Privacy Policy

A. The purpose of this policy
B. Why do we process your data?
C. What personal data do we collect and process?
D. How do we use your data?
E. Your rights in relation to your data
F. Security
G. Web browsing and cookies
H. Links to other websites
I. Data Protection Principles

A. The purpose of this policy

Total Insight Theatre is committed to protecting the private personal data of staff, volunteers and service users.

This policy applies to all staff, volunteers, children and young people and anyone involved in Total Insight Theatre’s activities and sets out how we process personal data (that is, information by which an individual can be identified) collected by us in the course of our lawful activities, in accordance with the Data Protection Act 2018, the General Data Protection Regulation and any subsequent or relevant legislation, regulations or guidance in force from time to time (‘Data Protections laws’). This policy has been put in place to protect your rights under the Data Protection laws, and it is important that you understand what we will do with your data and are happy with this. If you want to discuss any matter relating to how your data is used, please contact:

Data Protection Officer
Name: Adam Tulloch 

We may be required in certain instances to ask that your request for information be submitted in writing.

References to the processing of information includes the collection, use, storage and protection of data. Total Insight Theatre is the ‘data controller’ for the purposes of this policy, except where otherwise stated, and the policy extends those working for us and on our behalf and, to the extent set out below, anyone else processing data on our behalf from time to time as a ‘data processor’.

Safeguarding and child protection are our priorities, and this extends to how we process children’s personal data. Children of any age have the same rights over the data processed about them as adults, although their ability to understand and to exercise these rights may vary depending on their age and capacity. We therefore ask those legally responsible for the children to whom we provide services to understand that our obligations are to each of those children separately as individual data subjects and to work with us accordingly. Should there be safeguarding concerns, we may be obliged to disclose data to the relevant authorities even without consent. References in this policy to ‘you’ or ‘your data’ includes reference to children’s data, as the context allows.

B. Why do we process your data?

Organisations are permitted to process data if they have a legal basis for doing so. Total Insight Theatre processes data on the basis that:

  • Express and informed consent has been given by the person whose data is being processed; and/or
  • Total Insight Theatre has a legitimate interest in processing the data; and/or
  • It is necessary in relation to or in anticipation of a contract, agreement or ongoing arrangement for the provision of services which someone has entered into with Total Insight Theatre or because someone has asked for something to be done so they can enter into a contract, agreement or arrangement with us; and/or
  • There is a legal obligation on Total Insight Theatre to process data.

If and to the extent that Total Insight Theatre is relying on solely consent as the basis for processing data, we are required to obtain your explicit consent and you can modify or withdraw this consent at any time by notifying us in writing, although this may affect the extent to which we are able to provide services to or interact with you in future.

Where consent is sought in relation to a child under the age of 16 years of age, we will ask that someone legally responsible for them provides such consent. Where we (in the capacity of a data processor) receive such data from another data controller, such as a school, we do so in reliance on the express or implied assurance that it is being shared with us lawfully and with all due authority.

We may change this policy from time to time and any such changes will be published on our website. Notwithstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.

This policy was reviewed in September 2020.

C. What personal data do we collect and process?

We process the data necessary for Total Insight Theatre to fulfil its charitable objects, providing arts and cultural opportunities for children and young people, particularly those experiencing disadvantage, together with fundraising and marketing, running events, keeping our service users and supporters informed of our activities, and the effective running of the organisation as an operational and fundraising charity through those working for and with us, our trustees and volunteers. Data collected and processed may include, but not be limited to:

  • Names and contact information such as telephone numbers, email and postal addresses of staff, volunteers, services users, supporters or others with whom we have contact
  • Information necessary for the employment of staff or the engagement of volunteers, including that necessary to pay salaries or fees and also all necessary information relating to our obligations for the safeguarding, welfare and protection of children, such as references and Disclosure and Barring Service checks
  • Details relating to service users, including those of a sensitive nature
  • Donor and volunteer records and preferences, including, where necessary, bank or payment details and details of tax status in order to process payments and claim Gift Aid
  • Such other information that is relevant and necessary for us to carry out our activities, charitable purposes and legal obligations.

Such data may be collected, for example, when you provide it through our website or otherwise when making a donation, submitting an enquiry, participating in our activities, subscribing for a service, when you request assistance, when you tell us about yourself if you apply to work for or with us or when you otherwise provide us with personal data in some other way.

When fundraising, Total Insight Theatre may undertake research to explore shared interests with potential supporters. We will not use third-party profiling companies but may use profiling and screening techniques ourselves to analyse any personal data and create a profile of individuals’ or business’ interests and preferences. We may also make use of additional information about individuals including where they live or where their business is based, age and similar demographics, and any publicly-available information (for example through LinkedIn, Companies House, Charity Commission).

