Skip to main content

NO SHOWS 14 – 24 OCTOBER
The Moonwalkers returns to Lightroom this half term from 25 October. Click here to book now.

Privacy Notice

Who is this privacy notice for?

This is for visitors to our website, to the Lightroom and ticket holders.

Who are we?

Lightroom is operated Lightroom KX Limited registered in England and Wales with Company number 14055902 whose registered office is 7 Savoy Court, London, England, WC2R 0EX

Our Privacy Notice gives you detailed information on when and why we collect your personal information, how we use it, how we keep it secure and how long we keep it for.   For any questions about how we use your data, or to exercise your rights over your data, you can contact us on:

Email: mydata@lightroom.uk

Post: 2 Lewis Cubitt Square, Kings Cross, London, N1C 4DY

If you do have questions, we’d ask you to read this notice first as we hope it’s clear and comprehensive.

What data do we collect and process about you, what do we do with it and why?

In general, we collect your information when you engage or interact with us, whether online, over the phone or in person.  This could include when you purchase tickets, sign up to our mailing list or create an account on our website.  We also look at how our audience use our website, so that we can offer the best possible experience whether you’re booking tickets or just trying to find out more about our latest productions.

  • When you visit our website

We collect your IP address, the website you came from, what kind of browser you’re using, and what you do on the website – which links you follow, where your mouse travels, how long you spend on each page and so on. 

We do use cookies which retain information about your online behaviour, preferences, and settings. For more information, please refer to our  Cookie Policy here: https://lightroom.uk/cookies-policy/

We will link some of your technical information, such as your IP address, to your name and other personal details if you log in to the website or buy a ticket.

We use this information to make our website works in the first place, and to help us understand your experience of it and how to improve it. 

Formally, we justify this processing as a combination of contract and pre-contractual negotiation for the ticket selection and purchasing process and legitimate interest for the marketing and activity tracking aspects.

  • When you create an account on our website

This allows you to buy tickets, sign up to our mailing list and amend your account details, including your communication preferences.

We collect your name, home address, email address, date of birth and phone number. 

Formally, we justify this processing as part of our contractual obligation to you.

We will also use your information for marketing purposes – see below.

  • When you buy a ticket or merchandise

We obviously collect some personal data about you when you buy a ticket. What we collect depends on how you buy the ticket. 

If you buy a ticket on our website, we collect your name, address and email address, you can also input your contact phone number, but this is not required. We also process your payment card information – although we don’t handle it directly or retain it: it’s all dealt with by our payment processor.

If you buy a ticket over the phone, we collect your name and calling telephone number. We’ll also collect your email address to enable us to send you your tickets. We collect your payment card details, although we don’t process them ourselves – that’s done by our payment processor – or keep them.

If you buy a ticket, or anything else like food and drink, in our venues we will only collect data if you use a payment card, and then only to process the payment – which, once again, is done by our payment processing partner not by us.

We will use the information we’ve collected to handle your admission to the event for which you’ve bought tickets; to process and track your payments and to deal with any issues that may arise including complaints and refunds. 

Formally, we justify this processing as part of our contractual obligation to you.

We will also use your information for marketing purposes – see below.

We may also need to process sensitive information about you – see below.

  • When you contact us

If you get in touch with us – whether that’s by phone, email, post or in person to make an enquiry, we’ll collect the personal information you provide. That information and anything else you tell us will be handled securely. Only what is needed to deal with your enquiry, will be passed on internally or externally. We do ask that you don’t include sensitive personal information in any communication unless it’s directly relevant, to make it easier for you and us jointly to protect you. 

We will use the information you provide to deal with your request and for no other purpose. We will also anonymise enquiries for statistical and business improvement purposes and share that anonymised information internally.

Formally, we justify this processing on the basis of your consent. When you call the venue or visit the venue in person, we will ask you for that consent explicitly. If you write to us by post or email, we will send you a privacy notification with the option to withdraw your consent if you wish. 

  • When you hire our venue 

When you hire part, or all of our venue we will collect your name, contact address, contact telephone number and payment information. If you’re paying by payment card our payment processor will collect and process your card details on our behalf. If you pay by cheque or invoice we will see your bank details as a consequence, but we will not store this information. We may also collect some personal information relating to the nature of the event for licensing purposes.

