Privacy Policy

This policy was last updated on 8 November 2021

 

Respecting your privacy and safeguarding your data
The Coro is committed to upholding your privacy and taking care of the personal information you share with us.


This policy explains how we each collect, use, and share personal information in the course of our activities, including:

  • The information we collect and process

  • How we use your information and what legal basis we rely on

  • Information about our marketing and fundraising activities

  • Others we might share your information with

  • How we keep your information safe

  • How we keep your information up to date

  • Your legal rights

  • How to contact us or exercise your rights


Whenever we ask you to provide your personal information, we will let you know why we are asking, and how we will use your information, by directing you towards this notice.


You can find out more about The Coro by contacting us using the information on our Get in touch page.


We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate. Please regularly check this page for the latest version of this notice.


You might find external links to third-party websites on our website. This privacy notice does not apply to your use of a third-party site.

When we collect and process personal information
We may collect personal data when you make a booking, contact us, make a donation, make a purchase at our bars, sign up to our mailing list, complete a survey, complete any paperwork for us, or visit our website.

What personal information we collect and process
We may collect different personal data from you in different interactions, including name, date of birth, email address, physical address, phone number, order history, payment card information, gift aid status, log and details of past interactions, and information gathered through the use of cookies in your web browser. 

Sensitive or 'special category' information
When you provide us with information in relation to an event that you are attending, we may ask you about your access requirements or dietary preferences. Some of the information which we collect from you may constitute sensitive personal data. We will only ever use this in accordance with this policy and shall maintain necessary measures to protect this information and its confidentiality.

What we use your information for and on which legal basis/bases we rely
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis. Depending on the preferences you have indicated and your relationship with The Coro, we will use the personal information you have provided to:

  • Provide goods and services to you or your organisation, process donations including Gift Aid, process payments for fundraising events or auction items, or to respond to enquiries.

Legal basis: To perform a contract

  • Inform you of other products, services and events related to, or opportunities to support The Coro by sending you marketing and fundraising communications by post, telephone or electronic means. 

Legal basis: Consent

  • Notify you of changes to events and services, or provide you with essential information ahead of any visit.

Legal basis: To perform a public task; Legitimate interest

  • Ask you to participate in evaluation surveys and market research to help us better serve your needs or refine our fundraising programmes.

Legal basis: To perform a public task; Legitimate interest

  • Improve our understanding of our audience and supporters through profiling and tracking your response to direct marketing activity.

Legal basis: To perform a public task; Legitimate interest

  • Enable core functionality of our website such as security, verification of identity and network management through the use of essential cookies.

Legal basis: To perform a public task; Legitimate interest

  • Understand how visitors interact with our website, discover errors, track advertising effectiveness to provide a more relevant service and deliver better ads to suit your interests, and remember choices users make to improve and give a more personalised experience on our website through the use of optional cookies.

Legal basis: Consent

Managing your consent to marketing and fundraising communications
We make it easy for you to tell us if and how you want to receive marketing and fundraising communications from us by using clear preference questions when you provide us with your information.


If you previously opted in to receiving marketing and fundraising communications but change your mind in future, we include clear information on how to opt out when we send you these communications, but you can also change your preferences at any other time by contacting us at hello@thecoro.co.uk

Managing your consent to cookies
In order to make our website easier to use and improve our service, we use cookies. Cookies are files stored in your browser and are used by most websites to help personalise and analyse your website visit. Some features on this site will not function if you do not allow cookies. You can manage your cookie consent preferences on our website at any time.


We currently use the following cookies:

Who we might share your personal information with
The Coro is ‘data controller’ in relation to your personal information, i.e. we determine the purposes for which your personal information is processed and how that information is processed.


Your personal information might be passed to a third party (a ‘data processor’) if they need it to fulfil your order(s) for our goods and services, to execute the communications we send to you, to conduct market research and audience profiling outlined above or to process a donation. Examples of these third parties include our bank (in order to process Direct Debit and other payments), our ticketing system Eventbrite, and our bulk email distribution service provider Mailchimp.


We do comprehensive checks on these companies before we work with them, and where necessary put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information they have collected or have access to.


Except as set out in this policy, we shall not disclose your personal information unless obliged to, or allowed to do so by law, or where we need to in order to run our business (e.g. where other people process information for us). In such circumstances, we ask those people to give us confidentiality, non-disclosure or other relevant compliance undertakings.


We will not share your information other than as described in this policy without your express consent.

How we store and keep your personal information safe
We ensure that there are appropriate technical controls in place to protect your personal information; for example, any information which we transfer is encrypted and password protected, and all of our staff will receive data protection and security training. The personal information that you provide will be held securely and will not be used for any other purpose than as provided for in this policy.


Some of our suppliers run their operations outside the UK. Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. To this end, we obtain contractual commitments from them to protect your personal information. 


You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.


We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, such as our requirements to report on the sources of our funding and donations received. We may also store information as a requirement to report on audience activities and expenditure to one or more of our funders.


In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Keeping your information up to date
We endeavour to keep your personal information accurate and up to date, but if you become aware of errors or inaccuracies, please email hello@thecoro.co.uk

Your legal rights
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.


You can exercise your rights by contacting us using the contact details below. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. 


We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.


Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.


Right to rectify or erase personal information
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.


You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or

  • you have withdrawn your consent (where the data processing was based on consent); or

  • following a successful right to object (see right to object); or

  • it has been processed unlawfully; or

  • to comply with a legal obligation to which we are subject

 

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or

  • for the establishment, exercise or defence of legal claims
     

Right to restrict the processing of your personal information
You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or

  • the processing is unlawful, but you do not want it erased; or

  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or

  • you have exercised the right to object, and verification of overriding grounds is pending

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or

  • to establish, exercise or defend legal claims; or

  • to protect the rights of another natural or legal person


Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.


Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the UK.


We may redact data transfer agreements to protect commercial terms.


Right to lodge a complaint with your local supervisory authority
The Information Commissioner is the UK's independent authority set up to uphold information rights and data privacy for individuals. You have the right to lodge a complaint with the Information Commissioner if you are dissatisfied with any aspect of the way that we collect and use your personal information.


The Information Commissioner's website can be found at www.ico.org.uk or you can call their helpline on 0303 123 1113.


We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

How to contact us or exercise your rights
If you would like any further information about our approach to data protection and privacy, or to request details about the information we hold, or exercise any of the rights listed above, please contact us by email at hello@thecoro.co.uk.

Changes to this policy
Our privacy policy may be updated at any time, so you may wish to check it each time you visit our website. Any changes will apply from the time that they are posted to this page. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly.


If you have any questions at all about the ways in which we collect and use your personal information please contact us at hello@thecoro.co.uk at any time

Title
Purpose
Duration
Type
fedops.logger.sessionId
Used for stability/effectiveness measurement
12 months
Essential
bSession
Used for system effectiveness measurement
30 minutes
Essential
TS*
Used for security and anti-fraud reasons
Session
Essential
smSession
Used to identify logged in site members
Session
Essential
consent-policy
Used for cookie banner parameters
12 months
Essential
_wix_browser_sess
Used for system monitoring/debugging
Session
Essential
_wixCIDX
Used for system monitoring/debugging
3 months
Essential
SSR-caching
Used to indicate the system from which the site was rendered
1 minute
Essential
svSession
Used in connection with user login
2 years
Essential
hs
Used for security reasons
Session
Essential
XSRF-TOKEN
Used for security reasons
Session
Essential