Privacy Policy

At Belfast Waterfront and Ulster Hall Ltd (BWUH), we take your privacy seriously. It is important that you know what we do with the personal information you provide us, why we gather it and what it means to you.

This notice is being provided to you in line with our obligations under the General Data Protection Regulations (GDPR).

When we collect your information

We only collect the information you give us. We collect it through a variety of channels.

You do not have to provide us with any personal data or private information about yourself to access our websites – or

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Name and contact details – this includes your name, title, billing address, delivery address, email address and telephone numbers.
  • Data of birth information
  • Payment information – this includes your bank account and/or payment card details. Purchase history – this includes details about tickets and services you have purchased from us. It may also include your vehicle details if you have purchased parking.
  • Profile information – this includes your username and password and your interests and preferences.
  • Linked account information – this includes your Facebook ID and Twitter handle if you link your accounts to us.
  • Marketing preferences – this includes your preferences in receiving marketing from us and your communication preferences.
  • Survey responses and competition entries Customer service history – this includes interactions with us over the phone, via the website or on social media.
  • Information about your device and how you use our websites and apps – this includes information you give us when you browse our websites or apps, including your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as how you use our websites and apps.
  • We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
  • Unless we have told you otherwise in a specific privacy notice, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). The only exception to this is where you have specific disability needs which we need to be aware of in order to make reasonable adjustments and be able to perform our contract with you and comply with our obligations pursuant to social protection and equality laws (for example, when you make a booking using an Access Card).

Your rights as an individual

As a data subject, individuals have a number of rights in relation to their personal data.

Individuals have the right to make a subject access request. This request should be sent to Alan Reilly, Data Protection Officer at [email protected]. If an individual makes a subject access request, the company will tell him/her:

  • whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual
  • to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers
  • for how long his/her personal data is stored (or how that period is decided)
  • his/her rights to rectification or erasure of data, or to restrict or object to processing
  • his/her right to complain to the Information Commissioner if he/she thinks the company has failed to comply with his/her data protection rights
  • whether or not the company carries out automated decision-making and the logic involved in any such decision-making

The company will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.

If the individual wants additional copies, the company will charge a fee, which will be based on the administrative cost to the company of providing the additional copies.

In any event the individual has the right to complain directly to the Information Commissioners Office (ICO) - report a concern on the ICO website or call 0303 123 1113.

International data transfer

The company does not transfer data outside the EEA.

Use of sub-processors

The company does not use sub-processors.

Wi-Fi access

You will need to provide a valid email address in order to gain access to our WiFi network at the Waterfront Hall. We will only send you marketing information about events if you opt in to our marketing database at the time of registration. Your data will then be treated according to our marketing privacy notice and retention policy which is below.

Website newsletter

You will need to provide a valid email address on our website if you wish to receive our events newsletter electronically. The information will be sent to you on a weekly basis until you unsubscribe from these services.

Booking tickets

When you book tickets, personal information will be held on our secure booking system and used for operational purposes such as processing of bookings and orders in connection with our online ticketing facility and for postal fulfilment. To increase our security measures against the fraudulent use of credit and debit cards, we will also use your postal address to ensure the validity of the credit or debit card being used.

Credit and debit card information that you provide us for your booking is encrypted and cannot be accessed after the transaction by the organisation.

In the exceptional circumstance that an event is postponed or cancelled your contact information that you have provided us will be used to inform you of this change to the event. This is to ensure that patrons do not make an unnecessary journey to the event that may have been postponed or cancelled.

Your information will be kept on our secure booking system for 3 years from the date of your last booking. After such times your personal information will be deleted.

If you wish your information to be permanently deleted before that period of time you can do so by logging into your account on our website or by emailing the Box Office team at [email protected]; please note that we will be unable to contact you regarding any change or cancellation to a future performance you may have booked for if you choose to have your data deleted.


