Everyman Privacy Notice - Last updated 08 June 2022
This privacy notice explains how we, Everyman Media Group plc of 2 Downshire Hill, London, NW3 1NR and our group companies, process your personal data when you use our online services, visit our venues or otherwise engage with us.
If you wish to contact us about your data protection rights or if you do not understand anything explained in this notice, please email talk@everymangroup.com .
If you are under 13 years old, you must not access our services without your parent or guardian. If you are older, you should speak to them or to us if you do not understand anything explained in this notice.
1. Who does this privacy notice apply to?
This notice applies to:
This notice applies to you if you act in your personal capacity, for example, if you visit our cinemas for leisure, or if you act in your professional capacity as an employee or agent of an organisation
2. What types of information do we process?
Generally, “personal data” means any information that identifies you or relates to you.
This will include your name, membership number and other membership information, payment details, the details of your query and other information that is obviously about you. However, it will also include technical data, such as the IP address of your device. Based on your visits, we may infer information about what type of movies you like the most and what are your interests. Please see the categories of personal data which we process about you at the end of this notice.
You can exercise your rights in relation to all such personal data about you.
3. Data accuracy
We will rely on the personal data provided by you as accurate, complete and up to date. We would kindly ask that you keep us informed of any changes.
4. Why do we process your personal data?
The section below explains what personal data is necessary for each purpose. We keep our processes and data collection under review and will update this notice should any personal data no longer be necessary for the given purpose.
The lawful basis column explains how we comply with a technical legal justification for data processing under data protection laws. Please contact us if you have any questions.
Purpose & description | Personal data | Lawful basis for processing |
---|---|---|
To assist with your queries. For example, we may respond to your queries about membership. |
| Necessary for our legitimate interest in responding to queries or, as the case may be, necessary for the performance of our contract with you. |
To provide our online services to you,such as our website, app and content. For example, when you visit our website, your browser will provide your IP address, browser type and other technical information to enable us displaying our content in a compatible manner. |
| Necessary for our legitimate interest in providing our online services to the public and to our customers. |
To maintain your user account and provide benefits if you join our membership. To do this, we rely on cookies and similar technologies to remember your booking and account activity. Please see our cookies notice. For example, we will email you your membership details and benefits. |
| Necessary for the performance of our contract with you. We rely on your consent to deploy cookies and similar technologies except where necessary for essential services. |
To sell you tickets, merchandise, food, drink and other stuff. For example, we will collect your payment card information if you buy something at our venue and your contact and billing details if you buy online. |
| Necessary for the performance of our contract with you. |
To facilitate your accessibility requirements, allergy advice or other special needs. For example, if you attend a catered event, you may let us know about your food allergies. |
| Necessary for our legitimate interest in attending to the needs of our customers and guests and accommodating your underlying health conditions for legal reasons. |
To let our venue for an event. For example, if wish to hire one of our venues, we might ask about the nature of the event. |
| Necessary for our legal compliance with licensing conditions and, as the case may be, necessary for our legitimate interest in administering our business. |
To send you our newsletter if you sign up or if you are our existing customer. |
| We rely on your consent if you sign up or on soft opt-in (presumed consent) if you are our existing customer. You can unsubscribe at any time. |
To assess your job application and for business administration purposes. For example, if you apply to a job, we will review your CV, publicly available information about you, information from your previous employers, membership bodies, professional references, criminal and credit check and other information. |
| Necessary for our legitimate interest in responding to you query and, as the case may be, necessary for taking steps prior to entering into a contract. |
To understand our audiences and customer profiles for marketing, advertising, service development, research and business administration, as described below. We create user profiles from user activity such as add to basket, page view, etc., transaction data, research data such as survey replies, data about your interaction with our marketing such as email open rates, data from Wi-Fi at our venues, data collected through cookies and similar scripts (please see our cookies notice) and data observed or inferred using our analytics tools. |
| Necessary for our legitimate interest in understanding our typical customer profiles for marketing, advertising, service development, research and business administration. |
To develop our services based on our anonymised audience data, Google Analytics reports and similar tools. For example, we deploy a tool which shows where your mouse travels on our website to measure the popularity of our content and features. Analytics tools help us understand your country, age group, pages visited before and after and other statistical demographic information about our users including yourself. |
