Who We Are
When we talk about “Encore Tickets,”, “Encore” “we,” “our,” or “us” in this policy, we are referring to Encore Tickets Limited, and our group companies and brands including Stargreen, London Theatre, New York Theatre Guide, London Breaks, West End Theatre Breaks and Capital Breaks, who provide the ticketing services.
Encore Tickets, the UK’s largest independent ticket company, sells tickets for a huge range of West End theatre, off West End, fringe and touring shows, attractions, exhibitions, river cruises, concerts and events. Our team of over 150 experts share a passion for live entertainment. Encore has processed over £1 billion of tickets sales since the company started in 2000.
We are a data Controller for the purposes of the General Data Protection Regulation (GDPR), and other data protection laws applicable in the United Kingdom and Member states of the European Union. Our address is –
Encore Tickets Limited
86 Fetter Lane
EC4A 1EN London
Phone: 020 7400 1255
Why we need personal data
Generally, we collect personal information about you when you make a ticket purchase from us, during email or phone calls, if you create an account with us, make box office purchases operated or administered by us, and when you use our websites or social media channels.
Encore are a ticketing company and as such will also usually be required to pass your name and booking reference on to the venue, in order to facilitate your access to that venue and to allow our venue partners to verify that purchasers are genuine, to avoid ticket touting, and for fraud checking purposes. Such purposes are in our, and the venue’s legitimate interests.
How we collect data
Directly. Most of the personal data we hold about you is collected directly, for example when you make a purchase from the website, when you subscribe to receive marketing, or when you contact our customer services team. We might also collect your personal data if you create an account with us, enter a competition or free prize draw, register for a promotion, post a comment on our website, ask us a question, email us or otherwise interact with our staff and call centres.
From Third Parties. We may also collect personal data from other third parties, or from publicly available sources. For example, if you purchased tickets through one of our partners, or if you choose to use an integrated social media feature on our website, this third party will give us certain information about you, which could include your name and email address. Further information about the third parties from whom we obtain information is available below in the Data Sharing section.
You have significant rights regarding your personal data. For more information please see the Rights section below.
2. Data Security
We take the security of your personal information very seriously. All web transactions made with Encore Tickets use 128-bit Secure Socket Layer (SSL) encryption which encrypts all your personal information, including your credit card number, name, and address, so that it cannot be read if intercepted by a malicious third party.
Card transactions made on this Site are processed by our payment partners Verifone, and Encore do not process such card payments directly, nor will we have access to your full card details. Payment information is stored only in a tokenised form on our systems. We are PCI DSS compliant and do not process card details by email - please do not send us your card details for payment in this way.
Our sites and services are meant for adults. We will never knowingly collect personal information from children. If you are a parent or legal guardian and believe your child has given us personal information, please contact us.
4. What data do we process
Encore collect and process various categories of personal data, each of which are detailed below. This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy.
Encore process personal data relating to the following categories of data subject:
We may also process some personal data relating to other data subjects, such as if you submit your CV to us as part of a job application, or if you visit our offices. For more information on what data we process if you are an employee, business contact, creative or other contact, please see the section on Data Subjects below.
As a customer, we may process the following categories of information about you:
5. How we use your Data
Encore (and trusted partners acting on our behalf) use our customers’ personal data for the following purposes:
6. Data Sharing
In order to make certain services available to you, we may need to share your personal data with some of our service partners. Encore Tickets only allow our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We will never sell or rent our customer data to other organisations for marketing purposes.
Encore are a major authorised ticket agent with tens of thousands of partners with whom we are required to share certain personal data as part of our ticketing operations. We are therefore unable to provide a list of all specific recipients of personal data, however, Encore share your personal data with the following categories of recipient;
Within the Encore group. The Encore Group, as outlined above, do not maintain any separate staff, with the exception of our Stargreen Box Office, and our brands do not involve the use of separate systems or staff. Any sharing will therefore not usually involve any physical transfer or sending of data, and is only performed according to the purposes outlined above.
With our Commercial Partners: Encore also provide ticketing services in collaboration with, and on behalf of other commercial partners. If you purchase tickets to an event through one of our commercial partners, or take part in a promotion or rewards programme provided by another party, which involves Encore, we will receive and/or share your personal information with that company in order to fulfil your ticket purchase. Our partners may include ticket agents, gift experience companies, tour operators, travel agents, box offices, venues, concierges, ecommerce partners, GTOs, and educational organisations. If you book a ticket with us through one of our ticketing partners directly, they should also inform you of how they handle your data, including the sharing of data with Encore.
