Glyndebourne Privacy Notice
If you have any questions or comments please email firstname.lastname@example.org.
When we collect personal data from you we store it under strict safekeeping and confidentiality measures. We use technical and organisational security measures to protect it against misuse and any external data processing services we use must meet our security policies. We hold your data on secure servers operated by Glyndebourne and (for Glyndebourneshop.com) Shopify. Glyndebourneshop.com transfers this information to servers outside the EEA but provides a level of protection equivalent to EEA standards for that data. The Retail Privacy Notice provides more information about how your data is used on Shopify servers.
We allow only those staff members who need to process your data to have access and prevent all other staff from seeing it. We meet the protection offered to you under the Data Protection Act 2018.
By disclosing your personal information to us via glyndebourne.com, glyndebourneshop.com, opting in via a third-party site such as Facebook or similar, verbally or in writing, you are giving us your consent to collect, store and process your personal information in the manner described in this Notice. The information we hold will be accurate and up to date within our knowledge.
If you have any questions regarding the Privacy Notice or your information, please contact email@example.com or write to Head of Governance & Compliance, Glyndebourne, Lewes, BN8 5UU.
What we do with your data and what we don’t do
We will keep information which identifies you only if you are a Member, purchase tickets, make a donation, use our web streaming service, participate in Learning & Engagement activity, buy from our shop or gallery or ask to receive communications from us. Such personal information could include:
- your name
- phone number
- date of birth
- email address
- IP (internet protocol) address
- payment card details (these are stored in a tokenized format and are kept only while we process your payment, unless you give us your explicit permission to store them longer for a specific purpose)
- Bank account details (e.g. for collection of direct debit payments)
- proof of identity (only for major art purchases)
- Medical or additional needs where relevant (only for those involved in Learning and Engagement projects)
- Next of kin (only for those involved in Learning and Engagement projects)
When you give us your details for any of the following we process your personal information to enable us to perform the contract we have with you:
- membership administration
- administration of donations, sponsorship and legacies
- Glyndebourne Encore video on demand
- research and statistical analysis (collated anonymously)
- fulfilment of merchandise orders from our shop
- participation in Learning & Engagement activity
Or because we are fulfilling a legal requirement:
- Compliance with art market anti-money laundering regulations
And, only with your prior consent, for emails:
- requesting your support of Glyndebourne projects
- communication about Glyndebourne productions, activities and products
We may, from time to time, contact you about activities in line with our charitable purpose by post for which we do not seek your prior consent.
We sometimes have to share your information with third parties to undertake these business activities. When we do so we always confirm that they meet our security standards. Examples of such sharing are:
- our on-site caterer, Compass Group t/a RA Venues Dining at Glyndebourne, for restaurant booking
- Glyndebourne America, a registered U.S. Public Charity under Internal Revenue Code Section 501(c)(3), whose purpose is to help Glyndebourne increase awareness of its work in the United States
- a mailing house for handling our direct postal communications with you.
When we allow access to your information we always control what they can see, what they are allowed to do with it and how long they can see it.
We do not share or sell your personal information for other organisations to use for their own purposes. We store credit card details in a tokenized format and will not disclose them to any third party. The only exception is that for certain larger events we occasionally agree to assist with your catering arrangements. We will then share your payment details, for this purpose only, with Compass Group t/a RA Venues Dining at Glyndebourne if you have given us your express permission to do so.
We will keep your information only for as long as we need to and will not keep more information than we need. We have fixed retention periods for each class of data and are currently working towards ensuring that we securely delete all information that exceeds that retention period.
Glyndebourne, charity no. 243877, fundraises from individuals, companies and foundations who want to support our mission of reaching out and enriching as many people’s lives as possible through opera. Fundraising enables us to achieve our core strategic objective of remaining financially independent.
We may undertake some research to find out if there is likely to be a shared interest. We use a third-party company which collates publicly-available information for us, but does not undertake profiling. We may use profiling and screening techniques ourselves to analyse your personal data and create a profile of your interests and preferences. In doing so we may make use of additional information about you, including where you live, your age and similar demographics, and any publicly-available information about you (for example through LinkedIn, Companies House, Charity Commission).
