Privacy Policy

  1. Introduction

    This Privacy Policy is designed to help you understand what information we collect, how we use it, and what choices you have.

    Who We Are

    When we talk about ";we,"; ";our,"; or ";us"; in this policy, we are referring to LNO Ltd, and our brands including TheatreBoxOffice.org, TheatreTickets.net, LocalNightsOut.com, TheatreVouchers.net and any other websites we operate.

    LNO Ltd acts as an agent for Encore Tickets Ltd. Encore Tickets, the UK’s largest independent ticket company, sells tickets to their affiliates for a huge range of West End theatre, off West End, fringe and touring shows, attractions, exhibitions, river cruises, concerts and events.

    We are a data Controller for the purposes of the General Data Protection Regulation (GDPR), and other data protection laws applicable in the United Kingdom and Member states of the European Union. Our registered address is –

    LNO Ltd
    10-12 Barnes High Street
    Barnes
    London SW13 9LW
    Phone: 00442084329810
    Email: GDPR@LNOLtd.com

    Our Partner

    Encore Tickets Ltd is the company we work very closely with, and who will always process transactions for the purpose of our customers purchasing tickets for any events. Encore Tickets Ltd will collect additional data separate to the data we collect. As such, under the GDPR rules they are Joint Controllers of our customer data. We have a separate contract with Encore Tickets Ltd to cover this situation under GDPR rules for joint control of subject data. We would advise that you also look at their Privacy Policy, which you will find here: Encore Tickets Ltd Privacy Policy

    Why we need personal data

    Generally, we collect personal information about you when you make a ticket purchase from us, during email or phone calls, if you create an account with us, make box office purchases operated or administered by us, and when you use our websites or social media channels.

    In general, LNO Ltd use this information to provide tickets to you, to maintain and improve our services, and to provide information on our products and services. We need your basic personal data in order to provide you with these services in line with this overall privacy policy. We will not collect any personal data from you that we do not need in order to provide the services described in this Privacy Policy.

    The personal data we collect from you when you make a booking, will usually be required to be passed on to the venue, together with your booking reference, in order to facilitate your access to that venue and to allow our venue partners to verify that purchasers are genuine, to avoid ticket touting, and for fraud checking purposes. Such purposes are in our, and the venue’;s legitimate interests.

    Our venues are also joint ";Controllers"; with regard to your personal data. For more information on how they handle your data please consult their privacy policy. If the venue is based outside the EU this may involve an international transfer of your personal data in order for us to deliver the contract you have made. For more information on who we share personal data with, please see the Data Sharing section below.

    How we collect data:

    Directly. Most of the personal data we hold about you is collected directly, for example when you make a purchase from the website, when you subscribe to receive marketing, or when you contact our customer services team. We might also collect your personal data if you create an account with us, enter a competition or free prize draw, register for a promotion, post a comment on our website, ask us a question, email us or otherwise interact with our staff and call centres.

    Indirectly. We may also collect some anonymous data indirectly through your use of our websites and email. We use cookies and other technologies such as pixel tags on our websites and in our emails to collect information about your usage, and to better target our advertising to you. For more information on how we provide our marketing services please see the Marketing section below. To learn more about how cookies work, please see our Cookies Policy.

    From Third Parties. We may also collect personal data from publicly available sources. For example, if you choose to use an integrated social media feature on our website, this third party will give us certain information about you, which could include your name and email address. Further information about the third parties from whom we obtain information is available below in the Data Sharing section.

    Your Rights

    You have significant rights regarding your personal data. For more information please see the Rights section below.

  2. Data Security

    We take the security of your personal information very seriously. All web transactions made with our partner Encore Tickets use 128-bit Secure Socket Layer (SSL) encryption which encrypts all your personal information, including your credit card number, name, and address, so that it cannot be read if intercepted by a malicious third party.

    Card transactions made on our partner white-label sites are processed by their payment partners Verifone, and Encore do not process such card payments directly, nor will we have any access to any of your card details. Payment information is stored only in a tokenised form on Encore’s systems. Encore are PCI DSS compliant and do not process card details by email - please do not send your card details for payment in this way.

