Privacy Notice

Under the provisions of the General Data Protection Regulation, which came into force on 25th May 2018, the Corn Exchange Wallingford Ltd (CEWL) – a ‘Data Controller’ for the purposes of the GDPR – must let all of our volunteers and patrons know:

  • what our lawful basis is for using their data
  • what personal data we hold and how we use it
  • what is the source of these data
  • how long we keep the data and when we would erase it
  • that a person is entitled to see the personal data we have for them.

Lawful Basis

Volunteers information is kept on the basis of‘Legitimate Interest’ to enable the CEWL to run its business. This allows us to use a volunteer’s data in a way that they would reasonably expect us to, and which does not override their interests in any way.

Patrons details are kept to allow CEWL to provide them with an online ticketing service. We would also like to occasionally send patrons an email with information about events at the Corn Exchange that may be of interest to them – we will only do this if a Patron has opted in to receive such emails; patrons can opt in or out of this service whenever they wish by updating their preferences or by sending a request to

After the COVID-19 pandemic CEWL has been working with some national organisations to understand how venues such as the Corn Exchange can rebuild its portfolio of events and retain its loyal audience. To this end we have joined a project called Audience Finder. This is funded by the Arts Council and is intended to capture data which represents the pattern of attendance at arts events. To do this we have shared some personal details from our box office data with this organisation.

This is an extract from their Privacy Policy:

“The Audience Agency processes limited personal information from audience members on behalf of participating, data-controlling organisations who manage that personal information, in order to provide them with analytical services, comprising fully anonymised outputs, which can help those organisations to best plan and evidence their impact and reach, to help them become more sustainable, to provide a better and more relevant cultural offering to the public, and to help ensure that public subsidy may have the greatest impact.

We collect and process personal information, comprising transactional data from ticket purchases made by audience members at participating arts and cultural venues, through regular, automated data extractions from the source ticketing systems used by those venues or organisations. We only collect and process personal information that is necessary to provide the anonymised statistical analyses that comprise the Audience Finder service.

The Audience Agency never uses the personal information that it processes in Audience Finder for the purpose of contacting any individuals. Neither will we ever sell, share, trade or rent any personal information that we process with any third-party organisations. ”

Patrons’ Personal Data held by CEWL

Patrons’ personal details are entered into our online booking system which is maintained by Savoy Systems. Patrons can change and delete their details whenever they like using the online booking system.

Volunteers’ Personal Data held by CEWL

Contact details
These are provided by the volunteer concerned. CEWL will keep a list of every volunteer’s phone number(s), email address (if available) and home address (if the volunteer wishes to provide it). The information is maintained in a volunteers database (provided by

Rota Duties
Where a volunteer is a member of a rostered team, we will keep details of their rostered duties to allow statistical analysis and records for long service awards.

Use of data

Contact and rota details will be freely available to rota managers and directors of the CEWL.
No personal data are ever disclosed to any other person or organisation outside CEWL or its owner Sinodun Players, or sold for marketing purposes. All data are kept safe and secure and are used only on a strict ‘need to know’ basis.

Length of time that data are kept

All personal data for current volunteers will be held for twelve months after a volunteer leaves CEWL and then deleted.

Personal Data for patrons will be anonymised after 24 months of non-use of their account.

Right to see personal data

A volunteer/patron may request to see their personal data by emailing or by contacting one of the Directors of CEWL

Use of Cookies

Our website uses Cookies; some of these are essential, while others (such as the ones associated with GoogleAnalytics) help us to improve your experience by providing insights into how the site is being used.
CEWL uses a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
Our online ticketing provider, Savoy Systems, also uses cookies to maintain session details when patrons book tickets through their service.
You may delete and block all cookies from this site, but parts of the site may not work.

Data Processors

CEWL use the following data processors:

  • Savoy Systems – for the online ticketing system
  • 1&1 – for web-hosting and hosting of offical @CornExchange.Org.UK email addresses of CEWL officers and @SinodunPlayers.Org.UK email addresses for Sinodun Players members
  • 3Rings – a volunteer database for rota scheduing
  • Google Analytics – for statistical tracking of accesses to our web-pages
  • CreditCall- a payment gateway for handling online card payments
  • FirstData – an aquiring bank for receiving online card payments
  • – a hosting service that maintains the Corn Exchange’s WhatsOn Mailman email list distribution service
  • Audience Finder – transactional data from ticket purchases made by audience members is shared for the purposes of building an anonymised statistical analyses of attendance at Corn Exchange events.


Please contact CEWL – – if you have any concerns about the protection of your data.

Everyone also has a right to complain to the Information Commissioner’s Office (ICO) if they think there is a problem with the way their data is being handled –