Privacy Policy

Privacy Policy

Privacy Policy

We are committed to protecting your privacy in line with the EU’s General Data Protection Regulations (GDPR). This page explains what personal data we collect from you when you use our website or app, call or email us, how we use it, and how to contact us for more information.

How do we collect your data?
You directly provide us with most of the data we collect, when you make a ticket booking or contact us through email, phone or another channel.

What data do we store?

  • We collect your name and email address when you contact us via email.
  • We collect your name and basic account information when you contact us via Facebook, Twitter Instagram or any other social media account.
  • We collect your name, phone number and email address when you buy a voucher with us.
  • We collect your details when you register as a user and / or book a ticket with us. Our film listing, registration, membership, ticket booking and payment systems are operated by our trusted third-party partner, Indy Cinema Group (Indy), more details of which can be found further down this page.
  • We collect cookies to allow our website to function correctly.

How do we use your data?

  • To respond to enquiries you have made either via email or any of our social media channels.
  • To provide you with the show tickets, products or information you bought/asked for.
  • To administer your ticket purchase or purchase of other products.
  • To contact you if there are any important changes to your booking.
  • To keep a record of our relationship with you.
  • To analyse your interests and preferences so as to provide you with information relevant to you.
  • To understand how you prefer to be contacted.
  • To sign you up to mailing lists that you’ve opted in to.
  • To tell you about changes to our services, or new services, offers and upcoming films / events you may find of interest.
  • To understand how to improve our services, products and information.
  • To analyse how our website is used, using standard anonymous analytical tools that do not store personal information, but may capture IP addresses, types of web browser used, pages visited and other similar data.

How do we store your data?

  • We store data collected via email in our secure Google G-Suite email system.
  • We store date collected via social media channels in their respective messaging systems.
  • We store data collected via our mailing list on the industry leading e-newsletter platform MailChimp.

Transaction / registration / membership operations
Data collected relating to ticket transactions, user registration and memberships are stored and processed by our third-party technology partner, Indy Cinema Group (Indy). For this section, the use of  “Us” or “We” collectively refers to The Highland Cinema Limited and its technology partner Indy.

When you sign up as a registered user / member on our website / app, or make a ticket booking with us, we collect further information from you to provide a personalised service. This may include:

  • Full name
  • Postcode
  • Telephone number
  • Email address
  • Age
  • Photograph (optional)
  • Card payment information
  • Transaction history
  • Browsing data on our website (eg, what movies and pages you have looked at, interactions with user features, etc.)
  • Association with other customers (if you sign up for a joint membership)
  • Any other information volunteered by yourself to The Highland Cinema
  • Registration is required to receive and take advantage of the Highland Cinema / Alvance Aluminium local residents discount, valid during winter months.

Some special considerations apply around marketing communications:

  • We will contact you for marketing purposes only if you give us your permission to send you this kind of communication.
  • If you do allow us to send you marketing communications, then we will give you as much control as reasonably possible about what channels you’d like to be contacted on.
  • When you sign up for our mailing list, we collect your email address and name provided. This is protected and processed through the industry leading e-newsletter service Mailchimp, to deliver e-newsletter updates to you as per your instructions. You can opt out of these at any time.
  • From time to time, we may contact registered users and repeat visitors to check up on their marketing preferences.

Third-parties
In order to process transactions and deliver certain information to you, limited personal data and card details may be passed to trusted third-party service providers or partners. We only do so for purposes that you would reasonably expect in connection with the services we are providing to you.

We only ever share your data with third-parties necessary for our services to function and to whom we believe to be fully compliant with GDPR, and who meet our own privacy standards. However, such providers and partners are not under our control, so we therefore encourage you to consult their own privacy policies, as follows:

Card or other payment details are only ever used for the purpose of handling an individual transaction. We can only complete the transactions you initiate by using a payment processor. Our payment processor for cinema credit and debit card transactions is Stripe. For further information, please refer to Stripe’s Privacy Policy.