If you purchased a voucher from a gift experience company that you then redeem with us, we are required to submit information on that redemption to the gift provider, including some personal information, usually via their online portal.
If your booking involves a Broadway show in New York, we will pass your booking information to our partners at Broadway Inbound, and your personal data may be shared with the venue in New York to allow you access to that performance.
With other Selected Partners. If you consented to be contacted for marketing purposes by email or other means from a selected third party, for example if you subscribed to receive marketing from one of our promoter partners via the Stargreen website, we will pass that information on that partner as a data “Processor”. We will at all times be clear about who you are subscribing to, and it will be our partner who will process this information as a “Controller” for their marketing and advertising purposes. You have the right to opt-out at any time by following the unsubscribe link provided, or by contacting the partner directly.
Third Parties. We also use web analytics services from some Third Parties to track how visitors reach our site and the path they take through it, so that we can tailor the content of our site to fit the needs of our site’s visitors. Such information is provided anonymously and used statistically with the purpose of improving our site.
With our Service Providers and Suppliers. In order to make certain services available to you, we may need to share your personal data with some of our service partners. Encore Tickets only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls, or have put a written agreement in place protecting your information, including necessary safeguards for the international transfer of personal data.
Your Personal data may be processed by our IT Service Providers in line with the purposes outlined above. Our data storage is provided by our hosting partners in the UK, who securely store all personal data held in our systems. We also employ a security testing partner who may occasionally have access to your data, in order to ensure its integrity and security. In addition to our server provision we also store personal data in backup form to ensure continuity and data integrity. Some of our software systems are cloud based and as such constitute a sharing of personal data. This may in some cases also constitute an international transfer of data, as some multinational software providers maintain global networks of secure data centres. Our software providers may also have access to our systems for maintenance and hosting purposes, and our software development partners may from time to time require access to live systems for development and testing purposes. Such access is strictly for these purposes only and regulated by contract. Our payment partners operate global systems that may require international transfers of personal data.
If you receive physical direct marketing, we will need to share your name and address with our mailing house supplier, under instructions as a data Processor, in order to create and deliver that service.
If we are required to send you tickets, marketing or other content by mail, we may share your name and address with the postal service or courier.
With Legal Authorities. We may share your data with governmental bodies, regulators, law enforcement agencies, courts or tribunals, insurers, and other partners where we are required to do so;
With any successor to all or part of our business. Where permitted by law, we may pass your information to a successor organisation, provided processing is for the purposes set out in this Policy.
7. Transfers of personal information to other countries
The transfer of your information under the purposes of this Policy and Encore’s Cookies Policy may involve the transfer of your information to other countries, including those outside Europe. Such countries may not provide the same level of protection for your personal information, however we ensure that appropriate technical and contractual safeguards are put in place to protect your personal data, in accordance with applicable laws including the GDPR.
If you purchase tickets outside the EU, such as from a Broadway show in New York, we may pass your information to the relevant theatre, based in the United States, to allow them to fulfil your ticket purchase, allow you access to the venue, and for cross-referencing purposes. Such transfers are performed on the basis of a contract concluded in the interest of the ticket purchaser. These ticket purchases also involve our ticketing partner in the United States, who require some personal data in order to fulfil your ticket purchase and are self-certified to the Privacy Shield.
Where our E-Commerce Partner is based outside the European Union, European Economic Area or EU “Adequacy List”, and you subscribe to receive marketing from that E-Commerce Partner, we ensure that standard contractual clauses are implemented between Encore and that E-Commerce Partner.
Some multinational software and payment providers, including banking and cloud infrastructure, maintain an international network of secure data centres and as such your personal data may be transferred globally. Such transfers are covered by standard contractual clauses and binding corporate rules.
Where our software developers require access to our systems, and may be required to provide access to developers in Belarus, such access is protected by a strict data protecting contract, standard contractual clauses and binding corporate rules.
