Last updated: May 2018

WHO WE ARE        

Omnibus Theatre is a home of storytelling – a small place to encounter big ideas. We are driven by the legacy of our former library building to tell stories, familiar and unknown, in South London and beyond.

Omnibus Theatre (Omnibus) was founded in 2013. Our building is home to a 90-seat studio theatre, a café/bar and two performance and rehearsal spaces. We offer a vibrant artistic programme inspired by the legacy of the building.

Omnibus-Clapham is a registered Charity (number 1143709) and a company limited by guarantee (number 07032543).

Omnibus needs to collect and use certain types of information about the Individuals or Service Users who come into contact with Omnibus in order to carry on our work. This includes staff, contractors, volunteers, audiences, workshop participants, community and business contacts, donors and funders.

Omnibus is committed to protecting your privacy. We will use the information that we collect about you in accordance with the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003, the General Data Protection Regulation 25 May 2018 (GDPR) and other relevant legislation.

WHAT INFO WE COLLECT

Information we collect can include your name, postal address, email address, phone number, age, gender, ethnicity, disability status, bank, credit/debit card details and whether you are a UK tax payer so that we can claim Gift Aid. We may also collect parent and carers details for children and adults at risk. If you are under 18, please ensure that you obtain your parent/guardian’s consent beforehand whenever you provide Personal Information to us. Under 18s and adults at risk without such consent are not allowed to provide us with Personal Information. Please request our Child Protection Policy for more details.

We do not usually collect ‘sensitive personal data’ from you unless there is a clear reason for doing so, such as for health concerns, criminal disclosures or where we need this information to ensure that we provide appropriate support to enable you to enjoy and participate in everything we offer.

We may collect information in a number of ways such as when you:

  • Buy a ticket to one of our events
  • Enquire about our activities and services
  • Join one of our groups
  • Buy merchandise
  • Buy one of our exhibitors’ work
  • Apply for a job or to volunteer
  • Undertake any contract or engagement with us
  • Contact us through email, telephone or in person
  • Join our mailing list or become a member
  • Make a donation to us
  • Volunteer with us
  • Engage with our social media or visit our website

We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them. We may also receive information about you from third parties such as schools, community groups, funders or other similar or local organisations.

Cookies

The Omnibus website, like many others, uses small files called “cookies” to help customise your experience. “Cookies” are small text files that are stored by the browser on your computer or mobile phone. Websites are able to read and write these files, allowing them store things such as personalisation details or user preferences and interests. Cookies provide a “memory” for the website, enabling it to recognise a user and respond appropriately, speeding up your searches and recognising you when you return to our site. Each web domain can only access cookies stored by that specific web domain, meaning that only the Omnibus servers can access the cookies set by the omnibus-clapham.org domain.

For further information on how we use cookies, please see our Cookie Policy.

Job applicants, Contractors and Workers

If you apply to work at Omnibus, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside Omnibus, for example, if we need a reference, we will make sure we tell you beforehand, unless we are required to disclose this information by law.

If you are unsuccessful in your job application, we may hold your personal information for up to 12 months after we have finished recruiting for the post you applied for. After this date we will destroy or delete your information. We keep de-personalised statistical information about applicants to develop our recruitment processes; however, no individual applicant would be identifiable from this information. If you commence employment with Omnibus, your data will be processed in accordance with your employment contract and other applicable policies.

If you enter into an engagement with us we will process and maintain your data in order to comply with employment law and to ensure the smooth administration of the organisation. Your data may be shared across departments and with partners and contacts in order to fulfil the obligations of the post.

Children, Young People and Adults at Risk

Omnibus recognises that the principles of the GDPR must be adhered to when handing the personal information of children and young people. This means that personal information must be obtained and processed fairly and lawfully and kept securely; only disclosed in appropriate circumstances; and not held for longer than necessary.

It is our best practice to gain verbal or written consent, from a child or parent/ carer before any personal information relating to them is shared with another organisation. However, we may not need to seek consent to share information if it might be unsafe to seek (e.g. seeking consent might increase the risk to the child) or causes an unjustified delay or if it would prejudice the prevention, detection or procedure for documenting suspicions or allegations of abuse.

All child protection concerns are be recorded accurately and immediately using clear and simple language. Staff record information as soon as possible on our Safeguarding Incident Forms. All records are signed and dated and are stored and regarded as highly sensitive material.

HOW WE KEEP IT SAFE

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy policy.

Your personal data will be held and processed in accordance with Omnibus Theatre’s Data Protection procedures. Once we have received your information, we will use our Data Protection procedures and security features to prevent unauthorised access or breaches. All information you provide to us is stored securely on site on our secure third-party servers.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

If you use your credit or debit card to donate to us, buy something or pay for a registration online or over the phone, we maintain a record of your transaction history, but we never store your card number (although we may keep a note of the last four digits to help us identify transactions).

WHAT IT’S USED FOR

We may use your information for a number of purposes including the following:

  • To process donations we may receive from you
  • To process payments we may receive from you or provide to you
  • To register you if you take out a membership with us
  • To provide you with information about our work or our activities that you have agreed to receive
  • To fulfil supplier or employment contracts you have entered into with us
  • To maintain emergency contact and beneficiary details
  • To protect the safety and security of our workforce, guests, property, and assets
  • For customer service or administrative purposes (for example we may contact you regarding a work opportunity or issue, donation you have made or an event you have registered or booked a ticket for)
  • For internal record keeping, including the management of any feedback or complaints
  • To monitor and evaluate the impact and efficacy of our projects, events and activities so as to develop and improve our offering as an organisation.
  • For external reporting (for example we may be required to report to our funders on projects and users – all personal information will be redacted)
  • For children and vulnerable adults safeguarding
  • To target communications to you and to identify similar groups
  • To invite you to participate in surveys or research (although this is voluntary)
  • To use IP addresses to identify your approximate location, to block disruptive use, to record website traffic or to personalise the way our information is presented to you
  • To analyse and improve the services offered on our site and to make it as user-friendly as possible
  • Where it is required or authorised by law
  • To notify you about changes to our service.

