The ACC Liverpool Group is registered in England at Kings Dock, Liverpool Waterfront, Merseyside, L3 4FP with Company No. 5204033, ICO registration number Z2822606, although you may interact with us via one of our brands, such as
- M&S Bank Arena Liverpool - www.mandsbankarena.com
- Exhibition Centre Liverpool - www.exhibitioncentreliverpool.com
- Ticket Quarter - www.ticketquarter.co.uk
- ACC Liverpool - www.accliverpool.com
The purpose of this privacy notice is to give you an understanding of (amongst other things), the data about you that we may capture, how we’re going to use it, how long we’ll keep it for and most importantly to let you know about your rights regarding its use.
We may collect and process you information when you visit one of our websites or use our apps, purchase products or services from us, use our wi-fi, interact with us via email, the phone or via live chat. Or if you sign-up to one of our mailing lists, take part in a competition and most importantly visit one of our world-class venues.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. You can contact our DPO by emailing us at firstname.lastname@example.org Or you can write to us at Data Protection Officer, The ACC Liverpool Group Kings Dock, Liverpool Waterfront, Merseyside, L3 4FP.
If you are a citizen of the EEA, you can contact our appointed European Representative by emailing email@example.com. If you’d prefer, you can also write to our European Representative at GDS Analytics (EU) Limited, The Black Church, St. Mary’s Place, Dublin 7, Republic of Ireland.
If you’re unhappy with the way that your data has been processed and wish to make a complaint we’d much rather that you talk to us first, so that we can resolve any issues that you may have, alternatively you can speak to the Information Commissioners Office (https://ico.org.uk).
Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for how they process your data.
We collect, use, store and transfer different kinds of personal data about you to enable us to provide you with tickets; to give you information on opening times and travel; to help us monitor and improve the services we provide and, where we are permitted to, to tell you about upcoming events that we think you may like.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Name and contact details – this includes your name, title, billing address, delivery address, email address and telephone numbers.
- Data of birth information
- Payment information – this includes your bank account and/or payment card details.
- Purchase history – this includes details about tickets and services you have purchased from us. It may also include your vehicle details if you have purchased parking.
- Profile information – this includes your username and password and your interests and preferences.
- Linked account information – this includes your social media handles if you link your accounts to us.
- Marketing preferences – this includes your preferences in receiving marketing from us and your communication preferences.
- Survey responses and competition entries
- Customer service history – this includes interactions with us over the phone, via the website or on social media.
- Information about your device and how you use our websites and apps – this includes information you give us when you browse our websites or apps, including your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as how you use our websites and apps.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Unless we have told you otherwise in a specific privacy notice, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). The only exception to this is where you have specific disability needs which we need to be aware of in order to make reasonable adjustments and be able to perform our contract with you and comply with our obligations pursuant to social protection and equality laws (for example, when you make a booking using an Access Card).
You don’t have to give us any of your personal data but, if you don’t, you are unlikely to receive our optimal customer service experience. Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with tickets to an event or parking at our venues).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your name and contact details and payment information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- purchase tickets, parking or other products or services from us;
- create an account on our websites or apps;
- subscribe to our mailing lists or newsletters;
- request marketing to be sent to you;
- take part in a competition, promotion or survey; or
- give us some feedback.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources such as information about your device and how you use our websites and apps from analytics providers such as Google based outside the EU.
Name and contact details, payment information and purchase history from providers of technical, payment and delivery services.
We will use your personal data where we need to perform a contract with you (for example, where you’ve bought tickets or parking), where it is necessary for our legitimate interests, where you have asked us to or where we need to comply with a legal obligation.
You will only receive marketing communications from us if you have requested information from us, purchased products or services from us or told us that we can send them to you. You can tell us that you want to stop receiving marketing communications from us at any time.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Whenever we interact with you we will require your name and contact details so that we can ensure that the records we keep, update and maintain are accurate. This is regardless of whether it’s to perform a contract with you, for our legitimate interests or for us to comply with a legal obligation.
If you’re purchasing tickets from us then we’ll need to process your purchase history, payment information and for age restricted events your date of birth. If you have any health related access requirements then we’ll also collect this ‘special category’ data at this time. As you’re purchasing goods (tickets) from us then the legal basis for this is performance of a contract.
If you’re using our Wi-Fi then we have a legitimate interest in knowing that the service is working effectively and how we can improve the offering in the future.
We believe that we have a legitimate interest in letting you know about similar ACC Group events that you might be interested in, in the future. If you don’t want to receive such marketing messages you can always opt-out.
We will always send you service messages relating to purchases that you have made. Examples of service notifications are if there’s been a traffic incident that could cause a delay or in rare circumstances if an event has been cancelled.
If you’re using our website then we’ll collect information about its use to better understand our customers’ needs so that we can continually improve our offering for all.
We’re committed to protecting your privacy and will never sell your data to a third party. However in order to help deliver our world-class service we work with a number of trusted partners, suppliers and contractors, some of whom by the nature of their service may have access to your data.
Regardless of where in the world those entities are located we ensure that their data protection practices are held to the same high standards as our own.
Here are some examples where me may be required to share your data;
- Companies and trading divisions within the The ACC Liverpool Group, as sometimes different bits of our business are responsible for different activities
- The promoters of the events you purchase tickets for
- Industry associations for the purpose of identifying audience profiles
- The Companies that do things to get your purchases and services to you, such as payment service providers, order packers and delivery companies
- Professional service providers, such as marketing agencies, advertising partners, wi-fi platform providers, IT and system administration providers and website hosts, who help us run our business
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Companies approved by you, such as social media sites (if you choose to log in via your accounts with them)
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Our starting position is always to keep personal data within the UK or European Economic Area (‘EEA’) where the UK GDPR or EU GDPR applies respectively. However, in order to carry out the above purposes, we may use third parties and their facilities outside the EEA. In all such cases we will ensure that appropriate security measures are in place to protect your personal data and a valid legal basis for the transfer applies.
As a default position, we will only retain personal data for any statutory retention period, then a reasonable period (if any) necessary for the above purposes. This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights.
The security of data is very important to our business. In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review. However, we can only be responsible for systems that we control and we would note that the internet itself is not inherently a secure environment.
Under the UK and EU GDPRs, you have the following rights (some of which may be subject to conditions set out in the relevant GDPR):
• to know if we process any personal data about you and, if we do, with certain limitations, to a copy of that personal data,
• to ask us to remove or correct any of that personal data that is inaccurate,
• to object to certain processing,
• to withdraw any consent you may have given us for any processing of your personal data,
• to ask us to restrict processing certain of your personal data,
• to ask us to erase your personal data, and
• to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met.
You have the right, at any time, to object to the processing of your personal data for direct marketing.
If you want to exercise any of your rights, please contact our DPO by emailing us at firstname.lastname@example.org. Or you can write to us at Data Protection Officer, The ACC Liverpool Group Kings Dock, Liverpool Waterfront, Merseyside, L3 4FP.
We will always make our best endeavours to respond to any request within 30 days of receipt and will normally not levy a charge. If we think a request will take longer than 30 days to fulfil or we feel that a charge should be levied we will keep you fully informed.