When we talk about The Great British Drive In we mean The Great British Drive In Limited, registered number 11558669, of 6 Radford St, Stone, Staffordshire, England, ST15 8DA (“us”, “we”, “our”). The Great British Drive In owns and operates the www.thegbdrivein.com website and works closely with our ticketing partner EventBrite. EventBrite has been appointed as one of our data processors when you make a booking one of our events. When you interact with us through our websites or social media channels, including purchasing tickets directly at our events you may provide to us or we may collect, certain information from which you are personally identifiable. This is referred to as personal data.
For the purposes of the data protection laws, we are the “data controller” meaning that we are responsible for deciding how your personal data is used and more importantly, for keeping your data safe and only using it for legitimate purposes.
WHAT THIS POLICY EXPLAINS
What data we collect about you
• Why we use your data and our legal grounds for doing so
• Who we share your data with
• Your data and the EEA
• The Great British Drive In marketing communications and how to opt-out
• When and why you might see adverts for The Great British Drive In online
• How we keep your data safe
• Third party websites
• How long we store your data
• Your rights and how to exercise them
• Changes to our policy
• How to contact us
What data do collect we about you?
We have set out below the different types of personal data that you provide directly to us, or which we collect from you when we interact. We also wanted to let you know why we use this data and the different legal grounds which allow us to do so. You don’t have to give us any of this data but if you don’t, you may not be able to buy tickets and you are unlikely to receive our optimal customer experience. It is up to you and we respect your choices.
You may provide us with the following types of personal data when you directly interact with us through our websites, social media, in person, ordering food online at our events or otherwise:
Contact: First name, surname, email address, address, mobile number.
Profile: Your preferences for marketing, other website preferences, your contact history and feedback on your The Great British Drive In experiences through reviews and/or surveys.
We may also collect the following types of personal data from you when you use our websites (Cookies or other tracking technologies):
Technical: Browser type, device information, IP address, hardware type, network and software identifiers, operating system and system configuration.
Usage: Information about how you use our websites, including time spent on page, click-throughs, download errors, browsing patterns.
Why do we use your data and what are our legal grounds?
The table below sets out how we use your personal data and our lawful basis for doing so. Note: We anonymise and aggregate personal data so that it does not personally identify you and use it for testing our internal systems, carrying out research and general customer data analysis. As this is not personally identifiable, we can use this for any purposes.
Sharing your data
We do not pass your personal data to any third parties for the purpose of third-party marketing. If in the future we want to do this, we will ask for your permission if you have not given it already and will only do so if you have given your consent.
In certain cases, we do need to share your data with the following third parties as an essential part of being able to provide our services to you (in accordance with the purposes set out above). In each case, we will only ever share the minimum amount of information required and ensure that the relevant third parties are subject to suitable obligations in respect of confidentiality and security:
Companies which are within the same corporate group as The Great British Drive In, who are responsible for managing different aspects of our service delivery
Our ticketing service provider, allowing you to book your tickets to The Great British Drive In
Payment service providers and our delivery companies
Our professional service providers, such as marketing agencies, advertising partners and website hosts and our professional advisors
Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud
Companies approved by you, such as social media sites (if you choose to link your accounts to us)
In addition to the above, we may also need to share your personal data with third parties if we are legally obliged to.
Do we send your data outside of the EEA?
The European Economic Area or “EEA” is seen as having good standards when it comes to data privacy. Therefore, we try to limit the transfer of any data outside of this region. However, from time to time, we do need to do this. An example is our cloud storage provider whose servers are located in the United States of America. In cases such as this, we make sure that your data is still treated fairly and lawfully in all respects including making sure we have a legal ground for the transfer and putting in place all necessary safeguards for such arrangements where the third party is not based in a country which is deemed to have “adequate” data protection laws. Our cloud storage provider has been granted the U.S Privacy Shield status, which is in conjunction with the EU and GDPR.
Where applicable, you will have the right to see a copy of any safeguards we put in place for international transfers of your data. Contact us if you would like to find out more.
