Privacy Policy for CastRooms


Policy became operational on: 6/11/2023
Next review date: 6/11/2024


CastRooms needs to gather and use certain information about individuals.

These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.

This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards – and to comply with the law.

Why this policy exists

This data management policy ensures CastRooms:

  • Complies with data protection law and follows good practice.
  • Protects the rights of customers, staff and partners.
  • Is transparent about how it stores and processes individuals’ data.
  • Protects itself from the risks of a data breach.

Data protection law

The General Data Protection Regulation (GDPR) applies in the UK and across the EU from May 2018. It requires personal data shall be:

  • Processed lawfully, fairly and in a transparent manner in relation to individuals.
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes shall not be considered to be incompatible with the initial purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of individuals.
  • Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • The controller shall be responsible for, and be able to demonstrate, compliance with the principles.

People and responsibilities

Everyone at CastRooms contributes to compliance with GDPR. Key decision makers must understand the requirements and accountability of the organisation sufficiently to prioritise and support the implementation of compliance.

The key roles and areas of responsibilities for leading compliance within data protection regulations at CastRooms are:


  • Keeping senior management and board updated about data protection issues, risks and responsibilities.
  • Documenting, maintaining and developing the organisation’s data protection policy and related procedures, in line with agreed schedules.
  • Dissemination of policy across the organisation, and arranging training and advice for staff.
  • Ensuring all systems, services and equipment used for storing data meet acceptable security standards. This includes evaluating any third party services the company is considering using to store or process data, to ensure their compliance with obligations under the regulations.

Project Manager

  • Ensuring that audience development, marketing, fundraising and all other initiatives involving processing personal information and/or contacting individuals abide by the GDPR principles.
  • Embedding ongoing privacy measures into corporate policies and day-to-day activities, throughout the organisation and within each business unit that processes personal data.
  • Dealing with subject access requests, deletion requests and queries from clients, stakeholders and data subjects about data protection related matters
  • Checking and approving contracts or agreements with third parties that may handle the company’s sensitive data
  • Performing regular checks and scans to ensure security hardware and software is functioning properly
  • Developing privacy notices to reflect lawful basis for fair processing, ensuring that intended uses are clearly articulated, and that data subjects understand how they can give or withdraw consent, or else otherwise exercise their rights in relation to the companies use of their data

What personal information do CastRooms collect?

Personal Information may be requested whenever you choose to use the services on CastRooms’ website and third party databases used by CastRooms to administer its services, such as Google Workspace, HubSpot, Ticket Tailor, SendGrid, Calendly, Mailchimp, Paypal, Stripe and Eventbrite. Such services include newsletters, donations, ticket sales, individual correspondence and message boards.

The type of Personal Information we may collect will be tied to the type of service you are using but may include:

  • Your name and contact information (including e-mail address, postal address, telephone number) and any other details you provide to us.
  • Records of any correspondence when you contact us.
  • Information you provide when you report a problem with our website.

We also collect:

  • Details of your visits to the website including, but not limited to, traffic data, location data and communication data and the resources that you access.
  • Details of your IP address which may be linked to your email address.

We collect this information so that we can administer the website, optimise it for your use and make sure our website runs smoothly. We collect this information on the basis of our legitimate interests (in providing, operating and maintaining the website.)

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

If you agree to take part in research and evaluation as part of CastRooms’ activities, we may from time to time collect Special Categories of Personal Data about you (this includes details about your ethnicity, gender, information about your health and/or disability status). At any moment during our survey or market research, you will be asked for explicit consent to take part and you may withdraw that consent at any time. We will treat this data with the strictest confidentiality for evaluation and equal opportunities monitoring purposes only. We will ensure any such data about you is anonymised and that, at all times, you have given expressed consent to take part in our research. Demographic information such as age, gender, postcode and other equal opportunities information may be shared with funders and project partners as anonymised Aggregated Data.

