Privacy Policy
Theatr Hafren (“we,” “our,” “us”) is committed to protecting the privacy, confidentiality, and security of the personal data of our users and visitors. This Privacy Policy outlines how we collect, use, store, and protect your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA), as amended. We are committed to a privacy-first approach and strive to maintain transparency in the handling of your personal information.
1. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of our website, https://theatrhafren.com, as well as to individuals who communicate with us through various channels including email, phone, and in-person interactions. Theatr Hafren acts as the data controller with respect to personal data collected through our website or other means. Any third parties processing your data on our behalf will do so under strict contractual and legal obligations.
2. Categories of Data Processed
We process the following categories of personal data depending on your interactions with us:
a. Usage Data:
Includes information such as your IP address, browser type and version, geographic location, referral source, length of visit, page views, and navigation paths when you visit theatrhafren.com.
b. Account Data:
Includes your full name, mailing address, email address, and telephone number when you create an account or register with us.
c. Profile Data:
Includes data related to your preferences, booking history, attendance behavior, and customer journey interactions.
d. Communication Data:
Includes records of communications such as inquiries, support tickets, feedback, emails, chat transcripts, and other contact history with us.
e. Technical Data:
Includes device identifiers, operating system, Internet or other electronic network activity information, browser plug-in types and versions, and system configurations.
f. Transaction Data:
Includes details of purchases or bookings you make via our website or box office, including payment method, date of purchase, delivery preferences, and billing address. Payment information is handled securely through PCI-compliant third-party processors and is not stored on our servers.
g. Preference Data:
Includes marketing and communications preferences, newsletter subscription status, product and content interests, and consents related to data usage.
3. Legal Bases for Processing
We rely upon the following legal bases to process your personal data:
– Consent: For sending marketing communications, collecting preference data, and certain cookies.
– Contractual Necessity: To fulfill your bookings, ticket purchases, and other transactions.
– Legitimate Interests: For analytics, website functionality, improvement of services, and fraud prevention.
– Legal Obligation: Where processing is necessary to comply with applicable laws and regulations.
4. Your Rights Under GDPR and CCPA
You have the following rights with regard to your personal data:
– Right of Access: Request confirmation of whether we process your data and obtain a copy.
– Right to Rectification: Request correction of incomplete or inaccurate personal data.
– Right to Erasure: Request deletion of your personal data, subject to permissible exceptions.
– Right to Restriction: Request limitation of processing under certain circumstances.
– Right to Data Portability: Obtain your data in a structured, commonly used, and machine-readable format.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right to Opt-Out of Sale (CCPA): We do not sell your personal information; however, you may contact us to confirm.
– Right Against Discrimination (CCPA): You will not be discriminated against for exercising your privacy rights.
To exercise any of these rights, please contact us at [email protected].
5. Security Measures
We implement appropriate technical and organizational measures to ensure the integrity and confidentiality of your personal data, including but not limited to:
– Secure socket layer (SSL) encryption for website data transmissions.
– Access control policies restricting internal access to personal data.
– Routine data backups and disaster recovery protocols.
– Ongoing staff training in data protection and privacy compliance.
6. International Transfers
Your personal data may be transferred to, stored in or accessed from countries outside of your jurisdiction, including countries not recognized as having adequate data protection laws. In such cases, we rely on standard contractual clauses or other lawful transfer mechanisms recognized under GDPR and CCPA to ensure continued protection.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the outlined purposes, comply with legal obligations, or resolve disputes. Specific retention periods include:
– Account Data and Transaction Data: Up to 7 years for tax and audit compliance.
– Communication and Support Data: 3 years from last user interaction.
– Profile and Preference Data: 24 months from last activity.
– Technical and Usage Data: 12 months to support system analytics and security reviews.
8. Cookie Policy
We use cookies and similar technologies to enhance user experience on https://theatrhafren.com. The types of cookies we employ include:
– Essential Cookies: Required for core site functionality (e.g., session management).
– Functional Cookies: Enable enhanced functionality and personalized settings.
– Performance Cookies: Help quantify usage metrics to improve site performance.
– Analytics Cookies: Track visitor behavior and interactions with our site using services such as Google Analytics.
9. Cookie Management and Compliance
At your first visit to our website, and at regular intervals, we will present you with a cookie consent banner, enabling you to:
– Accept all cookies;
– Reject non-essential cookies;
– Manage preferences granularly.
You may update your cookie preferences at any time, and you can also modify your browser settings to block or delete cookies. We fully comply with GDPR cookie consent requirements and CCPA opt-out mechanisms.
10. Children’s Privacy
Theatr Hafren does not knowingly collect or solicit personal data from children under the age of 13. If you believe that a child under 13 has provided us with personal data without verified parental consent, please contact us at [email protected], and we will take steps to delete the data.
11. Policy Updates
We reserve the right to modify this Privacy Policy to ensure ongoing compliance with legal obligations or to reflect changes in our operations. Substantive changes will be communicated through appropriate channels, including notices on the website or direct email where appropriate. We encourage you to periodically review this Policy.
12. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, you may contact our Data Privacy Officer at:
Email: [email protected]
13. Compliance Assurance
We are devoted to meeting the highest standards of data protection and regulatory compliance under both GDPR and CCPA. For any privacy-related questions or if you wish to exercise your rights, please reach out to us using the contact details provided above.