Privacy Policy

Sheffield Cathedral (“Our”, “Us” and “We”) Box Office - Privacy Notice

We are committed to protecting and respecting your privacy. This Privacy Notice (together with any other documents referred to herein) sets out the basis on which the personal data collected from you, or that you provide to Us, will be processed by Us in connection with the promotion and sale of tickets to events managed or promoted by Us. Please read the following carefully to understand Our views and practices regarding your personal data and how We will treat it.

For the purpose of the General Data Protection Regulation (“GDPR”) the Data Controller is Sheffield Cathedral.

We use thelittleboxoffice.com, an online application provided by The Little Box Office Limited (“LBO”), to manage our ticket sales.  We use LBO to process personal information as a data processor on Our behalf.  LBO is only entitled to process your personal data in accordance with Our instructions.

1. What information do We gather?
When you use the LBO platform, you may be asked to fill out an online form with personal information such as your name, address (which may include separate billing and delivery address), telephone number and email address.

This information is collected to enable Us to sell you the tickets only, and will not be passed to any other organisations. 

Some of the information We collect through forms is marked as mandatory (i.e. the information needed to complete the ticket sale, such as your full name and e-mail address) and other information is provided voluntarily, if you fail to provide Us with information that is marked as mandatory We will not be able to process your form or carry out the intended function (e.g. sell you a ticket). 

2. Payment details
Payment is handled separately, and securely, through Stripe (“Payment Processor”). Your payment card details are never collected by Us. If you want to find out more about how the Payment Processor processes your personal data, you can refer to their own privacy notice.

3. Lawful Basis for Processing
We rely on “performance of a contract with the data subject” as the lawful basis of processing your information where we do this so that we can provide you with our tickets and services.  

We rely on legitimate interest as the lawful basis on which We collect and use your personal data for the purposes of direct marketing.

4. How do We process this information, and for what purpose?
We require these personal details for the following reasons:
• We need your full name and e-mail address so We may be able to send you tickets electronically, so We can re-issue you tickets and offer refunds if necessary.
• We require this information for Our own record keeping
• Where you are an existing customer or have previously enquired about our products and services, we may use your personal information to send you promotional material about other related services or products. We will ask for your consent to do this. If you wish to be removed from the mailing list, simply send Us an email request or use the option to unsubscribe from any marketing email you receive from us.

5. Who will We share this information with?
We routinely pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, including The Little Box Office, who host the online ticketing platform, and the Payment Processor.

We may also disclose your personal data to third parties:
• in the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets; or 
• if We or substantially all of our assets are acquired by a third party, in which case personal data held by Us about our customers will be one of the transferred assets; or 
• if We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions; or 
• to protect Our rights, property, or safety or that of our affiliated entities and our users and any third party We interact with.

Other than as set out above, and save insofar as is necessary in order for Us to carry out our obligations arising from any contracts entered into between you and Us, We will not share your data with third parties unless We have procured your express consent to do so.

6. How do We protect your information?
We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way.   We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.  

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.

Our Payment Processor use their own security measures to keep your personal banking details safe, including safeguards such as firewalls and data encryption. Please see the Payment Processor’s own privacy notice for more information about how they protect your personal data.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access. 

7. How can you access, change or remove your information?
We welcome any amendments you may suggest, as it is also Our obligation to keep any data We collect as accurate as reasonably possible. 

If you have an account you will be able to amend this information via your account profile.

If you do not have an account, please note that we will have only collected the information in relation to the order you have made, we are unable to update any of those details but we can update our own internal records so the data we collect about you is accurate. 

8. How long we keep your personal data
Where you have made a purchase we will hold all your data in relation to that purchase for seven years. We are required to retain this information by applicable UK tax law.

If you have opted-in to receive email marketing information from us, we will hold your contact details for seven years for marketing purposes. You will be given the option to opt-out (unsubscribe) from each marketing email you receive from Us.

9. Where we store your personal data
All information We hold about you is stored by the Little Box Office on their secure servers, which may be at a destination outside the European Economic Area ("EEA"). The Little Box Officer processor is Amazon Web Services (AWS). The Little Box Office has signed AWS’s Data Processing Agreement. A copy of which can be obtained by contacting AWS.

Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal data will be subject to a European Commission approved contract (as permitted under Article 46(5) of the General Data Protection Regulation, or such other approved mechanism that is designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data. 

We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

10. Your Rights
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
• access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
• require Us to correct any mistakes in your information which We hold
• require the erasure of personal data concerning you in certain situations
• receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• object at any time to processing of personal data concerning you for direct marketing
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal data
• otherwise restrict our processing of your personal data in certain circumstances
• claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:
• email, call or write to Us 
• let Us have enough information to identify you, including your name and email address 
• let Us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
• let Us know the information to which your request relates, including any transaction reference numbers, if you have them

11. How to Complain
We hope that We can resolve any query or concern you raise about our use of your information. 

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

12. Changes to Our Privacy Notice
We reserve the right to modify this Privacy Notice at any time. Any changes We may make to our Privacy Notice in the future will be notified and made available to you using the Website. Your continued use of the services and the Website shall be deemed your acceptance of the varied privacy policy.

13. Use of Cookies and IP Addresses
We and the Little Box Office may collect information about your mobile phone, computer or other devices from which you access the website, including where available your IP address, operating system and browser type, for systems administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data We have about you in order to track your usage of our services.

Our Website uses cookies to distinguish you from other users of our Website. This helps Us to provide you with a good experience when you browse our Website and also allows Us to improve the Website. By using our Website you agree to our use of cookies as more specifically set out below.

A cookie is a small file of letters and numbers that We store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

The cookies We use include:
• “Analytical” cookies. They allow Us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps Us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
• “Strictly necessary” cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services. 
• “Functionality” cookies. These are used to recognise you when you return to our Website. This enables Us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• “Targeting” cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed to our affiliates websites. We will use this information to make our Website, offers e-mailed to you and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Please note that third parties affiliates may also use cookies, over which We have no control.

You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our Website.

14. External links
This site may contain links to other sites at which your personal information is collected, on our event pages for example. When following a link to another site, the collection and use of your personal information is controlled by the privacy policy of that site. We do not accept any responsibility or liability for the privacy policies of external websites and your use of external websites is at your own risk.

15. Contact
All questions, comments and requests regarding this Policy should be addressed to arts@sheffield-cathedral.org.uk.