  3. Children

    Our sites and services are meant for adults. We will never knowingly collect personal information from children. If you are a parent or legal guardian and believe your child has given us personal information, please contact us.

  4. What data we process

    LNO collect and process various categories of personal data, each of which are detailed below. This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy.

    LNO process personal data relating to the following categories of data subject:

    • Customers
    • B2B Contacts and Supplier Contacts

    For more information on what data we process if you are a customer, business contact, or other contact, please see the section on Data Subjects below.

    As a customer, we, or our partner Encore, may process the following categories of information about you:

    • Your name and contact details, including your postal address and country of residence for billing and delivery, your preferred language, telephone numbers (including mobile numbers), and e-mail address;
    • The name and postal address belonging to the recipient of any ticket or gift voucher redeemed, if it differs from yourself as the customer;
    • Your approximate location, separate to your full address held in your booking record, if you have subscribed to receive marketing from us. We will use your approximate location (such as the city you live in, or the outward code of your postcode) so that we can tailor offers and products that are relevant to where you live;
    • Your billing and payment information, such as your credit card information and payment or bank details, in connection with the fulfilment of your ticket order;
    • Your contractual details, such as your purchase and order record, including booking details for shows purchased, ticket quantities and cost;
    • Information you submit online, such as information you have posted on our website or on third-party software and social media to which we have access (including reviews you post or surveys you complete). When you post information online, you must not infringe the rights of others (including privacy rights) and you should be aware that others may use, tag and/or re-publish your information in ways that you might not expect (including in ways that are unlawful). You understand that we and others (including our partners) may use and re-publish any data you post online publicly, on our website or when using apps or social media tools;
    • Your online web usage and browsing information, obtained through website cookies, such as which browser and device you’re using, and your IP address (a number that identifies a specific network device on the internet and is required for your device to communicate online). We might look at what site you came from, what you did and didn’t use our site for, or what site you visit when you leave us. Typically we cannot tie this information to any individual and use it only to improve the web services we offer. For more information on this please have a look at our Cookie Policy.
    • Your correspondence and communications, including any customer service queries you may have made, or any service emails we may have sent you;
    • Your communication and marketing preferences;
    • Your interests, preferences, feedback and survey responses, such as which events you like or products you usually buy or enquire about (for example, as part of a survey, or which emails you are more likely to be interested in). We may also hold information on interests and demographic categories inferred from your interactions with us in order to provide you a better service and to provide you with more focused information. For example, if you buy tickets to a certain show and lots of people who went to that show also bought tickets for a different concert, we might send you information about that concert. If you click on certain emails but not others, we will keep a record so that we can tailor our marketing to your interests. For more information on what data we process to provide marketing services, please see the Marketing section below; and
    • Other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page), or if you have interacted with us via a box office, by phone or other social media.

  5. How we use your Data

    LNO (and trusted partners acting on our behalf) use our customers’ personal data for the following purposes:

    • To provide you with products and services. For example, if you have requested postal delivery we will use the address provided to send your tickets. We may include your name on any tickets, forms, vouchers, or e-tickets you purchase from us. If you give us another person’s information, we will use that data to provide the services you request from us. Before you give us another person’s information, you must make sure that you have their permission to share that information with us. We will share a minimum amount of personal data with our venue partner to allow you access to the venue, and to allow verification that purchasers are genuine, to avoid ticket touting, and for fraud checking purposes. We may also process your information to allow for a compensation payment or refund, if required. This information will normally only be held for six years.
    • To send you service communications in connection with your transaction and the events you attend and provide customer services in relation to your purchase. For example, we may use your information to confirm your registration for an event, or the purchase of a ticket, such as with a confirmation email. If one of our partners are involved in providing the services, they may process your personal information to send the confirmation email, or to provide customer service such as cancellation or amendments. We may contact you about your account or a ticket purchase if there is a particular problem, such as a show cancellation, or if a venue changes name or location. We may keep a record of this contact, along with your personal data, for up to one year to ensure we have a record of who has been contacted and when. We might also ask if you would like to review an event you attended, or otherwise manage our customer service interactions with you, such as alerting you to any changes in this Policy or any of our other policies or terms and conditions. If you purchased a voucher that is about to expire, we may try and contact you so you can use this voucher before it expires. If you have a query, complaint or dispute, we will use your personal data to resolve any issue that might arise.
    • To allow you to exercise your rights under the Data Protection Legislation. If you submit a rights request, we will use your personal data to deal with this request, including the verification of your identity.
    • To verify your identity, to prevent or detect unlawful behaviour, or to protect or enforce legal rights. For example, we may process your information to prevent identity theft, ticket touting or fraud (including credit card fraud, to ensure your security has not been compromised), and other crimes. We will ask information to verify your identity, to ensure that we do not breach your privacy by disclosing your personal data to another party.
    • For security purposes. We may use your information to protect your security, as well as the security of our company, employees, our customers, third parties and/or our/their property (including any events you may attend and our websites, networks and systems), as permitted by law. We will protect the integrity of your personal data, and the integrity of our business by backing up your data, and by securely destroying that data when we no longer need it.
    • To identify trends and interests and be able to provide tailored services such as web content and online advertising. We use your information to get to know what our customer’s preferences might be, so we can improve our offering to you and so that your experience with us is more relevant and personal. We may work with other companies using cookie data to show you advertisements we think you may find relevant and useful. This may include advertisements displayed on our own websites, or advertisements from us displayed on other websites or in the content of our emails. The advertisements you see may be based on information collected by us, or by third parties and may be based on your activities on our websites or on third party sites. This is often called ’online or third party behavioural advertising’ – please see our Cookies Policy for more information about the choices you have when using cookies. If you sign up to receive email marketing, we will process data such as which emails you open, to allow us to build an idea of what topics may be of interest, so that we can send you more relevant information regarding our products and services.
    • To monitor, maintain, improve and develop our products, services, and websites. We analyse your information to improve our understanding of you and our customer base in general. We do this so that we can make better decisions about our services, advertising, products and content, based on a more informed picture of how our customers use our current services, and to provide you with a more customised experience. We conduct staff training that may involve access to systems containing personal data. We may also occasionally allow third party software developers and engineers to access systems that contain your personal data, in order to fix any software problems and develop solutions. We will only allow such access under strict security conditions and data protection obligations. Such activity allows us to improve our existing products and services, develop new products and services, and enable better service delivery.
    • Promoting, marketing and advertising our products and services, if you have requested it. Where you’ve agreed, you may be contacted by us by email with information regarding our offers, upcoming events, products or services.
    • For administrational and record keeping purposes, including internal reports and sales analysis, accounting, transactional and VAT records, and auditing requirements. If one of our partners are involved in the ticketing provision process, such as taking payment or providing inventory, we may provide a report to this partner which involves a minimal amount of personal information if it is necessary under the GDPR for our legitimate interests, such as for cross-referencing and accounting purposes. LNO will only hold such information for as long as our legal obligations require, typically a maximum of six years.
    • Complying with our legal and regulatory obligations, or as otherwise required or permitted by law. In limited circumstances, we may also use your information for other purposes where required or permitted by law, such as where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute). In some cases, in order to protect LNO, our employees and customers, we may use personal data when taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to LNO, and to effectively handle any legal claims or regulatory enforcement actions taken against LNO.

  6. Data Sharing

    In order to make certain services available to you, we may need to share your personal data with some of our service partners. LNO only allow our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We will never sell or rent our customer data to other organisations for marketing purposes.

    LNO may share personal data with the following categories of recipient:

    Third Parties. We also use web analytics services from some Third Parties to track how visitors reach our site and the path they take through it, so that we can tailor the content of our site to fit the needs of our site’s visitors. Such information is provided anonymously and used statistically with the purpose of improving our site.

    With our Service Providers and Suppliers. In order to make certain services available to you, we may need to share your personal data with some of our service partners. LNO only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls, or have put a written agreement in place protecting your information, including necessary safeguards for the international transfer of personal data.

    Your Personal data may be processed by our IT Service Providers in line with the purposes outlined above. Our data storage is provided by our hosting partners in the UK, who securely store all personal data held in our systems. In addition to our server provision we also store personal data in backup form to ensure continuity and data integrity. Some of our software systems are cloud based and as such constitute a sharing of personal data. This may in some cases also constitute an international transfer of data, as some multinational software providers maintain global networks of secure data centres. Our software providers may also have access to our systems for maintenance and hosting purposes, and our software development partners may from time to time require access to live systems for development and testing purposes. Such access is strictly for these purposes only and regulated by contract.