We want to contact you only when it may be relevant. By better understanding the background of our supporters we are able to make appropriate requests for gifts that will help us continue to make world-class opera created by the most talented artists. Gifts from people who may be able, and are willing, to give us more than they already do, will enable us to raise funds sooner and in a more tailored way than we otherwise would. This information will also help us to meet our obligations to protect the charity from financial fraud and risk.
If you wish to opt out of your data being used in this way you can let us know by emailing us at firstname.lastname@example.org or by writing to the Head of Governance & Compliance, Glyndebourne, Lewes, BN8 5UU.
We are committed to safeguarding children and adults at risk of harm and do all we can to ensure that all who come to Glyndebourne, whether as an audience member, working or joining a Learning & Engagement project, are safe and inspired by their experience. An important part of doing this is to protect their privacy.
If you are age 16 or under, please obtain your parent/guardian’s permission every time before you provide any personal information; we will always require their signature/ e-signature on any documentation when you sign up to a Glyndebourne project or are contracted to perform. We will always require the carer’s signature on similar documentation relating to vulnerable adults.
We will let Members have the first opportunity to know what’s happening at Glyndebourne by sending a special Members’ magazine and Members’ emails with news, offers and events.
Our Learning & Engagement team manages a separate mailing list for Glyndebourne Youth Opera, keeping in touch about Learning & Engagement opportunities, news and events.
These communications will give you news related to Glyndebourne and items we think will be of interest to you. We will not sell, rent or lease our subscription lists to any third-parties. We may use code within our email template to identify which messages you have opened and which links you have clicked on within it to better tailor any future communications.
We will seek your consent to contact you with optional communications from Glyndebourne. Sometimes we will contact you to complete a contract, such as a ticket purchase, or because we believe there is a legitimate interest and compelling justification for us to do so. In such a case we take great care to consider and protect your rights and interests and would expect there to be a minimal impact on your privacy. Each email we send you will give you the option to update your preferences.
We will make sure that you receive the product or service you have requested, process any payments and send you information relating to that service. If you hold an active membership this will include sending you information regarding your membership renewal, your brochure and ticket application form, your Member magazine and your Direct Debit confirmation.
You can update your personal information and communications preferences at any time in the following ways:
online by logging into My Account at glyndebourne.com
- clicking on the unsubscribe link within a newsletter or within an email
- by emailing us at email@example.com
- by calling us on 01273 815000
- By using the Live Chat on glyndebourne.com
- by writing to the Box Office, Glyndebourne, Lewes, BN8 5UU
If you wish us to cease contacting you on any subject, either email firstname.lastname@example.org or write to Head of Governance & Compliance, Glyndebourne, Lewes, BN8 5UU. We will remove your details from all subscription lists.
In January 2020 the Proceeds of Crime Act 2002 was updated to include the art market. We are required by law to complete customer due diligence checks relating to the sale of any artwork with a purchase price greater than €10,000. You will need to supply us with a proof of identity such as a passport, photocard driving licence or National Identity Card and personal data such as your name and address. A record of these checks will be held securely and confidentially for a minimum of five years.
Our site contains links to other sites whose information practice may be different than ours. You should consult the other sites’ privacy notices as we have no control over information that is submitted to or collected by third parties, nor can we guarantee the privacy of personal information you transmit over the web or that may be collectable in transit by others.
Glyndebourne will at all times adhere to the Seven Key Principles of the Data Protection Act 2018. These are that data is:
(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”
(g) The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
You have the right to ask for a copy of the personal information that we hold about you, to correct any inaccuracies in that information or ask us to delete such records. If you would like to have a copy of this information, please contact email@example.com or write to the Head of Governance & Compliance, Glyndebourne, Lewes, BN8 5UU. If you find any inaccuracies we will correct them immediately. If you ask us to delete your records we will destroy all of your personal information that we hold on our files unless we are required to keep certain basic information by law. An example of this is if you have made a donation to us under Gift Aid, in which case we have to keep your name, address and donation amount and your Gift Aid Declaration for six years after your last donation.
You have the right to complain to the Information Commissioner’s Office if we have not been able to satisfactorily resolve a problem about our handling of your personal information.
Updated July 2023