We collect personal data from and about you when you do things like purchase products and services from us, create an account, use our Wi-Fi, sign up to our newsletters and mailing lists or enter our competitions. We also use cookies to understand your browsing behaviour on our website to enable us to improve your experience on this and future visits.

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your name and contact details and payment information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: purchase tickets, parking or other products or services from us; create an account on our websites or apps; subscribe to our mailing lists or newsletters; request marketing to be sent to you; take part in a competition, promotion or survey; or give us some feedback.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect information about your device and how you use our websites and apps. We collect this personal data by using cookies, server logs and other similar technologies. For more information on cookies, please see our Cookie Policy.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources such as information about your device and how you use our websites and apps from analytics providers such as Google based outside the EU. Name and contact details, payment information and purchase history from providers of technical, payment and delivery services.

We will only send information about events to you if you have agreed for us to do so. This request will allow us to keep you informed about events or related news and offers which we think will be of interest to you.

When purchasing tickets, you are given the opportunity to opt in to receiving news and information from BWUH by email and/or by post.

We may also use this information to process any transactions you undertake with us and for internal administration and analysis purposes, which may be carried out by a third party. Any third party which undertakes this work for us will not share your personal information with any other party – all personal information will remain confidential.

Please note that we operate a joint box office for the Waterfront Hall and Ulster Hall.

This means that once registered to receive information about entertainment events by email and/or direct mail, you will receive information about events taking place at the Waterfront Hall, Ulster Hall or both venues.

Email contact information will be held on our database for no longer than 3 years. You can unsubscribe from receiving information about our events at any time by following the ‘unsubscribe’ link of the bottom of any emails about events or related news and offers which you receive from BWUH Ltd.

If you would like to change the information you have given us, feel that what we currently have on record is incorrect or would like to be removed from our mailing lists, email [email protected].

Customer complaints and enquires

In the case of a general enquiry or customer complaint that we receive, the personal information you supply will only be used to answer your query. Once the enquiry and complaint has been processed your data will be deleted.

Third party information

Unless otherwise indicated your personal information is not disclosed to any third parties. We do not sell, rent or trade your personal information to third parties for marketing purposes without your consent. We will never share financial information with third parties. Under the Data Protection Act, we have a legal duty to protect any personal information which you may give us.


We use cookies on the Waterfront Hall and Ulster Hall websites. Find out more information about cookies on our website.

External links

Our website may contain links to and from other websites. Please note that these websites may deal with privacy differently and we will have no liability or responsibility for the privacy practices or the content of any linked site. We do not necessarily support or endorse the services or business provided on any linked site. If you decide to access third party linked sites from our website, then you do so at your own risk and we have no right to intellectual property on those sites.

Subject access requests

You have the right to get a copy of the information that is held about you by BWUH Ltd. This is known as a subject access request. This right of subject access means that you can make a request under the Data Protection Act to any organisation processing your personal data. However, it is important to remember that not all personal information is covered and there are ‘exemptions’ within the Act which may allow an organisation to refuse to comply with your subject access request in certain circumstances.

To make a subject access request to BWUH Ltd you must apply in writing. You can do so by emailing [email protected] or by post to; Data Protection Officer, BWUH Ltd, 2 Lanyon Place, Belfast, BT1 3WH.

In some cases, BWUH Ltd may need to ask for proof of identification before the request can be processed. BWUH Ltd will inform the individual if it needs to verify his/her identity and the documents it requires.

BWUH Ltd will normally respond to a request within a period of one month from the date it is received.

BWUH Ltd will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.

If the individual wants additional copies, BWUH Ltd may charge a fee, which will be based on the administrative cost to BWUH Ltd of providing the additional copies.

Contact Tracing Notice

Recording Customer Details: How we use your information To support the Contact Tracing Service (which is operated by the Public Health Agency in Northern Ireland) Belfast Waterfront and Ulster Hall Ltd is required to collect and keep a record of all staff, customers and visitors who come onto our premises for the purpose of contact tracing.

