Privacy Policy

 

1 Introduction

​1.1 We are committed to safeguarding the privacy of individuals (“you”, “your”) whose personal data we collect and use. In this Privacy Policy, we explain how we handle your personal data. For example, what personal data we collect and how, what we do with it and who we share it with.    It also describes your privacy rights and controls such as your choices regarding use, access and correction of your personal data.

1.2 Our Privacy Policy is part of, and is subject to, our Cookies Policy, our Website Terms [insert link], our Donation Terms [insert link] and our Acceptable Use Policy [insert link]. By accessing and/or using www.teatrosancassiano.it (“Website”), you confirm that you accept the terms of our Privacy Policy.
 

2 About Teatro San Cassiano

2.1 Our Website is owned by Teatro San Cassiano Ltd. (“Teatro San Cassiano”, “we”, “us” or “our”).

2.2 We are a company registered in England and Wales under registration number 10756201. Our registered office is at 48 Chancery Lane, London, England, WC2A 1JF.

2.3 You can contact us by (a) post, at 48 Chancery Lane, London, England, WC2A 1JF, (b) telephone, on 020 8100 6008, (c) filling in our Website contact form, or (d) email, using the following email address: data@teatrosancassiano.it.

 

3 Data Protection Manager

3.1 Our Data Protection Manager is Liesle van Eeden. You can contact our Data Protection Manager in writing using the following contact details: data@teatrosancassiano.it. The tasks of our Data Protection Manager include (for example) monitoring our compliance with applicable data protection laws and acting as contact for individuals whose data is processed by us.

3.2 If you have any questions about anything to do with this Privacy Policy, our data processes and practices, or simply to exercise your privacy rights, please contact our Data Protection Manager using the contact details above.

 

4 Your privacy rights

4.1 We have summarised below your privacy rights. Some of these rights are complex, and not all of the details have been included in our summaries below. For this reason, you should read the applicable data protection laws and guidance from the UK Information Commissioner for a fuller explanation of these rights. You can do so by using this link https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

4.2 You may exercise any of your rights below in relation to your personal data by contacting our Data Protection Manager in writing using the following contact details: data@teatrosancassiano.it

4.3 Your principal rights under the applicable data protection laws are:

  • the right to access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to object to processing;
  • the right to data portability;
  • the right to complain to the UK Information Commissioner; and
  • the right to withdraw consent.

4.4 Right to access: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

4.5 Right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you, completed. You can ask us to make any necessary changes to ensure that your personal data is accurate and kept up to date.

4.6 Right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary for: exercising the right of freedom of expression and information; compliance with a legal obligation; for the establishment, exercise or defence of legal claims.

4.7 Right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another individual or legal person; or for reasons of important public interest.

4.8 Right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third-party. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

4.9 Right to object to processing (direct marketing): You have the right to object to the processing of your personal data for direct marketing purposes (including, for example, profiling for direct marketing purposes). Examples of direct marketing include newsletters, text messages etc. At this point in time, we do not do any direct marketing. If, when we do direct marketing, you make such an objection, we will cease to process your personal data for this purpose. We will also provide you with a way to exercise this right at any time and this will include contacting our Data Protection Manager in writing using the following contact details: data@teatrosancassiano.it.

4.10 Right to object to processing (scientific, historical research or statistics): You have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

4.11 Right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

4.12 Right to complain to the UK Information Commissioner: If you consider that our processing of your personal data infringes the applicable data protection laws, you have a legal right to lodge a complaint with the UK Information Commissioner (www.ico.org.uk) which is the UK data protection regulatory body. You can find out how to do so by clicking on this link: https://ico.org.uk/make-a-complaint/.

4.13 Right to withdraw consent: To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

 

5 Changes to the Teatro San Cassiano Privacy Policy

5.1 We may update the Teatro San Cassiano Privacy Policy from time to time by publishing a new version on our Website. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on our Website and update the “Effective Date” date at the top of this Privacy Policy.

5.2 If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email. If you disagree with the changes to the Privacy Policy, you should contact our Data Protection Manager in writing requesting the erasure of your personal data and, if at that time we do direct marketing, unsubscribe from our direct marketing communications such as newsletters etc.

5.3 If you continue accessing and/or using our Website, receiving our communications, contacting us etc. this will constitute acceptance of the revised Privacy Policy.

 

6 What personal data we collect

6.1 We use different kinds of personal data. They are grouped together as in the table below. The groups are listed here so that you can see what we may know about you. We don’t use all this personal data in the same way.

Data Types

Description

Website data

This is data on how you use our Website and may include your IP address, geographical location etc.

Correspondence data

This may include personal data contained in or relating to any communication that you send to us or that we use to communicate with you. Such communications can include communications via our Website, phone, email and can be on any subject matter.

Cookies data

This includes personal data that we obtain about you through cookies. For more information, see our Cookies Policy.

Profile data

This may include your name and contact details and some of the other personal data set out in this table e.g. Website data.

Third-party data

This may include your name and contact details we obtain from third parties e.g. the internet.

Other data

This is personal data other than the ones set out in the table above and this may include (for example) personal data (such as your name and contact details) that we get from you when you provide us with your business card.

 

7 How we collect your personal data

We collect your personal data from various sources. These are as follows:

7.1 Personal data you provide us about you: We collect your personal data that you provide us when you do things such as the following:

  • get in touch with us by email, telephone, letter, and/or some other means; and/or
  • provide us with your name and contact details e.g. you give us your business card at an event we are attending.

