Here at Boomtown Festivals UK Limited (company number 07871423) we take the protection of your Personal Data very seriously and are committed to maintaining the trust of our customers and visitors to our website in this respect.
We have put in place generally accepted standards of technology and operational security in order to protect your personal data from loss, misuse, or unauthorised alteration or destruction. However, no website can be completely secure and so we would urge you to notify us if you have any concerns. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
Anyone processing Personal Data must comply with the eight enforceable principles of good practice. These provide that Personal Data must be:
a) processed fairly, lawfully and in a transparent manner (Fairness, Lawfulness and Transparency),
b) processed for specified, explicit and legitimate purposes and in an appropriate way (Purpose Limitation),
c) adequate, relevant and limited to what is necessary for the stated purpose (Data Minimisation),
d) kept accurate and up to date (Accuracy),
e) not kept longer than necessary for the stated purpose (Storage
f) processed in a manner that ensures appropriate security of Personal Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures
(Security, Integrity and Confidentiality),
g) not transferred to another country without appropriate safeguards being in place.(Transfer Limitation), and
h) processed in line with Data Subjects’ rights (Data Subject’s
Rights and Requests).
We are responsible for and need to demonstrate compliance with the data protection principles listed above (Accountability).
The purpose of UK GDPR and UK data protection laws is not to prevent the processing of Personal Data, but to ensure that it is done fairly and without adversely affecting the rights of the Data Subject.
UK GDPR allows processing of Personal Data for specific purposes, which are where it is needed:
a) for the performance of a contract,
b) to comply with a legal obligation,
c) in order to pursue our legitimate interests (or those of a third
party) and where the interests and fundamental rights of the
Data Subject do not override those interests,
d) to protect the Data Subject’s vital interests,
e) in the public interest, or
f) in situations where the Data Subject has given explicit consent.
We, as Data Controller, will only process Personal Data on the basis of one or more of the lawful bases set out above.
We do ask for your personal details in forms when you subscribe for specific services or entering applications electronically. We may share this data with our partners for any necessary processing purposes only in relation to the provision of services we provide to you, such as:
We comply with all relevant data protection laws in all our dealings with your personal data and ensure that our Data Processors do the same.
Special Categories of Data will only be processed with explicit consent of the Data Subject, unless the Data Controller can rely on one or more of the other lawful bases set out above.
Occasionally there may be instances where we will require you to provide additional personal information, some of which may be sensitive (for instance for accessibility, lost property, feedback/complaints). We will always tell you why we are collecting your information and how we will use it.
We do have photographers and videographers filming at times during the event, which is clearly stated in our Terms and Conditions when you purchase a ticket. This allows us to capture the event for use in future promotion on our website and social media and also to act as a lasting memory of how great each festival is. This is generally crowd shots but may include photos of individuals. If this is the case we will always try to ask your permission beforehand but this may not always be possible.
We reserve the right to access and disclose personal data to comply with all applicable laws and lawful government requests or requests by the police investigating suspected illegal activities, to operate our systems properly or to protect the rights, safety or property of Boomtown, website users or others. This includes any mandatory obligation to provide personal data of attendees to the event , where requested by the Government Track and Trace Initiative as a response to the Covid 19 Pandemic.
When you use our sites (including mobile sites or mobile apps), we and third party organisations may collect information by using ‘cookies’ and other technologies (for simplicity we refer to all such technologies as ‘cookies’).
When visiting our sites, creating an account or when you buy tickets, you agree to us and third party organisations using cookies in line with your cookie settings. You can use the Cookie Consent Tool to change your preferences at any time.
A cookie is a small text file—containing small amounts of information— that passes to your computer through your web browser so that the website can remember who you are.
The length of time a cookie will stay on your computer depends on whether it is a persistent or session cookie. Session cookies are temporary cookies that stay on your computer until you leave the website. Persistent cookies stay on your computer after you have finished browsing until they expire or are deleted.
A pixel tag or sometimes called a web beacon is an invisible image with a line of code which is placed within an email message or on a web page. Cookies can either be categorised into First or Third Party cookies. “First Party Cookies” are cookies that Boomtown places on your device whereas “Third Party Cookies” are cookies that another party controls but are placed on your device when you visit our site. For example, we use Google Analytics cookies to gather information about the user experience on our website.
Cookies can be put into one of the following categories: strictly necessary; analytics, functionality and advertising cookies. The table provides more information about each category.
These cookies are essential to make our website work. They enable you to move around the site and use its features. Necessary services, like the ability to access secure areas cannot be provided without these cookies.
For example, keeping you logged in during your visit. Without these cookies the site might forget you and you’d have to constantly log back in. When you buy tickets, cookies make sure they’re still in your shopping basket when you get to the checkout.
