Woodburner is committed to protecting your privacy. We will use the information that we collect about you in accordance with, the Privacy and Electronic Communications Regulations 2003, the Data Protection Act 1998 (DPA) and any replacement laws, and, from May 2018, the General Data Protection Regulation (GDPR).
WHO WE ARE
Woodburner is a music events promoter and agency, which was established in 2010.
WHAT INFORMATION DO WE COLLECT
The personal information that we collect may include:
Name, title, and gender
Contact details including email address, postal address, phone numbers
Details of visits to our website including traffic data, location data, operating system, browser usage, and the resources that you access
Image and likeness (as captured in photographs and videos we use for promotional purposes)
Other background personal information you provide to us (for example when you apply for a job, tell us your story, contact us regarding your experience with Woodburner).
HOW DO WE COLLECT YOUR INFORMATION
You give us your information when you buy a ticket, buy something online, sign up for one of our events, update your preferences on our website, tell us your story, apply for a job, or communicate with us. We also keep your details when you sign up to receive emails from us.
We keep a record of the emails we send you, and we may track whether you receive or open them so we can make sure we are sending you the most relevant information. We may then track any subsequent actions online, such as buying a ticket.
Like most websites, we receive and store certain details whenever you use the Woodburner website. We use “cookies” to help us make our site – and the way you might use it – better. Cookies mean that a website will remember you and enable online transactions. It also helps us understand how you use our website, where we can make improvements and how best to tell our audiences about events they might be interested in.
We may also receive information from external sources which enables us to gain a better understanding of our audiences, visitors and supporters and to improve our marketing methods. These sources include:
Third party organisations:
1. Social media
Depending on your settings and the privacy policies used by social media and messaging services like Facebook, LinkedIn or Twitter, we may receive non- personally identifying demographic or analytical information from these services that enables us to better understand the reach and effectiveness of our advertising.
2. Information available publicly
This may include information found in places such as Companies House your biography on your work website or information that has been published in articles/ newspapers.
HOW WE KEEP YOUR DETAILS SAFE AND SECURE
Your personal data will be held and processed on Woodburner’s systems or systems managed by suppliers on behalf of Woodburner. We maintain a customer relationship management (CRM) system to hold contact details and a record of your interactions with Woodburner such as ticket purchases, memberships, queries, complaints and attendance at special events. Where possible we aim to keep a single record for each customer.
We always seek to hold your data securely. Access to customer information is strictly controlled. The CRM system can only be accessed by people who need it to do their job. Certain data, for example sensitive information, is additionally controlled and is only made visible to members of staff who have a reason to work with it.
OUR BASIS FOR PROCESSING YOUR PERSONAL INFORMATION AND WHAT WE USE IT FOR
We aim to be clear when we collect your data and not to do anything you wouldn’t reasonably expect.
We may process your personal data because it is necessary for the performance of a contract. For example, if you make a purchase, or sign up for an event.
We may process personal data because it is in our legitimate interests to do so. For example we may use your personal information to tailor our communications to you and/or to give you an exceptional experience at our events. We may also collect information about how you use our services (including our website) to analyse our customer base and improve our processes. Woodburner also records and uses film, photographs and audio for promotional purposes on its website, social media accounts and other formats under its legitimate interests basis for processing where it would not be necessary, appropriate or practicable to obtain your specific consent (for example, we may seek specific consent for prominent or impactful uses, but typically not for group shots, background inclusion or internal use).
We may also process your personal data (including sensitive personal data) where:
1. It is necessary for medical purposes (for example, in a medical emergency)
2. It is necessary to protect your or another person’s vital interests
3. We have your consent to do so (for example to monitor the diversity of visitors to Woodburner). We will also ask for your consent to provide you with information about products and services and fundraising activities which may be of interest to you (apart from where it is appropriate for us to rely on our legitimate interests to do so).
We may tell you about events, concerts, shop offers, priority booking and information about our site (for example special opening times, or updates on building works on site). Occasionally, we may include information in these communications from partner organisations or organisations who support us. We make it easy for you to tell us how you want to hear from us by emailing us or by telling our Ticket Office team over the phone or in person. You can opt out from these marketing communications at any time - every email sent to you will tell you how to do this.
If you have opted out of marketing communications, we may still get in touch with you. For example we may email you to give you important information about the events you’ve booked or to tell you about any changes.
We may need to disclose your details:
if we run an event in partnership with another named organisation so that they can help us run the event
in order to comply with any legal obligation to do so. This includes the police and other crime protection and detection agencies or regulatory bodies
to our legal advisors for the purposes of regulatory or inspection compliance.
Data processing services acting in an accordance with our instructions, and subject to confidentiality obligations
How long do we keep your information?
We may retain information for a period of six years after your association with us has come to an end. Some information may be retained indefinitely for historical, statistical or research purposes. As stated below, you have the right to require us to erase personal data.
Under the DPA you have the following rights:
- To obtain access to, and copies of, the personal data that we hold about you to require that we cease processing your personal data if the processing is causing you damage or distress
- To require us not to send you marketing communications.
Once the GDPR takes effect in May 2018, you will also have the following additional rights:
- To require us to correct the personal data we hold about you if it is incorrect
- To require us to erase your personal data
- To require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal)
- To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller
- To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
Email us at