We make use of Amazon Web Services (AWS) to host the servers, sessions, database and images that comprise Indy POS, powering membership, film listing and transaction related areas of our website. AWS are fully GDPR compliant and their Data Processing Addendum (https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf) is included in the terms of service that govern our use of their products, here: https://aws.amazon.com/service-terms

We make use of Customer.io to process both transactional and marketing communications. We can only complete the transactions you initiate by sending you transactional communications, and you may additionally permit us to send you other information for marketing purposes. Customer.io is used to manage these communications. For further information, please refer to their Privacy Policy.

We use imgIX for image management and to optimise delivery of images to our website. This includes any image you provide to us, whether of yourself or any other subject. You are not required to provide a photograph of yourself, but if you do, we will use imgIX to store it. imgIX are fully GDPR compliant and committed to EU–US and Swiss–US Privacy Shield Frameworks. For further information, please refer to their Privacy Policy.

Only a small number of Highland Cinema employees, relevant INDY employees, and approved clients/suppliers we may appoint from time to time, and who need the information to perform a specific job, are granted access to personally identifying information collected through our website / app. We will not share any details with any other third-parties without your agreement, unless required or allowed by law. Where we appoint an external party to analyse or process data, any such arrangements will be governed by a formal agreement between The Highland Cinema and that organisation, to protect the security of your data.

Our data retention policy
We will retain your personal data for a period of two years, or until you withdraw your consent for us to do so, whichever comes first.

Shortly before the end of the specified retention time-frame, we will contact you to ask if you’d like your information to be retained longer, so that you can continue hearing from us if you wish to.

If by the end of the specified retention time-frame you have not asked us to continue holding your data, we will permanently erase your personally identifying data. We may retain fully anonymised transaction data for historical analysis.

The retention time-frame for personal data stored in technical back-up copies of Indy POS is 21 days. Access to backup copies is strictly limited. All other technical processes relating to the POS system are fully anonymous.

Your rights
You have a right to ask us to:

  • Stop processing your personal data.
  • Update the data we hold about you.
  • Supply a copy of the information we hold about you.
  • Delete the data we hold about you.

If you want to see what information we hold, withdraw consent, object to processing, request rectification/erasure or data portability, or submit a Subject Access Request, please contact The Highland Cinema at info@highlandcinema.c.uk. If we do hold information about you we will:

  • Give you a description of it;
  • Tell you why we are holding it;
  • Tell you whom it could be disclosed to; and
  • Let you have a copy of the information in an intelligible form.

Our lawful basis for collecting and processing your personal data
When you complete a transaction with The Highland Cinema, we collect and process your data under one of the following legal bases:

Contractual: When you buy a ticket or membership from us, you enter into a contract with us.

Legitimate interest: When you enter into a contract with us by buying a ticket, pass, or other product, we have a legitimate interest in handling your personal data in order to complete the transaction, perform business analysis, and send appropriate communications.

Consent: You may opt in to receive communications beyond what is necessary for transactional reasons; in particular, marketing communications.

Information handled outside the UK
All personal data handled on this site and in Indy Cinema Group’s POS system are stored within the UK, with the following exceptions:

  • We share data with Customer.io for the purpose of managing customer communications. This data is restricted to Customer.io’s GDPR compliant server installation inside the EU.
  • We use imgIX to optimise storage and web delivery of images. Photographs managed through imgIX may be transferred to secure non-UK and non-EU locations.

What are cookies?
Cookies are small text files that are used to store pieces of information. They are stored on your device when a website is loaded on your browser. These cookies help us make our website function properly, provide a better user experience, understand how the website is used and performs, and ensure continued security.

How do we use cookies ?
As with most online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any personally identifiable data. Third-party cookies are mainly for understanding how our website performs and how you interact with it, in order to provide information that is relevant to you. improve user experience and keep our services secure.

Privacy policies of other websites
The Highland Cinema website / app may contain links to other websites. Our privacy policy applies only to us, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy
Highland Cinema keeps its privacy policy under regular review and places any updates on this webpage. This policy was last updated May 2022.

How to contact us
If you have any questions about our privacy policy, the data we hold on you, if you would like to exercise one of your data protection rights, or if you wish to make a complaint, please do not hesitate to contact us.

Email us at:
info@highlandcinema.co.uk

Or write to us at:
Data Protection Officer
Highland Cinema
Cameron Square
Fort William
PH33 6AJ

Highland Cinema