There may be occasions where we are required to disclose your personal data to third parties in order to:

  • Comply with legal obligations, enforce or apply our terms of use and other agreements, or protect the rights, property, or safety of Omnibus Theatre, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • Adhere to terms set out in employment contracts, or to administer contractual work.
  • Undertake certain administration and marketing activities (see “Who We Share Our Information With” section below).

If you are an artist, creative, worker or volunteer we have previously engaged with, we may request to share your details with contacts looking for recommendations – we will always request your explicit consent before passing on your details for these purposes.

WHO WE SHARE OUR INFORMATION WITH

To undertake our activities, we sometimes have to share your information with GDPR compliant third parties such as our database, ticketing software, IT providers and our marketing service, which handles our direct communications with you. We may share anonymised personal information with other organisations, particularly funders and audience development agencies. We only choose partners we trust and will only pass personal data to them if they:

  • abide by the requirements of the Data Protection Act and GDPR
  • treat your information as carefully as we would
  • only use the information for the purposes it was supplied (and not for their own purposes or the purposes of any other organisation)
  • allow us to carry out checks to ensure they are doing all these things.

However, we are not responsible for the privacy policies or practices of third-party websites.

Other than as expressly set out in this Privacy Policy or as otherwise required or permitted by law, we will not share, sell or distribute any of the information you provide to us without your consent.

We use the following third-party services for administration and marketing activities – we have linked to the current Privacy Policies (or similar data protection compliance information) for these services:

Microsoft Office 365, including Outlook and Sharepoint (cloud-based email and storage): https://products.office.com/en-gb/business/office-365-trust-center-privacy
Google Drive (cloud-based storage): https://www.google.com/cloud/security/
LineUp Now (box office ticketing system): https://lineupnow.com/privacy
MailChimp (email newsletter distribution): https://mailchimp.com/legal/privacy
Salesforce (donor database): https://www.salesforce.com/uk/company/privacy
Donation Manager (online donation platform): https://www.donationmanager.co.uk/faqs
Audience Finder (audience research tool): https://www.audiencedatasharing.org/

All card and Direct Debit payments are processed through our third-party processors:

Stripe: https://stripe.com/gb/privacy
GoCardless: https://gocardless.com/blog/gdpr/
Elavon: https://www.elavon.co.uk/cookie-policy-and-privacy-pledge.html
iZettle: https://www.izettle.com/gb/help/articles/2258543-how-izettle-processes-contact-details-of-cardholders

We use Google Analytics on our site to find out about the volume of traffic to our site and our users’ browsing actions and patterns.

https://www.google.com/policies/privacy/partners/

Due to the web-based nature of many of the third-party services listed above, data is occasionally distributed and transferred to servers located outside the EU.  We have made every effort to ensure that the third-party service providers we use adhere to relevant EU laws and regulations for data privacy and protection. For third-party companies and services with data centres and servers in USA, we have ensured that they are all compliant with the EU-U.S. Privacy Shield Framework – more information on the Framework is available here: https://www.privacyshield.gov/welcome

External links

Our website contains links to other sites whose information practice may be different to ours. You should consult other sites’ privacy notices as we have no control over information that is submitted to or collected by third parties. Furthermore, we cannot guarantee the privacy of personal information you transmit over the web or that may be collectable in transit by others.

RETENTION AND DISPOSAL

We will retain your information for the duration of your affiliation with Omnibus Theatre and for reasonable period or as long as the law requires or permits.

We will maintain records of tickets issued and personal contact information for as long as there is a reasonable likelihood of you making a further purchase of tickets for an Omnibus event.

If you purchase tickets or other merchandise using a credit card, we will retain a paper copy of your credit card details (last 4 digits) for a length of time reasonably necessary to process any future transactions related to your purchases, including refunds and charge-backs; and for any period legally required.

YOUR RIGHTS TO ACCESS

You have the following rights related to your personal data:

  • The right to request a copy of personal information held about you
  • The right to request that inaccuracies be corrected
  • The right to request us to stop processing your personal data
  • The right to withdraw consent
  • The right to lodge a complaint with the Information Commissioner’s Office or Fundraising Regulator.

You can opt out from these marketing communications at any time – every email sent to you will tell you how to do this. You can also change any of your marketing preferences at any time by contacting 020 7622 4105 or marketing@omnibus-clapham.org. We will not use your information for marketing purposes if you have indicated that you do not wish to be contacted for such purposes.

Please direct all requests for the information we hold about you to:

enquiries@omnibus-clapham.org or write to Omnibus Theatre, 1 Clapham Common Northside, London SW4 0QW.

You have the right to complain to the Information Commissioner’s Office if we have not been able to satisfactorily resolve a problem about our handling of your personal information. For more information about your Data Protection rights, please visit the website of the Information Commissioner’s Office at www.ico.org.uk

CHANGES TO THE PRIVACY POLICY

Should we need to change our privacy policy, we will post the changes here. Where these changes are major, we may also email our registered customers with the new policy. When we are legally obliged, (other than when legally instructed, or where we have a justifiable legitimate interest), we will obtain your consent to make these changes.