The Edinburgh Festival Fringe website (www.edfringe.com, including, without limitation, tickets.edfringe.com, shop.edfringe.com, registration.edfringe.com and other websites owned or controlled, from time to time) (the "Website") and the Fringe mobile app for iPhone and Android (the "App") are maintained by the Edinburgh Festival Fringe Society, a company limited by guarantee and incorporated in Scotland (No SC 046605, Registered Charity No SC 002995) which sells tickets for the Edinburgh Festival Fringe, and the Festival Fringe Trading Limited, trading as Edinburgh Festival Fringe Shop, incorporated in Scotland (No SC 130813, VAT registration number 171 276 804) which sells goods. Please remember that throughout the terms that follow, when we mention ‘we’, ‘us’, ‘our’, etc, we mean Edinburgh Festival Fringe Society Limited ("EFFS") and/or Festival Fringe Trading Limited ("FFTL") (as applicable). When we refer to ‘you’ we mean the user and/or browser of the Website or App and those persons, organisations or companies registering a show for the Edinburgh Festival Fringe.
Our principal place of business is at 180 High Street, Edinburgh, EH1 1QS. You can email us at [email protected]. The main telephone number for our office is 0131 226 0026.
FFTL is the data controller in respect of the collection of personal information relating to the purchase of goods from the Website, and EFS is the data controller in respect of all other personal information collected including the purchase of tickets. Both can be contacted at the address above.
What information do we collect?
You are not required to provide any personal information in order to access the majority of the content available on the Website or App. We do, however, require you to supply certain personal details when you register with us or make a purchase from the Website or App, in order to process your transaction and/or fulfil your order. This information may include, but is not limited to, details such as your name, address and payment details. We will also collect and process any personal data supplied by you in connection with your use of registration.edfringe.com when registering a show at the Festival Fringe (for further information on this, please see the "How will my data be used when registering for a show?" section of this policy). We may also ask you for information when you enter a competition or promotion sponsored by us] and if you report a problem with the Website. We may also collect information about your computer, the mobile telephone and/or handheld device on which you are using the App or Website, including where available your IP address, operating system and browser type, mobile network information as well as the mobile telephone or handheld device's telephone number, for system administration and to report aggregate information about users' browsing actions and patterns (from which users cannot be identified). In respect of users of the App and mobile website, we may also collect details of your network-based location in order to enable the "Near me now" (and/or any other, similar location services) and map functions which show you which shows are on near your current location. We may also collect other information provided by you at the time of registering to use the App.
Where will we store your information?
When you are purchasing tickets through the App or tickets and/or goods through the Website we will store your personal data (including, for the avoidance of doubt, your payment details) under your account for any future payment made by you in relation to tickets and/or goods. Your payment details will be stored by our payment processing provider in the form of an encrypted token and processed by our payment processing provider only where you purchase tickets and/or goods. You can choose to remove any stored payment details from the App or Website, at any time, by selecting the "Remove Card as a Payment Option" option under your account.
The token containing your payment details remains (in its encrypted format) within our payment processing provider's secure network, in compliance with data protection legislation and any other applicable laws, regulations or standards, until it expires (cancellation or expiration of card) as dictated by the payment processing provider. Your payment details (on the Website or App) are stored as a secure encrypted token within the payment processing system for the purpose of ‘one-click’ payment processing. Payment details stored for the purpose of ‘one-click’ purchasing on our Website or App are processed by staff or suppliers in its encrypted format only and it is not possible for any staff or supplier to revert tokens back to live data. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website or App; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How will we use your information?
The legal basis upon which we rely for using information held about you is primarily for the performance of a contract between us, or in anticipation of entering into a contract with us, e.g. to provide you with products and services that you have asked for. This includes:
- Carrying out our obligations arising from contracts entered into with between you and us; and
- Providing services you rely on from our Website and our App, such as interactive features of our Website or App, when you choose to do so.
- to ensure that content from the Website and App is presented in the most effective manner for you and for your computer, mobile telephone and/or handheld device;
- to provide you with information, products or services that you request from us, such as changes to show information, cancellations and refund services.
- to provide you marketing updates and communications relating to products or services that you request from us or which you feel may interest you (including content and advertising tailored to your interests), but only where you have expressly consented to be contacted for such purposes.
- to notify you about changes to our service that may affect you;
- to allow you to vote in Fringe Society elections (managed by ERS) and, if you have chosen to do so, to allow candidates to canvas directly to you;
- to maintain and keep updated the Website, and the App (including by viewing any personal data held on the Website and/or App in respect of you) and to transfer and process that information for the purpose of organising, co-ordinating, advertising and marketing shows and/or the Edinburgh Festival Fringe. From time to time, we rely on third party suppliers to perform these activities on our behalf.
If you do not provide us with your information, we may not be able to provide services to you. We will let you know about this at the appropriate time.