D. How do we use your data?

We process your personal data as described above, and in particular for the following purposes:

  • For internal record keeping, invoicing, communication and administration
  • To carry out the services provided to service users whilst ensuring the safeguarding, welfare and protection of children to whom we owe a duty of care
  • To engage, direct and oversee the work of staff and volunteers providing services to service users
  • To work with external partners and their staff with whom we liaise to provide our services
  • To comply with any legal obligations and to protect parties’ interests in cases of dispute
  • To let you know about our activities, events and campaigns or related matters which we think may be of interest to you.

If you or someone acting on your behalf provides information about another person, such as a service user, you warrant that you have the legal authority to share such data with us and have informed such person(s) (or in the case of someone under the age of 16, a person legally responsible for them) that their data is being shared with us and about our Privacy Policy.

Data processed will be retained only for as long as the purpose for which it was collected continues and for as long as is reasonable and permissible in law. Accordingly, the periods for which we retain data will vary depending on the purposes for which it was collected and relevant statutory or other requirements.

In addition to those circumstances mentioned above, we will only share data with trusted third parties (including those outside the European Economic Area) to the extent and where necessary for us to provide services to service users and support our activities through fundraising and promoting our work (such as online platforms for secure data storage or for email communications), to process payments (including through online payments platforms) and only once we are satisfied that any such use of data will accord with our privacy policy. We will never sell your personal information and will not share it without your explicit consent, except as stated above.

E. Your rights in relation to your data

You, as the data subject, may request deletion of your data at any time in writing, subject to any overriding legal requirement for its retention, such as the need, where appropriate, to comply with legal or safeguarding obligations or the requirements of regulatory authorities such as Her Majesty’s Revenue and Customs, or to prevent the commission of or to assist in the investigation of an actual or suspected criminal offence. We may keep certain data on a ‘suppression list’ so we know, if requested, not to contact you or process your data in future until further notice.

You may request details of personal information which we hold about you. Those legally responsible for a child may request such details about the child. Any such request must be submitted in writing and we reserve the right to seek verification of the identity of persons making such requests before we respond. A small fee may be payable if an information request is particularly onerous.

You may choose to restrict the collection or use of your personal information, but this may impact or limit the way in which we are able to interact with you. You may, at any time, change your mind about what information we hold about you, or if we continue to hold it at all, subject to any legal obligation on us to retain data, and as stated above.

You are responsible for the accuracy of data you have provided to Total Insight Theatre. If you believe that any information we are holding on you is incorrect or incomplete, please write to us as soon as possible. We will promptly correct any information found to be incorrect.

Where your data has been supplied to us by another party, such as a school, meaning that Total Insight Theatre is processing it on behalf of that other party and is acting as a data processor, please note that in order to exercise your rights over your data you should submit any request relating to it to the party that supplied the data to us.

In the unlikely event that there is any kind of a breach of our duties and obligations under this policy or the Data Protections laws, we will take immediate steps to isolate and rectify the problem.  Should the breach be serious one (where there is a risk of, for example, discrimination, damage to reputation, financial loss or loss of confidential information) we have a duty to report that matter to the individuals affected and to the Office of the Information Commissioner.  

You can obtain further information about Data Protection and privacy laws and your rights by visiting the Information Commissioner’s website at:

F. Security

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the data we process. Persons processing data on behalf of Total Insight Theatre do so in accordance with this policy and on the basis that we is satisfied that they can and will adhere to our high standards for data protection and security.

The transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. Please note that, unless encrypted, email messages sent via the internet may not be secure and could be intercepted and read by someone else. Please bear this in mind when deciding whether to include personal or sensitive information in any email messages you send to us.

G. Web browsing and Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. 

We may use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. 

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. 

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

We may also collect and store information about your browsing device, including, where available, your IP address, operating system and browser type, together with certain anonymous statistical data about your browsing activities and patterns which does not contain any personal data.

H. Links to other website

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.

I. Data protection principles

Anyone processing personal data must comply with the six data protection principles set out in the GDPR, which state that personal data should be: 

  • processed fairly, lawfully and transparently
  • collected for specified, explicit and legitimate purposes and not further processed in a way which is incompatible with those purposes
  • adequate, relevant and limited to what is necessary for the purpose for which it is held
  • accurate and, where necessary, kept up to date
  • not kept longer than necessary
  • processed in a manner that ensures appropriate security of the personal data.