Privacy Policy
Last updated: March 2026 | Effective from: March 2026
Company: Roseshire Festival Ltd — Data Controller
Your privacy is important to us. This Privacy Policy explains in plain language what personal data we collect, why we collect it, how we use it, and the choices and rights available to you. Please read it carefully. If you have any questions, you can contact us at hello@roseshirefestival.com.
Contents
- Who We Are
- What This Policy Covers
- The Data We Collect About You
- How We Collect Your Personal Data
- How and Why We Use Your Personal Data
- Legal Basis for Processing
- Marketing Communications
- Sharing Your Personal Data
- International Data Transfers
- How Long We Keep Your Data
- Your Rights
- Cookies and Tracking Technologies
- Children's Privacy
- Third-Party Links
- Security of Your Personal Data
- Changes to This Policy
- How to Contact Us
1. Who We Are
Roseshire Festival Ltd is the data controller responsible for the personal information collected and processed through this Website and in connection with the Roseshire Festival event.
- Company name: Roseshire Festival Ltd
- Director: Jak Leese
- Registered address: 22 Penny Brookes Street, London E15 1GP England
- Company registration number: 16963772
- Email: hello@roseshirefestival.com
- Website: www.roseshirefestival.com
As a data controller, we determine the purposes and means of processing your personal data. Where we engage third parties to process data on our behalf, they act as data processors and are required to handle your data only in accordance with our instructions.
2. What This Policy Covers
This Privacy Policy applies to all personal data collected by Roseshire Festival Ltd when you:
- Visit or use our Website at www.roseshirefestival.com
- Purchase tickets for the Roseshire Festival
- Subscribe to our newsletter or marketing communications
- Complete a contact form or enquiry
- Follow, message, or interact with our social media accounts
- Attend the Roseshire Festival event at Chester House Estate, Irchester, Northamptonshire
It does not cover the data practices of third-party websites or services that may be linked to from our Website (including ticketing platforms). We encourage you to read those providers' own privacy policies.
3. The Data We Collect About You
"Personal data" means any information from which you can be identified, directly or indirectly. We may collect, use, store, and transfer the following categories of personal data:
3.1 Identity Data
- First name and last name
- Username or similar identifier (if you create an account)
3.2 Contact Data
- Email address
- Telephone number (if provided)
- Billing address (where applicable through ticketing)
3.3 Transaction & Ticketing Data
- Details of tickets purchased, including quantity and ticket type
- Payment information (note: full payment card details are processed by our third-party ticketing provider, not stored by us directly)
- Order history and booking references
3.4 Technical & Usage Data
- Internet Protocol (IP) address
- Browser type and version
- Device type and operating system
- Pages visited, time and date of visits, and duration
- Referral source (how you arrived at our Website)
- Clickstream data and navigation behaviour
3.5 Marketing & Communications Data
- Your preferences in receiving marketing communications from us
- Your communication preferences and opt-in/opt-out history
- Email open and click data (where tracked)
3.6 Enquiry & Correspondence Data
- The content of any messages or enquiries you submit via our contact form
- Records of any communications between you and us
3.7 Special Category Data
We do not intentionally collect special category personal data (such as health, disability, or dietary requirements) unless you voluntarily provide it to us — for example, to request accessibility accommodations at the festival. Where we do receive such information, we handle it with the highest level of care and will seek your explicit consent before processing it.
Aggregate & Anonymised Data: We may also collect, use, and share aggregated data (such as total visitor numbers or page view statistics) for analytical and business purposes. Aggregated data does not identify you as an individual and is not considered personal data under UK GDPR.
4. How We Collect Your Personal Data
4.1 Direct Interactions
You provide data directly when you:
- Complete and submit our online contact form
- Subscribe to our newsletter or mailing list
- Purchase tickets through our ticketing platform
- Request information about the festival or accessibility needs
- Contact us by email, phone, or via social media
4.2 Automated Technologies (Cookies & Tracking)
As you interact with our Website, we automatically collect Technical and Usage Data through cookies, server logs, and similar tracking technologies. Please see Section 12 and our separate Cookie Policy for full details.
4.3 Third-Party or Publicly Available Sources
- Ticketing platforms: We may receive information about ticket purchases made via our authorised ticketing provider.
- Social media platforms: If you follow or message us on platforms such as Facebook, Instagram, or X (Twitter), those platforms may share certain data with us in accordance with your account settings and their own privacy policies.
- Analytics providers: We receive aggregated usage reports from analytics providers such as Google Analytics.