You do not have to provide us with your data but we may not be able to provide our services to you if you do not. This might mean we have to cancel a product or service you have with us but we will notify you if this is the case at the time. Our website may not work properly on your device without details of your visit to our website, which may include your IP address, and you may not be able to access all of its features.

How do I know my personal information is protected?

All databases are password protected with strict restrictions making the data only accessible to those who are processing it. Passwords are also regularly changed for additional protection. Our websites use encryption to ensure online data cannot be breached either.

The data is collected and stored:

  • Through sales platforms using third party services such as Ticket Tailoer, Eventbrite and Paypal. Opt in and opt out options are offered to users and each of these providers hold their own data policy which users agree to.
  • Through sales platforms using third party services such as Eventbrite and Paypal. Opt in and opt out options are offered to users and each of these providers hold their own data policy which users agree to.
  • Through our website,
  • Within CastRooms premises: secure filing systems used for running of day to day operations such as dealing with financial transactions, service users and stakeholder management. These are accessible to senior staff only.

Uses and conditions for processing

Regular newsletter

Processing required

Sign up via website or via email request. Data kept and managed automatically via Mailchimp and Hubspot database. Cookies track sign up.

Data to be processed

  • First name & surname
  • Email address
  • Phone number

Conditions for processing

Consent via opt in tick box to receive further mailings

Evidence for lawful basis

Evidence of date consent given, how, permitted use and, permitted comms channels.

Event ticket sales, including managing payments, fees and charges

Processing required

Ticket purchase via EventBrite, Stripe, Website, PayPal via email correspondence. The information is only used to contact individuals with enquiries or information relating to their purchase.

Data to be processed

  • First name & surname
  • Email address
  • Phone number
  • Financial transaction
  • Marketing and Communications

Conditions for processing

Consent via acceptance of terms and conditions of sale provided by third party ticketing agency.

Evidence for lawful basis

Performance of a contract with you. Necessary for our legitimate interests.

Supporter database for bespoke correspondence and campaign updates

Processing required

Data stored and managed via secure third party databases - HubSpot and Mailchimp

Data to be processed

  • First name & surname
  • Email address
  • Phone number
  • Postal address
    -Communication data

Conditions for processing

Consent by individual correspondence via email, phone call or via opt in on Mailchimp sign up to become a supporter of CastRooms.

Evidence for lawful basis

Evidence of date consent given, how, permitted use and, permitted comms channels.

Use of data analytics to improve our website, products & services, marketing, customer relationships and experiences

Processing required

Data is collected through analytic tools embedded in Facebook, Instagram, Twitter, Google and Squarespace

Data to be processed

  • Technical
  • Usage (date visited, time spent on site)

Conditions for processing

Users consent to use of cookies in an opt in notification on website. Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to
develop our business and to inform our marketing strategy)

Evidence for lawful basis

Evidence of consent via acceptance of cookie, and via initial acceptance of terms of agreement with third party social media platform.

Surveys for service users, audiences, supporters

Processing required

Data is collected anonymously and reports stored internally on restricted Google Workspace documents for evaluation and research purposes.

Data to be processed

  • Postcode
  • Equal opportunities data (gender, age, ethic and socio-economic background)

Conditions for processing

Consent given at time of data collection. Anonymised trends and findings from survey insights may be shared with third sector partners to inform audience development via data sharing agreements…

Evidence for lawful basis

Evidence of consent given.

What is CastRooms’ email marketing policy?

Opt in: In order to receive email from CastRooms regarding our events and products, fundraising and general updates you must opt in to receive communications from us. This is through an opt-in tick box sign up form on the CastRooms website.

You can opt out of receiving email marketing by contacting us at

To opt out of receiving our email newsletters you may use the unsubscribe link on any of our newsletters.

If at any point you decide to opt out we will not be able to send you any further communications.

Does CastRooms track the opening of marketing emails?

