Who are we?
Grand Junction at St Mary Magdalene’s is operated by Paddington Development Trust (registered charity number 1080883, company registration number3652559), in partnership with St Mary Magdalene’s Church PCC. PDT operate Grand Junction as a non-profit community and arts venue, while it remains a working place of worship. PDT are a non-religious charity who have been working in the North Paddington area for over twenty years.
Generally, we collect data from you when you visit our website, purchase tickets, join our mailing list, or create your online Grand Junction account, for the main purposes of:
a) to provide a service to you, such as the delivery of your tickets
b) to report to funders or sponsors
c) to market our performances and activities to the people who would like to hear about them; letting you know about events and classes that we think you would be interested in
We may collect the following information about you:
• You name, company and job title
• Contact information, including email address and postal address
• Demographic information, such as postcode, preferences and interests
• Other information relevant to customer surveys and/or offers
• Your IP address
Paddington Development Trust may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from January 2021.
For any questions about how we use your data, or to exercise your rights over your data, you can contact us on:
Telephone: 020 7266 8258
Address: Grand Junction at St Mary Magdalene’s, Rowington Close, London W2 5TF
Visiting our website
• your IP address
• the website you came from
• what kind of browser you’re using
• what you do on the website including which links you follow.
We will link some of your technical information, such as your IP address, to your name and other personal details if you log in to the website or buy a ticket.
We use this information to make our website work in the first place, and to help us understand your experience of it and how to improve it.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Marketing and Advertising cookies
We use third party advertising cookies to track the actions of visitors to our site. That information lets us assess the effectiveness of our digital advertising and allows us to serve more relevant ads on third party websites.
This includes showing you adverts we think may interest you based on the pages you visit on our site, limiting the number of times that a given ad is shown to you, and removing those who have already bought tickets from any future ticket sales campaigns.
We may also use the information collected by these cookies to help inform how we communicate with other users with a similar web browsing profile to those who have visited the site.
Currently we use Google’s Doubleclick cookie, which are placed on our site with our permission. This collects anonymised age, gender, and interests data which is used on sites that are part of Google’s AdSense Network.
We also use Facebook cookies, which are placed on our site with our permission. This collects data for targeted advertising.
You can link to our full cookies policy here: https://grandjunction.org.uk/cookie-policy/
Creating an account on our website
This will allow you to buy tickets and amend your account details.
We collect your name, home address, email address, date of birth, and phone number.
We will also use your information for marketing purposes – see below.
Buying a ticket
It is necessary to collect some personal data about you when you buy a ticket.We collect your name, address, email address and your phone number.
We process your payment card information, but we don’t handle it directly or retain it. This is dealt with by our payment processor.
We will use the information we’ve collected to handle your admission to the event for which you’ve bought tickets; to process and track your payments and to deal with any issues that may arise including complaints and refunds.
We will also use your information for marketing purposes – see below.
We may also need to process sensitive information about you – see below.
If you get in touch with us – whether that’s by phone, email, post or in person to make an enquiry, we’ll collect the personal information you provide. That information and anything else you tell us will be handled securely. Only what is needed to deal with your enquiry, will be passed on internally or externally.
We will use the information you provide to deal with your request and for no other purpose.
Hiring the Venue
When you hire part, or all, of our venue we will collect your name, contact address, contact telephone number and payment information.
If you’re paying by payment card, our payment processor will collect and process your card details on our behalf. If you pay by cheque or invoice we will see your bank details as a consequence, but we will not store this information. We may also collect some personal information relating to the nature of the event for licensing purposes.
We will also use your information for marketing purposes – see below.
Sending you marketing emails and other communications
Where we have noted this above we will use the information we have about you to send you marketing information. Where we have prior purchase history we will use that to help identify your interests and customise our marketing to you. We will also use outside data sources to get additional information based on your general location, but we do not seek any specific information about you personally.
We will ask you to consent to receive this marketing information.
If you are a consumer, who has signed up via our website, we will only email or text you if you have consented in this way, and you can withdraw this consent at any time by contacting us using the information at the start of this policy or following the unsubscribe instructions that are in every email or text that we send.
If you are a hirer of our space, who has previously booked and shared your details with us, we may send you marketing communications by email to alert you to deals or offers, but you still have the same rights to ask us to stop.
We may also write to you by post. You may ask us to stop at any time by contacting us using the information at the start of this policy, following the unsubscribe instructions that are in every postal communication that we send, or by visiting our website. We will also always respect any preference you have expressed.
We do not make telephone marketing calls to individuals and will only call you in response to an enquiry or as part of contractual customer service. We will make telephone marketing calls to businesses, but will of course stop if you ask us to either on the call, by contacting us, or by visiting our website.
Visiting the Venue
If you buy anything at our venue, such food and drink, we will only collect data if you use a payment card, and then only to process the payment – which, once again, is done by our payment processing partner not by us.
Our venue uses CCTV to help assure the security and safety of our visitors and staff. Appropriate notices are prominently displayed in the venue. If you are captured on CCTV while in our venues this is part of your personal data and you have the rights over it that are set out later in this policy.