5. How and Why We Use Your Personal Data
We use your personal data only for the purposes set out below:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| To operate and maintain our Website | Technical & Usage Data | Legitimate interests |
| To process ticket purchases and manage bookings | Identity, Contact, Transaction Data | Performance of a contract |
| To send booking confirmations and important event information | Identity, Contact Data | Performance of a contract / Legitimate interests |
| To respond to enquiries and provide customer support | Identity, Contact, Enquiry Data | Legitimate interests / Performance of a contract |
| To send marketing emails and newsletters (where you have opted in) | Identity, Contact, Marketing Data | Consent |
| To analyse Website usage and improve user experience | Technical & Usage Data | Legitimate interests / Consent (for analytics cookies) |
| To deliver targeted advertising via social media and search platforms | Technical, Usage, Marketing Data | Consent |
| To comply with legal obligations (e.g. financial record-keeping, fraud prevention) | Identity, Contact, Transaction Data | Legal obligation |
| To manage accessibility and welfare requests at the event | Identity, Contact, Special Category Data | Explicit consent / Vital interests |
| To enforce our Terms and Conditions and protect our legal rights | All relevant categories | Legitimate interests / Legal obligation |
We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another compatible reason. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis.
6. Legal Basis for Processing
Under UK GDPR, we rely on the following lawful bases to process your personal data:
- Performance of a contract (Article 6(1)(b)): Processing is necessary to fulfil a contract with you — for example, processing your ticket purchase or sending booking confirmations.
- Legitimate interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests (for example, improving our Website, preventing fraud, and responding to enquiries), provided those interests are not overridden by your privacy rights.
- Consent (Article 6(1)(a)): Where we rely on consent, we will ask for it explicitly before processing — for example, sending marketing emails or setting non-essential cookies. You may withdraw consent at any time.
- Legal obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal or regulatory requirement, such as HMRC record-keeping obligations.
- Vital interests (Article 6(1)(d)): In rare circumstances, where processing is necessary to protect someone's life — for example, in an on-site medical emergency at the festival.
7. Marketing Communications
We would like to send you news, updates, and information about the Roseshire Festival — including artist announcements, ticket releases, and event information — by email. We will only do so if you have given us your explicit consent to receive such communications.
You can opt out of marketing emails at any time by:
- Clicking the "Unsubscribe" link in any marketing email we send
- Contacting us directly at hello@roseshirefestival.com
Withdrawing your marketing consent will not affect the lawfulness of processing carried out before that withdrawal. We will continue to send you essential transactional communications (such as booking confirmations) regardless of your marketing preferences, as these are necessary to fulfil our contract with you.
8. Sharing Your Personal Data
We do not sell, rent, or trade your personal data to any third party. We may share your data with trusted third parties in the following circumstances:
8.1 Service Providers (Data Processors)
We engage carefully selected third-party service providers who process data on our behalf and under our instructions. These include:
- Ticketing platform provider: To facilitate ticket sales, booking management, and attendee communications.
- Email marketing provider: To manage and distribute our newsletter and marketing emails to those who have opted in.
- Website hosting provider: To host and maintain the Website.
- Analytics provider: Google Analytics, to help us understand Website usage (subject to your cookie consent).
- IT and technical support: To maintain Website security and performance.
- Payment processors: Via our ticketing platform, to facilitate secure payment transactions. We do not directly handle full payment card details.
All data processors are required to protect your data, process it only as instructed, and not use it for their own purposes.
8.2 Professional Advisers
We may share data with lawyers, accountants, insurers, and auditors where necessary in the course of professional services, all of whom are bound by confidentiality obligations.
8.3 Regulatory & Legal Disclosure
We may disclose your personal data to regulators, law enforcement agencies, courts, or other governmental bodies if required by law, or to establish, exercise, or defend legal claims.
8.4 Business Transfers
In the event that Roseshire Festival Ltd undergoes a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction. We will endeavour to ensure appropriate protections remain in place.
8.5 Event Partners & Venue
We may share limited attendee information with Chester House Estate and other event partners where this is strictly necessary for health and safety, access control, or the provision of services at the festival. Such sharing will only occur to the extent necessary and in compliance with UK GDPR.
9. International Data Transfers
Some of our third-party service providers are based outside the United Kingdom, which means your personal data may be transferred to and processed in countries outside the UK. Where this occurs, we will ensure that appropriate safeguards are in place to protect your data, such as:
- Adequacy decisions made by the UK Government
- Standard Contractual Clauses (SCCs) approved by the ICO
- The UK International Data Transfer Agreement (IDTA)
- Other lawful transfer mechanisms under UK GDPR
You may request further information about the safeguards in place by contacting us at hello@roseshirefestival.com.