These cookies collect information about how people use our site, such as which pages are most frequently visited, and how people are moving from one link to another. Information collected on our open site is grouped together with information from other people’s use of our site on an aggregated basis. If you have logged into the client portal we may associate information from the cookies with your account. Overall, these cookies provide us with analytical information about how our site is performing and how we can improve it.
These cookies allow us to remember choices you make and tailor our site to provide enhanced features and content to you. For example, these cookies can be used to remember your user name (but not your password), they can also be used to remember changes you’ve made to text size, font and other parts of pages that you can customize.
These cookies are used to deliver marketing and advertising messages that are tailored to you based on what you have browsed, purchased or shown interest in. We use these cookies in conjunction with third party organisations who provide tools that enable us to group you with other users to target these messages and adverts. For example, when you browse our websites or apps, add tickets to your basket or make a purchase you may subsequently see adverts or messages for these or similar events. This could include an advert on Facebook, search results in Google or an email from us reminding you still have tickets in your basket. All third parties we work with conform to online behavioural advertising (OBA) industry standards to ensure you are not personally identified and you have the options to opt out in the future.
In addition to our Cookie Consent Tool, most browsers will enable you to manage your cookies preferences e.g. have the browser notify you when you receive a new cookie or use it to disable cookies altogether. If you do decide to disable or delete these altogether some sites won’t work as well as they rely on cookies to provide you with the service that you have requested. If you do decide to disable or delete them altogether some sites won’t work as well as they rely on cookies to provide you with the service you have requested (see Strictly Necessary Cookies, above)
You can change your browser settings to limit which cookies can be set. These settings are usually found in the ‘options’ or ‘preferences’ menu for your browser.
As part of the registration process for our e-newsletters we collect personal information. We use that information to tell you our latest news, information on ticket and event updates, videos and photos. We also use it to update you on information that you have asked us to tell you about. We don't rent or trade email lists with other organisations and businesses.
We use a third-party email newsletter provider, Campaign Monitor , to deliver our newsletters. We gather statistics around email opening and click throughs using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see here. You can unsubscribe to general mailings at any time of the day or night by clicking the link at the bottom of the email.
We only hold your personal data on our systems for as long as is necessary for the relevant purpose. If you want us to remove your details from your subscriptions (providing you do not have any bookings, any other contractual agreements or there is a legal basis for not doing so) then you can email us at email@example.com any time to request this. Please put ‘Personal Data’ in the subject heading.
The UK GDPR restricts Personal Data transfers to countries outside the UK to ensure that the level of data protection afforded to individuals by the UK GDPR is not undermined.
We may only transfer Personal Data outside the UK if one of the following conditions applies:
a) the UK has officially confirmed that the country to which the Personal Data is being transferred has an adequate level of protection for the Data Subject's rights and freedoms,
b) appropriate safeguards are in place, such as binding corporate rules or standard contractual clauses approved for use in the UK, or an approved code of conduct or a certification mechanism exists,
c) the Data Subject has provided explicit consent to the proposed transfer after being informed of any potential risks, or
d) the transfer is necessary for one of the other reasons set out in the UK GDPR, such as the performance of a contract between us and the Data Subject; reasons of public interest; to establish, exercise or defend legal claims; to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving consent; or, in some limited cases, for our legitimate interest.
Personal Data must be processed in line with Data Subjects’ rights.
Data Subjects have the following rights, which apply in certain circumstances:
a) The right to be informed about processing of Personal Data.
b) The right of access to their own Personal Data.
c) The right for any inaccuracies to be corrected (rectification).
d) The right to have information deleted (erasure).
e) The right to restrict the processing of Personal Data.
f) The right to portability.
g) The right to object to the processing of their Personal Data.
h) The right to regulate any automated decision-making and profiling of Personal Data.
i) The right to withdraw consent when the only legal basis for processing Personal Data is consent.
j) The right to be notified of a Data Breach that is likely to result in high risk to their rights and freedoms.
k) The right to make a complaint to the Information Commissioner’s Office or other supervisory authority.
If you have any questions or comments concerning personal information we hold about you, please contact firstname.lastname@example.org (please put ‘Personal Data’ in the subject heading’). In order to verify your request we will require 2 forms of identification (e.g driving licence, passport, birth certificate, council tax bill, vehicle registration document). These forms of ID will be reviewed and held on our systems in line with this privacy notice.
We welcome your comments on privacy issues so please do contact us with any queries or suggestions.
You have the right to lodge a complaint in relation to the processing of your personal data with the Information Commissioner’s Office, the public body responsible for information rights. More information can be found on their website at https://ico.org.uk, or you can write to them at:
Information Commissioner's Office
Tel: 0303 123 1113
We reserve the right to update this privacy notice from time to time so please do check it each time you submit any personal data to us.