Fair Processing Notice
The Princess Royal Centre for Performing Arts (www.prcpa.gg) provides this site to facilitate ticket purchases for events or productions held in its venues, including the main theatre, the Kerry Luscombe Studio Theatre and the Foyer area.
This notice explains how we collect, use, store, and protect your personal data when you engage with us, including purchasing tickets online. To be able to purchase tickets through the website an email address is required so that the ticket purchase can be confirmed for the user. A user account is not needed to purchase tickets but, if desired by the purchaser, this can be set up so that they can access their tickets online and within the PRCPA phone application.
The Committee for Education, Sport & Culture (ES&C) is the registered Controller for the PRCPA. The Committee's mandate is to encourage human development by maximising opportunities for participation and excellence through education, learning, sport and culture at every stage of life.
1. The Data Protection Law
The Controller acknowledges its obligations as per the Data Protection (Bailiwick of Guernsey) Law, 2017 which provides a number of requirements in terms of processing activities involving personal data. The Controller further acknowledges the general principles of processing as well as the rights of a data subject and more information in relation to these provisions are provided within this fair processing notice or by visiting www.gov.gg/dp.
2. The Principles of Processing
Lawfulness, fairness and transparency
Personal data must be processed lawfully, fairly and in a transparent manner.
To process ticket purchases, the Controller will collect and use the following personal data:
• Your name for identification and verification
• Date(s) of birth, where relevant, for account setup or specific services
• Contact details, such as email address and phone number, to confirm purchases and notify you of any changes affecting your booking.
• Billing information, including your billing address and associated payment data to process transactions securely.
To process ticket purchases, the Controller will collect and use the following personal data:
• Your name for identification and verification
• Date(s) of birth, where relevant, for account setup or specific services
• Contact details, such as email address and phone number, to confirm purchases and notify you of any changes affecting your booking.
• Billing information, including your billing address and associated payment data to process transactions securely.
The Controller processes your personal data based on Schedule 2, Condition 2:
The processing is necessary -
• for the conclusion or performance of a contract -
• to which the data subject is a party, or
• made between the controller and a third party in the interest of the data subject, or
• to take steps at the request of the data subject prior to entering into such a contract
The processing is necessary -
• for the conclusion or performance of a contract -
• to which the data subject is a party, or
• made between the controller and a third party in the interest of the data subject, or
• to take steps at the request of the data subject prior to entering into such a contract
The Controller also offers the option for you to opt-in to receive information about upcoming productions and events. Consent for marketing communications is entirely optional and can be withdrawn at any time.
The Controller will not collect or process “Special Category Data” (sensitive personal data, such as health information) for these purposes. Your data will not be used for any other purpose unless required by law.
The Controller will not collect or process “Special Category Data” (sensitive personal data, such as health information) for these purposes. Your data will not be used for any other purpose unless required by law.
• Purpose limitation
Personal data must not be collected except for a specific, explicit and legitimate purpose and, once collected, must not be further processed in a manner incompatible with the purpose for which it was collected.
The Controller acknowledges its responsibility with regards to this data protection principle and therefore the Controller maintains that it will not further process that personal data in a way which is incompatible to its original reason for processing as specified in section 2a unless the Controller is required to do so by law. The personal data will not be transferred to a recipient in an authorised or an unauthorised jurisdiction (as per the definition within data protection law).
The Controller acknowledges its responsibility with regards to this data protection principle and therefore the Controller maintains that it will not further process that personal data in a way which is incompatible to its original reason for processing as specified in section 2a unless the Controller is required to do so by law. The personal data will not be transferred to a recipient in an authorised or an unauthorised jurisdiction (as per the definition within data protection law).
• Minimisation
Personal data processed must be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed.
The Controller maintains that it will only process the personal data, which is detailed in section 2a and will not process any further personal data that is not necessary in relation to the original reason for processing personal data as specified in section 2a, unless the Controller is required to do so by law.
The Controller maintains that it will only process the personal data, which is detailed in section 2a and will not process any further personal data that is not necessary in relation to the original reason for processing personal data as specified in section 2a, unless the Controller is required to do so by law.
• Accuracy
Personal data processed must be accurate, kept up to date (where applicable) and reasonable steps must be taken to ensure that personal data that is inaccurate is erased or corrected without delay.
The Controller will ensure that all personal data that it holds is accurate and kept up-to-date, and any personal data that is inaccurate will be erased or corrected without delay.
The Controller will ensure that all personal data that it holds is accurate and kept up-to-date, and any personal data that is inaccurate will be erased or corrected without delay.
• Storage limitation
Personal data must not be kept in a form that permits identification of a data subject for any longer than is necessary for the purpose for which it is processed.
If you do not create an account, your data will only be used for the duration of your transaction. If you create an account, your data will be retained until you request its deletion to facilitate access to your tickets and past transactions.
If you do not create an account, your data will only be used for the duration of your transaction. If you create an account, your data will be retained until you request its deletion to facilitate access to your tickets and past transactions.
• Integrity and confidentiality
Personal data must be processed in a manner that ensures its appropriate security, including protecting it against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Controller maintains to process all personal data with appropriate levels of security. In order to prevent unauthorised or unlawful processing of the personal data, the Controller has put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information that is collected.
The Controller maintains to process all personal data with appropriate levels of security. In order to prevent unauthorised or unlawful processing of the personal data, the Controller has put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information that is collected.
Information Access – access to electronic or paper records is tightly controlled. Employees are vetted in a manner commensurate with the role that they are expected to undertake. Protocols are followed to ensure that employees only have access to areas and documents as required to undertake their role. Access is monitored and effectively managed.
Information Security – the Committee adopts the information security standards of the States of Guernsey
• Accountability
The Controller is responsible for, and must be able to demonstrate, compliance with the data protection principles.
The contact details of the Controller are as follows:
The Committee for Education, Sport and Culture Tel: 01481 733000 Email: educationsportandculture@gov.gg
The contact details for the Data Protection Officer of Education, Sport and Culture are as follows:
Data Protection Officer, the Committee for Education Sport and Culture Tel: 01481 220012 Email: data.protection@gov.gg