Headlong is a charity and is funded by Arts Council England as well as various trusts, foundations and individual donors and supporters. Our registered charity number in England and Wales is 267965 and we are also registered as a company in England and Wales under registration number 1171757.
Headlong treats the handling of personal data seriously. As such we have created a Privacy & Data Protection Policy, to ensure everyone in our workplace knows how to handle the personal data we receive from individuals and details how Headlong will treat personal data after it has been collected by us.
Information about individuals is held by Headlong with the right of subject access, allowing any individual access to the information held about them.
Contact us at:
17 Risborough Street
You will be asked for personal information when you register, make an enquiry, make a donation or order products and services from us, apply for or accept a job or opportunity or participate in an outreach programme or workshop.
We will retain your name, date of birth, contact details and contact preferences when you make a purchase from our box office or otherwise buy products from us. We will keep a record of your bank or credit card details used to make the purchase, but only temporarily and solely to process your transaction.
We will record details when you sign up to our mailing list or make a donation. Where you make a donation, we will keep a record of the details of the gift (amount, date, purpose) and your Gift Aid status. We may also ask you to provide details about your current interests and activities, and the details of your family and spouse/partner details where appropriate.
We are committed to fundraising best practice and abide by the Fundraising Regulator’s key principles and behaviours of a fundraising organisation: to be legal, open, honest and respectful. We undertake to comply with relevant law and regulations, including the Proceeds of Crime Act, Data Protection, Tax and Gift Aid legislation and Charity Commission guidance.
We may also receive personal data from our website developer, IT support provider and payment service provider who are based inside the EU.
If you are a job applicant we may contact your recruiter, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application.
Depending on your settings or the privacy policies for social media services like Facebook, Instagram or Twitter, you may give us permission to access information from those accounts or services, such as your behaviour on these services and across our site. The majority of this behaviour is anonymised. For more information on how to control your privacy settings for these services, go to the following links:
Special categories data is personal data that is more sensitive and therefore needs more protection, such as information about health and biometric data, race, religious or philiosophical beliefs, sex life, sexual orientation, trade union membership and political opinions. We will only process this type of data:
If you are an applicant or an employee, we will collect special categories of information about your race, ethnicity, religious or philosophical beliefs and sexual orientation for the purpose of our diversity and equal opportunities records (on the basis that it is needed for reasons of substantial public interest, for equal opportunities monitoring).
Through surveys, with your explicit consent, we may collect special categories of information such as your race, ethnicity, religious or philiosophical beliefs, and sexual orientation. This allows us to understand how our audience in a local and national context and helps us to identify new audience opportunities.
When you provide us information in relation to an event that you are attending with us, we may ask you about your access requirements and dietary preferences.
Depending on the preferences you have indicated and your relationship with Headlong Theatre we will use the personal information you have provided in the following instances:
To carry out our business and to provide a service or carry out a contract with you:
Where we have your consent to:
Where we have a legal obligation to:
Where we have legitimate interest to:
We use various techniques including market research and audience profiling techniques to help us understand our audiences, customers, donors and potential supporters. This includes gathering information from you as well as publicly available resources to give an insight into your interests and inclination to attend Headlong events or support Headlong.
We do this because it allows us to understand our audience members and the people who support us, and helps us to send appropriate communications and make appropriate requests to those who may be able and interested in attending or giving more than they already do.
When building a profile we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications.
With your consent, we will contact you to let you know about upcoming events, updates on our plans and progress we are making, and to ask you to make a donation or give other types of support. Occasionally, we may include information from our partner organisations or organisations who support us in these communications.
We make it easy for you to tell us how you want us to communicate, in a way that suits you. Our forms have clear marketing and we include information on how to opt out when we send you marketing. If you don’t want to hear from us, that’s fine. Just let us know when you provide us with your information or change your preferences at any time by contacting email@example.com.
Your personal information might be passed to a third party if they need it to fulfil your order(s) for our services, to execute the communications we send to you, to process a donation, or where you have otherwise consented to being contacted by selected third parties, such as artistic partners and associates. We do comprehensive checks on these companies before we work with them, and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information they have collected or have access to.
Examples of the data we share and who we share it with include:
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:
(a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
(b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
We ensure that there are appropriate technical controls in place to protect your personal details. The personal information that you provide will be held securely and will not be used for any other purpose than as provided for in this policy. We ensure that there are appropriate technical controls in place to protect your personal information; for example, any information which we transfer is encrypted and password protected, and all of our staff receive data protection and security training. We also ensure that any physical copies of personal data are protected, and our premises are kept safe with multi-lock security. We archive our email and paper correspondence regularly and destroy information older than 7 years.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We endeavour to keep your personal information accurate and up to date. If you become aware of errors or inaccuracies, please email firstname.lastname@example.org or update the information we hold about you by using the "My Account" section of our website.
We use publicly available sources to keep your records up to date; for example information provided to us by other organisations as described in this policy.
We would really appreciate it if you could let us know if your contact details change.
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used.
Find out more information on what cookies we use here.
Our website contains links to other third party websites. We are not responsible for the privacy practices of these websites and you should read their own privacy policies for more information.
You can request full details of personal information we hold about you under the Data Protection Act 1998, or after 25 May 2018, The General Data Protection Regulation, by contacting the Data Team. Please send a description of the information you would like to see, together with proof of your identity to email@example.com
At any time you have the right to ask the Headlong to amend or to stop how it uses your personal information including for marketing purposes. You can do this by signing in to the website and accessing your account details or if you don’t have an account or if you prefer to, you can contact us by phoning, emailing or writing using our contact details in section 1. You have the right to get information held about you by us corrected. If you have any concern about the accuracy of your personal data, please let us know using the above contact details.
You have the right to lodge a complaint with the supervisory authority, The Information Commissioner’s Office – www.ico.org.uk
More information about Data Subject Rights can be found here.