1. Who we are
Aurora Orchestra is a chamber orchestra based in London. We are a company limited by guarantee (no. 08523283) and a charity registered in England and Wales (number 1155738).
We want to maintain the trust and confidence of those who engage with us by ensuring that you fully understand the way that we collect and use your personal information (sometimes also referred to as personal data), in whatever capacity you interact with us: whether as an audience member; website visitor; existing or prospective supporter; performing artist; member of staff; or workshop participant.
As a registered data user and ‘Data Controller’, we seek to comply with all relevant legislation (including the Data Protection Act 1998, the Privacy and Electronic Communication Regulations 2003 and the EU General Data Protection Regulation 2018).
We are committed to the following guiding principles of data privacy and security:
- Ensuring that we collect and use personal data lawfully
- Being transparent about how we use data
- Giving people choice about how we use their information
- Using data appropriately and in a way that would be reasonably expected (including suppressing or deleting records once they are no longer required)
- Keeping data private: only sharing data with external organisations in clearly defined contexts where this is necessary or we have your active consent to do so, and taking reasonable endeavours to ensure such organisations comply with current data protection legislation
- Being accountable and responsible: taking active steps to protect customer data from data breaches and informing customers and the Information Commissioner should a breach occur
- Having separate and enhanced procedures for the use of sensitive data (such as data relating to children or disability)
- Clearly disseminating these principles to our staff, partners and suppliers, and ensuring that they understand their responsibilities in delivering them.
3. Why do we collect personal information, and on what basis?
Using personal information allows us to provide you with relevant and timely information about our activity both on and off the concert platform, and, in turn, to develop a clearer understanding of those who engage with our work. It allows us to ensure we are catering adequately for the needs of individuals with special requirements, and is often essential in helping us to run projects effectively. As a registered charity we rely on philanthropic support as a vital strand of our income and use personal information to identify, engage with and report to our supporters (as described further below).
Data protection laws set out six different legal bases under which personal information may be collected. We currently use three of these legal bases, as follows:
We seek your active and explicit consent as the basis for most of our data collection and processing.
In certain cases we collect personal information which is necessary to fulfil obligations arising out of a contract. We use this legal basis mainly for certain communications with staff, players, and external organisations who are engaging the orchestra for a performance.
To carry out our business successfully and effectively it is sometimes necessary for us to capture and process personal information. We only collect and process information in this way if it is necessary to the activity in question; we will always carefully balance our interests against the interests, rights and freedoms of the individuals whose data is being collected. Whenever we collect personal information on the grounds of our legitimate interest we will always give you the option to opt out of having your information used in this way at the point at which your data is collected (see ‘What are your rights?’ below).
4. What kinds of information do we collect, and from where?
When you engage with us as an audience member, supporter or workshop participant, we collect your personal information. This could be when you purchase a ticket through one of our box office partners, make a donation, take part in a workshop, engage with us on social media, sign up to our mailing list, or visit our website. These interactions may occur online, in person, by post, or over the phone.
We may collect information from publicly available sources (e.g. search engines, Companies House and Charity Commission records, news articles) as part of our fundraising practice (as described further below). We may also obtain information from individuals working on our behalf such as board members or specialist fundraising organisations or collect information from a person working on your behalf with your consent, such as a personal assistant.
We only collect information that is necessary to carry out our business or to deliver our charitable objectives. The more ways you engage with us as an organisation, the more data we will require in order to provide the necessary services required. You can choose not to provide us with the information we require, but this will then impact the quality of the service we are able to provide.
The personal information that we may collect from you when you book, order or donate is:
- Your name
- Email address
- Postal address
- Telephone number(s)
We also keep a record of your interactions with us, such as what concerts you have purchased tickets to (where we have that information – sometimes we will not know this because the information is only held by the venue), any projects you may have participated in or supported, and whether you have received, opened or clicked through any emails we may have sent.
