1. Information about us
firstsite.uk is a site operated by Firstsite. We are a private company limited by guarantee registered in England and Wales under company number 02884347. Our trading name is Firstsite. We are a registered charity and our registration number is 1031800. Our main trading address is Firstsite, Lewis Gardens, High Street, Colchester, Essex CO1 1JH.
Our VAT number is GB 135610144.
Firstsite is committed to protecting and respecting your privacy. We are responsible for protecting your personal information as a “data controller” under applicable data protection legislation. If you have any queries about this Policy or how we use your personal information, please contact us using the details at Contact Us.
This policy sets out the basis by which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting firstsite.uk you are accepting and consenting to the practices described in this policy.
Our nominated person for data protection is Sarah Cavan-Atack and their contact details are email@example.com.
2. Your Preferences
If you wish to update your preferences, opt out or amend the information we hold about you, please click here, or alternatively follow the link on the emails that we send you. Alternatively please contact us.
We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
(b) information that you provide to us when registering with our website (including your email address);
(c) information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address);
(d) information that you provide to us when using the services on our website, including downloading activity packs, or that is generated in the course of the use of those services (including the timing, frequency and pattern of service use);
(e) information relating to any purchases you make of our goods and/or services or any other transactions that you enter into through our website (including your name, address, telephone number and email address);
(f) information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication);
(g) any other personal information that you choose to send to us.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
We also gather general information about the use of our website, such as the pages that users visit most often, and the services, events or facilities that are of most interest to the user. We may also track the pages users visit when they click on links in our email communications. We may use this information to personalise the way our website is presented when users visit it, to make improvements to our website and to ensure we provide the best service for users. Wherever possible we use aggregated or anonymous information that does not identify individual visitors to our website.
3. How do we collect information?
We obtain personal information from you when you use our website, enquire about our activities, register with us, download an activity pack or other resource, send or receive an email, ask a question or otherwise provide us with personal information.
We may also receive information about you from third parties, for example from Audience Finder, or from individuals or third-party organisations who share our interests and may introduce you to us.
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have decided to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contract tracing. For detailed information about the collection and usage of this data please see point 8.
4. Why do we collect this information?
We collect this information for the purposes of marketing and improvement to our services. The lawful basis under which we process your information is:
(a) to administer our website and business;
(b) to personalise our website for you;
(c) to enable your use of the services available on our website;
(d) to supply services purchased through our website;
(e) to collect payments from you;
(f) to send you non-marketing commercial communications;
(g) to send you email notifications that you have specifically requested;
(h) to send you our email newsletter if you have requested it (you can inform us at any time if you no longer require the newsletter);
(i) to provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
(j) to deal with enquiries and complaints made by or about you relating to our website;
(k) to keep our website secure and prevent fraud;
(l) to verify compliance with the terms and conditions governing the use of our website.
(m) to support NHS Test and Trace
5. How do we use this information?
We will only use your personal information for electronic marketing purposes if we are allowed to do this by law or if we have your consent. If you agree to us providing you with marketing information, you can always opt out at a later date. If you would rather not receive marketing material from us, please let us know at any time using the contact details at Contact Us or by updating Your Preferences via your Account.
6. Do we share your information with anyone else?
We may need to provide your information to our contractors and suppliers who provide services on our behalf, to the extent necessary to enable you to receive those services.
We may share your information with the service providers or other associated organisations as identified in this policy to use the information for their own purposes as described above.
We may also need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
7. How long do we keep your information for?
We keep your information for no longer than is necessary, as set out in our Data Retention Policy. We will retain your information for any period required by law, for example for compliance with HMRC requirements. Where we are not under a legal obligation to retain your information, we will determine what is necessary by reference to the lawful basis for processing set out above and our legitimate interests.
If you have any questions about how long we keep your information, please write to us at Firstsite, Lewis Gardens, High Street, Colchester, Essex CO1 1JH.
8. NHS Test and Trace
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the Coronavirus.
As a customer/visitor of Firstsite you will be asked to provide some basic information and contact details. The following information will be collected:
- The names of all customers or visitors, or if it is a group of people, the name of one member of the group.
- A contact phone number for each customer or visitor, or for the lead member of a group of people.
- Date of visit
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them. For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (e.g.: this may be all customers who visited on a particular day or time-band, or over a two-day period).
We will [require you to provide these details on entry into our gallery spaces.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes (such as surveillance of an individual’s movements or marketing activities), and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (e.g. as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, date of birth and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as usually would, unless and until you tell us not to.
Your information will always be stored and used in compliance with the relevant data protection legislation.