    If we are required to send you tickets, marketing or other content by mail, we may share your name and address with the postal service or courier.

    With Legal Authorities. We may share your data with governmental bodies, regulators, law enforcement agencies, courts or tribunals, insurers, and other partners where we are required to do so;

    • To comply with our legal obligations;
    • To exercise legal rights, for example in court cases;
    • For the prevention, detection, investigation of crime or prosecution of offenders; and
    • For the protection of our employees and customers.

    With any successor to all or part of our business. Where permitted by law, we may pass your information to a successor organisation, provided processing is for the purposes set out in this Policy.

    Our partner, Encore, is a major authorised ticket agent with tens of thousands of partners with whom they are required to share certain personal data as part of their ticketing operations. We are therefore unable to provide a list of all specific recipients of personal data, controlled by Encore, who share personal data with the following categories of recipient:

    LNO. LNO only receive data from Encore for those customers who purchase tickets from one of our websites.

    Within the Encore group. The Encore Group and its group companies do not maintain any separate staff, with the exception of Stargreen Box Office, and their brands do not involve the use of separate systems or staff. Any sharing will therefore not usually involve any physical transfer or sending of data, and is only performed according to the purposes outlined above.

    With Commercial Partners: Encore also provide ticketing services in collaboration with, and on behalf of other commercial partners. If you purchase tickets to an event through one of their commercial partners, or take part in a promotion or rewards programme provided by another party, which involves Encore, they will receive and/or share your personal information with that company in order to fulfil your ticket purchase. Their partners may include ticket agents, gift experience companies, tour operators, travel agents, box offices, venues, concierges, ecommerce partners, GTOs, and educational organisations. If you book a ticket with Encore through one of their ticketing partners directly, they should also inform you of how they handle your data, including the sharing of data with Encore.

    Where both parties are involved in supplying the tickets, such as where their partner processes a payment but Encore provides ticket fulfilment, some personal data such as your name and booking information may be shared by Encore for legitimate cross-referencing and reporting purposes. Such information shall always be kept to the minimum necessary for this purpose. This is the case where Encore’s ticket offering is available on their ecommerce partner’s own websites. In some cases, Encore may also provide branded customer services in the partner’s name. For more information you should consult the relevant partner’s privacy policy, or contact them at dpo@encore.co.uk for more information.

    If you purchased a voucher from a gift experience company that you then redeem with Encore, they are required to submit information on that redemption to the gift provider, including some personal information, usually via their online portal.

    If your booking involves a Broadway show in New York, Encore will pass your booking information to their partners at Broadway Inbound, and your personal data may be shared with the venue in New York to allow you access to that performance.

    If you make a hotel or rail booking, you will be redirected to Encore’s breaks page which is created in partnership with, and maintained by their partners at Holiday Extras. When you book with Holiday Extra, they will provide the hotel and travel tickets, and Encore will provide the theatre and other event ticket inventory through the Holiday Extras site. For more information on how Holiday Extra handle your information please consult their privacy policy.

    With their Venues and Event Partners. Encore may share a minimal amount of personal information about your ticket booking (such as your name and surname, and those of any other attendees, along with quantity and booking reference) with their event partners, so that they can deliver the event for which tickets have been purchased, enabling them to fulfil the order, to cross check with their records and verify the ticket holder’s identity, and on some occasions allow you entry if you have mislaid your ticket. This might include any restaurants, hotels, venues, theatres, or attractions you have booked with us. Encore’s venue and event partners are joint Controllers with regard to the Personal Data, and may process such Personal Data for purposes other than those described here. In most cases the venue will be clear from your ticket and booking information but if in any case this is not clear please do not hesitate to contact us. For more information on how Encore’s venue partners handle your information you should consult their privacy policy.

  7. Transfers of personal information to other countries

    The transfer of your information under the purposes of this Policy and LNO’s Cookies Policy may involve the transfer of your information to other countries, including those outside Europe. Such countries may not provide the same level of protection for your personal information, however we ensure that appropriate technical and contractual safeguards are put in place to protect your personal data, in accordance with applicable laws including the GDPR.

