Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your website user account even when you have requested not to receive marketing communications. 

10.3. What we need from you to process your requests

10.3.1. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

10.3.2. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

11. SHARING DATA DIRECTLY WITH THIRD PARTIES 

11.1. You might end up providing personal information directly to third parties as a consequence of your interactions with our website and other services offered by us. For example, you may attend an event hosted by us where you communicate personal information directly with other attendees. We are not responsible for how such third parties use personal information provided by you. 

12. THIRD-PARTY LINKS 

12.1. The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. 

13. CHANGES TO THIS PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES 

13.1. We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by email. 

13.2. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us by updating your profile account information or contacting us via the contact details at the top of this Privacy Notice.

Last Updated: 1st May 2024