Data Protection Policy
The Citadel is dedicated to preserving the privacy of its customers. This Data Protection and Security Policy lets you know about our policy for the collection and use of information about you and your transactions with us.
• We do not share your information or details with third parties without your prior permission.
• Email - we will only send you emails if you specifically give us your consent to do so.
• As a Certified Merchant, you can guarantee your credit card details are completely secure.
We will handle data about you in accordance with the United Kingdom's Data Protection legislation (Data Protection Act 1998). We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff, whether this is on computer or on paper. We use leading technologies such as (but not limited to) data encryption, fire walls and server authentication to protect the security of your data.
All our staff and whenever we hire third parties to provide support services, we will require them to observe our privacy standards and to allow us to audit them for compliance. When a customer gives us their details, they are stored onto our databox system which requires an access code, this information is kept onto the system indefinitely until the customer informs us that they wish to be removed from the list. Depending on the information they have agreed to accept depends on whether they receive any information from us either by post or e-mail.
When You Make A Purchase
When you purchase tickets our booking form asks you to give us information specific to that purchase, including your billing address, shipping address, credit card information and email address. The information that you provide is used to process and send your tickets. We also use the information to contact you if there is a problem with your booking. We do not make our customer list available to other companies. Our data protection procedure for when you make a purchase is as follows:
• Box Office will put the following information on to our databox system: Name, address, telephone number, e-mail, bank details(if paying by card). This information will be stored on our system that can only be accessed by an authorised log in code.
• Customer details will be written on the card transaction daily sales sheet and placed in the safe once the finance department have received the information. The finance room is a locked key coded room.
• The information is then filed in archive boxes and remains on site for seven years.
• It is then sent off to an independent company and is destroyed as confidential waste.
• The information stays onto our ticketing system until we are asked by customers for it to be removed.
All of our transactions automatically take place on a secure server. All of your personal information is encrypted before it is transmitted over the Internet. None of our customers have ever reported fraudulent use of a credit card as a result of purchases made at www.citadel.org.uk.
Note: Most banks either cover all the charges that result from unauthorized use of your credit card or limit your liability to 50, the maximum liability allowed under the Fair Credit Billing Act. You must notify your credit card provider of the unauthorized use in accordance with its reporting rules and procedures.
When you buy from us online our system automatically gathers purchase data.
We use this information in two ways:
1. We review what kinds of products and services appeal most to our customers as a group. This statistical information helps us improve our offerings in the same way that other companies change their catalogue based on what sells best.
2. We use information such as the number of purchases attendees make and the genres they buy to make offers to them we believe will be of interest.
We do not give out any information about you, as an individual, to anyone, except to complete your transactions, or to comply with valid legal process such as a search warrant, subpoena or court order.
When a person shows an interest in volunteering they are asked to complete a volunteer application pack which involves declaring information such as: name, address, telephone number, e-mail, next of kin, and provide references. This information is then passed to the community and education manager. The information is then filed upstairs in an inaccessible space and sent to confidential waste after seven years.
User group information
All user groups details are stored on the Databox system which can only be accessed by authorised users. The information is then put on to registers which are kept in a key coded office upstairs. Once the participant has left, their information is filed and kept for two years then it is stored upstairs in an inaccessible space and sent to confidential waste after seven years.
Cookies are pieces of information that a website transfers to your computer's hard disc for record keeping purposes. Cookies can make the web more useful by storing information about your preferences on particular sites, thus enabling website owners to provide more useful features for their users. They contain no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means.
Data Protection Information for Customers
If a customer wishes to see a report of the details we have for them, then we can produce this for them within ten days for a small administration fee.
If You Have Questions
If you have questions about any of these policies, please contact us.
St Helens, Merseyside WA10 1PX
UKTelephone: 01744 735436
Fax: 01744 762309