    If you purchase tickets for an event outside the EU, such as for a Broadway show in New York, Encore may pass your information to the relevant theatre, based in the United States, to allow them to fulfil your ticket purchase, allow you access to the venue, and for cross-referencing purposes. Such transfers are performed on the basis of a contract concluded in the interest of the ticket purchaser. These ticket purchases also involve their ticketing partner in the United States, who require some personal data in order to fulfil your ticket purchase and are self-certified to the Privacy Shield.

    Some multinational software and payment providers, including banking and cloud infrastructure, maintain an international network of secure data centres and as such your personal data may be transferred globally. Such transfers are covered by standard contractual clauses and binding corporate rules.

  8. Our Legal Basis for the Processing of Our Customers’ Personal Data

    In general, LNO collects and uses customers’ personal data when it is necessary for:

    • The purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer;
    • In compliance with our legal obligations; or
    • The pursuit of our legitimate interests (as set out below);

    Your Consent. We only rely on consent as a legal basis for processing in relation to sending of direct marketing communications to customers. Customers have the right to withdraw this consent at any time, and we will stop processing immediately. This is the case if you have made a positive and standalone decision to receive our marketing services.

    We may however also rely on our legitimate interests with regard to the sending of some direct marketing communications to customers. We also rely on our legitimate interests in our marketing communications with our business-to-business contacts, and in the sending of some physical mailings. However, in all cases, we offer an unequivocal opt-out to direct marketing communications at all times, regardless of whether that processing is based on consent or legitimate interests.

    Contractual Necessity. If the processing of personal data is necessary for the performance of a contract to which you as a data subject are a party, as is the case, for example, when you purchase a ticket with us and our processing is a targeted and proportionate means of supplying those goods or services, we rely on contractual obligations as our lawful basis for processing your personal data. This includes when we take your name and contact details to fulfil and send your tickets, and when we have to contact you if there’s a problem with your order. This also applies to any processing operations which are necessary for carrying out pre-contractual measures, for example if you were to inquire about our products or services. Failing to provide such data may result in us not being able to provide the services you have requested.

    Vital Interests. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, or other vital information would need to be passed on to a doctor, hospital or other third party in order to save their life.

    Legal Obligations. In some cases, processing of personal data is based on legal obligations. Such processing applies when we retain contractual records under the Limitations Act 1980, or where we maintain transaction records as part of our VAT requirements. We may also be required to share your data with governmental bodies, regulators, law enforcement agencies, courts or tribunals, insurers, and other partners where we are required to do so;

    • To comply with our legal obligations;
    • To exercise legal rights, for example in court cases;
    • For the prevention, detection, investigation of crime or prosecution of offenders; and
    • For the protection of our employees and customers.

    Legitimate Interests. We rely on legitimate interests as a legal basis for processing only if that processing is in your interests, our legitimate interests, or the interests of a third party. Such processing must be necessary for the stated purpose, and we must have carefully evaluated whether such interests are overridden by your interests, privacy, and fundamental rights and freedoms. We process personal information for certain legitimate business purposes, which include some or all of the following processes, along with information on our balanced reasoning;

    • Publishing any web content, such as show reviews, to inform others about your views on the show or service. It is entirely optional whether or not you choose to publish a review online;
    • Fraud reports and analysis, to protect both ourselves and our customers against fraud and other criminal activity;
    • Service provision, including customer service provision, service emails and responding to queries from customers;
    • Sending reports to our commercial partners, so that we can deliver services accurately and effectively, and ensure the customers’ needs are met at all times.
    • Sales analysis, to help us understand how to be a better business.
    • Web analysis, including to ensure the proper functioning of the website, deliver content, inform site improvements, and occasionally to compile reports. When using such information, we will not draw any conclusions about individual data subjects, we will analyse such data anonymously, and will use the information statistically with the aim of optimising our web services and increasing the data protection and data security of our enterprise;
    • Gathering and analysing information on your preferences to allow us to personalise our marketing. Such processing benefits us as well as the subscriber, as it allows for much more relevant content to be shared;
    • Security testing, to make sure your personal data is protected against data breaches; and
    • Backing up data, to make sure your personal data is available at all times and in order for us to ensure the integrity and consistency of our service provision.

