Privacy

This privacy policy was last updated on 11th October 2019.

Dolly Power Ltd (trading as Buttoned Down Disco / Antics) is committed to protecting your personal data. The purpose of this privacy policy is to explain how we will use any personal data we collect about you, the rights you have over any personal data we hold about you, and to tell you about the policies and procedures that we have in place to respect your privacy and keep your personal data secure. You can visit most pages on our site without giving us any information about yourself. But sometimes we do need information to provide services that you request this includes the placing of cookies.

Correcting, updating or removing your personal information

If your personal information is incorrect, changes or if you no longer wish to receive information from us, we will correct, update or remove your information as swiftly as possible. This can be done by contacting us at .

Changes to our privacy policy

We reserve the right to change our privacy policy from time to time. Any such changes will be posted on this page so that we can keep you informed about how we process your personal data. We recommend that you consult this page frequently so that you are aware of our latest privacy policy and can update your preferences if necessary. Your continued use of our services shall constitute your acceptance of any revised privacy policy.


GDPR updates

Our compliance with the Data Protection Act (DPA) will remain valid under the GDPR. We have responded to the steps from the Information Commissioner’s Office (ICO) to ensure we will comply with the new changes.

Information we hold

We receive information from our ticketing outlets which we passed and hold securely with our email marketing provider.

We hold the following personal data fields;

  • First name
  • Last name
  • Birthday
  • Mobile
  • Address
  • Interests
  • Gender
  • Activity
  • Source

Communicating privacy information

We keep this document up-to-date and date stamp it at the top.

Individuals’ rights

We ensure we can cover your individuals’ rights;

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right to to be subject to automated decision-making including profiling.

If requested, we can provide your personal data in a structured commonly used and machine readable form and provide this information free of charge.

Subject access requests

In respond to a subject access request;

  • We will not charge for complying with a request.
  • We will respond by email.
  • We comply within a month.

Contact us at if you wish to make a subject access request.

Lawful basis for processing personal data

We have identified the following lawful basis;

  • Consent
    • You opt-in via our websites and will receive email marketing
    • You opt-in via in person and will receive email marketing
  • Contract
    • You purchase a ticket and will receive email ticket information
    • You purchase a ticket that included membership and will receive email membership
  • Legitimate interests
    • You purchase a ticket that did not specify consent or membership and will receive email marketing*

*Legitimate interests assessment (LIA)
Where we have received data from ticketing outlets without any consent or contract membership information, we will use data in a way that you would reasonably expect. We ensure the email marketing you receive will be relevant and specific to the ticket type you purchased. You can unsubscribe from email marketing at any time using the unsubscribe link.

Consent

We understand consent must be freely given, specific, informed and unambiguous. There are no pre-ticked boxes on our web forms. Where we are processing your personal data based on your consent, you may change your mind and withdraw your consent at any time.

You can withdraw your consent and unsubscribe from email marketing at any time using the unsubscribe link.

Data breaches

We understand the GDPR introduces a duty on all organisations to report certain types of data breach to the ICO, and in some cases, to individuals.

Data Protection Officers

Christian Laing will take responsibility for data protection compliance.