Your privacy matters to us. This Privacy Policy explains how The Albert Hall (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you interact with our websites, services, and activities.
This policy applies to all domains we operate, including:
- thealberthall.co.uk
- thealberthall.com
- thealberthall.org.uk
- llandrindod.uk
Regardless of which domain you use, the same privacy standards apply.
1. Data Controller
The Albert Hall is the Data Controller for all personal data processed through our websites and services.
Contact Details:
The Albert Hall
Ithon Road
Llandrindod Wells
Powys
LD1 6AS
Email: Webmaster@TheAlbertHall.co.uk
Phone: 0300 102 4255
We are not required to appoint a Data Protection Officer, but you may contact us using the details above for any privacy‑related queries.
2. Personal Data We Collect
We collect various categories of personal data, including but not limited to:
Information you provide directly
- Name
- Email address
- Postal address
- Phone number
- Payment information (processed securely by third‑party providers)
- Donation details
- Form submissions (e.g., event enquiries, volunteer forms, membership forms)
Information collected automatically
- IP address
- Browser type and version
- Device information
- Pages visited and interaction data
- Cookies and tracking identifiers (see Section 10)
Information from third‑party services
When you use external services integrated with our website (e.g., TicketSource), they may share necessary information with us such as booking details or donation confirmations.
3. How We Use Your Personal Data
We use your data for the following purposes:
| Purpose | Examples | Lawful Basis |
|---|---|---|
| To process ticket purchases | Booking confirmations, payment processing | Contract |
| To manage donations | Gift Aid, donor records | Legal obligation / Legitimate interests |
| To send newsletters | Updates, events, fundraising | Consent |
| To respond to enquiries | Contact forms, email requests | Legitimate interests |
| To manage volunteers or performers | Scheduling, communication | Contract / Legitimate interests |
| To improve our website | Analytics, troubleshooting | Legitimate interests |
| To comply with legal requirements | Financial records, safety obligations | Legal obligation |
We do not use your data for automated decision‑making or profiling.
4. Lawful Bases for Processing
We process your personal data under the following lawful bases:
Legitimate Interests – for administration, security, and service improvement (balanced against your rights)
Consent – for newsletters, marketing, and optional communications
Contract – when you purchase tickets or request services
Legal Obligation – for financial, tax, and regulatory compliance
5. Third‑Party Processors
We work with trusted third‑party providers to deliver our services:
- TicketSource – ticket sales
- Brevo – newsletters and email communications
- Zoho – invoicing and administration
- Jotform – online forms
- Zeffy – donor management and fundraising
Each provider acts as a Data Processor under UK GDPR. We work with third‑party service providers who act as Data Processors. Where required, we enter into Data Processing Agreements (DPAs) to ensure compliance with UK GDPR.
6. International Data Transfers
Some of our third‑party service providers may process personal data outside the UK, including in the EU or other countries. When this occurs, we rely on the safeguards provided by those service providers to ensure your data remains protected.
These safeguards may include:
- UK International Data Transfer Agreements (IDTAs)
- Standard Contractual Clauses (SCCs)
- Adequacy decisions issued by the UK government
- Other legally recognised transfer mechanisms
Where required, we ensure that appropriate contractual and organisational measures are in place to protect your personal data during international transfers. You may request further information about these safeguards by contacting us.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, accounting, or reporting requirements. Where specific retention periods are required by law (such as for financial or Gift Aid records), we follow those statutory periods. For all other types of data, retention is determined based on factors such as the nature of the information, the purpose for which it was collected, our operational needs, and any applicable regulatory obligations. Once data is no longer required, it is securely deleted or anonymised.
8. Sharing Your Information
We do not sell or rent your personal data. We only share your information:
With your explicit consent
With third‑party processors listed above
When legally required (e.g., HMRC, law enforcement)
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of Access – to request a copy of your personal data
- Right to Rectification – to correct inaccurate or incomplete information
- Right to Erasure – to request deletion of your data in certain circumstances
- Right to Restrict Processing – to limit how your data is used
- Right to Data Portability – to receive your data in a structured, machine‑readable format
- Right to Object – including to direct marketing
- Right to Withdraw Consent – where processing is based on consent
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection: https://ico.org.uk
If you contact one of our third‑party service providers directly, they may forward your request to us as the Data Controller so that we can respond.
10. Cookies and Tracking Technologies
We use cookies to improve your experience. These include:
- Essential cookies – required for site functionality
- Analytics cookies – help us understand usage
- Marketing cookies – used for personalised promotions
Non‑essential cookies are only activated with your consent. You can withdraw consent or change preferences at any time via your browser settings.
A full cookie policy is available separately.
11. Children’s Data
Our services are not directed at children under 16.
We do not knowingly collect children’s data without parental consent.
12. Data Security
We take the security of your personal data seriously. Access to personal data is limited to our trustees and authorised volunteers, all of whom are unpaid and act on behalf of The Albert Hall. They receive appropriate guidance on data protection and are required to handle personal data responsibly and in accordance with this Privacy Policy and UK GDPR. We use a combination of technical and organisational measures to protect your information from unauthorised access, loss, misuse, or disclosure. These measures include secure systems, access controls, encryption where appropriate, and regular review of our data‑handling practices.
13. Data Breach Procedure
If a data breach occurs that risks your rights or freedoms, we will:
- Notify the ICO within 72 hours
- Notify affected individuals without undue delay
14. External Links
Our website may contain links to external sites. We are not responsible for their content or privacy practices.
15. Updates to This Policy
We may review and update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any updates will be published on this page, and the “Last Updated” date will be amended accordingly. This page always displays the current version of the policy. We do not provide individual notifications or announcements about changes.
Last Updated: April 2026