Marketing Messages and Opting Out
If you have agreed, we’ll send you marketing messages by email and/or post to keep you aware of what we’re up to and tell you about future shows we think will be relevant to you or other services and promotions. If you change your mind, you can opt-out of receiving marketing at any time either by contacting us, or by using the opt-out function detailed in any e-mail communication. Once you do this, we will update your profile to ensure that you don’t receive further marketing messages. Note: It might take a few days for all our systems to be updated, so you might get messages from us while we process your request.
We do not currently pass your data on to any third parties for third-party marketing purposes. However, if we ever wish to do so in the future, we will always get your consent. You can then opt-out from any third-party marketing at any time following the same process as above.
We do pass your data onto third parties who deliver our own marketing, and any updates to your preferences will also be passed onto these third parties.
Seeing Adverts for The Great British Drive In Elsewhere on the Web
If you have given the appropriate consent, The Great British Drive In targets banners and ads you may see when you have left our websites and are on other websites and apps. We do this using a variety of digital marketing networks and ad exchanges, and we use a range of advertising technologies like pixels, ad tags and cookies, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience service and google ads.
How we keep your data secure?
We implement industry standard security processes to ensure your data is kept safe and secure and to prevent unauthorised access or use or loss of your data. We also make sure that when we are required to share your data with third parties, they are subject to suitable confidentiality and security standards.
Despite these measures, the transmission of data via the internet is not completely secure. As such, we cannot guarantee that information transmitted to us via the internet will be completely secure and any transmission is at your own risk.
Links to Third Party Websites
How long do we store your data?
We will store your data for as long as you have an ‘active’ The Great British Drive In purchase*, or as long as is needed to be able to provide the services to you and/or where you are still happy to hear from us about our latest news, products and services.
After this, we may still need to keep hold of your data if there is a legal reason for doing so. This may be for reasons such as tax or financial reasons such as being able to deal with chargebacks. We may also keep your data in order to resolve any disputes with you, or where we need to enforce our terms and conditions. In such circumstances, we will only retain the amount of data strictly necessary for these reasons and otherwise, will remove your data from our systems.
*If you have not bought tickets in more than 7 years, then we will remove any personally identifiable information from your data.
You have various rights under GDPR which entitle you, in certain situations, to:
Ask us for a copy of the personal data we hold about you
Correct or update your personal data, which you can do yourself by logging into your account or if you would prefer, please contact us and we can assist
Request that we delete your personal data
Object to the handling of your personal data where we are relying on a legitimate interest (as set out in the table above)
Restrict the processing of your personal data
Request the transfer of your personal data (or some of it) to a third-party service provider
Where you have provided your consent for something, in certain circumstances, you may withdraw this consent. Note: We may continue to use your personal data if we have legal grounds for doing so.
How to Exercise your Rights
Please contact us if you would like to exercise your rights, which you can do for free. The only time we may be allowed to charge a reasonable fee is where your request is clearly unfounded, repetitive or excessive. We may refuse to comply with your request in these circumstances. Otherwise, we will always respond within one month. Note: In situations where legal advice is sought, the process may take longer. We may also need to ask you to confirm your identity before we proceed with your request if it is not clear who is making the request. If you are concerned about the way we are handling your personal data you may also contact the ICO (Information Commissioner’s Office). However, where possible, we would really appreciate the opportunity to help with your concern in the first instance.
Changes to this Policy
We may change this policy from time to time, to reflect how we are handling your data and will upload these updates onto our websites. If we make significant changes, we will make sure you are notified by email or another suitable method so that you are able to review the changes before you continue to use our services.
How to Contact Us
If you would like to discuss anything in this policy, want to exercise your rights or have any issues with the way we are handling your data, please:
Email us: firstname.lastname@example.org
Contact Customer Services by writing to us:
The Great British Drive In, 8 Radford St, Stone, ST15 8DA
Sending us a DM on our Facebook or Instagram Pages.
LAST UPDATED: July 2020