It refers to the personal data of Site Users and Customers who makes a purchases using this Site. Users and Customers guarantee that personal data provided to either or both Parties is correct, exact and updated, being responsible at all times to communicate any modification thereof to the relevant Party who may in turn manage, adequately, the contractual relation between the parties. In the same vein, the User and/or Customer expressly recognizes that in case s/he has not provided the correct, updated information to the Parties, the latter shall not provide its Services to the former.
Who We Are
When we talk about “Encore Tickets,”, “Encore” “we,” “our,” or “us” in this policy, we are referring to Encore Tickets Limited, and our group companies and brands including Stargreen, London Theatre, London Breaks, West End Theatre Breaks and Capital Breaks, who provide the ticketing services. When we talk about the “E-Commerce Partner” in this policy, we are referring to our commercial partner who jointly provide the web services including this website (the “Site”). Both Encore Tickets Limited and our E-Commerce Partner are “Controllers” of the personal data you provide to us. This Site is branded as the E-Commerce Partner’s, but is maintained by Encore and when you purchase a ticket, Encore will provide the services. If you subscribe to email marketing on this Site it will be delivered to our E-Commerce Partner who will provide these services, unless you have also explicitly chosen for Encore to send you email marketing separately.
Encore Tickets, the UK’s largest independent ticket company, sells tickets for a huge range of West End theatre, off West End, fringe and touring shows, attractions, exhibitions, river cruises, concerts and events. Our team of over 150 experts share a passion for live entertainment. Encore has processed over £1 billion of tickets sales since the company started in 2000.
We are a data Controller for the purposes of the General Data Protection Regulation (GDPR), and other data protection laws applicable in the United Kingdom and Member states of the European Union. Our address is –
Encore Tickets Limited
2nd Floor Harling House
47-51 Great Suffolk St
Phone: +44 (0) 207 492 1618
Our commercial partner are also a data Controller for the purposes of the General Data Protection Regulation (GDPR), and other data protection laws applicable in the United Kingdom and Member states of the European Union.
Why we need personal data
Generally, we collect personal information about you when you make a ticket purchase from us, during email or phone calls, if you create an account with us, make box office purchases operated or administered by us, and when you use our websites or social media channels.
Encore are a ticketing company and as such will also usually be required to pass your name and booking reference on to the venue, in order to facilitate your access to that venue and to allow our venue partners to verify that purchasers are genuine, to avoid ticket touting, and for fraud checking purposes. Such purposes are in our, and the venue’s legitimate interests.
How we collect data
Directly. Most of the personal data we hold about you is collected directly, for example when you make a purchase from the Site, when you subscribe to receive marketing, or when you contact our customer services team. We might also collect your personal data if you create an account with us, enter a competition or free prize draw, register for a promotion, post a comment on our website, ask us a question, email us or otherwise interact with our staff and call centres. Such data as your name, surname, email address, phone number, etc. are necessary for the provision of the Services requested.
From Third Parties. We may also collect personal data from other third parties, or from publicly available sources. For example, if you purchased tickets through one of Encore’s partners, or if you choose to use an integrated social media feature on our website, this third party will give us certain information about you, which could include your name and email address. Further information about the third parties from whom we obtain information is available below in the Data Sharing section.
You have significant rights regarding your personal data. For more information please see the Rights section below.
2. Data Security
We take the security of your personal information very seriously. All web transactions made with Encore Tickets use 128-bit Secure Socket Layer (SSL) encryption which encrypts all your personal information, including your credit card number, name, and address, so that it cannot be read if intercepted by a malicious third party.
Card transactions made on this Site are processed by our payment partners Verifone, and Encore do not process such card payments directly, nor will we have access to your full card details. Payment information is stored only in a tokenised form on our systems. We are PCI DSS compliant and do not process card details by email - please do not send us your card details for payment in this way.
Our sites and services are meant for adults. We will never knowingly collect personal information from children. If you are a parent or legal guardian and believe your child has given us personal information, please contact us.
4. What data do we process
Encore collect and process various categories of personal data, each of which are detailed below. This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy.
Encore process personal data relating to the following categories of data subject:
We may also process some personal data relating to other data subjects, such as if you submit your CV to us as part of a job application, or if you visit our offices. For more information on what data we process if you are an employee, business contact, creative or other contact, please see the section on Data Subjects below.