By maintaining records of staff, customers and visitors, and sharing these with the Contact Tracing Service we can help to identify people who may have been exposed to the Coronavirus.

As a customer/visitor of Belfast Waterfront and Ulster Hall Ltd you will be asked to provide some basic information and contact details. The following information will be collected:
• the name and telephone number of each visitor and attendee over the age of 16; and
• the date of their visit or attendance and the time of their arrival.

In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information. The Contact Tracing Service has asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out during that period.

We will only share information with the Contact Tracing Service if it is specifically requested by them. For example, if another customer at the venue reported symptoms and subsequently tested positive, the Contact Tracing Service can request the log of customer details for a particular time period (e.g. this may be all customers who visited on a particular day or time-band, or over a two-day period).

Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes (such as surveillance of an individual’s movements or marketing activities), and the Contact Tracing Service will not disclose this information to any third party unless required to do so by law (e.g. as a result of receiving a court order).

In addition, where the information is only collected for the purpose of contact tracing it will be destroyed by us 21 days after the date of your visit. However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, and phone number). Where this is the case, this information may continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to. Your information will always be stored and used in compliance with data protection legislation. The use of your information is covered by the General Data Protection Regulations Article 6 (1) (f) – legitimate interests of the venue/establishment. The legitimate interest in this case is the interest of the venue/establishment in cooperating with the Contact Tracing Service in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.

By law, you have a number of rights as a data subject, such as the right to access information held about you. If you are unhappy or wish to complain about how your information is used, you should contact: [email protected] in the first instance to resolve your issue. If you are still not satisfied, you can complain to the Information Commissioner's Office.

COVIDCert Check NI ‘Verifier app’

The Northern Ireland Executive has legislated in the Health Protection (Coronavirus, Restrictions)(No.4) Regulations (Northern Ireland) 2021 that it is in the public interest to permit only those persons who possess evidence of, inter alia, being fully vaccinated against COVID-19 to be present on the premises of BWUH Ltd to minimise as far as possible the risk of transmission of the virus which causes COVID-19.

The COVIDCert Check NI verifier app has been developed by the Department of Health (DoH), via DHCNI, to enable businesses to certify a member of the public’s Covid Status. BWUH Ltd will use it in the public interest to permit only those persons who possess evidence of, being fully vaccinated against COVID-19 to be present on BWUH Ltd premises to minimise as far as possible the risk of transmission of the virus which causes COVID-19.

This privacy notice has been drafted in line with UK GDPR. Although personal data is not being processed by the Department in relation to this app, this privacy notice has been drafted to ensure transparency and to maximise the public’s confidence in the app.

The NI Verifier app processes a citizen’s COVID Certification Service status to establish whether the citizen may or may not enter the Verifier’s premises. It is likely that in doing so a Verifier will process your data under UK GDPR:
• Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject.
• Article 6(1)(e) – your data is processed as part of our public task
• Article 9(2)(g) – the processing is necessary for reasons of substantial public interest.
• Article 9(2)(i) – the processing is necessary for reasons of public interest in the area of public health.

While BWUH Ltd will not have access to any special category data, special category data may be inferred by confirmation of Covid Certification- i.e. the Verifier will know that the person wishing to access their premises meets the relevant criteria and may be, for example, vaccinated. BWUH Ltd employees using the verifier app are aware of the importance of ensuring all personal data processed in the verification process is kept confidential.

The NI Verifier application reads 2D barcodes that store personal data and allows the verifier to read and display this information. However, this information gathered from the 2D barcode is never stored or transmitted on the NI Verifier app. App permissions are used to securely store keys that are used to verify that a 2D barcode has been signed by a trusted authority. These permissions are not used to store any data related to the Service user or app usage. The storage used does not hold any personal data.

While the NI Verifier app provides proof of the service user’s COVID-19 vaccination status, this version of the NI Verifier app provides no additional functions.

Related information

Department of Health COVIDCert Check NI ‘Verifier app’ Data Protection Impact Assessment