At Belfast Waterfront and Ulster Hall Ltd (BWUH), we take your privacy seriously. It is important that you know what we do with the personal information you provide us, why we gather it and what it means to you.
This notice is being provided to you in line with our obligations under the General Data Protection Regulations (GDPR).
We only collect the information you give us. We collect it through a variety of channels.
You do not have to provide us with any personal data or private information about yourself to access our websites – waterfront.co.uk or ulsterhall.co.uk.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
As a data subject, individuals have a number of rights in relation to their personal data.
Individuals have the right to make a subject access request. This request should be sent to Alan Reilly, Data Protection Officer at [email protected]. If an individual makes a subject access request, the company will tell him/her:
The company will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.
If the individual wants additional copies, the company will charge a fee, which will be based on the administrative cost to the company of providing the additional copies.
In any event the individual has the right to complain directly to the Information Commissioners Office (ICO) - report a concern on the ICO website or call 0303 123 1113.
The company does not transfer data outside the EEA.
The company does not use sub-processors.
You will need to provide a valid email address in order to gain access to our WiFi network at the Waterfront Hall. We will only send you marketing information about events if you opt in to our marketing database at the time of registration. Your data will then be treated according to our marketing privacy notice and retention policy which is below.
You will need to provide a valid email address on our website if you wish to receive our events newsletter electronically. The information will be sent to you on a weekly basis until you unsubscribe from these services.
When you book tickets, personal information will be held on our secure booking system and used for operational purposes such as processing of bookings and orders in connection with our online ticketing facility and for postal fulfilment. To increase our security measures against the fraudulent use of credit and debit cards, we will also use your postal address to ensure the validity of the credit or debit card being used.
Credit and debit card information that you provide us for your booking is encrypted and cannot be accessed after the transaction by the organisation.
In the exceptional circumstance that an event is postponed or cancelled your contact information that you have provided us will be used to inform you of this change to the event. This is to ensure that patrons do not make an unnecessary journey to the event that may have been postponed or cancelled.
Your information will be kept on our secure booking system for 3 years from the date of your last booking. After such times your personal information will be deleted.
If you wish your information to be permanently deleted before that period of time you can do so by logging into your account on our website or by emailing the Box Office team at [email protected]; please note that we will be unable to contact you regarding any change or cancellation to a future performance you may have booked for if you choose to have your data deleted.
We use different methods to collect data from and about you including through:
We will only send information about events to you if you have agreed for us to do so. This request will allow us to keep you informed about events or related news and offers which we think will be of interest to you.
When purchasing tickets, you are given the opportunity to opt in to receiving news and information from BWUH by email and/or by post.
We may also use this information to process any transactions you undertake with us and for internal administration and analysis purposes, which may be carried out by a third party. Any third party which undertakes this work for us will not share your personal information with any other party – all personal information will remain confidential.
Please note that we operate a joint box office for the Waterfront Hall and Ulster Hall.
This means that once registered to receive information about entertainment events by email and/or direct mail, you will receive information about events taking place at the Waterfront Hall, Ulster Hall or both venues.
Email contact information will be held on our database for no longer than 3 years. You can unsubscribe from receiving information about our events at any time by following the ‘unsubscribe’ link of the bottom of any emails about events or related news and offers which you receive from BWUH Ltd.
If you would like to change the information you have given us, feel that what we currently have on record is incorrect or would like to be removed from our mailing lists, email [email protected].
In the case of a general enquiry or customer complaint that we receive, the personal information you supply will only be used to answer your query. Once the enquiry and complaint has been processed your data will be deleted.
Unless otherwise indicated your personal information is not disclosed to any third parties. We do not sell, rent or trade your personal information to third parties for marketing purposes without your consent. We will never share financial information with third parties. Under the Data Protection Act, we have a legal duty to protect any personal information which you may give us.
Our website may contain links to and from other websites. Please note that these websites may deal with privacy differently and we will have no liability or responsibility for the privacy practices or the content of any linked site. We do not necessarily support or endorse the services or business provided on any linked site. If you decide to access third party linked sites from our website, then you do so at your own risk and we have no right to intellectual property on those sites.
You have the right to get a copy of the information that is held about you by BWUH Ltd. This is known as a subject access request. This right of subject access means that you can make a request under the Data Protection Act to any organisation processing your personal data. However, it is important to remember that not all personal information is covered and there are ‘exemptions’ within the Act which may allow an organisation to refuse to comply with your subject access request in certain circumstances.
To make a subject access request to BWUH Ltd you must apply in writing. You can do so by emailing [email protected] or by post to; Data Protection Officer, BWUH Ltd, 2 Lanyon Place, Belfast, BT1 3WH.
