Privacy Policy
1. Information about us
firstsite.uk is a site operated by Firstsite. We are a private company limited by guarantee registered in England and Wales under company number 02884347. Our trading name is Firstsite. We are a registered charity and our registration number is 1031800. Our main trading address is Firstsite, Lewis Gardens, High Street, Colchester, Essex CO1 1JH.
Our VAT number is GB 135610144.
Firstsite is committed to protecting and respecting your privacy. We are responsible for protecting your personal information as a “data controller” under applicable data protection legislation. If you have any queries about this Policy or how we use your personal information, please contact us using the details at Contact Us.
This policy sets out the basis by which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting firstsite.uk you are accepting and consenting to the practices described in this policy.
Our nominated person for data protection is Sarah Cavan-Atack and their contact details are [email protected].
2. Your Preferences
If you wish to update your preferences, opt out or amend the information we hold about you, please click here, or alternatively follow the link on the emails that we send you. Alternatively please contact us.
We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
(b) information that you provide to us when registering with our website (including your email address);
(c) information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address);
(d) information that you provide to us when using the services on our website, including downloading activity packs, or that is generated in the course of the use of those services (including the timing, frequency and pattern of service use);
(e) information relating to any purchases you make of our goods and/or services or any other transactions that you enter into through our website (including your name, address, telephone number and email address);
(f) information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication);
(g) any other personal information that you choose to send to us.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
We also gather general information about the use of our website, such as the pages that users visit most often, and the services, events or facilities that are of most interest to the user. We may also track the pages users visit when they click on links in our email communications. We may use this information to personalise the way our website is presented when users visit it, to make improvements to our website and to ensure we provide the best service for users. Wherever possible we use aggregated or anonymous information that does not identify individual visitors to our website.
3. How do we collect information?
We obtain personal information from you when you use our website, enquire about our activities, register with us, download an activity pack or other resource, send or receive an email, ask a question or otherwise provide us with personal information.
We may also receive information about you from third parties, for example from Audience Finder, or from individuals or third-party organisations who share our interests and may introduce you to us.
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have decided to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contract tracing. For detailed information about the collection and usage of this data please see point 8.
4. Why do we collect this information?
We collect this information for the purposes of marketing and improvement to our services. The lawful basis under which we process your information is:
(a) to administer our website and business;
(b) to personalise our website for you;
(c) to enable your use of the services available on our website;
(d) to supply services purchased through our website;
(e) to collect payments from you;
(f) to send you non-marketing commercial communications;
(g) to send you email notifications that you have specifically requested;
(h) to send you our email newsletter if you have requested it (you can inform us at any time if you no longer require the newsletter);
(i) to provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
(j) to deal with enquiries and complaints made by or about you relating to our website;
(k) to keep our website secure and prevent fraud;
(l) to verify compliance with the terms and conditions governing the use of our website.
(m) to support NHS Test and Trace
5. How do we use this information?
We will only use your personal information for electronic marketing purposes if we are allowed to do this by law or if we have your consent. If you agree to us providing you with marketing information, you can always opt out at a later date. If you would rather not receive marketing material from us, please let us know at any time using the contact details at Contact Us or by updating Your Preferences via your Account.
6. Do we share your information with anyone else?
We may need to provide your information to our contractors and suppliers who provide services on our behalf, to the extent necessary to enable you to receive those services.
We may share your information with the service providers or other associated organisations as identified in this policy to use the information for their own purposes as described above.
If you make a payment or donation to us we will need to share your information with our payment processor. By paying via our payment processor you agree to accept their terms and conditions for the use of their services, including their privacy policy. We suggest that you read their privacy policy when using their service as we are not responsible for data you share with them.
We may also need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
7. How long do we keep your information for?
We keep your information for no longer than is necessary, as set out in our Data Retention Policy. We will retain your information for any period required by law, for example for compliance with HMRC requirements. Where we are not under a legal obligation to retain your information, we will determine what is necessary by reference to the lawful basis for processing set out above and our legitimate interests.
If you have any questions about how long we keep your information, please write to us at Firstsite, Lewis Gardens, High Street, Colchester, Essex CO1 1JH.
8. How do we protect your personal information?
We take appropriate technical and organisational measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We protect your information in accordance with our IT Security Policy which is in accordance with ISO27001.
We use a secure service when you make a donation or purchase a ticket through our website, via a virtual gateway operated by Spektrix Ltd. Our online payment system is Payment Card Industry Data Security Standard compliant.
You should be aware that the use of the Internet is not entirely secure and although we will do our best to protect your personal data we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet. Any transmission is at your own risk. Once we have received your information, we use strict procedures and security features such as encryption to prevent unauthorised access.
9. Children
We take the protection of children very seriously. To that end, we require that children under 16 do not submit any information to our website without a parent’s or guardian’s consent. We will not knowingly request or collect from a child any information online that can be traced to the child, such as an email address, name, or information about the child’s family. Unless a parent or guardian consents to such use in advance, we will not knowingly use information that a child provides to us for any fundraising or promotional purpose.
10. Your Rights
If you have created an account with us, you can sign into your account to access and update your information. You can manage your marketing preferences at any time by going to Your Preferences.
You have a right to ask us to confirm whether we are processing information about you, and to request access to this information (‘right of access’).
You may ask us, or we may ask you, to rectify information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate or incomplete (‘right to rectification’).
We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided us with changes, for example if you change your email address, name, payment details, or if you wish to cancel your registration, please let us know using the contact details at Contact Us.
You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data (‘right of portability’). This right does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
You have a right to seek the erasure of your data (‘right to be forgotten’). You may wish to exercise this right for any reason, for example where it is no longer necessary for us to continue holding or processing your personal data, you may withdraw your consent. You should note that we are entitled to and reserve the right to retain your data for statistical purposes. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations, or for reasons of public interest.