We may also collect an automatically populated IP address when you use our website or email service. This public IP address is a unique number which allows a computer, group of computers or other internet connected device to browse the internet. The log file records the time and date of your visit, the pages that were requested, the referring website (if provided) and your internet browser version. This information is collected to help manage the website, to audit the geographical make-up of users, and to establish how they have arrived at the website.
For some people with whom we have a deeper relationship we may also collect and store data such as:
- Gift Aid declarations
- Bank account number, name and sort code (solely for processing direct debit or standing order payments)
- Access requirements (for example if you require particular seating arrangements)
- Date of birth (for example if we arrange an event to celebrate with you)
- Dietary requirements (for example if you are attending a dinner for supporters)
- Basic biographical information, including details of current and former workplaces, board memberships, and philanthropic giving to other organisations to help us build a clearer picture of your interests (which we use as part of our fundraising practice described at 5 below)
- Records of spoken and written conversations we may have had with you
- Your connections to others on the Aurora database where these are relevant to your relationship with us (e.g. your partner/spouse, other family member, or a connection with an Aurora member of staff, player or board member)
We collect and store this data in order to allow us to carry out tasks that you have asked us to perform and to provide the highest level of service when we interact with you. For more information about the specific ways in which we process your data please see section 5 below.
We also collect data in certain other ways, including:
Collecting data from Third Parties
We may receive your personal information from third parties (including the box offices of our partner venues). These organisations should not pass on your data to us without your knowledge and consent, and we always make every reasonable effort to ensure that they are fully compliant with data protection legislation. Where we receive your data from such a third party organisation we will notify you within 30 days of receipt of your data and give you the option to opt out of having your information used. It is advisable that you check the privacy policies of other organisations when you provide your information, to understand fully how they will process and safeguard your data.
Collecting data from Social Media
Depending on your settings or the privacy policies for social media services like Facebook, Instagram or Twitter, you may give us permission to access information from those accounts or services, such as your behaviour on these services and across our site. The majority of this behaviour is anonymised. For more information on how to control your privacy settings for these services, go to the following links:
Collecting publicly available information
We may collect information about you, such as where you have worked, directorships and trusteeships at other organisations, where you are based and your philanthropic activities, from places such as Companies House, LinkedIn, Google, 192.com, and information that has been published in articles or newspapers, or that you have made public. As described under section 5 below this helps us understand more about the people who support us, or may do so in the future, so that we can make appropriate requests in the most proportionate and tailored way. We will always balance our legitimate interest in achieving philanthropic support for our activities with your interests, rights and freedoms, and will ensure that such action is not excessive or intrusive.
5. In what ways do we use data?
Click the links below to see more details on the different ways in which we may process your personal information:
a) Marketing and Fundraising communications
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as which events you have booked for in the past, as well as any preferences you may have told us about.
We will seek your consent to send you emails which include promotional material and/or messages relevant to our fundraising. You can opt out of receiving these emails from us at any time by clicking the relevant link in any email we send to you or by contacting us through the contact details below.
In the case of mailings by post we will usually only send these to you when you have signed up to receive such communications, or have given us your explicit consent. In certain circumstances, where we have a reasonable expectation that you would like to hear from us, we may send you postal mailings without having received your explicit consent. Examples might include posting you a season brochure when you recently made a donation to the orchestra, or sending information about forthcoming concerts to a venue promoter who has expressed an interest in our work to a member of our staff. In these instances, as described in section 3 we will balance our legitimate organisational interest with your interests and rights.
b) Other processing activities
In addition to marketing and fundraising communications, we process personal information in the following ways that are within our legitimate organisational interests:
- Analysing data we hold about you to ensure that the content and timing of communications that we send you are as relevant and personalised to you as possible.
- Analysing data we hold about you in order to identify and prevent fraud.
- In order to improve our website, analysing information about how you use it and the content with which you interact.