Formally, we justify this processing as part of our contractual obligation to you.

We will also use your information for marketing purposes – see below.

We may also need to process sensitive information about you – see below.

  • When we send you marketing emails, texts or other communications

Where we have noted this above we will use the information we have about you to send you marketing information. Where we have prior purchase history we will use that to help identify your interests and customise our marketing to you. We will also use outside data sources to get additional information based on your general location, but we do not pass your details on for this purpose or seek any specific information about you personally. 

Whenever you interact with us, we may ask you to consent to receive this marketing information by email or text message. If you are a consumer, we will only email or text you if you have consented in this way, and you can withdraw this consent at any time by contacting us using the information at the start of this Notice, following the unsubscribe instructions that are in every email or text that we send, or visiting our website. If you are a business we may send you marketing communications by email or text without prior consent, but you still have the same rights to ask us to stop.

We may also write to you by post. You may ask us to stop at any time by contacting us using the information at the start of this Notice, following the unsubscribe instructions that are in every postal communication that we send, or visiting our website. We will also always respect any preference you have expressed.

We do not make telephone marketing calls to consumers and will only call you in response to an enquiry or as part of contractual customer service. We will make telephone marketing calls to businesses but will of course stop if you ask us to either on the call, by contacting us or by visiting our website.

Formally, we justify our marketing activity as being in our legitimate interest. As required by the Privacy and Electronic Communication Regulation 2003, for natural people we will only send marketing communication by email and text where we have explicit consent.

  • When you visit our venue

Our venue uses CCTV to help assure the security and safety of our visitors and staff. Appropriate notices are prominently displayed in these venues, and we are registered with the Information Commissioner’s Office as an operator of a CCTV scheme. If you are captured on CCTV while in our venues this is part of your personal data and you have the rights over it that are set out later in this Notice.

As the recording system records digital images, any CCTV images that are held on the hard drive of a PC or server are deleted and overwritten on a recycling basis and, in any event, are not held for more than 12 months.  Once a hard drive has reached the end of its use, it will be erased prior to disposal.  

  • If you have a special access requirement or an allergy

If you are coming to our venue and have an access requirement – such as a wheelchair user – we will collect the required information from you in order to make sure you have the best possible experience. We will only ask you to tell us what we need to know in order to accommodate you and ensure that this information is shared in identifiable form only with those people internally and at our partners who need to know. We will anonymise your information and process it further in order to improve our access provisions across all of our venues.

We operate an access list, which can be filled in online or over the phone with one of our team.  Here we will ask for the customers name, address, email address phone number, details on their access requirements and what piece of proof of eligibility they can provide. Once approved on our system gives the user freedom to book tickets online at their convenience.  These details will be stored by us with only relevant parties able to access this information when required and to ensure the customer is booked into the correct seats for their needs.  More details on the access list can be found here: https://lightroom.uk/accessibility/access-list/

Similarly, if you are coming to a catered event we will ask if you have any food allergies. Again, we will collect the required information from you in order to make sure you have the best possible experience. We will only ask you to tell us what we need to know in order to keep you from harm and ensure that this information is shared in identifiable form only with those people internally and at our partners who need to know. We will anonymise your information and process it further to improve our allergy Notice across our venue.

We will not normally retain access or allergy information once the event has taken place. You may ask us to do so if you prefer but it will then be your responsibility to advise us if your needs change.

Formally, we justify this processing on the basis of your consent, for which you will be asked at the time of booking or invitation.

Please note that if you only share access or allergy information with staff at the venue when you attend this will not constitute data processing as we won’t record anything in identifiable form. 

  • Social Media 

If we conduct a competition on our social media platforms we may ask for your details to be able to issue the prize to you.  Once we have completed this contract we will not keep your data and we will also link to the T&Cs for each competition.

If you get in touch with us on social media regarding some feedback of any nature again we will only take the relevant information from you in order for us to follow up with your enquiry.

Who else gets to see your data

We won’t ever sell your data or provide access to it to any third parties for marketing purposes without your consent. We will share your data in the following ways:

With our subcontractors

Like many businesses we don’t do everything ourselves. When we have someone else help us handle an aspect of our business, we will pass them some of your data so that they can do their work. We will only ever give them the minimum information that they need and it will always remain under our control. This means that they can only do with your data what we tell them to, and can’t keep it once they no longer need it or pass it on to anyone else.