Through Mailchimp and Hubspot we track the opening of our emails so that we know which emails have been opened by the recipients. We can also view which links are clicked on from any email, however once you click away from the email to visit the site of any third party, your data and usage is no longer held by CastRooms. After clicking away from one of our emails you may be asked for Personal Information in order to purchase or use products and services offered. These companies have their own privacy and data collection practices. As described above, CastRooms has no responsibility or liability for these independent policies. You should therefore review their privacy policies carefully if you have concerns about how Personal Information may be used.

Who does CastRooms share Personal Information with?

We may share Personal Information with third parties in order to provide you with the services you request, such as receiving newsletter updates. Such third parties will include secure cloud-based databases, merchandise distributors, or marketing platforms. Your Personal Information is provided to these third parties solely for the purpose of providing you the services you request from us when you request them.

We will not transfer, disclose, sell, distribute or lease your personal information to third parties unless we have your permission to do so or are otherwise required or permitted to do so by law.
When co-programming joint event with partners, we will ensure we set up data sharing agreements and appropriate measures to lawfully collect and hold your data, such as information related to the administration of ticket sales or customer surveys for particular events and projects. We will ensure we are clear and transparent in all our communications and partnered event about who you are sharing data with, and how it will be used. We will display the names/logos of any partners involved in the project and only pass on any personal data for marketing purposes if you have opted in to provide this information to third parties.

How long will CastRooms retain my Personal Information for?

We will only keep your data for as long as is necessary and justified. We take steps to ensure that we only keep the minimum data we need for the purposes of our legitimate interests (in the management of our business and its risks) and in line with our legal obligations. We will normally keep your information for a maximum of seven years.

In some circumstances you can ask us to delete your data, and In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. If you would like more information about how long we retain specific data, you can contact us using the details set out in this policy.

Does CastRooms use IP Addresses and cookies?

When you enter a site your computer will automatically be issued with a cookie. Cookies are text files that identify your computer to our server. Cookies in themselves do not identify the individual user, just the computer used. Many sites do this whenever a user visits their site in order to track traffic flows.

Cookies themselves only record those areas of the site that have been visited by the computer in question, and for how long. Users have the opportunity to modify their browser preferences to accept all cookies, be notified when a cookie is issued, or to reject all cookies. If you choose to reject all cookies, your site experience may be affected, but you will be able to use the site. Please consult your browser instructions for information on how to modify your choices about cookies.

An IP address is your computer’s address and is a unique identifier, allowing online information to be sent to the right place. For further information about cookies and how to disable them please go to

CastRooms uses IP Addresses and Cookies in limited ways, as follows:

  • IP Addresses: We use IP addresses to better understand the customer database. We use your IP address to help diagnose problems with our server and to administer our website. Your IP address is also used to gather broad demographic information such as geographic distribution of our customers. Your IP address may be linked to the Personal Information you provide, depending on how you access the internet.
  • Cookies: We use cookies to enable our server to recognize that you have visited our website before. They make it easier for you to maintain your preferences on the Website and by seeing how you use the Website, we can tailor the Website around your preferences and measure usability of the website. Information supplied by cookies can help us to provide you with a better service and assists us to analyse the profiles of our visitors. Currently, CastRooms only makes limited use of cookies for the purpose of delivering content.

We have also set out below the types of cookies we use and the specific purposes for which we use them.

Google Analytics



Purpose for the cookie

This is a web analytics service provided by Google Inc which uses cookies to show us how visitors found and explored our site, and how we can enhance their experience. It provides us with information about the behaviour of our visitors (e.g. how long they stayed on the site, the average number of pages viewed) and also tells us how many visitors we have had.

Meta Pixel



Purpose for the cookie

This is a web analytics service provided by Meta which uses cookies to show us which visitors completed certain actions after clicking on an advert from Meta. It provides us with information about the behaviour of our visitors (e.g. which pages they viewed) and also tells us how many completed actions we have had.

What are my Legal Rights?

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data, including to object to direct marketing.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please Contact us at

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests as soon as possible and in any event within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. In such cases it may take up to two further months to process your request.

Contacting CastRooms

If you have any questions about our Privacy Policy, the practices of this site, or your dealings with this site, or you would like to make a complaint you can contact us at: