Last updated: 26/6/2018
We operate https://www.glee.co.uk (the "Site"). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site. We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.
The Glee Club commits to protecting the data provided by its customers, clients, subscribers, guests, employees and other natural persons.
The purpose of this document is to:
• Establish procedures to regulate the management of these personal data
• To demonstrate the commitment of The Glee Club with regards to the protection of personal data
• To limit the risk of data breach
• To comply with the applicable laws and regulations (in particular, the Data Protection Act and the GDPR)
Information Collection and Use
While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you to process a purchase. Personally identifiable information may include your name, postal address, email address, date of birth, telephone number, IP address ("Personal Information").
When you use our websites or apps, we collect information such as the browser and device you're using, your IP address, your location, the site you came from, what you did and didn't use our site for, the time and date of your visit, the time spent on those pages and other statistics.
For more information on how we collect this information please see the Cookies section.
When you attend one of our events, we may collect your information via (i) video surveillance cameras (we use signs where such cameras are used) and photographers.
If you have accessibility requirements, we want to make sure you have the best experience when attending events. To do this, we need to collect details of your requirements (which may involve you providing information about your mental or physical health).
Underage persons - The legal age of majority relative to the GDPR is fixed at 16 years of age. The regulation makes the provision, however, for each country to lower this age of consent to a minimum of 13 years.
There are special provisions for the processing of personal data relating to minors, notably regarding consent.
Lawful basis - In order to be able to process personal data it is necessary to identify the associated lawful basis for processing. The Glee Club can rely on 4 lawful bases:
• Consent of the data subject
• Fulfilment of a contract to which the data subject is party, or the execution of pre-contractual measures
• Compliance with a legal obligation
• Legitimate interest of the data controller
Under legitimate interest, we may use your Personal Information to:
• Send you customer service emails including booking confirmations and event reminders.
• To prevent or detect unlawful behaviour, to protect or enforce our legal rights or as otherwise permitted by law. For example, making sure tickets get into the hands of real fans. As such, we may use your information to prevent ticket touting, misuse of our intellectual property (e.g. our or our Event Partner's brands), fraud, or other crimes.
Consent - A specific procedure has been formalised for the management of consent. This procedure is in the form of ticking a consent box on the checkout page.
Data minimisation - At the point of data collection, The Glee Club collects only the data strictly necessary to meet the purpose(s) of processing. In the event of any change in processing, The Glee Club verifies that the data collected are still relevant to the updated process.
Free-form data entry - The use of free-form data fields carries privacy risks, as these fields (typically notes or comments) may contain inappropriate comments or personal data.
Recipients - Any natural or legal person with access to personal data is considered a recipient (whether they are internal or external to the organisation acting as data controller). The Glee Club shares personal data only with the recipients necessary to fulfil the stated purpose(s) of processing.
International transfers - Any transfer of personal data which are undergoing or are intended for processing after transfer to a third country or to an international organisation shall take place only if appropriate safeguards are in place, or if other specific exceptions apply. The rules governing data transfers are applicable to internal transfers within The Glee Club as well as to external transfers.
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that relate to your bookings and/or your status as a customer with us. We will only do this with your express consent, and we will always allow you to easily opt-out and unsubscribe from our marketing communications at any time.
Subject Access Requests
The data subjects have certain rights concerning their personal data:
- The right of access
- The right of rectification
- The right to erasure (the "right to be forgotten")
- The right to restrict processing
- The right of data portability - The right to object to processing
- The right not to be evaluated on the basis of automated processing.
The Glee Club has implemented a procedure for the management of data subject requests (including the exercise of their rights). This procedure is below:
Step 1: Customer invokes a Subject Access Request
Step 2: The Glee Club sends the customers an encrypted Zip File on all the data it, it's processors and other controllers associated with The Glee Club has on the data subject.
Step 3: If a customer wishes this data to be erased, The Glee Club, it's processors and other controllers associated with The Glee Club will delete the data subjects data wherever possible.
Step 4: An email confirmation will be sent to confirm this to the Data Subject.
In addition, our website contains cookies from third parties such as Google Analytics & Facebook. These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and where visitors have come to the website from and the pages they have visited.
If you wish to remove any cookies our web site has placed on your computer, please consult the instructions for your specific Internet browser.
Security & Storage
We have security measures in place to protect your information. The security measures we use will depend on the type of information collected.
We only keep your information for as long as required to provide you with the services you request, for the purposes outlined in this policy and for any legal purposes for which we are obliged to keep the information, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will securely delete your information when it is no longer required for these purposes, in line with our company policies.
Media - There are different media used in processing (and therefore different storage locations for the personal data processed). It is essential to identify them all to protect the data correctly and to limit the risk of personal data breaches.
Data confidentiality - The generally applicable rules of confidentiality must also be followed with regards to personal data. The access to personal data must on a ‘need to know’ basis, combined with application access management.
Controls and Incident Management
Controls - The Glee Club has implemented controls to ensure that regulatory obligations regarding data protection are followed. The controls must be documented, and the results logged.
Notification in the event of a personal data breach - In the event of a personal data breach, The Glee Club assesses the risk for the data subjects and, if there is a risk, notifies the competent supervisory authority within 72 hours. If the risk assessment indicates a high risk for the data subjects, The Glee Club communicates the breach of personal data to the data subjects. A specific procedure concerning the management of security incidents has been formalised.
Breach monitoring and documentation - The Glee Club has implemented a data breach record. In the event of a personal data breach, The Glee Club will analyse the source and formalise recommendations to address the risk(s). The recommendations will be followed to limit the risk of a repeat incident.
Training and Awareness
Training for key individuals - The Glee Club has identified the individuals who, in the context of their professional activity, are required to process a large quantity of personal data, or special categories of personal data (as set out in article 9 of the GDPR), and provided them with the appropriate training.