The following policy details how Gilded Balloon (GB) collects, processes, stores and secures personal data.
We will always aim to be clear and transparent regarding all our requests for personal data and are legally bound to only use that data for the express purpose(s) agreed at the point the data is submitted to us.
Please note, individuals are under no obligation to share personal data with us. However, the provision of certain pieces of personal data will help us to provide the best possible service we can.
This policy was last updated in March 2020 and was designed in accordance with the EU General Data Protection Regulation (GDPR).
What is personal data?
Personal Data is anything that can be used to identify an individual directly or indirectly.
In many situations, this can be as simple as their name and contact details (such as address, phone number or email) but may sometimes include more detailed information depending on the nature of their engagement with us.
When and how do we collect personal data?
The following are examples where we might request personal data from individuals:
- When purchasing tickets to GB shows/events
- When signing up to our mailing lists
- When contacting us with customer experience queries
- When submitting an application for a job
We will always make it clear what data we are collecting from an individual during these transactions and why we are requesting it.
How We Use the Information
All personal data collected, processed and stored by GB is only collected with the prior notification of the scope and nature of the processing activity (i.e. how it will be used).
In relation to the personal data listed above, this will include ‘opt in’ and/or ‘permission’ on online forms regarding mailing lists, participation sign up or the provision of details on a job application or engagement with us contractually.
Gilded Balloon may use the collected information for the following purposes:
- to process payments and supply you with services. This sort of processing includes name, address, phone, email and credit card details and any access-specific information that a purchaser may choose to share with us in advance of attending one of our events.
- to administer the Gilded Balloon website and enable your use of our website.
- send you general (non-marketing) communications. We may use your email address to send User information and updates pertaining to your order. It may also be used to respond to inquiries and/or other requests.
- send to you our email newsletter and other marketing communications relating to our business or the businesses of carefully-selected third parties where you have specifically agreed to this. You can opt-out of this communication at any time
- Fulfil Legal Obligations, which covers employment/engagement details for those working for, with and in association with us. It also covers data capture relating to safeguarding (e.g. children and vulnerable adults).
What information we collect
What We Collect
- information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views)
- information relating to any transactions carried out between you and us on or in relation to this website.
- information that you provide to us for the purpose of registering with us.
- information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters.
- any other information that you choose to send to us including through emails and online message boards
Cookies cannot be used by themselves to identify you. A cookie will usually contain the name of the domain from which the cookie has come, the ‘lifetime’ of the cookie, and a value, usually a randomly generated unique number. For more information about cookies, please see All About Cookies (https://www.allaboutcookies.org/)
Third Party websites
The Gilded Balloon website contains links to other websites and advertising by third parties. We are not responsible for the privacy policies or practices of these websites. By visiting these sites or engaging in their advertising you are subject to their terms and policies.
All images will be stored on our secure cloud-based system and fall under the remit of our data retention policy. In certain instances, we may ask for consent using a form or agreement to be signed by the individual, which will be kept on file for as long as the resulting footage/image is in circulation. These instances will include:
- Interviews on camera
- Images of event participants
- Images of staff
Some of the venues we use have CCTV recording equipment in and around their premises. These are used to safeguard staff, customers, and visitors to venues. Each of the venues have their own Data Protection policies - please email firstname.lastname@example.org for further information.
Customer experience data
We may also store conversations that occur via GB email channels. These emails and transcripts are stored securely and only used to improve the customer experience and for training and monitoring purposes.
GB does not currently record or store any conversations by telephone. We may in the future decide to use call recording technologies for the sole purpose of training, monitoring and improving the overall customer experience. Should this be adopted, sensitive information (e.g. credit card information) would be completely anonymised.
How We Store Information
All personal information you provide to the Company is stored on our secure servers with restricted access. In deciding to voluntarily provide us your personal information, you agree to the transfer and storage of your personal data on our servers and of that of our suppliers.
The Company takes reasonable technical means to ensure a safe environment and protect user data.
However, given the public nature of the internet network, Users acknowledge and agree that the security of communications through the internet cannot be guaranteed. Therefore, the company cannot guarantee nor shall bear any liability for any breach of confidentiality, hacking, viruses, loss or alteration of information transmitted or hosted on the company’s systems.
We have set a retention limit on personal data for when a data subject has not engaged with us after three years have passed. Each year we will audit those who fall outside of this period, and either erase or anonymise that data.
The only exception to this is Employee records (which we are obliged by law to maintain for seven years).
What We Disclose
We may share personal information with our employees, agents, suppliers, or subcontracts to assist us with the purposes listed above. Gilded Balloon does not sell, trade or rent your personal information to third parties.
We may also disclose information in the following circumstances:
- When required to assist any legal proceedings or prospective legal proceedings
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
- to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling
- to protect against legal liability.
In some instances, we use established and accountable third party service providers who work on our behalf for the fulfilment of a contract we enter into
- Card payment processing of transactions relating to payment for goods and services (e.g. online ticket sales)
- Third party mailing houses, email providers (e.g. MailChimp)
- Our website hosting and ticketing/CRM system providers (Red61)
- Research Companies who help us to understand our audience to enable us to improve our service
- Third party advertisers (such as Facebook or Google)
- Anyone who provides a service such as these on our behalf will enter into an agreement with us and will meet our data security standards. They will only use your data for the clearly defined service that they are providing on our behalf and are, in effect accountable in terms of complying with this policy
As a Data Subject, individuals have legal rights regarding the information we hold about them
- Access – the right to know what personal data is being processed and how. Individuals can therefore request access to the personal data we process. You may request to be sent any personal information we hold about you. Provision of this information will incur a fee of £10.00.
- Rectification – the right to ask us to amend, update or correct any personal information we have
- Erasure – the right to be forgotten – all users have the, ‘Right to Erasure’ as per Art. 17 of the General Data Protection Regulation ie. the deletion or removal of personal data where there is no compelling reason for its continued processing (eg. employee records and records of financial transactions which are detailed in our audited accounts).
- If they are unhappy with the way we have processed their personal data, they also have the right to lodge a complaint with the Information Commissioner’s Office.
If you believe that the information we hold about you needs to be updated or corrected or you wish to access the information please contact us using the contact details below.
Acceptance of Terms
Or call: 0131 622 6555
Or write to: Gilded Balloon, 2 Commercial Street, Edinburgh EH6 6JA
Under the terms of the GDPR we are then obliged to respond to you within 30 days.
For further, detailed information on the General Data Protection Legislation, please refer to the website of the Information Commissioner’s Office.