 

7.2 Data we collect about you automatically: We collect your personal data when you contact us or automatically when you access and/or use our Website and through the use of cookies (see our Cookies Policy [insert link]). The types of personal data we will collect may include, for example:

  • name and address;
  • the originating IP address;
  • the site that you visited immediately prior to visiting our Website;
  • the type of browser and operating system used (if provided by the browser);
  • the type of device model and version, device identifier;
  • the specific actions that you take on our Website, including, for example, the pages that you visit; and
  • the time, frequency and duration of your visits to our Website.

7.3 Data we collect about you from others: We may also collect personal data about you from others such as (for example) online through your social media profiles/accounts and the internet in general.

 

8 How we use your personal data

8.1 Below, you will find a list of the ways that we may use your data and the legal reasons we rely on to do so.

Processing Type

Processing Purpose

 

Legal Reason

 

Website

 

to analyse your use of our Website as well as to develop, operate, improve, protect, personalise, customise and optimise our Website as well as to present it to you in the most effective manner for you and your device.

 

 

The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business and/or to comply with a legal obligation.

 

 

Communications (Non-Marketing)

 

 

to communicate with you (e.g. by email, by phone etc.) as well as to process the communications you send to us.

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

 

Operations

 

to perform general administrative and operational activities.

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

 

Profiling

 

 

to create a profile of you by combining data you provided to us by you or we got from other sources in order to update, expand and analyse our data records.

 

 

The legal reason for this is our legitimate interest of the proper administration and/or operation of our business, and/or the promotion of our business.

 

 

Security, Risk & Crime

 

to protect our Website and business, prevent fraud, spam, abuse, security incidents, harmful and/or illegal activity, conduct security investigations and risk assessments, and/or to verify or authenticate information.

 

 

The legal reasons for this processing are our legitimate interest of protecting our Website and business, to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

 

Research and Analysis

 

to carry out research (e.g. market research), business and statistical analysis (e.g. develop statistical models).

 

 

The legal reason for this processing is our legitimate interest of the proper administration, monitoring and/or operation of our business.

 

 

Business Improvement

 

to develop or improve our business.

 

 

 

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business as well as to monitor our business.

 

 

Data Retention

 

to retain, store, archive and/or destroy the data.

 

 

The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business, to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

 

Audits

 

to carry out audits.

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business as well as to monitor and improve our business.

 

 

Sharing

(Service Providers)

 

to disclose your personal data such as your name and contact details to third-party service providers we use such as (by way of example only) Domino Srl etc.

 

 

The legal reason for this processing is our legitimate interest of administering, operating and/or managing our business.

 

 

 

Sharing (Consent)

 

 

to share your data (including personal information) where you have provided consent, for the purpose(s) described at the time we ask you for your consent.

 

 

The legal reason for this processing is consent.

 

 

Sharing (Affiliates)

 

 

to share your data (including personal information) with our current and/or future corporate affiliate companies from time to time such as (for example) Teatro San Cassiano Group Ltd and Teatro San Cassiano Srl etc.

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

Sharing (Sale/Investment)

 

 

If there is (a) a sale or an asset transfer to a third-party of, and/or (b) an investment in San Teatro Cassiano, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the (a) sale or asset transfer, and/or (b) the investment.

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

Sharing

(Internal re-organisation & Insolvency)

 

to pass on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration.

 

 

The legal reason for this processing is our legitimate interest of the proper administration and operation of our business.

 

Sharing

(Insurers & Professional Advisers)

 

to disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes.

 

 

The legal reasons for this processing are our legitimate interest of the proper administration and operation of our business, to comply with a legal obligation and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

 

Sharing

(Legal Disclosures)

 

to disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

 

The legal reasons for this processing are to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

 

9 Providing your personal data to others

9.1 Third-party service providers: We may disclose your personal data such as your name and contact details to our third-party service providers to help us administer, operate and manage our Website, business and to provide services related to us and/or our Website. These service providers have limited access to your personal data to perform these tasks on our behalf and are contractually obligated to use it consistent with this Privacy Policy.

9.2 Sale/Investment: If there is (a) a sale or an asset transfer to a third-party of, and/or (b) an investment in Teatro San Cassiano, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the (a) sale or asset transfer, and/or (b) the investment. However, use of your personal data will remain subject to this Privacy Policy.

9.3 Insolvency: Your personal data may be passed on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration. In the case of an insolvency event, our customer database may be sold separately from the rest of the business, in whole or in a number of parts. It could be that the purchaser’s business is different from ours too.

9.4 Our insurers & professional advisers: We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes.

9.5 Legal compliance: In addition to the specific disclosures of personal data set out in this Section 9, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another individual.

 

10 Direct Marketing

10.1 At the moment we do not conduct any direct marketing such as newsletters. When we do, we will update this Privacy Policy.

 

11 How do you make use of social media?

11.1 At the moment we do not conduct any marketing via social media channels such as Twitter.  When we do, we will update this Privacy Policy

 

12 International transfers of your personal data

12.1 At the moment we do not make any transfer of personal data to countries outside the EEA, e.g. the US. If we do in the future, we will put in place appropriate safeguards.

 

13 Security of personal data

13.1 We maintain administrative, technical and physical safeguards designed to protect your personal data provided to us. While no system or process is full-proof (e.g. hacking), we believe the measures implemented reduce our vulnerability to security problems to a level appropriate to the type of personal data involved and the current state of technology.

 

14 Retaining and deleting personal data

14.1 We have data retention policies and procedures in place which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. In the case of:

  • website data (e.g. your IP address): [retention period.]; and
  • correspondence data (e.g. your name and address); 

14.2 In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria: the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements e.g. whether (and for how long) we are required by law to retain your personal data.

14.3 However, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another individual.

 

15 Third-party websites

Our Website may contain links to third-party websites. Please note that if you follow a link to any such website, we do not accept any liability and/or responsibility, because these websites have their own terms & conditions and Privacy Policies.