Privacy Policy
Your privacy matters to us. This policy explains how we handle your personal information.
Last updated: 10 November 2025
Quick Summary
Theatre 62 is a community theatre in West Wickham, south-east London. We collect basic information (name, email, membership details) to provide you with membership benefits, including discounted tickets. We never sell your data, and you can access, update, or delete your information anytime.
1. Who We Are
Theatre 62 (trading name of Wickham Theatre Trust) is a registered charity and community theatre organisation based in West Wickham, south-east London. We are the data controller for the personal information we collect and process.
Legal Name: Wickham Theatre Trust
Trading As: Theatre 62
Registered Charity Number: 1066582
Address: Wickham Theatre Centre, Corkscrew Hill, West Wickham, BR4 9BA
Website: theatre62.org
Privacy Contact: admin@theatre62.org
2. What Personal Data We Collect
We collect different types of information depending on how you interact with us:
When You Create a Member Account
- Email address (required) - For login and account communications
- First and last name (required) - To personalise your account
- Password (required) - Stored securely using encryption (we cannot see your password)
- Phone number (optional) - For booking confirmations if you choose to provide it
Membership Information
- Membership status - Whether your membership is pending, active, expired, or cancelled
- Discount code - Your unique code for Β£10 member ticket rates
- Join date and renewal date - To track your membership period
- Email preferences - Which types of emails you want to receive (renewal reminders, show announcements, newsletter)
Payment Information (When You Purchase Membership)
- Stripe customer ID - A reference number from our payment processor
- Payment method details - Stored securely by Stripe (we do not store your full card number)
- Transaction history - Dates and amounts of membership payments
Booking Information (When You Book Tickets)
- Show titles and dates - Which performances you've attended
- Ticket quantities - How many tickets you purchased
- Booking dates - When you made your reservations
Technical Information
- Authentication cookies - Small files that keep you logged in (see our Cookie Policy)
- IP address - May be logged by our server for security purposes
3. Why We Collect Your Data (Lawful Basis)
Under UK GDPR, we must have a valid legal reason ("lawful basis") for processing your personal data. Here's why we process your information:
π Performance of Contract
We need certain information to provide you with membership services - this is essential to our contract with you.
- Creating and managing your member account
- Providing your discount code and member benefits
- Processing membership payments
- Managing ticket bookings and reservations
β Your Consent
For marketing communications, we only send emails if you've opted in. You can withdraw consent anytime.
- Show announcements and new production emails (if you opted in)
- Monthly newsletter (if you opted in)
- Phone contact for bookings (if you provided your number)
βοΈ Legitimate Interests
Some processing is necessary for our legitimate business interests, while respecting your privacy rights.
- Renewal reminder emails (to help you maintain your membership benefits)
- Internal admin notes (for providing consistent member support)
- Security monitoring (to protect your account from unauthorised access)
4. How We Use Your Data
We use your personal information to:
- Manage your membership - Create your account, assign your discount code, track your membership status
- Process payments - Handle annual membership fees (Β£15/year) via Stripe
- Send service emails - Password resets, payment confirmations, renewal reminders
- Send marketing emails - Only if you opted in: show announcements, newsletters
- Improve our service - Understand member needs and enhance the booking experience
- Comply with legal obligations - Maintain financial records as required by law
We Will Never:
- Sell your personal data to third parties
- Use your data for automated decision-making or profiling
- Send you marketing emails unless you've opted in
- Share your data except as described in this policy
5. Who We Share Your Data With
We only share your data with trusted third-party services that help us operate our website and membership system:
ποΈ MongoDB Atlas (Database Hosting)
Stores all member data securely in cloud database.
Location: May be hosted outside the UK
Safeguards: MongoDB's Data Processing Agreement and security measures
Purpose: Secure data storage and retrieval
π Vercel (Website Hosting)
Hosts our website frontend (theatre62.org).
Location: Global CDN, may include US servers
Safeguards: Vercel's Data Processing Agreement
Purpose: Deliver website content and handle page requests
π₯οΈ Hostinger (CMS Hosting)
Hosts our content management system (cms.theatre62.org).
Location: VPS server location varies
Safeguards: Hostinger's hosting agreement and security
Purpose: Run our membership management system
π³ Stripe (Payment Processing)
Processes membership payments securely.
Location: US-based, complies with EU-US Data Privacy Framework
Safeguards: Stripe's Data Processing Agreement and PCI DSS compliance
Purpose: Secure payment processing and subscription management
Note: Stripe stores your payment details - we never see your full card
number
ποΈ TicketSource (Ticket Booking)
Handles ticket sales and bookings for our shows.
