This policy was last updated on 3 July 2023

Respecting your privacy and safeguarding your data

The Coro is committed to upholding your privacy and taking care of the personal information you share with us.

This policy explains how we each collect, use, and share personal information in the course of our activities, including:

  • The information we collect and process

  • How we use your information and what legal basis we rely on

  • Information about our marketing and fundraising activities

  • Others we might share your information with

  • How we keep your information safe

  • How we keep your information up to date

  • Your legal rights

  • How to contact us or exercise your rights

Whenever we ask you to provide your personal information, we will let you know why we are asking, and how we will use your information, by directing you towards this notice.

You can find out more about The Coro by contacting us using the information on our Get in touch page.

We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate. Please regularly check this page for the latest version of this notice.

You might find external links to third-party websites on our website. This privacy notice does not apply to your use of a third-party site.

When we collect and process personal information

We may collect personal data when you make a booking, contact us, make a donation, become a member, sign up to our mailing list, complete a survey, complete any paperwork for us, or visit our website.

What personal information we collect and process

We may collect different personal data from you in different interactions, including but not limited to name, date of birth, email address, physical address, phone number, order history, payment card information, gift aid status, log and details of past interactions, and information gathered through the use of cookies in your web browser. 

Sensitive or ‘special category’ information

When you provide us with information in relation to an event that you are attending, we may ask you about your access requirements or dietary preferences. Some of the information which we collect from you may constitute sensitive personal data. We will only ever use this in accordance with this policy and shall maintain necessary measures to protect this information and its confidentiality.

What we use your information for and on which legal basis/bases we rely

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis. Depending on the preferences you have indicated and your relationship with The Coro, we will use the personal information you have provided to:

  • Provide goods and services to you or your organisation, process donations including Gift Aid, process payments for fundraising events or auction items, manage your memberships, or to respond to enquiries.

Legal basis: To perform a contract

  • Inform you of other products, services and events related to, or opportunities to support The Coro by sending you marketing and fundraising communications by post, telephone or electronic means. 

Legal basis: Consent

  • Notify you of changes to events and services, or provide you with essential information ahead of any visit.

Legal basis: To perform a public task; Legitimate interest

  • Ask you to participate in evaluation surveys and market research to help us better serve your needs or refine our fundraising programmes.

Legal basis: To perform a public task; Legitimate interest

  • Improve our understanding of our audience and supporters through profiling and tracking your response to direct marketing activity.

Legal basis: To perform a public task; Legitimate interest

  • Enable core functionality of our website such as security, verification of identity and network management through the use of essential cookies.

Legal basis: To perform a public task; Legitimate interest

  • Understand how visitors interact with our website, discover errors, track advertising effectiveness to provide a more relevant service and deliver better ads to suit your interests, and remember choices users make to improve and give a more personalised experience on our website through the use of optional cookies.

Legal basis: Consent

Managing your consent to marketing and fundraising communications

We make it easy for you to tell us if and how you want to receive marketing and fundraising communications from us by using clear preference questions when you provide us with your information.

If you previously opted in to receiving marketing and fundraising communications but change your mind in future, we include clear information on how to opt out when we send you these communications, but you can also change your preferences at any time in your customer account, or by contacting us at hello@thecoro.co.uk

Managing your consent to cookies

In order to make our website easier to use and improve our service, we use cookies. What are cookies? Cookies are files stored in your browser and are used by most websites to help personalise and analyse your website visit. Some features on this site will not function if you do not allow cookies. You can manage your cookie consent preferences on our website at any time.

We use the following cookies:

Essential

_coro_accept_cookies Saves your choice as to the acceptance/rejection of optional cookies for 90 days.

wordpress_test_cookie Tests whether the browser accepts cookies

CookieDetection Used to identify whether cookies can be set, deleted at end of browsing session.

SessionID Used to distinguish users, deleted at end of browsing session.

ASPXAUTH Used to authenticate a logged in customer, expires 10 minutes from the time first set.

SpektrixClientName Used to distinguish Spektrix client systems. Expires after 1 year.

QueueNumber Used to record the user’s place when queueing for tickets, deleted at end of browsing session.

Cookies set by tickets.thecoro.co.uk and spektrix.com are essential cookies used by our ticketing and CRM platform Spektrix and are generally deleted after a few days or when you close your browser.