At the moment, the following parts of our business work with partner companies:

  • Spektrix – our booking system 
  • Quay Tickets – our call centre
  • PointOne – our bar till system
  • St. JOHN – our catering partners
  • Opayo – our payment providers
  • CrowdEngage – text message communications
  • Dotdigital– email communications facilitator
  • The Audience Agency – for the purposes of the Audience Finder initiative. For more information on the data they collect, please refer to the following links on their website here: https://www.theaudienceagency.org/privacy-Notice
  • Third party advertisers (such as Facebook or Google) – to help us identify customers similar to our audience or to serve adverts they deem relevant to you on third party websites. The information shared with these advertisers is pseudonymised to protect your personal data.
  • AKA – our media booking agency, only as anonymised data to understand bookers locations and booking habits
  • Other promotional partners – as anonymised data for their understanding audience demographics
  • We also outsource our IT. We have several partners for this; none of them have routine access to your data but may be able to see it occasionally if they need to in order to fix a problem or make an update. We always have control of this access and have strict contractual provisions to make sure they don’t abuse it.

If legally required

In some circumstances we may be legally required to pass on your data. For example, if there is a health and safety incident in our venue and you are involved, we will pass your data on to the Health and Safety Executive (a government agency) or to the relevant local authority. What they then do with your data is governed by the law. They may also contact you directly. We will always try to make sure that you know when your data is passed on in this way. In this specific circumstance we may collect health information about you where it is strictly relevant, and this may be done without your consent if you are not able to consent at the time. We will only do this in order to comply with the law and to protect your vital interests.

The police and other government agencies may also request your data. We will pass it to them once they show us proof that their request is legal. We may not be able or allowed to tell you if this happens.

If you make a complaint

If you make a complaint or if we think it’s necessary for any other reason, we may depending on the issue pass your data on to our insurers. We will only pass them the data that they need; we have a clear agreement with them that they will only use the data to assess any claim that we may make in connection with the issue. 

How we look after your data

We take the security of your data very seriously. We’ve made significant investments in IT systems and training to make sure it stays safe. We have strict contracts with anyone we share it with to ensure that do the same. It will always be stored and processed inside the EEA, where the General Data Protection Regulation gives you strong legal protection for your data privacy rights. We will always obey both the letter and the spirit of the data protection laws that apply to us.

We keep clear records of what data we have and what we do with it, and make sure that we always consider what impact our processing will have on you. We also continually assess the risks to you from possible data breaches, and do everything we can to prevent them.

How long we keep your data

We won’t keep your data for ever. If you haven’t interacted with us for three years – which means buying a ticket, opening an email, contacting us or visiting our website – we’ll anonymise your data so that it’s no longer connected to you in any way. We will keep the anonymised data indefinitely to help us understand our business and our audience.

Your rights

You have the right to see a copy of all the data we hold about you.

You have the right to ask us to delete what we have or stop processing it. However, we may not be able to do so immediately if the data is required for us to fulfil an obligation to you – like letting you in to an event for which you’ve purchased tickets; if we are legally required to keep it; or if we believe we need to keep it for contractual or insurance purposes. We will always tell you what we are doing and why. 

You have the right to ask us to correct your data – and if what we hold about you is wrong, we’d really appreciate it if you told us – but we will in some circumstances need to check that what you’re telling us is accurate, and may require proof, in order to protect you – and us – from fraud.

To exercise any of these rights, please contact us using the details at the top of this Notice.

You also have the right to complain to the Information Commissioner’s Office – the government agency that handles data protection in the UK. You can reach them at their website: https://ico.org.uk/global/contact-us/ 

International Transfers 

We do not routinely transfer your data outside of the EU. Some of the third parties we use may transfer your data outside of the EU. Where they do we make sure that we have the correct standard contractual clauses (SSCs) in place with them to safeguard these transfers

Automated decision making

We do not undertake any automated decision making

Notice information

This Notice was last updated August 2022. We may update it at any time in order to improve our customer experience or to comply with changes in the law.

This Notice is ©2022 Lightroom KX Limited