8. Our Legal Basis for the Processing of Our Customers’ Personal Data
In general, Encore Tickets collects and uses customers’ personal data when it is necessary for:
Your Consent. We only rely on consent as a legal basis for processing in relation to sending of direct marketing communications to customers. Customers have the right to withdraw this consent at any time, and we will stop processing immediately. This is the case if you have made a positive and standalone decision to receive our marketing services. We may however also rely on our legitimate interests with regard to the sending of some direct marketing communications to customers, including customers who subscribed as part of the soft opt-in mechanism under PECR, for example if you signed up to receive our marketing during our online checkout process, where an opportunity to opt-out is instead provided. We also rely on our legitimate interests in our marketing communications with our business-to-business contacts, and in the sending of some physical mailings. However, in all cases, Encore offer an unequivocal opt-out to direct marketing communications at all times, regardless of whether that processing is based on consent or legitimate interests.
Contractual Necessity. If the processing of personal data is necessary for the performance of a contract to which you as a data subject are a party, as is the case, for example, when you purchase a ticket with us and our processing is targeted and proportionate means of supplying those goods or services, we rely on contractual obligations as our lawful basis for processing your personal data. This includes when we take your name and contact details to fulfil and send your tickets, and when we have to contact you if there’s a problem with your order. This also applies to any processing operations which are necessary for carrying out pre-contractual measures, for example if you were to inquire about our products or services. Failing to provide such data may result in us not being able to provide the services you have requested.
Vital Interests. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, or other vital information would need to be passed on to a doctor, hospital or other third party in order to save their life.
Legal Obligations. In some cases, Encore’s processing of personal data is based on our legal obligations. Such processing applies when we retain contractual records under the Limitations Act 1980, or where we maintain transaction records as part of our VAT requirements. We may also be required to share your data with governmental bodies, regulators, law enforcement agencies, courts or tribunals, insurers, and other partners where we are required to do so;
Legitimate Interests. We rely on legitimate interests as a legal basis for processing only if that processing is in your interests, our legitimate interests, or the interests of a third party. Such processing must be necessary for the stated purpose, and we must have carefully evaluated whether such interests are overridden by your interests, privacy, and fundamental rights and freedoms. We process personal information for certain legitimate business purposes, which include some or all of the following processes, along with information on our balancing reasoning;
Whenever we process data for these purposes we will always ensure your Personal Data rights are held in high regard. We make sure to have conducted legitimate interests assessments for all our personal data processing made under our legitimate interests, and ensure you have a right to object to this processing if you so wish. If you would like to exercise this right, please consult the Rights section below. Please bear in mind that if you object in this way, you may affect our ability to carry out these tasks, which may impact on your benefit.
9. Periods for which the personal data will be stored
Encore will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is six years. Encore will process and store your personal data only for the period necessary to achieve the purpose of processing, or as far as this is required by the European legislator or other legislators in laws or regulations to which Encore are subject. For more information on how long any specific data is stored, you can contact us at firstname.lastname@example.org
The criteria used to determine the storage (or “retention”) period, is usually the statutory retention period – the legal requirement to retain data records. For example, we will keep personal data relating to the initiation and fulfilment of a contract, for the duration of that contract, followed by the legally required retention period – usually six years under the Limitations Act 1980.
Likewise, we will hold on to any contractual details on goods and services provided (such as your booking information) in our bookings database only for the period necessary to fulfil the contract, and for a maximum of six years in order to fulfil our legal requirements to keep VAT records for this period, and to maintain a record of the contract under our legal obligations. After expiration of this six year period, Encore will delete or anonymise any personal data held in our main databases according to our Retention Policy. Our primary record of your personal details, including your name, contact information and customer service history, are held within this bookings database and will therefore only be kept for a maximum of six years.
We also hold purchase information in our marketing department to allow us to tailor relevant content to meet your interests. We will only send you marketing if you have subscribed to receive marketing from us, and we will only keep this purchase history if you are an active customer. If you subscribed to receive marketing from us, we will hold your information until you unsubscribe, and for a further year in case you decide to re-subscribe within that period. If you decide not to re-subscribe after a year, we will remove all your personal data from our marketing database, although we will keep your email address on our suppression list to make sure we do not contact you again.
This information is stored in your browser’s “log” files and may include the browser type and version used, the operating system used, the website from which an accessing system reaches our website (so-called “referrer”), any sub-websites, the date and time of access to the Internet site, an Internet protocol address (IP address), the Internet service provider of the accessing system, and any other similar data and information that may be used to trace users in the event of attacks on our information technology systems.