Optional

ReturningCustomerCookie Used to recognise return users, persists until you clear your cookies.

Analytics code provided by third-party web services allows us to count page visits and traffic sources and to collect information about how users interact with our site. We also include code on our website that allows third-party companies to identify users by a cookie and to track their behaviour across websites. We currently use services provided by:

Google (cookies set by google.com or whose names start with _g – find out more about how Google uses the information it gathers: www.google.com/policies/privacy/partners/) and Meta (cookies set by facebook.com).

Who we might share your personal information with

The Coro is ‘data controller’ in relation to your personal information, i.e. we determine the purposes for which your personal information is processed and how that information is processed.

Your personal information might be passed to a third party (a ‘data processor’) if they need it to fulfil your order(s) for our goods and services, to execute the communications we send to you, to conduct market research and audience profiling outlined above or to process a donation. Examples of these third parties include our bank (in order to process Direct Debit and other payments), our ticketing system Spektrix, our ticket insurance provider Secure My Booking, and our email provider DotDigital.

We do comprehensive checks on these companies before we work with them, and where necessary put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information they have collected or have access to.

Occasionally you will be offered the choice of sharing your name and email address with a company producing an event you are booking for so that they can contact you directly about receiving further updates from them. If you provide your consent to this action, your name and email address will be shared with the relevant partner for this express purpose via a secure partner portal provided by our ticketing and CRM platform, Spektrix. Please note this does not constitute a consent to receive marketing communications from those companies, and revocation of this permission within our website does not have any bearing on any such relationship you may have with that company – you will need to manage your data relationship and consent to receive marketing or otherwise directly with that company.

Except as set out in this policy, we shall not disclose your personal information unless obliged to, or allowed to do so by law, or where we need to in order to run our business (e.g. where other people process information for us). In such circumstances, we ask those people to give us confidentiality, non-disclosure or other relevant compliance undertakings.

We will not share your information other than as described in this policy without your express consent.

How we store and keep your personal information safe

We ensure that there are appropriate technical controls in place to protect your personal information; for example, any information which we transfer is encrypted and password protected, and all of our staff will receive data protection and security training. The personal information that you provide will be held securely and will not be used for any other purpose than as provided for in this policy.

Some of our suppliers may run their operations outside the UK. Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. To this end, we obtain contractual commitments from them to protect your personal information. 

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, such as our requirements to report on the sources of our funding and donations received. We may also store information as a requirement to report on audience activities and expenditure to one or more of our funders.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Keeping your information up to date

We endeavour to keep your personal information accurate and up to date, but if you become aware of errors or inaccuracies, please correct them within your customer or account or email us at hello@thecoro.co.uk

Your legal rights

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us at hello@thecoro.co.uk. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. 

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or

  • you have withdrawn your consent (where the data processing was based on consent); or

  • following a successful right to object (see right to object); or

  • it has been processed unlawfully; or

  • to comply with a legal obligation to which we are subject

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or

  • for the establishment, exercise or defence of legal claims 

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or

  • the processing is unlawful, but you do not want it erased; or

  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or

  • you have exercised the right to object, and verification of overriding grounds is pending

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or

  • to establish, exercise or defend legal claims; or

  • to protect the rights of another natural or legal person

Right to object to the processing of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the UK.

We may redact data transfer agreements to protect commercial terms.

Right to lodge a complaint with your local supervisory authority

The Information Commissioner is the UK’s independent authority set up to uphold information rights and data privacy for individuals. You have the right to lodge a complaint with the Information Commissioner if you are dissatisfied with any aspect of the way that we collect and use your personal information.

The Information Commissioner’s website can be found at www.ico.org.uk or you can call their helpline on 0303 123 1113.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

How to contact us or exercise your rights

If you would like any further information about our approach to data protection and privacy, or to request details about the information we hold, or exercise any of the rights listed above, please contact us by email at hello@thecoro.co.uk.

Changes to this policy

Our privacy policy may be updated at any time, so you may wish to check it each time you visit our website. Any changes will apply from the time that they are posted to this page. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly.

If you have any questions at all about the ways in which we collect and use your personal information please contact us at hello@thecoro.co.uk at any time