| Necessary for our legitimate interest in understanding the demographics of our users and customers, keeping our services relevant and in product development. We rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. |
To display relevant advertisements on websites, apps, social media and other inventory and send you relevant marketing communications by email, text, push, post or other channels. We rely on your customer profile data to understand your interests and preferences known, observed and inferred to design marketing and advertising campaigns that are relevant to you (also known as “profiling”, “personalisation” and “predictive analytics”), use an ID such as your hashed or masked email address to identify you within third party datasets and allocate your profile to relevant audience segments (also known as “matching”, “data enrichment”, “targeting”) or matching you against our typical customer profile (creating "lookalike audiences"), and optimising campaign performance by measuring conversion events linked to your advertising ID. |
| We rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. Some of our marketing and advertising activities are necessary for our legitimate interest in understanding your interests from the information available to us, information observed or inferred and third party information, in promoting our business and understanding campaign metrics. |
To manage our professional relationship with you using our record management systems and engagement tools, contacting you by phone and sending you marketing communications. |
| Necessary for our legitimate interest in understanding and maintaining our business relationships and administering our business. You have the right to unsubscribe from marketing at any time. |
To send you service communications about matters relevant to your use of our services and your engagement with us, such as surveys, changes in our terms, health & safety announcements, etc. |
| Service communications are necessary for the performance of our contract with you or, as the case may be, necessary for our legitimate interest in satisfying your requests, facilitating our services and organising related activities. |
To ensure proper administration of our organisation, including to:
|
| Necessary for our legitimate interest in the proper administration of our organisation, dispute resolution, ensuring technical operation of our services and debt collection and necessary for compliance with a legal obligation to which we are subject. |
To engage our third party service providers who may process your personal data on our behalf to facilitate the provision of our services and the fulfilment of essential service functions which we cannot fulfil ourselves, such as web hosting, cloud storage, IT, analytics, payments, plugins, communications, accounting, security, CCTV and others as well as our advisors such as lawyers, accountants, insurers and others. |
| Some activities are necessary for the performance of our contract with you, others are necessary for our legitimate interest in ensuring the proper operation of our services. |
To share information with our affiliated companies. |
| Necessary for our legitimate interest in using our group’s resources to organise, develop and deliver our services, run our organisation and decide on future strategies. |
To ensure the safety of people, security of our premises, the security of our systems and online services. For example, we may monitor our networks, website, systems and venues for suspicious activities, test and audit our systems and deploy appropriate security measures. |
| Necessary for our legitimate interest in ensuring the security of our organisation, people and services and necessary for compliance with a legal obligation to which we are subject. |
To monitor interactions and operations for fraud prevention and crime detection purposes. |
| Necessary for our legitimate interest in detecting and preventing fraud and illegal conduct and necessary for compliance with a legal obligation to which we are subject. |
To share data with another organisation in accordance with the law for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation or similar event relating to our organisation. |
| Necessary for our legitimate interest in acting in the best interest of our shareholders and investors and complying with our legal obligations. |
To process information as is required for our compliance with the law or to establish, exercise or defend legal claims. To process and share information with other third parties where required by law, such as regulators, law enforcement agencies or where mandatory under a court order. |
| Where processing or sharing your data is necessary for compliance with a legal obligation to which we are subject, to establish, exercise or defend legal claims, or, where necessary and proportionate, in order to satisfy our legitimate interest in complying with best practice or applicable laws. |
We will update you about any new purposes of processing of your personal data from time to time, and we will obtain your prior consent for such new purposes where we are required to do so at law.
5. Who else gets to see your data?
The activities set out above necessitate that we share your personal data with third parties, including with (i) our third parties that provide services or advice to us, (ii) our marketing and analytics partners deploying cookies and similar technologies in our services, such as Google Ireland Limited or Meta Platforms Ireland Limited, (iii) our affiliated companies, (iv) persons or authorities where we are compelled by law or responsible practices or for legal claims, (v) to the relevant entity in case of a merger, acquisition or collaboration, and (viii) other third parties where you have requested such sharing or provided your consent.
6. Third parties may process your personal data
Our services may contain links to other websites, third party services, such as Twitter, Facebook, Instagram and plugins. You should check the privacy statements of these third party providers before you use them as we are not responsible for how they may process your personal data.