- Carrying out research and screening techniques (sometimes known as ‘wealth profiling’ or ‘wealth screening’) to provide us with information about you (including your interests and preferences) that will help us to communicate in a relevant way, in particular when we are considering approaching you about potential philanthropic support. This helps us understand more about the people who support us, or may do so in the future, so that we can make such requests in an appropriate, proportionate and tailored way. We will always balance our legitimate interest in achieving philanthropic support for our activities with your legitimate interests, rights and freedoms. Such information is compiled by us using publicly available data about you (as described under section 4), information supplied by board members or other donors, or may occasionally be carried out through employing a specialist fundraising consultant.
- Conducting responsible and appropriate due diligence on individuals or organisations who have told us that they wish to engage the orchestra (which may include briefing our board members).
- Preparing a short briefing note about guests coming to an event, for example to note your connection to the orchestra or previous philanthropic support (to be kept strictly confidential and for internal use only).
- Classifying our audience into groups or segments, using booking and publicly available information, helping us to understand our audience better and ensure we’re sending relevant messages to each group.
We will always prioritise your rights and interests and ensure they are not overridden by our organisational interests. You have the right to opt out of any of this processing at any time. If you wish to do this, please use the contact details at the end of this policy. Please bear in mind that if you opt out this may affect our ability to carry out tasks above that are for your benefit.
c) Learning and Participation data
In relation to our learning and participation programme (which include projects for children), we collect information about project participants and facilitators (including teachers and other educational partners, e.g. people conducting CPD sessions). The information collected will depend on the project, but may include:
- Arts Award participation
- Any health or other considerations relevant to participation in the project
- Special educational needs
- Ethnicity and demographic information (both for monitoring purposes and as we may be required to report on this information to our funders)
- Participation in and responses to evaluation to projects
We will only collect personal data that is necessary for the project, and will only keep the data for as long is needed for the delivery of the project (except in an anonymised form for reporting purposes: we retain this anonymised data indefinitely to help us monitor trends over time, e.g. how effectively we are reaching a diverse audience for this strand of our work). We take particular care with the collection of any data which may be regarded as sensitive, including data on children and vulnerable adults (see d) below). We may keep participants’ and facilitators’ contact details on record in order to contact them about future relevant opportunities. We will always give you an opportunity to opt out of these communications.
d) Sensitive data including data on children and vulnerable adults
In order to adequately prepare for our education and community projects, we may collect information on participants’ age, medical considerations and any special educational needs or other personal circumstances which impact participation in the project. This information will only be collected if necessary for the delivery of the project, and will not be stored for longer than is necessary. This information is securely held and accessible only to members of staff who have DBS checks.
e) Supplier, staff and player data
The Orchestra collects information about its employees, musicians and contractors for administrative and management purposes. We will keep and use this information to enable us to run the organisation and to manage our relationship with you effectively, lawfully and appropriately. This includes using information to enable us to comply with contractual obligations and legal requirements and to pursue the legitimate interests of the company, and protect our legal position in the event of legal proceedings. If you do not supply this data we may be unable in some circumstances to comply with our obligations.
The personal information that we may collect when engaging you includes:
- Your name
- Company name (where relevant)
- Email address
- Postal address
- Telephone number(s)
- Bank details (for payment only)
- Instrument played (where relevant)
- Date of birth (where necessary for eg visa applications)
- National Insurance number
- Tax/VAT number
If you are likely to tour with the orchestra, or are visiting us from overseas, we will also hold personal information needed for the purposes of visa processing, such as passport details (including scans of key pages and visas), marital status and names and details of family members (for emergency contact), details of instruments and previous travel history.
In order to maintain a smooth touring operation we may also hold seating preferences, dietary requirements and where you have chosen to inform us we may hold relevant medical details.
In certain circumstances when we engage you to work on our behalf with young people or vulnerable adults we may ask you to undertake a DBS check and retain the certificate on your behalf as proof that these processes were followed.
We may sometimes need to process details about you to pursue our legitimate business interests, such as biographical details and captioned photographs where these pertain to Aurora Orchestra events. When processing data in this way we will always carefully balance our organisational interests against your own interests, rights and freedoms.