The use of your information is covered by the General Data Protection Regulations Article 6 (1) (f) – legitimate interests of the venue/establishment. The legitimate interest in this case is the interest of the venue/establishment in co-operating with NHS Test and Trace in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.
If you do not wish your contact information to be passed to NHS Test and Trace if requested, please speak to Eddie Bacon, Operations Manager.
By law, you have a number of rights as a data subject, such as the right to access information held about you. If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office. Their website address is www.ico.org.uk
9. How do we protect your personal information?
We take appropriate technical and organisational measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We protect your information in accordance with our IT Security Policy which is in accordance with ISO27001.
We use a secure service when you make a donation or purchase a ticket through our website, via a virtual gateway operated by Spektrix Ltd. Our online payment system is Payment Card Industry Data Security Standard compliant.
You should be aware that the use of the Internet is not entirely secure and although we will do our best to protect your personal data we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet. Any transmission is at your own risk. Once we have received your information, we use strict procedures and security features such as encryption to prevent unauthorised access.
We take the protection of children very seriously. To that end, we require that children under 16 do not submit any information to our website without a parent’s or guardian’s consent. We will not knowingly request or collect from a child any information online that can be traced to the child, such as an email address, name, or information about the child’s family. Unless a parent or guardian consents to such use in advance, we will not knowingly use information that a child provides to us for any fundraising or promotional purpose.
11. Your Rights
If you have created an account with us, you can sign into your account to access and update your information. You can manage your marketing preferences at any time by going to Your Preferences.
You have a right to ask us to confirm whether we are processing information about you, and to request access to this information (‘right of access’).
You may ask us, or we may ask you, to rectify information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate or incomplete (‘right to rectification’).
We want to ensure that your personal information is accurate and up to date. If any of the information that you have provided us with changes, for example if you change your email address, name, payment details, or if you wish to cancel your registration, please let us know using the contact details at Contact Us.
You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data (‘right of portability’). This right does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
You have a right to seek the erasure of your data (‘right to be forgotten’). You may wish to exercise this right for any reason, for example where it is no longer necessary for us to continue holding or processing your personal data, you may withdraw your consent. You should note that we are entitled to and reserve the right to retain your data for statistical purposes. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations, or for reasons of public interest.
You have a right to ask us to restrict our processing of your information (‘right to restriction’) if:
- you contest its accuracy and we need to verify whether it is accurate
- the processing is unlawful and you ask us to restrict use of it instead of erasing it
- we no longer need the information for the purpose of processing, but you need it to establish or defend legal claims
- you have objected to processing of your information being necessary for the performance of a task carried out in the public interest, or for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests.
- you exercise your right to restrict processing, we would still need to process your information for the purpose of exercising or defending legal claims, protecting the rights of another person or for public interest reasons.
You have a right to prevent us from processing your data for the purposes of marketing.
If you would like to exercise any of your rights above, please let us know using the contact details at Contact Us. We will act in accordance with your instructions as soon as reasonably possible and there will be no charge.
You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You may do so by calling their helpline at 0303 123 1113.
‘Cookies’ are small pieces of information stored on the hard drive of a user’s computer, which contain information about the user. The information is used to track a visitor’s use of a website and to compile statistical reports on website activity.
We may store information about your user preferences (e.g. preferred text size) using cookies, which we can access when you visit our website in the future. We do this to help enhance your interaction with our website.
If you want to delete any cookies that are already on your computer, please refer to instructions for your file management software to locate the file or directory that stores cookies.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all parts of our site.
Except for essential cookies, all cookies will expire after 2 years.
13.1 Analytics cookies
i) We use Google Analytics to analyse the use of our website.
ii) Our analytics service provider generates statistical and other information about website use by means of cookies.
iii) The analytics cookies used by our website have the following names: _ga, _gat, __utma, __utmt, __utmb, __utmc, __utmz and __utmv.
iv) The information generated relating to our website is used to create reports about the use of our website.
13.2 Blocking cookies
Most browsers allow you to refuse to accept cookies; for example:
a) in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
(b) in Firefox (version 39) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
(c) in Chrome (version 44), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
13.3 Deleting cookies
You can delete cookies already stored on your computer; for example:
(a) in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);
(b) in Firefox (version 39), you can delete cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show Cookies”, and then clicking “Remove All Cookies”; and
(c) in Chrome (version 44), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Cookies and other site and plug-in data” before clicking “Clear browsing data”.
Deleting cookies will have a negative impact on the usability of many websites.
14. Changes to this policy