As a customer, we may process the following categories of information about you:
5. How we use your Data
Encore (and trusted partners acting on our behalf) use our customers’ personal data for the following purposes:
6. Data Sharing
In order to make certain services available to you, we may need to share your personal data with some of our service partners. Encore Tickets only allow our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We will never sell or rent our customer data to other organisations for marketing purposes.
Encore are a major authorised ticket agent with tens of thousands of partners with whom we are required to share certain personal data as part of our ticketing operations. We are therefore unable to provide a list of all specific recipients of personal data, however, Encore share your personal data with the following categories of recipient;
Within the Encore group. The Encore Group, as outlined above, do not maintain any separate staff, with the exception of our Stargreen Box Office, and our brands do not involve the use of separate systems or staff. Any sharing will therefore not usually involve any physical transfer or sending of data, and is only performed according to the purposes outlined above.
With our E-Commerce Partner. Encore will also share the following categories of personal data with our E-Commerce Partner under the terms of our partnership agreement concerning this website;
With our Venues and Event Partners. We may share a minimal amount of personal information about your ticket booking (such as your name and surname, and those of any other attendees, along with quantity and booking reference) with our event partners, so that they can deliver the event for which tickets have been purchased, enabling them to fulfil the order, to cross check with their records and verify the ticket holder’s identity, and on some occasions allow you entry if you have mislaid your ticket. This might include any Restaurants, Hotels, Venues, Theatres, or Attractions you have booked with us. If your booking involves a Broadway show in New York, we will pass your booking information to our partners at Broadway Inbound, and your personal data may be shared with the venue in New York to allow you access to that performance.
With Third Parties. We also use web analytics services from some Third Parties to track how visitors reach our site and the path they take through it, so that we can tailor the content of our site to fit the needs of our site’s visitors. Such information is provided anonymously and used statistically with the purpose of improving our site.
With our Service Providers and Suppliers. In order to make certain services available to you, we may need to share your personal data with some of our service partners. Encore Tickets only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls, or have put a written agreement in place protecting your information, including necessary safeguards for the international transfer of personal data.
Your Personal data may be processed by our IT Service Providers in line with the purposes outlined above. Our data storage is provided by our hosting partners in the UK, who securely store all personal data held in our systems. We also employ a security testing partner who may occasionally have access to your data, in order to ensure its integrity and security. In addition to our server provision we also store personal data in backup form to ensure continuity and data integrity. Some of our software systems are cloud based and as such constitute a sharing of personal data. This may in some cases also constitute an international transfer of data, as some multinational software providers maintain global networks of secure data centres. Our software providers may also have access to our systems for maintenance and hosting purposes, and our software development partners may from time to time require access to live systems for development and testing purposes. Such access is strictly for these purposes only and regulated by contract. Our payment partners operate global systems that may require international transfers of personal data.
If we are required to send you tickets, marketing or other content by mail, we may share your name and address with the postal service or courier.
With Legal Authorities. We may share your data with governmental bodies, regulators, law enforcement agencies, courts or tribunals, insurers, and other partners where we are required to do so;
With any successor to all or part of our business. Where permitted by law, we may pass your information to a successor organisation, provided processing is for the purposes set out in this Policy.
7. Transfers of personal information to other countries
The transfer of your information under the purposes of this Policy and Encore’s Cookies Policy may involve the transfer of your information to other countries, including those outside Europe. Such countries may not provide the same level of protection for your personal information, however we ensure that appropriate technical and contractual safeguards are put in place to protect your personal data, in accordance with applicable laws including the GDPR.
If you purchase tickets outside the EU, such as from a Broadway show in New York, we may pass your information to the relevant theatre, based in the United States, to allow them to fulfil your ticket purchase, allow you access to the venue, and for cross-referencing purposes. Such transfers are performed on the basis of a contract concluded in the interest of the ticket purchaser. These ticket purchases also involve our ticketing partner in the United States, who require some personal data in order to fulfil your ticket purchase and are self-certified to the Privacy Shield.
Some multinational software and payment providers, including banking and cloud infrastructure, maintain an international network of secure data centres and as such your personal data may be transferred globally. Such transfers are covered by standard contractual clauses and binding corporate rules.
Where our software developers require access to our systems, and may be required to provide access to developers in Belarus, such access is protected by a strict data protecting contract, standard contractual clauses and binding corporate rules.