As the recording system records digital images, any CCTV images that are held on the hard drive of a PC or server are deleted and overwritten on a recycling basis and, in any event, are not held for more than 30 days. Once a hard drive has reached the end of its use, it will be erased prior to disposal.
If you are coming to our venue and have an access requirement – such as a wheelchair space – we will collect the required information from you in order to make sure you have the best possible experience. We will only ask you to tell us what we need to know in order to accommodate you and ensure that this information is shared in identifiable form only with those people internally and at our partners who need to know.
If you have an access requirement we ask you to ring us on 0207 266 8258 or email firstname.lastname@example.org As part of supporting your booking, we may ask for your name, email address, and phone number. These details will be stored by us with only relevant parties able to access this information when required and to ensure the customer is booked into the correct seats for their needs.
If we conduct a competition on our social media platforms we may ask for your details to be able to issue the prize to you. Once we have completed this contract we will not keep your data and we will also link to the T&Cs for each competition.
If you get in touch with us on social media regarding some feedback of any nature we will only take the relevant information from you in order for us to follow up with your enquiry.
Sharing your data
We won’t ever sell your data or provide access to it to any third parties for marketing purposes. We will share your data in the following ways:
With our partners:
We regularly work with co-producers or promoters to put on events. We may share your data with these partners, but only where you have ticked a box to opt in to your data being shared with the organiser or co-producer of an event.
Where you opt in, and we share your data with our partners, they must comply with the terms of this privacy statement.
With our subcontractors:
In some areas of the work we do, it is necessary for us to work with others to help deliver the best possible experience for customers. When working with someone else, we will pass them some of your data so that they can do their work. We will only ever give them the minimum information that they need and it will always remain under our control. This means that they can only do with your data what we tell them to, and can’t keep it once they no longer need it or pass it on to anyone else.
The partner companies that we currently work with are:
• Stripe – our booking system
• Bovingdons – our catering and event partners
• Our website provider. Your data may also be available to our website provider to enable us and them to carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are deemed to outweigh their legitimate interests in developing new services for us. Our website provider will not transfer your data to any other third party. They will store your data for a maximum of seven years.
• We also outsource our IT. We have a single partner for this; they have routine access to your data but may be able to see it occasionally if they need to fix a problem or make an update. We always have control of this access and have strict contractual provisions to make sure they don’t abuse it.
When legally required:
In some circumstances we may be legally required to pass on your data. For example, if there is a health and safety incident in our venue and you are involved, we will pass your data on to the Health and Safety Executive (a government agency) or to the relevant local authority. What they then do with your data is governed by the law. They may also contact you directly. We will always try to make sure that you know when your data is passed on in this way. In this specific circumstance we may collect health information about you where it is strictly relevant, and this may be done without your consent if you are not able to consent at the time. We will only do this in order to comply with the law and to protect your vital interests.
The police and other government agencies may also request your data. We will pass it to them once they show us proof that their request is legal. We may not be able or allowed to tell you if this happens.
When visiting our venue, we will ask you to scan in using the NHS Test and Trace App, where you have it, or collect you name and contact details as required under the current legislation for Covid-19 Test and Trace.
Making a complaint
If you make a complaint or if we think it’s necessary for any other reason, we may depending on the issue pass your data on to our insurers. We will only pass them the data that they need; we have a clear agreement with them that they will only use the data to assess any claim that we may make in connection with the issue.
Looking after your data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
We take the security of your data very seriously. We have strict contracts with anyone we share it with to ensure that they do the same. We will always obey both the letter and the spirit of the data protection laws that apply to us.
We keep clear records of what data we have and what we do with it, and make sure that we always consider what impact our processing will have on you. We also continually assess the risks to you from possible data breaches, and do everything we can to prevent them.
How long do we keep your data?
We won’t keep your data forever. If you haven’t interacted with us for three years – which means buying a ticket, opening an email, contacting us or visiting our website – we’ll anonymise your data so that it’s no longer connected to you in any way. We will keep the anonymised data indefinitely to help us understand our business and our audience.
We are collecting mobile numbers in line with the Government’s Test and Trace scheme. We will keep these numbers for 21 days after you have visited the venue before deleting them from our database. More details on what happens to your data can be found here: https://www.gov.uk/guidance/maintaining-records-of-staff-customers-and-visitors-to-support-nhs-test-and-trace
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
You have the right to see a copy of all the data we hold about you.
You have the right to ask us to delete what we have or stop processing it. However, we may not be able to do so immediately if the data is required for us to fulfil an obligation to you – like letting you in to an event for which you’ve purchased tickets; if we are legally required to keep it; or if we believe we need to keep it for contractual or insurance purposes. We will always tell you what we are doing and why.
You have the right to ask us to correct your data – and if what we hold about you is wrong, we’d really appreciate it if you told us – but we will in some circumstances need to check that what you’re telling us is accurate, and may require proof, in order to protect you – and us – from fraud.
To exercise any of these rights, please contact us using the details at the top of this policy.
You also have the right to complain to the Information Commissioner’s Office – the government agency that handles data protection in the UK. You can reach them at their website: https://ico.org.uk/global/contact-us/
This policy was last updated in January 2021. We may update it at any time in order to improve our customer experience or to comply with changes in the law.