We have an annual programme of research to help us understand our audiences and your experience of attending the Fringe. This includes (but is not limited to) an online survey. All bookers will be invited to participate in the research but are under no obligation to take part. Full details of the processes are provided when you are invited to participate. All research is carried out according to Market Research Society guidelines.
We will also collect and analyse aggregate data on purchases, buying patterns and audience trends to inform research and service design.
Will we disclose the information we collect to outside parties?
We will not sell, trade or rent your personal information to others unless you have given us your permission. With your permission we will only share the information with carefully chosen, reputable and trustworthy third parties. We may provide aggregate statistics about our customers, sales, traffic patterns and related Website information to reputable third-party vendors, but these statistics will include no personally identifying information. We may disclose your personal information to third parties:
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if EFFS or FFTL or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
- in order to enforce or apply our Terms and Conditions and other agreements; or
- to protect the rights, property or safety of us, our members or others.
This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. In the instance of stored payment details, we will send your data to our payment processing provider for encryption. The encrypted token is stored within our payment processing provider's secure network in compliance with data protection legislation and any other applicable laws, regulations or standards. When a payment request is made against this encrypted token we will send a request for confirmation of payment to the payment processing provider for the purposes of fraud protection and credit risk reduction. The encrypted token will be processed only where you purchase tickets and/or goods. Where you are a foreign national we may provide the UK Border Agency with confirmation of your nationality, passport/identity card numbers and other personal information relating to you that has been collected or processed when registering for a show.
Where your details are stored on the system and you are linked to a particular organisation, venue or show, the administrators of that organisation, venue or show may be able to see your name and contact details. In addition, except where you have opted for your profile to be private (which you can do during the registration process (or at any other time by going to the edit profile page) by answering the following question in the affirmative 'Click here if you would like to opt out of appearing in the contact searches?'), all other users of the system will be able to:
- see your first name, last name and job title and to send you an invite via the system to become associated with, or accept a particular role within, an organisation, venue or show (for example, to become an administrator for a particular show); and
- access any contact details held about you on the system for the purpose of auto-populating the following fields:
- Organisation primary contact
- Venue Manager
- Venue Secondary ContactVenue OwnerVenue Media and Marketing Contact
- Venue Box Office Contact
- Venue Access Contact
- Show Primary Show Contact
- Show Secondary Show Contact
- Show Media Contact Details
- Show Secondary Media Contact
- Show Touring & Development Contact Details
If your name and contact details have been identified as a contact associated with a venue, these may be displayed on the Website. If you have been identified as a contact for a particular show, your name and contact details may be used in show and venue proofs. We may ask you to give your permission to pass on the contact details for your nominated media and arts personnel provided by you to accredited media and arts industry professionals. You may withdraw your consent to our use of your data in this way at any time by emailing [email protected].
Where you submit bank account details via the Website these will be encrypted and will only be visible by us, our third party provider of payment processing, or by any individual who you have granted 'Organisation Administrator'. We will use such details only for the purposes of paying you any box office takings or other sums due by us to you and we will not pass these details to any third parties.
What happens when I opt-in to the Fringe mailing list?
By subscribing for Fringe updates, you agree to receive from us (but only us) emails detailing news, special offers, announcements and competitions. You can unsubscribe from this service easily, and at any time, by using the link provided at the bottom of the email you are sent.
How long will my data be held for?
We will retain your data for as long as we have a relationship with you, e.g. for supplying services to you, or otherwise providing you with information about services you request. Full details of the uses of data are set out above at “How will we use your information?” We may also need to retain your information beyond the term of our relationship for legal reasons, specifically to evidence the relationship between us. We will delete information when we no longer require to evidence our relationship. If you would like specific information about you deleted or removed, please refer to “Your rights” below.
You have a number of information rights that are provided for by data protection laws. These rights include:
- the right to access personal data which you have submitted through the Website which is stored by us, and otherwise held about you.
- the right to have inaccurate data about you rectified. This includes the right to provide us with supplementary data where we may hold information that is incomplete.
- the right to have data erased. This right has some exceptions, such as where we need the data for legal reasons.
- the right to restrict processing of data, e.g. where data held is inaccurate.
- the right to have your data transmitted to a third party in limited circumstances – known as the right of data portability
- the right to object to how we process your data which includes in the case of direct marketing, the right to object to marketing from us.
- The right to not be subject to any automated decision making including profiling.
You can also exercise any of these rights at any time by contacting us at [email protected] and we will process such requests in accordance with applicable data protection laws within one month from receipt of request. We will contact you as appropriate, to explain how we have complied with your request.
The Data Protection Act 1998 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of up to £10 to meet our costs in providing you with details of the information we hold about you. For the purpose of the Data Protection Act 1998, FFTL is the data controller in respect of the collection of data relating to the purchase of goods from the Website, and EFFS is the data controller in respect of all other data collected. Both can be contacted at the address above.