When using these general data and information, Encore Tickets does not draw any conclusions about the individual data subject. Encore Tickets analyses such data anonymously and uses the information statistically with the aim of optimising our web services and increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. Any anonymous data contained in these log files is in any case stored separately from the personal data provided by our customers.
You may, at any time, prevent the setting of cookies through our website by various means, such as changing the settings in your Internet browser, which can permanently deny the setting of some, or all cookies. Cookies can also be deleted at any time in most popular Internet browsers or by using other software programs. However if the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be usable.
With your consent, we will collect your personal data including your name and email address for the provision of advertising, including the sharing of promotional offers, and to update you about products and services which may be of interest and relevance. Encore Tickets informs its customers and business partners regularly about our products and services, by means of sending marketing about our offers. The personal data collected as part of a registration for marketing will only be used in the sending of such marketing, and can be terminated at any time by using the unsubscribe link included in each communication, or by contacting us using our contact details below.
You have the right to opt out of receiving promotional communications at any time, by:
1. Making use of the simple “unsubscribe” link in emails; and/or
2. Contacting Encore Tickets Limited via the contact channels set out in this Policy.
If you have asked us to send you promotions and other special offers on products, we may use your purchase history to tailor content to match your interests, in order to deliver you more relevant content. We also use your approximate location so we can send information on shows that are nearby, and your “opens” and “clicks” history from the emails we send you, so we can tailor our email content to your interests.
In doing so, we will always ensure that meaningful control over such processing is in the hands of our staff, rather than based on automated processing, and that such profiling does not create legal or other significant effects on individuals.
You have a right to access this information we hold about you, and a right to contest or object to such processing, by contacting email@example.com You can also opt-out of receiving marketing at any time. For more information on how to exercise your data rights please see the Rights section below.
Your privacy is of the highest importance to us, and we promise never to release your personal details to any outside company for their marketing purposes without your consent.
We will keep your sign-up record, including the relevant purchase and preference history, for one year after you unsubscribe, in case you decide to opt back in within this period. After this period has elapsed, we will permanently erase these records, although we will keep your email address on our “suppression list” to make sure we don’t contact you in future.
12. Control Over Your Data
We take your privacy rights seriously, and where possible we will offer you choice and control over how we use your data. When you interact with us we may occasionally ask for your explicit consent in order to collect, process or use your personal information for specified purposes. Such consent is only usually sought when we seek your permission to send marketing communications, although this is not always the case. If you have given your consent to the processing of personal data, you have the right to withdraw that consent at any time. If you wish to do so, please contact our Data Protection Officer at Encore Tickets by writing to us at the address below, or by emailing firstname.lastname@example.org For full details about how to exercise your data rights, please consult the Rights section below.
You can opt out of receiving marketing communications, including newsletters, by clicking the unsubscribe link included in any of our emails, or by contact us directly at email@example.com If you are receiving physical marketing such as our mailings, you can also reply using the opt-out information on that marketing, return to sender, or by contacting us using the email address above.
If you are a Stargreen user, you can also log into your account to change your preferences or follow the instructions in any promotional message you get.
Don’t worry, even if you opt out of receiving marketing messages, we will still make sure to send you any necessary transactional and service messages, such as important information about any changes to your order.
13. Your Rights as a Data Subject
If your personal information is held by Encore tickets, you have the following rights to your personal data under the GDPR. If you wish to exercise your rights at any time, or if you have any questions about how Encore Tickets uses your personal data that are not answered here, please contact firstname.lastname@example.org, or write to us at our postal address;
The Data Protection Officer
Your rights request will be free, unless the request is manifestly unfounded or excessive, in which case Encore shall reserve the right, in accordance with Article 12 of the GDPR, to charge a fee or refuse the request. In the rare case of such a refusal, you will have the right to complain to the ICO as the Supervisory Authority, and to a judicial remedy without undue delay and at the latest within one month.
We will endeavour to respond promptly and in any event within one month of the latest of the following:
If the request is particularly numerous or complex, we may extend the period by a further two months, but shall in any case inform you of such an extension within the initial one month, giving our reasons for doing so.
