Clonter is committed to protecting your personal information and being transparent about what information we hold about you.

Using personal information allows us to develop a better understanding of our patrons and in turn to provide you with relevant and timely information about the work that we do – both on and off stage.  As a charity, it also helps us to engage with potential donors and supporters.

The purpose of this policy is to give you a clear explanation about how we collect and use the information we collect from you directly.

We use your information in accordance with all applicable laws concerning the protection of personal information.  The policy explains:

  • What information we may collect about you
  • How we may use that information
  • In what situations we may disclose your details to third parties
  • Or use of cookies to improve your use of our website
  • Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it.


Clonter Farm Music Trust is a charity and is funded by Arts Council England as well as various trusts, foundations, individual donors and supporters.  Our registered charity number in England and Wales is 1083903 and we are also registered as a company in England and Wales under registration number 4056093.


We collect various types of information and in a number of ways:


For example, when you register on our website, buy tickets or make a donation, we’ll store personal information you give us such as your name, email address, postal address, telephone number. If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).  We optionally allow you to store your card details for use in a future transaction.  This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number.  We never store your 3 or 4 digit security code.

We will also store a record of your purchases and donations.


For example, when you visit our website, we collect information about how you interact with our content.  When we send you a mailing,we store a record of this, and in the case of e-newsletters we keep a record of which ones you have opened and which links you have clicked on.


Data Protection law recognises that certain categories of personal information are more sensitive such as health information, race, religious beliefs and political opinions.  On some occasions we collect this information with your permission for equality and diversity data collection purposes but this information is provided anonymously.


There are three bases under which we may process your data:

Contract purposes

When you make a purchase from us,or make a donation to us, you are entering into a contract with us.  In order to perform this contract we need to process and store your data.  For example we may need to contact you by email or telephone in the case of cancellation of a show, or in the case of problems with your payment. If requested we may store your card details.

Legitimate business interests

In certain situations,we collect and process your personal details for purposes that are in our legitimate organisational interests.  However, we only do this if there is no overriding prejudice to you by using your personal information in this way.  We describe below all situations where we may use this basis for processing.

With your Explicit Consent

For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.


We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful.  To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.

We use our legitimate organisational interest as the legal basis for communications by post and email.  In the case of postal mailing, you may object to receiving these at any time using the contact details at the end of this policy.  We use blind copy for group emails, and you can ask not to be re-contacted at any point if there is not an unsubscribe option on the email sent to you.  Please use the contact details at the end of this policy.


In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:

We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.

We may analyse data we hold about you in order to identify and prevent fraud.

In all of the above cases we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms.  You have the right to object to any of this processing at any time.  If you wish us to do this, please use the contact details at the end of this policy.  Please bear in mind that if you object this may affect our ability to carry out tasks above that are for your benefit.


There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:

To our own service providers who process data on our behalf and on our instructions (for example our ticketing system software provider).  In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.

To our caterers who may need to know about any dietary requirements you may have or special access to tables.

Where we are under a duty to disclose your personal information, in order to comply with any legal obligation (for example to government bodies and law enforcements agencies).


As an organisation using the Disclosure and Barring Service (DBS) checking service to help assess the suitability of applicants for positions of trust, Clonter Farm Music Trust should comply fully with its obligations under the Data Protection Act 1998 and other relevant legislation pertaining to the safe handling, use, storage, retention and disposal of certificate information. We should not keep any photocopy or other image of the certificate or any copy or representation of the contents of a certificate.

Clonter Farm Music Trust should only keep a record of the following as proof that DBS checks have been done:

  • The date of issue of a disclosure
  • The name of the subject
  • The type of disclosure requested
  • The position for which the disclosure was requested
  • The unique reference number of the disclosure.


Clonter Farm Music Trust fund raises from individuals, companies and charitable foundations.  We devise our own profiling and screening techniques to analyse personal data which is publicly-available (for example through LinkedIn, Companies House, Charity Commission).  We only make contact with potential funding partners when it may be relevant. By better understanding the background of our supporters we are able to make appropriate requests for gifts that will help us continue to provide training and performance opportunities for emerging artists and our education and community outreach programmes.


Cookies are small text files that are automatically placed onto your device by some websites that you visit.  They are widely used to allow a website to function (for example to keep track of your basket) as well as to provide website operators with information on how the site is being used. This data is not linked to any personally-identifiable information.     We use it only for broad statistical purposes.   We use cookies to keep track of your basket as well as to identify how the website is being used and what improvements we can make.


If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

We optionally allow you to store your card details for use in a future transaction.  This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number.  We never store you 3 or 4 digit security code.



We store your personal information indefinitely so that for any subsequent purchases you make we are able to link them back to a single unique record that we hold for you on our system.

If there are aspects of your record that are inaccurate or that you would like to remove, you can usually do this by logging in to your account through our website.  Alternative please use the contact details at the end of this policy.

Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.


We will put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible.  We will ensure that any third parties we use for processing your personal information to the same.

If you suspect there may have been a breach of our systems in relation to your data please report this to us and it will be investigated as a matter of urgency.

We will not transfer, process or store your data anywhere that is outside of the European Economic Area.

  • In cases when data is stored on printed paper, it should be kept in a secure place where unauthorised personnel cannot access it.
  • Printed data should be shredded when it is no longer needed.
  • Data stored on a computer should be password protected.
  • Data stored on CDs or memory sticks should be locked away securely when they are not being used.


You have a right to request a copy of the personal information that we hold about you and to have any inaccuracies in this data corrected.  Please use the contact details at the end of this policy if you would like to exercise this right.


This policy applies to all officers of Clonter Farm Music Trust who must make themselves familiar with this policy and comply with its terms.   Clonter Opera Theatre may supplement or amend this policy by additional policies and guidelines from time to time.


Please get in touch with us if you have any questions about any aspect of the privacy policy, and in particular,if you would like to object to any processing of your personal information that we carry out for our ‘legitimate organisational interests’.


01260 224 514