    Whenever we process data for these purposes we will always ensure your Personal Data rights are held in high regard. We make sure to have conducted legitimate interests assessments for all our personal data processing made under our legitimate interests, and ensure you have a right to object to this processing if you so wish. If you would like to exercise this right, please consult the Rights section below. Please bear in mind that if you object in this way, you may affect our ability to carry out these tasks, which may impact on your benefit.

  9. Periods for which the personal data will be stored

    LNO will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is six years. We will process and store your personal data only for the period necessary to achieve the purpose of processing, or as far as this is required by the European legislator or other legislators in laws or regulations to which we are subject. For more information on how long any specific data is stored, you can contact us at GDPR@lnoltd.com

    The criteria used to determine the storage (or "retention") period, is usually the statutory retention period – the legal requirement to retain data records. For example, we will keep personal data relating to the initiation and fulfilment of a contract, for the duration of that contract, followed by the legally required retention period – usually six years under the Limitations Act 1980.

    Likewise, we will hold on to any contractual details on goods and services provided (such as your booking information) in our bookings database only for the period necessary to fulfil the contract, and for a maximum of six years in order to fulfil our legal requirements to keep VAT records for this period, and to maintain a record of the contract under our legal obligations. After expiration of this six year period, we will delete or anonymise any personal data held in our main database. Our primary record of your personal details, including your name, contact information and customer service history, are held within this bookings database and will therefore only be kept for a maximum of six years.

    We also hold purchase information in our marketing department to allow us to tailor relevant content to meet your interests. We will only send you marketing if you have subscribed to receive marketing from us, and we will only keep this purchase history if you are an active customer. If you subscribed to receive marketing from us, we will hold your information until you unsubscribe, and for a further year in case you decide to re-subscribe within that period. If you decide not to re-subscribe after a year, we will remove all your personal data from our marketing database, although we will keep your email address on our suppression list to make sure we do not contact you again.

    a
  10. Cookies

    All websites or webpages operated by LNO or any of it’s brands use cookies. Cookies are small text files that are found on almost all websites, and are stored in a user’s computer system, specifically their internet browser. These cookies contain a so-called cookie ID – a unique identifier which consists of a character string through which internet pages and servers can be assigned to your specific Internet browser in which the cookie was stored. This allows visited sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified using this unique cookie ID.

    This information is stored in your browser’s "log" files and may include the browser type and version used, the operating system used, the website from which an accessing system reaches our website (so-called "referrer"), any sub-websites, the date and time of access to the Internet site, an Internet protocol address (IP address), the Internet service provider of the accessing system, and any other similar data and information that may be used to trace users in the event of attacks on our information technology systems.

    Through the use of cookies, we can provide the users of our websites with more user-friendly services than would be possible without the cookie setting, for example by allowing the shopping cart to store items so that they can be purchased at the checkout page. Cookies also show us how people tend to use the site. We use such information to ensure the proper functioning of the website, deliver content, inform site improvements, and occasionally to compile reports. We also use web analytics services from other companies to track how visitors reach our site and the path they take through it, so that we can tailor the content of our site to fit the needs of our sites’ visitors.

    When using this general data and information, we do not draw any conclusions about the individual data subject. LNO analyses such data anonymously and uses the information statistically with the aim of optimising our web services and increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. Any anonymous data contained in these log files is in any case stored separately from the personal data provided by our customers.

    You may, at any time, prevent the setting of cookies through our website by various means, such as changing the settings in your Internet browser, which can permanently deny the setting of some, or all cookies. Cookies can also be deleted at any time in most popular Internet browsers or by using other software programs. However if the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be usable.

    More information on cookies is available in our Cookie Policy.

  11. Marketing

    With your consent, we will collect your personal data including your name and email address for the provision of advertising, including the sharing of promotional offers, and to update you about products and services which may be of interest and relevance. LNO informs its customers regularly about our products and services, by means of sending marketing about our offers. The personal data collected as part of a registration for marketing will only be used in the sending of such marketing, and can be terminated at any time by using the unsubscribe link included in each communication, or by contacting us using our contact details below.