Location: UK-based
Safeguards: TicketSource's terms and privacy policy
Purpose: Process ticket bookings and send booking confirmations
Note: When you book tickets, TicketSource will handle your payment separately
π§ Email Service Provider
Sends membership emails (renewal reminders, show announcements, newsletters).
Location: To be confirmed when selected
Safeguards: Will be covered by Data Processing Agreement
Purpose: Deliver email communications you've consented to
6. International Data Transfers
Some of our third-party providers (MongoDB Atlas, Vercel, Stripe) may store or process your data outside the UK. When this happens, we ensure appropriate safeguards are in place:
- Data Processing Agreements with all third-party processors
- Compliance with UK GDPR transfer requirements
- Use of providers that participate in recognised data protection frameworks (e.g., EU-US Data Privacy Framework)
- Encryption in transit and at rest
7. How Long We Keep Your Data
We only keep your personal data for as long as necessary. Here are our retention periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Active membership data | Duration of membership | To provide membership services |
| Expired memberships (not renewed) | 2 years after expiry | Allow for re-activation and renewal marketing |
| Cancelled memberships | 1 year after cancellation | Prevent duplicate accounts, handle queries |
| Payment and booking history | 6 years from transaction | UK legal requirement for financial records |
| Email marketing data (after unsubscribe) | Deleted immediately | Respect withdrawal of consent |
| Deleted accounts (by user request) | 30 days grace period, then permanent deletion | Allow time to cancel deletion request |
After these periods, we will either delete your data or anonymise it (remove all personal identifiers) so it can no longer be linked to you.
8. Your Privacy Rights
Under UK GDPR, you have important rights over your personal data:
π Right to Access
You can request a copy of all the personal data we hold about you.
How to exercise: Log in to your member dashboard and click "Download My Data" (coming soon), or email us at admin@theatre62.org
βοΈ Right to Rectification
You can update inaccurate or incomplete personal data.
How to exercise: Log in to your member dashboard and update your profile, or contact us
ποΈ Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data in certain circumstances.
How to exercise: Log in and go to Account Settings β Delete Account (coming
soon), or email us
Note: Some data may need to be retained for legal compliance (e.g., financial
records for 6 years)
π« Right to Object
You can object to processing based on legitimate interests, including marketing.
How to exercise: Update your email preferences in your dashboard, click "unsubscribe" in any email, or contact us
βΈοΈ Right to Restriction
You can request we stop processing your data while we resolve a dispute about accuracy or lawfulness.
How to exercise: Contact us at admin@theatre62.org
π¦ Right to Data Portability
You can receive your data in a portable format (JSON) and transfer it to another service.
How to exercise: Use the "Download My Data" button in your dashboard (coming soon)
β Right to Withdraw Consent
You can withdraw consent for marketing emails anytime without affecting your membership.
How to exercise: Update preferences in your dashboard, click "unsubscribe" in emails, or contact us
To Exercise Your Rights:
Email us at admin@theatre62.org with your request. We'll respond within one month (or let you know if we need longer).
We may ask you to verify your identity before processing your request to protect your privacy.
9. How We Protect Your Data
We take security seriously and have implemented technical and organisational measures to protect your personal data:
π Technical Security
- HTTPS encryption (SSL/TLS) for all data in transit
- Password hashing (bcrypt) - we cannot see your password
- HTTP-only cookies (prevents XSS attacks)
- CSRF protection tokens
- Encryption at rest (MongoDB Atlas)
- Regular security updates and patches
π₯ Organisational Security
- Access controls - only authorised committee members can access data
- Data minimization - we only collect what we need
- Staff training on data protection
- Data Processing Agreements with third parties
- Regular backups with secure storage
- Incident response procedures
Data Breach Notification
If we experience a data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay, as required by UK GDPR. We will also report the breach to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it.
10. Cookies
Our website uses cookies (small text files stored on your device) to keep you logged in to your member account. These are essential cookies required for the website to function - we don't use tracking or advertising cookies.
For detailed information about the cookies we use, please see our Cookie Policy.
11. Children's Privacy
Our membership service is intended for individuals aged 13 and over. We do not knowingly collect personal data from children under 13 without parental consent. If you believe we have inadvertently collected data from a child under 13, please contact us immediately so we can delete it.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make significant changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you by email if you're a registered member
- Display a notice on the website for 30 days
We encourage you to review this policy periodically to stay informed about how we protect your data.
13. How to Complain
If you're unhappy with how we've handled your personal data, please contact us first at admin@theatre62.org so we can try to resolve the issue.
You also have the right to lodge a complaint with the UK's data protection authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/make-a-complaint
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please get in touch:
Theatre 62 Privacy Contact
Email: admin@theatre62.org
Website: theatre62.org
We aim to respond to all privacy-related queries within 5 working days.
Last updated: 10 November 2025
This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.