10. How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purposes for which it was collected, in accordance with our legal obligations.
| Data Category | Retention Period | Reason |
|---|---|---|
| Ticket purchase / transaction records | 7 years | HMRC and financial record-keeping obligations |
| Marketing consent records and email list data | Until consent is withdrawn + 1 year | Consent management and legal compliance |
| Contact form enquiries | 2 years from last correspondence | Legitimate interest in managing customer relationships |
| Website analytics data | Up to 26 months (Google Analytics default) | Performance improvement and user experience analysis |
| Cookie consent records | 12 months | Consent compliance under PECR |
| Event attendance records | Up to 2 years post-event | Safeguarding, insurance, and legal defence |
| Accessibility / welfare information | Deleted within 30 days post-event | Special category data minimisation |
When personal data is no longer needed, we will securely delete or anonymise it. In some circumstances we may anonymise your personal data so it can no longer be associated with you, in which case we may retain such data indefinitely.
11. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain exemptions.
Right of Access
You can request a copy of the personal data we hold about you (known as a Subject Access Request or SAR).
Right to Rectification
You can ask us to correct inaccurate or incomplete personal data we hold about you.
Right to Erasure
You can request that we delete your personal data in certain circumstances (the "right to be forgotten").
Right to Restrict Processing
You can ask us to pause the processing of your personal data in certain circumstances.
Right to Data Portability
Where processing is based on consent or contract, you can request a machine-readable copy of your data to transfer to another provider.
Right to Object
You can object to processing based on legitimate interests. You also have an absolute right to object to direct marketing at any time.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.
Rights Regarding Automated Decision-Making
You have rights in relation to automated decision-making and profiling that produce significant effects on you. We do not currently carry out such processing.
How to Exercise Your Rights
To exercise any of the above rights, please contact us in writing:
- Email: hello@roseshirefestival.com
- Post: [Registered Company Address — please insert]
We will respond to your request within one calendar month of receipt. We may need to verify your identity before processing the request. We will not charge a fee for legitimate requests unless they are manifestly unfounded, repetitive, or excessive.
Right to Complain
If you are not satisfied with our response or believe we are not handling your data in accordance with the law, you have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO. Please contact us first at hello@roseshirefestival.com.
12. Cookies and Tracking Technologies
Our Website uses cookies and similar tracking technologies to enhance your browsing experience and to collect usage data. We use four categories of cookies: strictly necessary, analytics and performance, marketing and targeting, and third-party functional cookies.
For full details — including the specific cookies we use, their purpose, duration, and how to manage your preferences — please read our separate Cookie Policy.
We obtain your consent for non-essential cookies via our cookie preference tool, which is accessible by clicking the cookie preferences icon at the bottom left of any page on our Website.
13. Children's Privacy
Our Website is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13 without verifiable parental or guardian consent. If we become aware that we have inadvertently collected personal data from a child under 13 without appropriate consent, we will take steps to delete it promptly.
The Roseshire Festival is a family-friendly event. Tickets for minors are purchased by, and consent given by, the parent or guardian responsible for accompanying the minor at the event. If you believe your child has provided us with personal data without your consent, please contact us at hello@roseshirefestival.com.
14. Third-Party Links
Our Website may contain links to third-party websites, ticketing platforms, social media platforms, and other external services. Clicking these links may allow those parties to collect or share data about you. We do not control these third-party websites or their privacy practices and are not responsible for their content or privacy policies. We encourage you to read the privacy notice of every website you visit when leaving ours.
15. Security of Your Personal Data
We have implemented appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- SSL/TLS encryption for data transmission
- Secure hosting infrastructure with access controls
- Restricted internal access to personal data on a need-to-know basis
- Regular review of our information security practices
No data transmission over the internet can be guaranteed to be 100% secure. While we strive to protect your personal data, we cannot guarantee the absolute security of information transmitted to our Website. Once we have received your information, we will use our best endeavours to prevent unauthorised access.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this page will always indicate when the policy was most recently revised. Where changes are material, we will take appropriate steps to inform you — such as displaying a prominent notice on the Website or, where we have your contact details, notifying you directly.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
17. How to Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please get in touch:
- Company: Roseshire Festival Ltd
- Director: Jak Leese
- Email: hello@roseshirefestival.com
- Website contact form: www.roseshirefestival.com/contact/
- Postal address: 22 Penny Brookes Street, London E15 1GP England
We aim to respond to all privacy-related enquiries within 5 working days and to resolve Subject Access Requests within one calendar month of receipt.