For the purpose of the General Data Protection Regulation (“GDPR”, from the GDPR implementation date) or, until GDPR implementation date, the Data Protection Act 1998, (collectively the “Data Protection Laws”) the Data Controller is The Little Box Office Limited.
We are an online application provider who provides ticketing solutions to venue owners, event organisers, tickets agents and other online ticket vendors (“Ticket Vendor”). In respect of personal data uploaded when purchasing tickets from a Ticket Vendor, the applicable Ticket Vendor shall be shall be the data controller (as defined in the GDPR). In this scenario The Little Box Office Limited shall be a data processor (as defined in the GDPR) for the Ticket Vendor. Please note that if you are a data subject (i.e a ticket buyer) whose personal data is processed by a Ticket Vendor, you should direct any enquiries in relation to their processing of your personal data, and your rights in respect of the same, to the relevant Ticket Vendor.
Information we collect from you
We collect and process some or all of the following types of information from you in the course of your use of the Website or whilst providing our services:
Information that you provide by filling in forms on the Website, sending us an e-mail or letter. This includes information provided when subscribing to our service, or requesting further information or services. We may also ask you for information when you report a problem with the Website.
Specifically, personal details such as name, email address, postal address, telephone number, job title, company name or any information input when completing our survey forms, using our Services.
If you contact Us, We may keep a record of that correspondence.
We may also ask you to complete surveys that We use for research purposes, although you do not have to respond to them.
Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.
When using our “Contact” form your name and e-mail address are required from you to enable us to respond to your enquiry. We will inform you at the point of collecting information from you, whether you are required to provide the information to Us.
Information We Collect From Other Sources
We will collect your contact details from publically accessible sources, such as leaflets, advertisements, and lists from third parties to contact you about our products and services that we feel may interest you.
Lawful basis for processing
Where you have contacted us via the website, e-mail/mail and telephone or participated in any surveys, we rely on “legitimate interest” and the legitimate interest is “responding to and contacting you regarding the enquiries you have made in relation to the services we offer and reviewing your responses to our surveys”.
If you are engaged by one of our customers or suppliers, we may process your data in order to perform our obligations pursuant to a contract with that customer or supplier. Where we do so we rely on “legitimate interest” and the legitimate interest is “carrying out a contract with a customer or a supplier”.
We rely on legitimate interest as the lawful basis on which We collect and use your personal data for the purposes of direct marketing.
Purposes of processing
We use information held about you in the following ways:
To provide you with our services.
To ensure that content on the Website is presented in the most effective manner for you and for the device(s) you use to access and view the Website;
To provide you with information and offers that you request from Us or which We feel may interest you.
To carry out our obligations arising from any contracts entered into between you and Us.
To allow you to participate in interactive features of our service, when you choose to do so.
To delivering a better more personalised service through the use of targeted advertising.
To notify you about changes to our service.
In addition to the above uses We may use your information, to notify you about goods or services which may be of interest to you. If you do not want Us to use your data in this way please either (i) tick the relevant box situated on the form on which We collect your data (for example, the registration form); (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform Us at any time by contacting Us at the contact details set out below.
We routinely disclose your personal data to third party providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (e.g. to host our servers).
We may also disclose your personal data to third parties:
in the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets; or
if We or substantially all of our assets are acquired by a third party, in which case personal data held by Us about our customers will be one of the transferred assets; or
if We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or
to protect Our rights, property, or safety or that of our affiliated entities and our users and any third party We interact with the to provide the Website; or
in relation to selected third parties only, only to the extent that you have consented to such selected third parties notifying you about certain goods or services, which may be if interest to you.
Other than as set out above, and save insofar as is necessary in order for Us to carry out our obligations arising from any contracts entered into between you and Us, We will not share your data with third parties unless We have procured your express consent to do so.
We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
Keeping your personal data up to date
If your personal details change you may update them by contacting Us using the contact details below. If you have any questions about how We use data collected which relates to you, please contact Us by sending a request by email to the contact details below.
We will endeavour to update your personal data within seven (7) working days of any new or updated personal data being provided to Us, in order to ensure that the personal data We hold about you is as accurate and up to date as possible.
How long we keep your personal data
If you contact us via our website contact form, e-mail, letter or telephone requesting general information about our services, we will hold personal data you choose to provide or we have collected from you such as your name, company name, email address, for 6 years from our last point of contact.
If you are engaged by one of our customers or suppliers, we will hold your contact details for the period that customer or supplier is registered with us and for 7 years after.
Where you have participated in our surveys, We will hold your survey details for 7 years.
Data such as IP addresses, traffic data, location data, weblogs and other communication data will be retained for 7 years.
Where we store your personal data
The data that We collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). We will take all steps reasonably necessary to ensure that your data is held securely and in accordance with this Policy. Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA and we have therefore ensured that any of our suppliers who may transfer your personal data outside the EEA has put in place appropriate measures to protect your data, either by being a member of the US-EU Privacy Shield, or by entering into a European Commission approved contract (as permitted under Article 46(5) of the General Data Protection Regulation).
We will not otherwise transfer your personal data outside the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries. If you would like further information please contact Us (see ‘Contact’ below).
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
access to your personal data and to certain other supplementary information that this Policy is already designed to address
require Us to correct any mistakes in your information which We hold
require the erasure of personal data concerning you in certain situations
receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
object at any time to processing of personal data concerning you for direct marketing
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
object in certain other situations to our continued processing of your personal data
otherwise restrict our processing of your personal data in certain circumstances
claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
email, call or write to Us.
let Us have enough information to identify you (e-mail address and name),
you will need to access your account and provide us with your unique ID numbers, and
let Us know the information to which your request relates.
We hope that We can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns/ or phone 0303 123 1113.