The Grand Opera House Trust takes your privacy seriously and we are committed to safeguarding and protecting your personal data. The Trust is a “Controller” for the purposes of data protection law and in particular the General Data Protection Regulations (GDPR) 2018. This means that we are responsible for deciding how we hold and use personal data about you. We aim to be clear about how we use your personal data, and this privacy notice will inform you as to how we look after your personal data, what personal data we process and why.
It is important that you read this privacy notice together with any other privacy notice we may provide when collecting or processing personal data, so you are fully aware of how and why we are using your personal data
What personal data do we collect and process
We will collect, use and store personal data when you:
- purchase a ticket, over the counter, by phone or via our website.
- sign up to attend one of our events or workshops.
- sign up to our mailing list via our website.
- provide feedback about our services.
- sign up for our Friends and/or Access for All scheme.
- apply to take part in our Summer Youth Production.
- make a personal donation.
- communicate with us.
- visit the Theatre.
The personal data we hold may include your:
- Postal Address.
- Telephone Numbers.
- Email address.
- Ticketing/transaction history.
- Billing information.
- Donation history.
- Preferences as to how we communicate with you about our activities, shows, or events.
- Information that is available publicly.
Special Categories of Personal Information
We may also collect and store sensitive information relating to disability if you require specific access arrangements for the Theatre, or to determine eligibility for our Access for All Scheme. This sensitive information will be held securely and only used for this limited purpose.
Consequences of not providing personal data
We only ask you to provide personal data when we have a good reason to do so and there may therefore be consequences if you do not provide particular information to us. If you choose not to provide us with the personal data requested, we will tell you about the particular implications of any such decision at the relevant time.
How do we use your personal data?
We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter or have entered into with you.
- When it in our legitimate interests and your interests, and when fundamental rights do not override those interests. We consider our legitimate interest to be the management of the Theatre and provision of the best service and experience possible.
- When we have your consent to contact you
- When we need to comply with a legal or regulatory obligation.
We will use the data we have collected to:
- Contact you if there are any important changes to your booking or show information.
- Administer your ticket sale, membership or donation.
- Respond to feedback or information you have submitted or respond to a request for information.
- Keep a record of your relationship with us including purchase or donation history.
- Ensure we know how you prefer to be contacted, and that details we hold are accurate.
If you opt into marketing communication we will:
- Tell you about changes to our services or information on new services, productions, events, offers, and opportunities to support us that we think you will find interesting.
- Analyse your personal information to create a profile of interests and preferences so that we can contact you with information most relevant to you.
- Keep a record of the emails we send you, and we may track whether these are received or opened so we can ensure we are sending relevant information. We may then track any subsequent actions online, such as buying a ticket.
- Occasionally undertake customer research to help us understand how we can improve our products, services or communication to better understand our audience.
If you no longer wish to receive marketing information by post or email about our programme, offers, fundraising activities or customer research, you have the option to change any of your contact preferences at any time by logging into your account online, or by contacting the Theatre using the contact details at the end of this notice. An unsubscribe option will also be included in any email we issue.
If the personal data we hold for you is incorrect or incomplete we would ask you to contact us as soon as possible to request that it be updated.
Using our website
When you use our website, goh.co.uk, we are not collecting personal data. We use functional cookies to record information about the choices you have made and to allow us to tailor our website to our users. Further details about how we use functional cookies is available in our Cookies Policy.
Data sharing and third parties
We engage the services of a number of third party service providers, who act as Data Processors, to assist us with a number of our administrative services and we rely their contractual obligation to us as the legal basis on which we share personal data with them. These third parties include our ticketing system and payment provider, email distribution service and mailing house. We may also share personal data with professional advisers such as bankers, lawyers, auditors and insurers based in the UK who provide us with professional services to help protect the Theatre’s interests. These third party service providers will only use your personal data to the extent necessary to allow them to perform the services they are contracted to provide for us. We require all third party service providers to respect and safeguard the privacy of your personal data and treat it in accordance with the law and we do not allow them to use your personal data for their own purposes.
We will not share, rent or exchange any personal details with any other third parties without your agreement, unless required in order to fulfil our contract with you, or unless we are required to do so by law.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and third parties who have a genuine business requirement to use it.
We have put in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
A copy of our Data Retention Schedule is available on request, using the contact details at the end of this privacy notice.
Changes to this notice
This privacy notice will be reviewed annually and updated as and when required. The most up to date privacy notice will always be available on our website and if we make any significant changes in this notice, we will clearly identify any changes we have made in any updates we communicate.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please ensure that you keep us informed if your personal information changes.
Your rights under the data protection legislation
Under the data protection legislation you have the following rights in relation to the personal data we process. These are not absolute rights and can only be exercised in certain circumstances.
- The right to request a copy of personal data we hold about you.
- The right to request that inaccuracies in your personal data be corrected or updated.
- The right to object to us processing your personal data where we are relying on a legitimate reason for doing so.
- The right to request a restriction on us processing your personal data or erasure of your personal data in specific circumstances.
- The right to withdraw consent if we are relying on your consent to process your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) and we will aim to respond to all legitimate requests within one month. If the request is particularly complex or a number of requests have been made it may take us longer to process your request but this will be explained to you. We may also charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, alternatively, we may refuse to comply with your request in these circumstances.
Special inclusions as a result of COVID-19
To support the Contact Tracing Service (which is operated by the Public Health Agency in Northern Ireland), the Grand Opera House is required to collect and keep a record of all staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with the Contact Tracing Service we can help to identify people who may have been exposed to the Coronavirus.
As a customer/visitor of the Grand Opera House you will be asked to provide some basic information and contact details. The following information will be collected:
- the age and telephone number of each visitor and attendee over the age of 16; and
- the date of their visit or attendance and the time of their arrival
The Contact Tracing Service has asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out during that period. We will only share information with the Contact Tracing Service if it is specifically requested by them.
For example, if another customer at the venue reported symptoms and subsequently tested positive, the Contact Tracing Service can request the log of customer details for a particular time period (e.g. this may be all customers who visited on a particular day or time-band, or over a two-day period).
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we would therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes (such as surveillance of an individual’s movements or marketing activities), and the Contact Tracing Service will not disclose this information to any third party unless required to do so by law (e.g. as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, and phone number). Where this is the case, this information may continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
Your information will always be stored and used in compliance with data protection legislation. The use of your information is covered by the General Data Protection Article 6 (1) (f) – legitimate interests of the venue/establishment. The legitimate interest in this case is the interest of the venue/establishment in co-operating with the Contact Tracing Service in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.
By law, you have a number of rights as a data subject, such as the right to access information held about you. If you are unhappy or wish to complain about how your information is used, you should contact: DPO@health-ni.gov.uk in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office.
If you have any questions about the way in which your data is being processed, or the rights detailed above, please contact the Theatre’s Data Protection Officer by email at email@example.com or in writing at the Grand Opera House, Great Victoria Street, Belfast BT2 7HR.
If you are still not happy, you have the right to make a complaint to the Information Commissioners Office, the UK supervisory authority for data protection issues at
Information Commissioners Office, 3rd Floor, 14 Cromac Place, Belfast, BT7 2JB.