In some cases, BWUH Ltd may need to ask for proof of identification before the request can be processed. BWUH Ltd will inform the individual if it needs to verify his/her identity and the documents it requires.
BWUH Ltd will normally respond to a request within a period of one month from the date it is received.
BWUH Ltd will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.
If the individual wants additional copies, BWUH Ltd may charge a fee, which will be based on the administrative cost to BWUH Ltd of providing the additional copies.
Recording Customer Details: How we use your information To support the Contact Tracing Service (which is operated by the Public Health Agency in Northern Ireland) Belfast Waterfront and Ulster Hall Ltd is required to collect and keep a record of all staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with the Contact Tracing Service we can help to identify people who may have been exposed to the Coronavirus.
As a customer/visitor of Belfast Waterfront and Ulster Hall Ltd you will be asked to provide some basic information and contact details. The following information will be collected:
• the name and telephone number of each visitor and attendee over the age of 16; and
• the date of their visit or attendance and the time of their arrival.
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information. The Contact Tracing Service has asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out during that period.
We will only share information with the Contact Tracing Service if it is specifically requested by them. For example, if another customer at the venue reported symptoms and subsequently tested positive, the Contact Tracing Service can request the log of customer details for a particular time period (e.g. this may be all customers who visited on a particular day or time-band, or over a two-day period).
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes (such as surveillance of an individual’s movements or marketing activities), and the Contact Tracing Service will not disclose this information to any third party unless required to do so by law (e.g. as a result of receiving a court order).
In addition, where the information is only collected for the purpose of contact tracing it will be destroyed by us 21 days after the date of your visit. However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, and phone number). Where this is the case, this information may continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to. Your information will always be stored and used in compliance with data protection legislation. The use of your information is covered by the General Data Protection Regulations Article 6 (1) (f) – legitimate interests of the venue/establishment. The legitimate interest in this case is the interest of the venue/establishment in cooperating with the Contact Tracing Service in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.
By law, you have a number of rights as a data subject, such as the right to access information held about you. If you are unhappy or wish to complain about how your information is used, you should contact: [email protected] in the first instance to resolve your issue. If you are still not satisfied, you can complain to the Information Commissioner's Office.
The Northern Ireland Executive has legislated in the Health Protection (Coronavirus, Restrictions)(No.4) Regulations (Northern Ireland) 2021 that it is in the public interest to permit only those persons who possess evidence of, inter alia, being fully vaccinated against COVID-19 to be present on the premises of BWUH Ltd to minimise as far as possible the risk of transmission of the virus which causes COVID-19.
The COVIDCert Check NI verifier app has been developed by the Department of Health (DoH), via DHCNI, to enable businesses to certify a member of the public’s Covid Status. BWUH Ltd will use it in the public interest to permit only those persons who possess evidence of, being fully vaccinated against COVID-19 to be present on BWUH Ltd premises to minimise as far as possible the risk of transmission of the virus which causes COVID-19.
This privacy notice has been drafted in line with UK GDPR. Although personal data is not being processed by the Department in relation to this app, this privacy notice has been drafted to ensure transparency and to maximise the public’s confidence in the app.
The NI Verifier app processes a citizen’s COVID Certification Service status to establish whether the citizen may or may not enter the Verifier’s premises. It is likely that in doing so a Verifier will process your data under UK GDPR:
• Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject.
• Article 6(1)(e) – your data is processed as part of our public task
• Article 9(2)(g) – the processing is necessary for reasons of substantial public interest.
• Article 9(2)(i) – the processing is necessary for reasons of public interest in the area of public health.
While BWUH Ltd will not have access to any special category data, special category data may be inferred by confirmation of Covid Certification- i.e. the Verifier will know that the person wishing to access their premises meets the relevant criteria and may be, for example, vaccinated. BWUH Ltd employees using the verifier app are aware of the importance of ensuring all personal data processed in the verification process is kept confidential.
The NI Verifier application reads 2D barcodes that store personal data and allows the verifier to read and display this information. However, this information gathered from the 2D barcode is never stored or transmitted on the NI Verifier app. App permissions are used to securely store keys that are used to verify that a 2D barcode has been signed by a trusted authority. These permissions are not used to store any data related to the Service user or app usage. The storage used does not hold any personal data.
While the NI Verifier app provides proof of the service user’s COVID-19 vaccination status, this version of the NI Verifier app provides no additional functions.
Department of Health COVIDCert Check NI ‘Verifier app’ Data Protection Impact Assessment