8. Our Legal Basis for the Processing of Our Customers’ Personal Data
In general, Encore Tickets collects and uses customers’ personal data when it is necessary for:
Your Consent. Encore only rely on consent as a legal basis for processing in relation to our sending of some direct marketing communications to customers. Our customers have the right to withdraw this consent at any time, and we will stop processing immediately. If you have consented to marketing from our E-Commerce Partner, you may also withdraw that consent at any time.
Contractual Necessity. If the processing of personal data is necessary for the performance of a contract to which you as a data subject are a party, as is the case, for example, when you purchase a ticket with us and our processing is targeted and proportionate means of supplying those goods or services, we rely on contractual obligations as our lawful basis for processing your personal data. This includes when we take your name and contact details to fulfil and send your tickets, and when we have to contact you if there’s a problem with your order. This also applies to any processing operations which are necessary for carrying out pre-contractual measures, for example if you were to inquire about our products or services. Failing to provide such data may result in us not being able to provide the services you have requested.
Vital Interests. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, or other vital information would need to be passed on to a doctor, hospital or other third party in order to save their life.
Legal Obligations. In some cases, Encore’s processing of personal data is based on our legal obligations. Such processing applies when we retain contractual records under the Limitations Act 1980, or where we maintain transaction records as part of our VAT requirements. We may also be required to share your data with governmental bodies, regulators, law enforcement agencies, courts or tribunals, insurers, and other partners where we are required to do so;
Legitimate Interests. We rely on legitimate interests as a legal basis for processing only if that processing is in your interests, our legitimate interests, or the interests of a third party. Such processing must be necessary for the stated purpose, and we must have carefully evaluated whether such interests are overridden by your interests, privacy, and fundamental rights and freedoms. We process personal information for certain legitimate business purposes, which include some or all of the following processes, along with information on our balancing reasoning;
Whenever we process data for these purposes we will always ensure your Personal Data rights are held in high regard. We make sure to have conducted legitimate interests assessments for all our personal data processing made under our legitimate interests, and ensure you have a right to object to this processing if you so wish. If you would like to exercise this right, please consult the Rights section below. Please bear in mind that if you object in this way, you may affect our ability to carry out these tasks, which may impact on your benefit.
9. Periods for which the personal data will be stored
Encore will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is six years. Encore will process and store your personal data only for the period necessary to achieve the purpose of processing, or as far as this is required by the European legislator or other legislators in laws or regulations to which Encore are subject. For more information on how long any specific data is stored, you can contact us at firstname.lastname@example.org
The criteria used to determine the storage (or “retention”) period, is usually the statutory retention period – the legal requirement to retain data records. For example, we will keep personal data relating to the initiation and fulfilment of a contract, for the duration of that contract, followed by the legally required retention period – usually six years under the Limitations Act 1980.
Likewise, we will hold on to any contractual details on goods and services provided (such as your booking information) in our bookings database only for the period necessary to fulfil the contract, and for a maximum of six years in order to fulfil our legal requirements to keep VAT records for this period, and to maintain a record of the contract under our legal obligations. After expiration of this six year period, Encore will delete or anonymise any personal data held in our main databases according to our Retention Policy. Our primary record of your personal details, including your name, contact information and customer service history, are held within this bookings database and will therefore only be kept for a maximum of six years.
We also hold purchase information in our marketing department to allow us to tailor relevant content to meet your interests. We will only send you marketing if you have subscribed to receive marketing from us, and we will only keep this purchase history if you are an active customer. If you subscribed to receive marketing from us, we will hold your information until you unsubscribe, and for a further year in case you decide to re-subscribe within that period. If you decide not to re-subscribe after a year, we will remove all your personal data from our marketing database, although we will keep your email address on our suppression list to make sure we do not contact you again.
This information is stored in your browser’s “log” files and may include the browser type and version used, the operating system used, the website from which an accessing system reaches our website (so-called “referrer”), any sub-websites, the date and time of access to the Internet site, an Internet protocol address (IP address), the Internet service provider of the accessing system, and any other similar data and information that may be used to trace users in the event of attacks on our information technology systems.
When using these general data and information, Encore Tickets does not draw any conclusions about the individual data subject. Encore Tickets analyses such data anonymously and uses the information statistically with the aim of optimising our web services and increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. Any anonymous data contained in these log files is in any case stored separately from the personal data provided by our customers.
