Privacy Policy

Privacy Notice & Cookies Policy – updated July 2019

We, Us, Our, The Black Box– refers to The Black Box Trust Ltd

Your privacy is important to us; this policy details how we at The Black Box treat your data – what we collect and why we collect it, and how we keep it safe. We are fully compliant with all applicable privacy and data protection laws including (i) the General Data Protection Regulation ((EU) 2016/679).

What data do we collect?

When you make a purchase from The Black Box via our website or over the telephone, we collect the
following data:

  • Name
  • Contact details (including a telephone number)
  • Your booking and/or donation history with us
  • Any other information you share with us as part of your interaction with us (e.g. access needs, dietary requirements)

Your data is stored with Ticketsolve. Ticketsolve act as a data processor on behalf of The Black Box. The Box Office software is password protected with limited users.
If you are paying by card, your data is shared with Global Payments (formerly Realex) in order to
process your transaction.
Both Ticketsolve and Global Payments have implemented appropriate technological measures to protect across accidental loss, destruction, damage, alteration or disclosure of data.
For more information, please see their privacy policies:

Sensitive information

As part of our work with adults and children at risk we may sometimes be imparted with sensitive information. All staff who are in direct contact with service users have successfully completed robust, relevant and up-to-date safeguarding training. If you require any information about our safeguarding policies please contact the office on 02890 244400.
The safety and wellbeing of our audiences is extremely important to us. Event photography/videography takes place frequently. If you do not wish to be photographed please inform the Duty Manager who will help to ensure that your photograph is not taken.


As a not-for-profit organisation with charitable status, we may occasionally carry out feedback and evaluation studies for funders or for internal reviews specifically geared towards making improvements. Every event held will have the number of attendees counted for our records. Our principal funders also require that we report on specific demographics of visitors to the space. We generally are able to collect sufficient data without collecting identifying information; however, if we require identifying information we will specify what, why and the methods of collection. If you are asked to contribute to a specific programme of data collection (e.g. customer satisfaction survey) you will be informed of this.
Collected data will be destroyed as soon as it is no longer required for the specific purpose it was collected.

PCI/DSS Compliance

Our venue card processing terminals are protected by maintaining PCI/DSS Compliance. The terminals are protected by firewalls and the connections regularly scanned. Merchant copies of receipts have card numbers partially obscured and are kept in sealed boxes in a locked office for a period of 18 months in case of chargeback disputes. These are then destroyed in a secure processing facility.

Why do we hold this data?

Performance of Contract

When you purchase a ticket from us we request a contact telephone number. This is solely used in order to inform customers of cancelled events at short notice. We may also use this information to confirm pre-event requirements (e.g. for a catered event). Box Office customer contact details are never sold to third parties, given to promoters or artists or used to gather event/venue feedback.

Legitimate Interest

A list of names only will be provided to venue users availing of our Box Office facility. Those selling their own tickets via third party websites (e.g. Eventbrite) are aware of their duty to maintain GDPR compliance.

Venue users (those hiring the space for their own events)

The Black Box offers a Box Office service but allows venue users to avail of their own registration/ticketing systems. If you are doing so, it is your responsibility to maintain GDPR
compliance with the storage and handling of this data, and to make ticketholders aware of the data being collected and held. You must make it clear to data subjects that the data is not being collected or handled by or for The Black Box Trust Ltd. We regret that we are unable to share customer data obtained through The Black Box’s Box Office facility. Names will be provided on the day of the event for registration purposes; if you would like to collect customer data at your event you must maintain GDPR compliance at all times. The Black Box maintains sealed paper recycling facilities for the disposal of customer information postevent registration. Our front of house staff is trained in this; if you are using your own front of house staff for your event you must not dispose of customer data in general waste disposal facilities.

How long do we hold your data for?

Your personal data is held on our secure ticketing system for as long as you are an active customer with The Black Box. We define ‘active’ as having made a purchase within the last three years. We regularly purge our Box Office database, and you can ask to be removed from our database at any point.
Once you ask to be removed from our database, we will no longer hold personal information on you. If you wish to be removed from our database, please contact our Box Office team on 02890 244400 or email [email protected]

Access to Your Personal Information

You are entitled to access the personal information that we hold on you. To request access to your data please contact the office on 02890244400.

How do we contact you?

Newsletter Sign-Up

We use a third-party provider, MailChimp, to deliver our weekly newsletter, members’ mailout and occasional updates tailored to customer preferences. As part of our process of becoming GDPRcompliant in 2018, we purged all users who did not specifically request to remain as a newsletter subscriber.

We gather statistics around email opening and clicks using industry standard technologies to help us
monitor and improve our emails. For more information, please see MailChimp’s privacy notice.
We work hard to make our newsletter entertaining and relevant, but if you do wish to unsubscribe there is a link to do so at the bottom of each email sent. For further peace of mind, you can contact [email protected] to confirm.

Mailing lists

We do not produce a paper brochure for mailout.


Memberships are processed via Ticketsolve. Customer home addresses are used for the sole purpose of billing and of posting membership packs. It is possible to purchase memberships in the venue; information slips are completed and stored in a locked filing cabinet ahead of processing onto Ticketsolve; the slips are then securely destroyed.

Visitors to our Website

Our website is powered by WordPress. WordPress uses plugins to maintain the security and functionality of the website. We also use Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. You can find more information on how cookies are used on this website in the Cookies Policy below. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

For more information, please see Google’s privacy policy.
Our site is monitored by Wibble, whose privacy policy can be found here

Links to Other Websites

This privacy notice does not cover the links within this site linking to other websites. Those sites are not governed by this Privacy Policy, and if you have questions about how a site uses your information, you’ll need to check that site’s privacy statement.

Changes to this Privacy Notice

We keep our privacy notice under regular review. This privacy notice was last updated in July 2019.

We use a system of classifying the different types of cookies which we use on the Website, or which may be used by third parties through our websites. The classification was developed by the International Chamber of Commerce UK and explains more about which cookies we use, why we use them, and the functionality you will lose if you decide you don’t want to have them on your device.

What is a cookie?

Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

How long are cookies stored for?

Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie. Session cookies – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted. Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.
You can find more information about cookies at and

Cookies used on the Website

A list of all the cookies used on the Website by category is set out below.

Strictly necessary cookies

These cookies enable services you have specifically asked for. These cookies are essential in order to enable you to move around the Website and use its features, such as accessing secure areas of the Website.

Performance cookies

These cookies collect anonymous information on the pages visited. By using the Website, you agree that we can place these types of cookies on your device. These cookies collect information about how visitors use the Website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect
information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the Website works.

Functionality cookies

These cookies remember choices you make to improve your experience. By using the Website, you agree that we can place these types of cookies on your device. These cookies allow the Website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Third-party cookies

These cookies allow third parties to track the success of their application or customise the application for you. Because of how cookies work we cannot access these cookies, nor can the third parties access the data in cookies used on our site.
For example, if you choose to ‘share’ content through Twitter or other social networks you might be sent cookies from these websites. We don’t control the setting of these cookies, so please check those websites for more information about their cookies and how to manage them.