Privacy Policy for PostStreet Theatre SF
PostStreet Theatre SF (“PostStreet Theatre,” “we,” “us,” or “our”) is committed to respecting and protecting the privacy and data security of our visitors, customers, and partners. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal data when you interact with our website (poststreettheatre-sf.com), any of our digital services, events, or communications. We take your privacy seriously and handle personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
1. Scope of this Privacy Policy and Data Controller Role
This Privacy Policy applies to all personal data that is collected through your use of the website, poststreettheatre-sf.com, and our services, including any associated online features, transactions, customer communications, or other interactions.
PostStreet Theatre SF is the data controller of your personal data, meaning we determine the purposes and means of the processing of your personal information. If you have any concerns concerning your personal data or the practices outlined in this document, please contact us at [email protected].
2. Categories of Personal Data We Collect
We may collect the following categories of personal data, either directly from you, via automated technologies, or through third-party service providers:
a) Usage Data
We collect certain technical data automatically when you access our website, including information such as your IP address, browser type and version, browsing behavior, pages visited, session duration, referring URLs, and your interaction with content and elements on poststreettheatre-sf.com.
b) Account Data
When you create an account, purchase tickets, subscribe to communications, or otherwise provide data via forms, we may collect your full name, billing/shipping address, email address, and phone number.
c) Profile Data
This includes data relating to your preferences, booking history, behavioral trends across our platform, and expressed interests with respect to events, ticket types, or promotions.
d) Communication Data
We collect and retain correspondence you send us via email or through on-site contact forms, including support tickets, inquiries, and your communication history with our team.
e) Technical Data
This comprises details about the device(s) you use to access our site, including operating system, device type, language preferences, screen resolution, and system configurations.
f) Transaction Data
If you make a purchase or reservation via poststreettheatre-sf.com, we collect information about the transaction such as payment method (processed by third-party providers), order details, delivery options, and confirmation data.
g) Preference Data
If you opt-in to marketing or express specific interests, we may retain your consent records, communication preferences, and stated affinity for certain categories of events or performances.
3. Legal Bases for Processing
We process your personal data pursuant to the following legal bases under the GDPR:
– Contractual Necessity: When processing is required to deliver services or products you have requested, such as a ticket order or customer support.
– Legitimate Interests: For the operation, improvement, fraud prevention, and security of our services, ensuring an optimal user experience while respecting your rights.
– Consent: Where explicitly provided, such as receiving marketing communications or accepting analytic cookies.
– Legal Obligation: Where processing is required under applicable laws, such as tax or compliance obligations.
Under the CCPA, we do not “sell” personal data as defined by the statute. We use data for internal business purposes, consistent with your reasonable expectations.
4. Your Rights
As applicable under the GDPR or CCPA, you are entitled to:
– Access: Request details about the data we hold about you.
– Rectification: Request correction of inaccurate or incomplete data.
– Erasure: Request deletion of your personal data (subject to legal or contractual obligations).
– Restriction: Request limitation on our processing where justified.
– Portability: Receive your personal data in a portable format for reuse elsewhere.
– Objection/Opt-out: Object to direct marketing or withdraw consent at any time.
To exercise any of the above rights, please email [email protected]. We will respond in accordance with applicable laws, typically within statutory timeframes.
5. Security Measures
We implement rigorous safeguards to protect your personal data from unauthorized access, disclosure, alteration, or destruction, including:
– Data encryption both in transit and at rest
– Secure access controls with multi-tiered authentication
– Regular data backups to ensure continuity
– Staff training on cybersecurity and data protection
– Routine audits and vulnerability assessments
While no system can be guaranteed entirely secure, we take every reasonable step to minimize risk and secure your information.
6. International Data Transfers
Your data may be stored or processed using infrastructure located outside your jurisdiction, including the United States. Where we transfer data across borders, we do so using mechanisms approved under GDPR, including:
– Standard Contractual Clauses (SCCs)
– U.S.–EU/Swiss Privacy Frameworks for certified providers
– Assessing local laws to ensure adequate protection
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected:
– Usage and Technical Data: 14-24 months for analytics and site optimization
– Account and Communication Data: 5 years after last active interaction
– Transaction Data: 7 years to comply with financial recordkeeping obligations
– Preference and Marketing Data: Until withdrawal of consent, with periodic review
Upon expiration of the retention period, data is securely deleted or anonymized unless legal obligations require further retention.
8. Cookie Policy
We use cookies and similar technologies to operate our website properly, enhance usability, and analyze user activity. Categories of cookies include:
– Essential Cookies: Necessary to provide core functionality, such as securing user sessions or processing ticket orders.
– Functional Cookies: Help remember preferences and improve user experience.
– Analytics Cookies: Collect information about visitor behavior using aggregated and anonymized data (e.g., page views, navigation flows).
– Performance Cookies: Monitor system performance and help improve load times and accessibility.
9. Cookie Management and Compliance
Upon your initial visit to poststreettheatre-sf.com, you will be presented with a cookie consent banner managed in compliance with GDPR and CCPA. You may:
– Manage or withdraw consent at any time by adjusting your cookie preferences through our Cookie Settings interface
– Disable cookies via your browser settings, which may affect functionality
– Request a summary of active cookies and associated purposes by contacting us
We honor Do Not Track (DNT) signals where supported by your browser.
10. Special Protections for Children
We do not knowingly collect personal data from individuals under the age of 13. If we become aware that we have inadvertently gathered personal information from a child under 13 without verifiable parental consent, we will promptly delete such data in accordance with applicable laws.
Parents or guardians who believe we may have collected data from a child may contact us at [email protected] for immediate review and action.
11. Policy Updates
We may revise this Privacy Policy as laws, technologies, or our operations change. All modifications will be published on poststreettheatre-sf.com. Where required by law or where material changes occur, we may also contact you via email or on-site notice to review updated terms.
12. Contact Us
If you have any questions regarding this Privacy Policy or wish to exercise your data protection rights, please contact us at:
Email: [email protected]
Website: poststreettheatre-sf.com
We are committed to complying fully with all applicable data protection laws and ensuring transparency and fairness in how we collect, use, and protect your information. Please do not hesitate to reach out with concerns about your data privacy.