Information about your interactions with us
Where you have interacted with us we store a history of those interactions. For example, correspondence about fee agreements, contact and emergency contact details, references created at your request for tenancy or mortgage purposes, information required for payroll, records of holiday, sickness and other absence, information needed for equal opportunities monitoring policy and records relating to your work history with us such as appraisals when undertaken.
6. How do we protect your data, and for how long will we keep it?
Aurora Orchestra is committed to protecting the personal information you entrust to us. We take all reasonable technological and practical steps to ensure that the information we hold about you is protected from unauthorised access and improper use.
In some cases we may share your data with third party organisations. Examples include:
- a commercial postal distribution company helping us to send out a leaflet, season brochure or our annual review to a large number of people
- an audience development agency advising us on the make-up of our current and potential audience and how it compares to wider local, national and other artform benchmarks
- a professional fundraising consultant working to support our philanthropic activity, for example by helping us to identify prospective supporters from within our existing audience
- Arts Council England (anonymised data for audience reporting purposes)
- HMRC for the purposes of Gift Aid processing
- where required by law to do so, the police or regulatory/government authorities (for example, if required to do so by the ‘know your donor’ principles under charity law or a court order), or when requested by the police or a regulatory or government authority investigating illegal activities)
- sharing player details including e.g. passport details and address/contact information with promoters and touring agencies to facilitate the administration of domestic and international touring.
We make all reasonable endeavours to ensure that any third party with whom we share data abides by data protection legislation, meets our standards for data security, and undertakes not to use your personal information for anything other than the specific purpose for which we have shared it. We will never sell, rent or trade your personal information to any third party.
Despite all our precautions, no data transmission over the internet is 100% secure. We cannot therefore guarantee the security of any information which you disclose to us and so wish to draw your attention to the fact that you do so at your own risk.
As part of our data storage and processing arrangements, the personal information you provide may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen when computer servers used to host our website are located in a country outside of the EEA. If Aurora transfers your personal information outside of the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this privacy notice.
Aurora may transfer your data to the USA to organisations such as Facebook or Google. The USA has weaker data protection laws than that of the EEA and therefore we will make best endeavours to ensure that only organisations who are a part of the EU privacy shield initiative will handle your personal information. More details on this certification can be found atwww.privacyshield.gov/welcome
We will keep your information only for as long as is reasonable and necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. The retention period will vary depending on the context and nature of the data being held, and in certain cases on obligations placed on us by law (for instance, we are required by law to keep Gift Aid declarations on file for a fixed period to satisfy taxation regulations). For further information about how long we will keep your information, please contact us using the contact details outlined below.
7. What are your rights?
You should find it easy to access and amend the personal information that we hold on you, or request that we stop contacting you. It’s your data and we want to make sure you feel in control of it.
You can amend your personal details and email contact preferences at any time by contacting us using the details below. At any time you have the right to ask us to amend or to stop using your personal information altogether. Wherever we receive such requests we will do our very best to make the necessary changes as quickly as possible, and in any case within 30 days of the date of your request.
You can request full details of personal information we hold about you under The General Data Protection Regulation 2018. Please send a description of the information you would like to see, together with proof of your identity, to email@example.com. We reserve the right to charge an administration fee (maximum £10) for such requests.
By email: firstname.lastname@example.org
By post: Aurora Orchestra, The Music Base, Kings Place, 90 York Way, London N1 9AG
We aim to resolve any concerns or complaints we receive about our use of data in a timely and satisfactory manner. Whilst we very much hope never to leave you unhappy with our response to an enquiry about how we process your data, if you are not satisfied with how we have handled your request then you have the right to lodge a complaint with the supervisory authority, The Information Commissioner’s Office – www.ico.org.uk.
8. How do I find further information?
Further information on data protection regulations and laws can be found here:
Data Protection: https://ico.org.uk/for-the-public
Policy updated 25 May 2018.