7. How long is your personal data kept?
We will keep your personal data for as long as is necessary for the purposes listed above or longer, as may be required by law or for legal claims. You may contact us for further details or request deletion of your personal data at any time.
We will generally keep your personal data for 3 years after your last interaction with us, i.e. buying a ticket, opening an email, contacting us or visiting our website. However, in practice the retention period will likely be shorter if the information is no longer needed or longer if required for our lawful purposes. The table below sets out retention periods for specific categories of personal data.
Category of personal data | Retention period |
---|---|
account details, general details | 3 years after closure/last interaction |
photographic identification | for the duration of the particular customer's membership period |
CCTV data | 31 days from capture |
details of your query | 6 months from resolution |
device and browser details, engagement information, preferences and interests, third party data, usage data, Wi-Fi data | 2 years from collection |
professional opportunity records | 6 years from collection |
payment details | Processed by our payment provider. Direct debit details will be kept for the duration of your membership. |
special categories data | Generally, not retained or only kept for the duration of the relevant event. |
After the retention period, your personal data will either be securely deleted or anonymised, and it may be used for analytical purposes.
8. How do we secure your personal data?
We maintain appropriate organisational and technological safeguards to help protect against unauthorised use, access to or accidental loss, alteration or destruction of the personal data we hold. We also seek to ensure our third-party service providers do the same.
We will endeavour to use the least amount of personal data as is required for each purpose. We will employ pseudonymisation and anonymisation techniques, where appropriate.
Our staff will access your personal data on a “need to know” basis.
9. Where is your personal data processed?
Generally, your personal data is held in the UK.
However, we may transfer your personal data to our suppliers, business partners and other third parties in countries different to your country of residence.
Each of our recipients is subject to appropriate safeguards such as due diligence and the standard contractual clauses for international transfers of personal data.
10. Opt-out
If you would like us to stop sending you marketing communications and to process your personal data for direct marketing purposes, please contact us.
You can request to stop receiving our marketing communications at any time by clicking on the unsubscribe link at the bottom of each marketing message.
11. Your data protection rights
Subject to certain exemptions, limitations and appropriate proof of identity, you will generally have the following rights in relation to your personal data:
All requests will be processed without delay and in a timely manner and no later than within one month. If we cannot process your request within this period, we shall explain why and process it as soon as possible thereafter.
Categories of Personal Data
Category of personal data | Description |
---|---|
account details | Username, password, membership details and similar information. |
CCTV data | Image data recorded by our CCTV. |
details of your query | Information in your query, complaint, job application or other communication. |
device and browser details | Information automatically provided by your device and browser including mobile device ID, internet protocol (IP) address, cookie ID, online identifiers, operating system, browser type, time zone setting, location and date and time of access. |
engagement information | Information about your engagement with our emails and other communications or with our content on the Internet including open rates, click rates, view rates, active time spent and similar information. |
general details | Your name, date of birth, address, email, role, employer details, telephone number, email address and similar information. |
professional opportunity records | Your personal and professional details as business customer and other opportunity records for business development purposes. |
payment details | Payment card, account details and similar information. |
preferences and interests | Information about your preferences and interests known, observed or inferred from various sources. |
special categories data | Information about your health conditions, vaccination status or similar information. |
third party data | Information provided by third parties about your interaction with our posts and content and ‘likes’ on social media platforms, such as Twitter, Facebook or Instagram, profile information, preferences and interests received from our advertising and analytics partners, references from your employer, referees, membership organisations and other third parties. |
usage data | Information about how you navigate and engage with our online services, features, if you download materials, information in security logs, online activity data such as clickstream data with URLs visited previously, page interaction information (such as scrolling, clicks, and mouse-overs), your preferences (including country and language), and methods used to browse away from our website. |
Wi-Fi data | Information collected when you use Wi-Fi at our venues such as your login and general details (optional), social interests (via Facebook), time spent in venue, how many times you connect and similar information. |
photographic identification | Information in the form of an up-to-date picture of a member provided pursuant to their membership application process, and which is retained by Everyman in a secure server for the purpose of being able to identify a particular member in order for Everyman to be able to provide membership benefits. |
12. Updates
If we make any changes to our notice, you will be able to see them on this page. You should regularly check for updates, as indicated by the “Last updated” date at the top.
If you do not agree with the changes, please do not continue to use our website or services. Of course, if any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.