You may, at any time, prevent the setting of cookies through our website by various means, such as changing the settings in your Internet browser, which can permanently deny the setting of some, or all cookies. Cookies can also be deleted at any time in most popular Internet browsers or by using other software programs. However if the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be usable.
With your consent, we will collect your personal data including your name and email address, approximate location, purchase information, opt-in data and preference information for the provision of advertising, including the sharing of promotional offers, and to update you about products and services which may be of interest and relevance. Marketing subscriptions made on the Site, unless otherwise explicitly indicated, are made to our E-Commerce Partner who will provide you with marketing services. Encore do not own this data and will only pass it on to our E-Commerce Partner as a data Processor.
If you have also chosen to receive electronic marketing from Encore, this will only occur once the contract between Encore and our E-Commerce Partner expires – we will contact you at this time to make sure you still want to receive this. The two mailing lists are entirely separate, and you are free to subscribe to either, both, or not sign up at all. You can also unsubscribe to either at any time, for example by contacting the sender or using the unsubscribe link provided.
You have the right to opt out of receiving promotional communications at any time, by:
1. Making use of the simple “unsubscribe” link in emails; and/or
2. Contacting the E-Commerce Partner via the contact channels set out in this Policy.
If you have asked to be contacted for promotions and other special offers on products, your purchase history, and language preference may be used to tailor content to match your interests, in order to deliver you more relevant content. Your approximate location may also be recorded so that products and offers can be provided that are relevant to you and your location, and your “opens” and “clicks” history from marketing communication emails may be processed so we can tailor our email content to your interests.
You have a right to access this information we hold about you, and a right to contest or object to such processing, by contacting email@example.com You can also opt-out of receiving marketing at any time. For more information on how to exercise your data rights please see the Rights section below.
Your privacy is of the highest importance to us, and we promise never to release your personal details to any outside company for their marketing purposes without your consent.
2. Contacting Encore Tickets Limited via the contact channels set out in this Policy.
If you have subscribed to receive marketing from Encore, we will keep your sign-up record, including the relevant purchase and preference history, for one year after you unsubscribe, in case you decide to opt back in within this period. After this period has elapsed, we will permanently erase these records, although we will keep your email address on our “suppression list” to make sure we don’t contact you in future.
12. Control Over Your Data
We take your privacy rights seriously, and where possible we will offer you choice and control over how we use your data. When you interact with us we may occasionally ask for your explicit consent in order to collect, process or use your personal information for specified purposes. Such consent is only usually sought when we seek your permission to send marketing communications. If you have given your consent to the processing of personal data, you have the right to withdraw that consent at any time. If you wish to do so, please contact our Data Protection Officer at Encore Tickets by writing to us at the address below, or by emailing firstname.lastname@example.org If you signed up to receive marketing from our E-Commerce Partner, and can also withdraw your consent by contacting them directly or using the unsubscribe link included in any email communications.
For full details about how to exercise your data rights, please consult the Rights section below.
Don’t worry, even if you opt out of receiving marketing messages, we will still make sure to send you any necessary transactional and service messages, such as important information about any changes to your order.
13. Your Rights as a Data Subject
If your personal information is held by Encore tickets, you have the following rights to your personal data under the GDPR. If you wish to exercise your rights at any time, or if you have any questions about how Encore Tickets uses your personal data that are not answered here, please contact email@example.com, or write to us at our postal address;
The Data Protection Officer
Your rights request will be free, unless the request is manifestly unfounded or excessive, in which case Encore shall reserve the right, in accordance with Article 12 of the GDPR, to charge a fee or refuse the request. In the rare case of such a refusal, you will have the right to complain to the ICO as the Supervisory Authority, and to a judicial remedy without undue delay and at the latest within one month.
We will endeavour to respond promptly and in any event within one month of the latest of the following:
If the request is particularly numerous or complex, we may extend the period by a further two months, but shall in any case inform you of such an extension within the initial one month, giving our reasons for doing so.
Your rights in relation to your personal data might be limited in some situations. For example, if fulfilling your request would reveal personal data about another person or if we have a legal requirement or a compelling legitimate ground to process that data, we may continue to process your personal data, and will inform you of such.
You also have the right to lodge a complaint with the Information Commissioner’s Office. We hope that any issues or complaints can be resolved amicably by first contacting us at firstname.lastname@example.org. However, if you are not satisfied with our response or if you are considering lodging a complaint with the Statutory Authority, the relevant contact details and further information on the complaints process is available at https://ico.org.uk
Right of Confirmation
Right of Access
If you wish to exercise your right to access, please contact our Data Protection Officer using the contact details available above, to request such information.
