Privacy Policy

This Privacy Policy explains how One City Entertainment collects, uses, stores, and protects personal data when you visit our website, purchase tickets, submit contact forms, subscribe to updates, or engage with our event services.

We are committed to transparent and responsible data handling in line with UK legal standards, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you acknowledge that your personal data may be processed as described in this policy and any additional service-specific notices provided at the point of collection.

One City Entertainment acts as a data controller for personal data processed through our website and core event services, except where we explicitly state otherwise.

For privacy-related enquiries, rights requests, or concerns regarding personal data processing, contact us at hello@onecityent.co.uk.

In certain event collaborations, joint-controller or processor relationships may apply with partner venues, ticketing providers, and operational vendors. Where relevant, contractual measures are used to define responsibilities.

We may collect identity and contact details such as name, email address, phone number, social handle, and organization where provided.

For bookings and attendance, we may process transaction information, ticket references, seat or tier information, billing metadata, and event communication history.

We may also process technical and usage data including device identifiers, browser type, IP address, referral source, and interaction metrics to improve performance, security, and user experience.

Personal data is collected directly when you submit forms, buy tickets, contact support, interact with campaigns, or engage with event updates.

Data may also be received from trusted partners such as payment providers, ticketing services, and authorized promotional channels where this is necessary for service delivery and verification.

We may infer limited preference information from your engagement behavior to improve relevance of event communications and platform usability.

We process personal data to deliver event services, handle bookings, issue confirmations, provide customer support, and communicate operational updates.

Data is also used for platform reliability, fraud prevention, legal compliance, analytics, service optimization, and where lawful, targeted marketing communications.

Where campaign personalization is applied, we use proportional methods to improve message relevance while respecting legal requirements and your communication preferences.

Depending on context, our legal bases may include performance of contract, legitimate interests, legal obligation, and consent where specifically required.

Where consent is used, you may withdraw consent at any time without affecting lawfulness of prior processing.

When relying on legitimate interests, we apply balancing assessments to ensure your rights and freedoms are appropriately respected.

We may share personal data with service providers who support payment processing, ticketing, communication delivery, analytics, cybersecurity, hosting, and legal or accounting functions.

We may disclose data where required by law, legal process, regulatory request, or where necessary to protect rights, safety, or platform integrity.

All disclosures are made on a need-to-know basis, with contractual safeguards and data protection obligations applied where appropriate.

Where data is transferred outside the United Kingdom, we implement appropriate safeguards such as standard contractual measures and equivalent protections required under applicable law.

Transfer assessments are applied where relevant to evaluate risk and maintain expected data protection standards.

You can contact us for additional information on the safeguards used for relevant transfer scenarios.

We retain data for as long as required to fulfill service obligations, meet legal and accounting duties, support dispute resolution, and preserve security logs.

Retention periods vary based on data category, legal requirements, and operational purpose. Data that is no longer required is deleted, anonymized, or securely archived where lawful.

Where retention is mandated by law or regulatory expectation, we retain only what is necessary for the required period.

We apply commercially reasonable technical and organizational controls to protect personal data against unauthorized access, misuse, disclosure, alteration, and loss.

Security controls may include access restrictions, role-based permissions, monitoring, vendor due diligence, and incident response procedures.

No digital environment is completely risk-free, but we continuously improve controls to reduce risk and respond to evolving threats.

Subject to applicable law, you may request access, correction, deletion, restriction, portability, and objection to specific processing activities.

You may also object to direct marketing and withdraw consent for optional communications at any time using unsubscribe controls or by contacting us directly.

If you believe your rights have been affected, you may contact us first for resolution and may raise concerns with the UK Information Commissioner's Office (ICO).

We may use cookies and similar technologies to maintain platform functionality, measure usage, support security, and optimize user experience.

Cookie categories may include essential cookies, analytics cookies, and preference-related technologies depending on current implementation.

You can manage cookie settings through browser controls and on-site preference tools where available.

If you opt in, we may send updates on upcoming events, ticket releases, premium packages, and related announcements.

You can unsubscribe from promotional communications at any time. Operational communications related to active bookings may still be sent where necessary.

We do not sell personal data in ways that undermine this policy, and we seek to keep communications relevant and proportionate.

Our services are not intended for children under 13. Where age restrictions apply at venue level, additional attendee controls may be in place.

If we become aware that personal data has been submitted inappropriately by a child without required authorization, we will take reasonable steps to remove the data.

Parents or guardians who believe child data has been submitted may contact us for review and action.

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes.

When significant updates occur, we may provide additional visibility through site notices or direct communication where appropriate.

The latest version and effective date will always be published on this page.

For privacy enquiries, rights requests, or data concerns, contact hello@onecityent.co.uk with sufficient details for verification and response.

If you are not satisfied with our response, you may lodge a complaint with the UK Information Commissioner's Office (ICO) in accordance with applicable procedures.

We aim to resolve data protection concerns promptly, transparently, and in good faith.