Cookie Usage Policy
What are cookies?
A cookie is a small amount of data sent to your computer, mobile phone or handheld device from a website. This means the website can recognise your device (your computer, mobile phone or handheld device) if you return to the same site.
A cookie often includes a unique identifier, which is a randomly generated number. This is stored on your device's hard drive (cache). Many cookies are automatically deleted after you finish using a website.
Cookies are not programs and do not collect information from your device.
Cookies make your experience of using websites faster and easier. They allow websites to create a customised view of pages to which you navigate. For example, they are commonly used to authenticate or identify registered users of a website without requiring them to sign in each time they access it. Other uses include maintaining a ‘shopping basket’ of goods a user has chosen to purchase, site personalisation (presenting different pages to different users) and tracking the pages a user has visited on a site for analysis purposes.
Cookies may come with or without an expiry date. Cookies without an expiry date exist until the browser is closed, while cookies with an expiry date may be stored by the device until the expiry date passes.
You can restrict or block cookies set by the Website but this may limit your use of some functionality.
We use third-party suppliers who also set cookies on our behalf to deliver the services that they are providing or to record usage.
What are cookies used for?
Cookies can be put into one of the following categories: strictly necessary, analytics, functionality and advertising cookies. Below provides more information about each category.
Essential Cookies – These cookies are essential to make our website work. They enable you to move around the site and use its features. Necessary services, like the ability to access secure areas which cannot be provided without these cookies. For example, keeping you logged in during your visit. Without these cookies the site might forget you and you’d have to constantly log back in. When you buy tickets, cookies make sure they’re still in your shopping basket when you get to the checkout.
Analytic Cookies – These cookies collect information about how people use our site, such as which pages are most frequently visited, and how people are moving from one link to another. Information collected on our open site are grouped together with information from other people’s use of our site on an aggregated basis. If you have logged into the client portal, we may associate information from the cookies with your account. Overall, these cookies provide us with analytical information about how our site is performing and how we can improve it.
Functionality Cookies – These cookies allow us to remember choices you make and tailor our site to provide enhanced features and content to you. For example, these cookies can be used to remember your user name (but not your password), they can also be used to remember changes you’ve made to text size, font and other parts of pages that you can customize.
Advertising and Marketing Cookies – These cookies are used to deliver marketing and advertising messages that are tailored to you based on what you have browsed, purchased or shown interest in. We use these cookies in conjunction with third party organisations who provide tools that enable us to group you with other users to target these messages and adverts. For example, when you browse our websites or app, add tickets to your basket or make a purchase you may subsequently see adverts or messages for these or similar. This could include a advert on Facebook or search results in Google. All third parties we work with conform to online behavioural advertising (OBA) industry standards to ensure you are not personally identified and you have the options to opt out in the future.
How to manage your cookies
Most browsers will enable you to manage your cookies preference e.g. have the browser notify you when you receive a new cookie or use it to disable cookies altogether. If you decide to disable or delete these altogether some sites wont work as well as they rely on cookies to provide you with the service, you have requested.
Changing Browser settings
You can change your browser settings to limit which cookies can be set. These settings are usually found in the ‘options’ or ‘preferences’ menu for your browser.
Further information can be found here, or in the ‘Help’ menu of your browser.
Cookies used on the Website
The following are cookies you may come across on this Website.
- Domain: google.com
- Purpose: The site uses Google cookies to record information about which pages you have landed on and how you have navigated through the site. This data enables us to understand:
- which pages people visit on the site
- which internet browsers are being used
- what content is popular
- which interactive tools are used
- For more information visit Google Privacy Center: transparency and choice.
- Google Display Network
- Domain: support.google.com/google-ads
- Purpose: The site manages online advertising
- Visual DNA
- Domain: visualdna.com
- Purpose: audience research and customer profiles
- Domain: openx.com
- Purpose: used to track banner click activity for analytical purposes
- Domain: edfringe.com
- Purpose: Identifies if the user has accepted the cookie notification banner.
- Domain: edfringe.com
- Purpose: Stores the user's last search details.
- Domain: edfringe.com
- Purpose: Processes redirecting secure payments in the Chrome browser
- Facebook (third party)
- Domain: facebook.com
Cookies used on registration.edfringe.com
The following are cookies you may come across on this Website.
- Domain: asp.net
- Purpose: to store and retrieve values for a user, server retains no knowledge of previous requests.
- Domain: .ASPXAUTH
- Purpose: - Determines if user is authenticated on login
- Domain: _ga
- Purpose: Distinguishes users for analytic purposes
- Domain: _gid
- Purpose: Distinguishes users for analytic purposes
- Domain: _gat
- Purpose: Limits requests from GA to EDFW to maintain performance