You have a right to ask us to restrict our processing of your information (‘right to restriction’) if:
- you contest its accuracy and we need to verify whether it is accurate
- the processing is unlawful and you ask us to restrict use of it instead of erasing it
- we no longer need the information for the purpose of processing, but you need it to establish or defend legal claims
- you have objected to processing of your information being necessary for the performance of a task carried out in the public interest, or for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests.
- you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, protecting the rights of another person or for public interest reasons.
You have a right to prevent us from processing your data for the purposes of marketing.
If you would like to exercise any of your rights above, please let us know using the contact details at Contact Us. We will act in accordance with your instructions as soon as reasonably possible and there will be no charge.
You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You may do so by calling their helpline at 0303 123 1113.
11. Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
12. Information about Our Use of Cookies
‘Cookies’ are small pieces of information stored on the hard drive of a user’s computer, which contain information about the user. The information is used to track a visitor’s use of a website and to compile statistical reports on website activity.
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. By continuing to browse the site, you are agreeing to our use of cookies.
We may store information about your user preferences (e.g. preferred text size) using cookies, which we can access when you visit our website in the future. We do this to help enhance your interaction with our website.
If you want to delete any cookies that are already on your computer, please refer to instructions for your file management software to locate the file or directory that stores cookies.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all parts of our site.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies may include analytical/performance cookies or targeting cookies.
Except for essential cookies, all cookies will expire after 2 years.
Cookie Name |
Domain |
Use |
Description |
Type |
Expiry |
SessionId |
Spectrix |
Stores a unique session ID value used to remember what has been added to the basket. This is also essential to retain this information when using a combination of the Spektrix iframes and API |
Necessary |
Session |
|
_GRECAPTCHA |
Google ReCAPTCHA |
This cookie is an essential part of Google’s reCAPTCHA service, a security tool used to distinguish between human users and automated bots. It helps protect websites from spam, abuse, and potential hacking attempts. |
Functional |
6 months |
|
__cf_bm |
.tickets.firstsite.uk .vimeo.com |
Cloudflare |
Cloudflare places the __cf_bm cookie on end-user devices that access our site as it is protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for these bot solutions to function properly. |
Security |
30 minutes |
cf_clearance |
.firstsite.uk |
The cf_clearance cookie acts as a “pass” for legitimate users. After successfully passing Cloudflare’s initial security checks (which look for things like malicious bot behavior), this cookie signals to Cloudflare that the browser should be granted access to the website it’s trying to reach. |
Security |
1 year |
|
_cfuvid |
.vimeo.com |
Vimeo |
The _cfuvid cookie plays a role in Cloudflare’s security mechanisms for blocking malicious requests, preventing spam, and reducing DDoS attacks. |
Security |
Session |
player |
.vimeo.com |
Vimeo |
Vimeo’s embeddable video player uses first-party cookies that they consider essential to the video player experience. They do not use third-party analytics or advertising cookies when their video player appears on a third-party website like ours, unless the website visitor is logged in to their Vimeo account. See Vimeo’s privacy policy here: |
Necessary |
1 minute |
vuid |
.vimeo.com |
Vimeo |
This is a cookie used by Vimeo to store the user’s usage history. |
Analytical |
1 month |
_fbp |
.firstsite.uk |
|
This cookie is placed by Facebook to track your browsing behavior across different websites. This information is used to create a profile about your interests, allowing Facebook to show you highly targeted ads both on and off the Facebook platform. |
Marketing |
3 months |
_ga |
.firstsite.uk |
Google Analytics |
The _ga cookie is the primary cookie used by Google Analytics to distinguish unique users and track their interactions on a website. |
Analytical |
13 months |
_ga* |
.firstsite.uk |
Google Analytics |
_ga* cookies all start with “_ga” but have additional extensions after the period. These cookies serve specialised purposes within Google Analytics and are related to cross-domain tracking: These cookies help track a user’s journey across multiple websites related to the same business or entity. |
Analytical |
13 months |
_hjSession* |
.firstsite.uk |
Hotjar |
Hotjar is a heatmapping software that helps us to understand how people are using our website and make improvements to the user experience. This cookie holds current session data. It ensures subsequent requests in the session window are attributed to the same session. |
Analytical |
Session |
_hjSessionUser* |
.firstsite.uk |
Hotjar |
Hotjar is a heatmapping software that helps us to understand how people are using our website and make improvements to the user experience. This cookie is set when you first visit our site; it assigns a unique ID to track your behavior within our site, ensuring consistent data collection for subsequent visits. |
Analytical |
1 year |
12.2 Blocking cookies
Most browsers allow you to refuse to accept cookies; for example:
a) in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
(b) in Firefox (version 39) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
(c) in Chrome (version 44), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
12.3 Deleting cookies
You can delete cookies already stored on your computer; for example:
(a) in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);
(b) in Firefox (version 39), you can delete cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show Cookies”, and then clicking “Remove All Cookies”; and
(c) in Chrome (version 44), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Cookies and other site and plug-in data” before clicking “Clear browsing data”.
Deleting cookies will have a negative impact on the usability of many websites.
13. Changes to this policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy. By continuing to use our website you will be deemed to have accepted such changes.
This Privacy Policy was last amended on 02 April 2024.
Google Cookies
IDE, NID, SID, SSID, AID, ID, 1P_JAR, CONSENT, test_cookie
Google will set various identifiers and tracking cookies when you visit sites using their services.
View their privacy policy to find out how to control these cookies and the
informaton they collect.https://policies.google.com/privacy