Right to Rectification
Each data subject has the right to rectify inaccurate personal data concerning him or her, without undue delay. Data subjects also have the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement.
If you wish to exercise this right to rectification, you may at any time contact our Data Protection Officer using the contact details available above.
Right to Erasure
Each data subject has the right to request the erasure of personal data concerning him or her without undue delay. The Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies;
If one the above reasons applies, and you wish to request the erasure of personal data stored by Encore Tickets, you may at any time contact our Data Protection Officer using the contact details above, and we will ensure that the erasure request is complied with.
Where we have made such personal data public and are obliged pursuant to Article 17(1) to erase the personal data, Encore shall, take reasonable steps, taking account of available technology and the cost of implementation, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The Data Protection Officer of Encore Tickets will arrange the necessary measures in individual cases.
Right to the Restriction of Processing
Each data subject has the right to obtain a restriction to processing where one of the following applies:
If one of the above conditions applies, you may request the restriction of processing by Encore Tickets by contacting our Data Protection Officer using the contact details available above.
Right to Data Portability
Each data subject has the right to receive their personal data in a structured, commonly used and machine-readable format, including the right to transmit that data directly to another Controller if it is technically feasible and when doing so does not adversely affect the rights and freedoms of others.
Such a right applies if processing is based on a subject’s consent, or contractual obligations, and such processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
If you wish to exercise your rights to data portability, please contact the Data Protection Officer using the contact details available above.
Right to Object to Processing
Each data subject has, on grounds relating to his or her particular situation, the right to object to processing of personal data concerning him or her which is based on the Controller’s legitimate interests. This also applies to profiling based on these provisions.
Encore Tickets shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Where Encore Tickets processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, and we will no longer process the personal data for these purposes. This applies to profiling to the extent that it is related to such direct marketing.
If you wish to raise an objection, please contact the Data Protection Officer using the contact details available above.
Rights on Automated Individual Decision-making, including Profiling
Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or has similarly significantly effect. As a responsible company, Encore do not use automatic decision-making or profiling that has legal or similarly significant effects on individuals. Our profiling for marketing purposes requires significant human oversight, and we will always ensure that meaningful control over such processing is in the hands of our staff, rather than based on automated processing. However, if you wish to contest this, you may exercise your rights concerning automated individual decision-making by at any time directly contact our Data Protection Officer, using the contact information above.
14. Other Data Subjects
Supplier Contacts and Business Clients: Categories of Personal Data
In order for us to transact with your employer, we collect the following categories of personal data about our supplier and vendor contacts:
Such data is processed under Encore’s legitimate business interests to maintain a business relationship.
Supplier Contacts and Business Clients: Purposes of Processing
Encore collects and processes the personal data of employees of our B2B partners, vendors and suppliers for the following purposes:
Encore will only keep your personal data for the duration of our business relationship. If you leave your position, we will delete your personal data from our records unless we are legally required to keep that information. For example, if your name is included in a valid contract, or where we must keep a record of that contract under the Limitations Act 1980. If you interacted with us via email, the longest we will keep any email record for is six years. We will however keep an anonymised record of Encore’s business relationship with the Supplier organisation.
Creative Partners: Categories of Personal Data
In order for us to provide relevant content in the provision of tickets, we process the following categories of personal data relating to our creative partners:
Creative Partners: Purposes of Processing
Other Data Subjects: Employees, Visitors, and Job Applicants
If you are a visitor to our office, your name will be stored on a visitor pass, and a record will be kept on file in our reception sign-in record for six months, for security record purposes.
When applying for a position with Encore, we may ask you to provide information on your employment history, address, and references to process a job application. If you are unsuccessful, we may keep such information for three additional months in case we need to contact you, after which we will permanently destroy such information.
15. Contact Us
If you have any further questions or complaints about this Policy, any other privacy concerns, or you would like to exercise your data rights, please contact us by any of the following means:
Please do not include your credit card number or other financial or sensitive information in any email you send.
We may change this policy from time to time, and if we do we will post any changes on this page. Any update will have a different date from the current policy. If you continue to use the Services after those changes are in effect, you agree to the revised policy. Please check our site periodically for updates.
17. Last Revised Date