    Your privacy is of the highest importance to us, and we promise never to release your personal details to any other outside company for mailing or marketing purposes, other than those detailed in this Privacy Policy, without your consent.

    You have the right to opt out of receiving promotional communications at any time, by:

    1. Making use of the simple "unsubscribe" or "manage your subscription" link in emails; and/or
    2. Contacting LNO Ltd via the contact channels set out in this Policy.

    Personalisation

    If you have asked us to send you promotions and other special offers on products, we may use your purchase history to tailor content to match your interests, in order to deliver you more relevant content. We also use your approximate location so we can send information on shows that are nearby, and your "opens" and "clicks" history from the emails we send you, so we can tailor our email content to your interests.

    In doing so, we will always ensure that meaningful control over such processing is in the hands of our staff, rather than based on automated processing, and that such profiling does not create legal or other significant effects on individuals.

    You have a right to access this information we hold about you, and a right to contest or object to such processing, by contacting GDPR@lnoltd.com You can also opt-out of receiving marketing at any time. For more information on how to exercise your data rights please see the Rights section below.

  12. Control Over Your Data

    We take your privacy rights seriously, and where possible we will offer you choice and control over how we use your data. When you interact with us we may occasionally ask for your explicit consent in order to collect, process or use your personal information for specified purposes. Such consent is only usually sought when we seek your permission to send marketing communications, although this is not always the case. If you have given your consent to the processing of personal data, you have the right to withdraw that consent at any time. If you wish to do so, please contact our GDPR Ambassador at LNO Ltd by writing to us at the address below, or by emailing GDPR@lnoltd.com For full details about how to exercise your data rights, please consult the Rights section below.

    You can control the use of cookies and tracking tools. To learn how to manage the use of cookies and other tracking tools, please consult our Cookie Policy.

    Don’t worry, even if you opt out of receiving marketing messages, we will still make sure to send you any necessary transactional and service messages, such as important information about any changes to your order.

  13. Your Rights as a Data Subject

    If your personal information is held by LNO, you have the following rights to your personal data under the GDPR. If you wish to exercise your rights at any time, or if you have any questions about how we use your personal data that are not answered here, please contact GDPR@lnoltd.com, or write to us at our postal address.

    Your rights request will be free, unless the request is manifestly unfounded or excessive, in which case LNO shall reserve the right, in accordance with Article 12 of the GDPR, to charge a fee or refuse the request. In the rare case of such a refusal, you will have the right to complain to the ICO as the Supervisory Authority, and to a judicial remedy without undue delay and at the latest within one month.

    We will endeavour to respond promptly and in any event within one month of the latest of the following:

    • Our receipt of your written request; or
    • Our receipt of any further information we may ask you to provide to enable us to comply with your request.

    If the request is particularly complex, we may extend the period by a further two months, but shall in any case inform you of such an extension within the initial one month, giving our reasons for doing so.

    You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk

    Right of Confirmation

    Each data subject has the right to confirmation as to whether or not personal data concerning him or her is being processed. This Privacy Policy constitutes part of this right. If however this Privacy Policy cannot be fully accessed, or if any further information is requested, you may, at any time, contact our GDPR Ambassador using the contact details above, to request further information.

    Right of Access

    Each data subject has the right to information about his or her personal data stored, and a copy of this information, alongside the information already outlined in this Privacy Policy. Data subjects also have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

    If you wish to exercise your right to access, please contact our GDPR Ambassador using the contact details above, to request such information.

    Right to Rectification

    Each data subject has the right to rectify inaccurate personal data concerning him or her, without undue delay. Data subjects also have the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement.

    If you wish to exercise this right to rectification, you may at any time contact our GDPR Ambassador using the contact details above.

    Right to Erasure

    Each data subject has the right to request the erasure of personal data concerning him or her without undue delay. The Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies;

    • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
    • The data subject withdraws their consent, if the lawful basis of processing is based on that consent, according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
    • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
    • The personal data has been unlawfully processed;
    • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

    If one the above reasons applies, and you wish to request the erasure of personal data stored by us, you may at any time contact our GDPR Ambassador using the contact details above, and we will ensure that the erasure request is complied with.