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk
Right of Confirmation
Right of Access
If you wish to exercise your right to access, please contact our Data Protection Officer using the contact details available above, to request such information.
Right to Rectification
Each data subject has the right to rectify inaccurate personal data concerning him or her, without undue delay. Data subjects also have the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement.
If you wish to exercise this right to rectification, you may at any time contact our Data Protection Officer using the contact details available above.
Right to Erasure
Each data subject has the right to request the erasure of personal data concerning him or her without undue delay. The Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies;
If one the above reasons applies, and you wish to request the erasure of personal data stored by Encore Tickets, you may at any time contact our Data Protection Officer using the contact details above, and we will ensure that the erasure request is complied with.
Where we have made such personal data public and are obliged pursuant to Article 17(1) to erase the personal data, Encore shall, take reasonable steps, taking account of available technology and the cost of implementation, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The Data Protection Officer of Encore Tickets will arrange the necessary measures in individual cases.
Right to the Restriction of Processing
Each data subject has the right to obtain a restriction to processing where one of the following applies:
If one of the above conditions applies, you may request the restriction of processing by Encore Tickets by contacting our Data Protection Officer using the contact details available above.
Right to Data Portability
Each data subject has the right to receive their personal data in a structured, commonly used and machine-readable format, including the right to transmit that data directly to another Controller if it is technically feasible and when doing so does not adversely affect the rights and freedoms of others.
Such a right applies if processing is based on a subject’s consent, or contractual obligations, and such processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
If you wish to exercise your rights to data portability, please contact the Data Protection Officer using the contact details available above.
Right to Object to Processing
Each data subject has, on grounds relating to his or her particular situation, the right to object to processing of personal data concerning him or her which is based on the Controller’s legitimate interests. This also applies to profiling based on these provisions.
Encore Tickets shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Where Encore Tickets processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, and we will no longer process the personal data for these purposes. This applies to profiling to the extent that it is related to such direct marketing.
If you wish to raise an objection, please contact the Data Protection Officer using the contact details available above.
Rights on Automated Individual Decision-making, including Profiling
Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or has similarly significantly effect. As a responsible company, Encore do not use automatic decision-making or profiling that has legal or similarly significant effects on individuals. Our profiling for marketing purposes requires significant human oversight, and we will always ensure that meaningful control over such processing is in the hands of our staff, rather than based on automated processing. However, if you wish to contest this, you may exercise your rights concerning automated individual decision-making by at any time directly contact our Data Protection Officer, using the contact information above.
14. Other Data Subjects
Supplier Contacts and Business Clients: Categories of Personal Data
In order for us to transact with your employer, we collect the following categories of personal data about our supplier and vendor contacts:
Such data is processed under Encore’s legitimate business interests to maintain a business relationship.
Supplier Contacts and Business Clients: Purposes of Processing
Encore collects and processes the personal data of employees of our B2B partners, vendors and suppliers for the following purposes:
Encore will only keep your personal data for the duration of our business relationship. If you leave your position, we will delete your personal data from our records unless we are legally required to keep that information. For example, if your name is included in a valid contract, or where we must keep a record of that contract under the Limitations Act 1980. If you interacted with us via email, the longest we will keep any email record for is six years. We will however keep an anonymised record of Encore’s business relationship with the Supplier organisation.
Creative Partners: Categories of Personal Data
In order for us to provide relevant content in the provision of tickets, we process the following categories of personal data relating to our creative partners:
Creative Partners: Purposes of Processing
Other Data Subjects: Employees, Visitors, and Job Applicants
If you are a visitor to our office, your name will be stored on a visitor pass, and a record will be kept on file in our reception sign-in record for six months, for security record purposes.
When applying for a position with Encore, we may ask you to provide information on your employment history, address, and references to process a job application. If you are unsuccessful, we may keep such information for three additional months in case we need to contact you, after which we will permanently destroy such information.
15. Contact Us
If you have any further questions or complaints about this Policy, any other privacy concerns, or you would like to exercise your data rights, please contact us by any of the following means:
Please do not include your credit card number or other financial or sensitive information in any email you send.
We may change this policy from time to time, and if we do we will post any changes on this page. Any update will have a different date from the current policy. If you continue to use the Services after those changes are in effect, you agree to the revised policy. Please check our site periodically for updates.
17. Last Revised Date