    Where we have made such personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we shall, take reasonable steps, taking account of available technology and the cost of implementation, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The GDPR Ambassador at LNO Ltd will arrange the necessary measures in individual cases.

    Right to the Restriction of Processing

    Each data subject has the right to obtain a restriction to processing where one of the following applies:

    • The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
    • The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead;
    • The Controller no longer needs the personal data for the purposes of the processing, but such data is nonetheless required by the data subject for the establishment, exercise or defence of legal claims;
    • The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

    If one of the above conditions applies, you may request the restriction of processing by LNO by contacting our GDPR Ambassador using the contact details available above.

    Right to Data Portability

    Each data subject has the right to receive their personal data in a structured, commonly used and machine-readable format, including the right to transmit that data directly to another Controller if it is technically feasible and when doing so does not adversely affect the rights and freedoms of others.

    Such a right applies if processing is based on a subject’s consent, or contractual obligations, and such processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    If you wish to exercise your rights to data portability, please contact the GDPR Ambassador using the contact details available above.

    Right to Object to Processing

    Each data subject has, on grounds relating to his or her particular situation, the right to object to processing of personal data concerning him or her which is based on the Controller’s legitimate interests. This also applies to profiling based on these provisions.

    LNO shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

    Where LNO processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, and we will no longer process the personal data for these purposes. This applies to profiling to the extent that it is related to such direct marketing.

    If you wish to raise an objection, please contact the GDPR Ambassador using the contact details above.

    Rights on Automated Individual Decision-making, including Profiling

    Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or has similarly significantly effect. As a responsible company, LNO do not use automatic decision-making or profiling that has legal or similarly significant effects on individuals. Our profiling for marketing purposes requires significant human oversight, and we will always ensure that meaningful control over such processing is in the hands of our staff, rather than based on automated processing. However, if you wish to contest this, you may exercise your rights concerning automated individual decision-making at any time by directly contacting our GDPR Ambassador, using the contact information above.

  14. Other Data Subjects

    Supplier Contacts and Business Clients: Purposes of Processing

    LNO collects and processes the personal data of employees of our B2B partners, vendors and suppliers for the following purposes:

    • To maintain the business relationship, such as your name and email address through email communication, and by keeping a record of business contacts, including email address, phone number, business card, and any information about the supplier organisation and business correspondence or documentation relating to you
    • To obtain and supply products and services
    • To setup accounts within our systems and manage account handler lists
    • For support purposes, such as maintaining a list of supplier contacts
    • For administration purposes, including the establishment of contracts, order management, reporting of sales figures and accounts payable
    • For account management, such as where a purchase must be linked to an agent
    • For financial purposes, such as the checking and signing off of invoices before payment, credit applications, invoices, pro formas, compensation, refunds and commission statements
    • To evaluate potential suppliers
    • If you give us a business card we may send you more information on our company, or any relevant marketing, under our legitimate interests and subject to a legitimate interests analysis. You also have a right to opt-out of this at any time.

    LNO will only keep your personal data for the duration of our business relationship. If we are aware that you have left your position, we will delete your personal data from our records unless we are legally required to keep that information. For example, if your name is included in a valid contract, or where we must keep a record of that contract under the Limitations Act 1980. If you interacted with us via email, the longest we will keep any email record for is six years. We will however keep an anonymised record of LNO’s business relationship with the Supplier organisation.

  15. Contact Us

    If you have any further questions or complaints about this Policy, any other privacy concerns, or you would like to exercise your data rights, please contact us by any of the following means:

    • Call us on 00442084329810
    • Email us at GDPR@lnoltd.com or
    • Write to our GDPR Ambassador at LNO Ltd, 10-12 Barnes High Street, Barnes, London, SW13 9LW

    Please do not include your credit card number or other financial or sensitive information in any email you send.

  16. Changes to this Privacy Policy

    We may change this policy from time to time, and if we do we will post any changes on this page. Any update will have a different date from the current policy. If you continue to use the Services after those changes are in effect, you agree to the revised policy. Please check our site periodically for updates.

  17. Last Revised Date

    This Privacy Policy was last updated on 20th May 2018.