Wellington Statue Hero

Privacy Policy

Privacy Policy

This is a summary of how the council handles personal information about you, we will update it from time to time.

Rushmoor Borough Council is committed to protecting your personal information and being transparent about what information we hold about you. You can view our individual Privacy Notices here.

1. Identity of the data controller and contact details
Rushmoor Borough Council is the data controller for any personal information that you give to us or which we obtain about you. You can contact the Princes Hall by phone on 01252 398000, via email to princeshallboxoffice@rushmoor.gov.uk or by writing to us at Princes Hall, Princes Way, Aldershot, Hampshire, GU11 1NX. You can contact our Data Protection Officer by email to data.protection@rushmoor.gov.uk or phone on 01252 398603.

2. What we need your information for and the legal basis for it
As a public body, we carry out and provide a wide range of public functions and services for which we need and use personal information about our customers and others we deal with.  We may ask you to provide information about yourself in a number of very different circumstances, for example when compiling a statutory register such as the council tax register or electoral register, when making a planning application, when applying for a licence, when requesting a service or making a complaint.

Our Princes Hall theatre needs to ask for personal information as part of many of its activities including sale of theatre tickets, putting on shows and holding competitions. The theatre also undertakes marketing activities.

In our capacity as an employer and as landowner, we hold and use personal information about our elected councillors, staff, contractors and tenants.

There are many other areas of council activity that need your information to enable us to carry on those activities or provide a service.

Data protection law allows us to handle your personal information as long as at least one of the following lawful reasons for doing so applies:

  • Contract - Where you have entered, or intend to enter, into a contract with us
  • Legal obligation - Where  we have a legal obligation that involves the use of your information
  • Public task - Where we are carrying out tasks which are in the public interest
  • Legitimate interest - This will apply in a limited range of circumstances where we are not carrying out our public tasks but have another legitimate interest for using information, e.g. when acting as a responsible employer, or when marketing some of our services.

We will use only the minimum amount of your information that we need for the legitimate purpose in question and before using it will assess whether, on balance, you have a greater right not have your information used in this way. An example of when this would happen is if one of our services wished to use your information for a legitimate reason but in a way that you would not have reasonably expected when you gave it to us

  • Consent - When you have given us your permission freely
  • Vital interests - Where it is necessary to protect your life or the life of another person

If you provide information to us voluntarily and in so doing give us consent to use it, we will draw your attention to your ability to withdraw your permission at any time and will make it easy for you to do so. Anything we do with your information until you withdraw your permission will remain lawful.

When you provide personal information to us, we will ask for no more than we need and will explain how we intend to use it and what the legal basis is for using it.  One of the ways we will do this by way of a specific written notice that makes it clear to you what will happen to the information you are providing.  This may be part of an application form or a separate notice posted on our website.

If you telephone our customer services or other service, we will draw your attention to this notice on our website.

To help us make sure our records are accurate, please let us know if there are any changes to information you have provided to us.

3. Children's personal information
If your child wishes to use a council service, we may need to obtain the consent of a parent or someone with parental responsibility before we are able to provide it.  If we are providing an online service direct to a child, parental consent will be required only if the child is under 13.  In other situations, a child may be able to give consent for him or herself if we consider that they have the maturity to understand what they are agreeing to.  Depending on the nature of the service we are providing, we may need to carry out checks to make sure that parental consent has been provided by a person who is entitled to do so. 

4. Information about you provided by third parties
Apart from the information you give to us, we may obtain and use personal information about you from another source, for example when taking up a reference, or when obtaining information about you from your landlord, or from the police, or someone making a complaint about you.  We may also collect information about our employees, contractors, tenants and councillors through the use of the council's electronic systems.

When we receive information in this way, where necessary and we are able to do so, we will tell you what type of personal information we have received and where it has come from. We will also explain why we need it and the legal basis we are relying on to handle it.

5. Sensitive information and when we are able to collect and use it
The law recognises that some types of personal information may be particularly sensitive; it is known as special category data.  Special category data includes information about your:

  • Race or ethnicity
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic or biometric information when used to identify you
  • Health
  • Sex life / sexual orientation

We will treat information about your criminal background in a similar way.

Because it is so sensitive, we are unable to collect or use any of this information except in limited circumstances:

  • When you have given us your explicit consent
  • When we are carrying out our rights and duties in the field of employment, social security and social protection law and provided we put in place measures to protect your rights if the law requires
  • When necessary to protect your own vital interests or those of someone else, where neither you nor the other person is able to consent
  • Where you have yourself made the information public
  • Where needed for legal actions
  • Where it is necessary for reasons that the law says are in the public interest
  • Where necessary for the purpose of preventive or occupational medicine, to assess your working capacity as an employee, the provision of health or social  care,  subject to legal safeguards
  • Where necessary for reasons of public health

We will only ask you for, or use, any special category data concerning you when one or more of these applies.

6.  Use for any other purposes
Where we have obtained your personal information for one purpose and we want to use it for a different, lawful purpose, or if we want to combine information about you from a number of sources, we will normally inform you before using it.  We will not do so, for example, where we believe you already know that it could be used for another purpose or there are legal reasons that prevent us from telling you.

7. Passing your information to anyone else
We have a legal requirement to publish a number of statutory registers that contain some personal information e.g. various licences that we issue. 

We work with many other organisations carrying out public tasks and we share information with them where we need to do so and the law allows, e.g. part of our procedures for safeguarding children and vulnerable adults.  From time to time, we are required to give information to another public body e.g. as part of the National Fraud Initiative to detect fraud.

We have a number of formal data sharing agreements or similar arrangements with public bodies including other local authorities, government departments and agencies as well as with other organisations such as housing associations. The purpose of these arrangements is to make sure that personal information that is regularly passed from one body to another is securely handled and used only for limited purposes. 

From time to time, we receive requests from external bodies or individuals for personal information held in our records e.g. as part of a criminal investigation or where needed for legal proceedings. If we are satisfied that there are valid legal reasons for doing so, then we may share information.

We are able to share information with our professional advisers, auditors or those appointed to collect debts on our behalf.

Within the council, a number of teams may be involved in providing a single service to you. In these cases, we will share personal information between teams routinely. In other cases, we will not share unless satisfied that it would be lawful to do so.

Constituents often ask an MP or a councillor for help with an issue concerning the council. If you ask an MP or one of our councillors for help, we may pass information to them and other services to enable them to help you.

As an employer, we share information with pension providers, occupational health providers, professional advisers such as solicitors.

The council often engages third parties to carry out data processing activities on our behalf.  We ensure that our contractors handle your information in accordance with the law and act only on our instructions.  They are not able to use your information for their own purposes, have a duty to keep it securely in their systems and have to return it to us or delete it at the end of the contract.

8. How we will store and look after your information

Most of the data held electronically will not be stored in a country outside the UK or European Union.  A limited amount is stored in the cloud.

All paper records containing your personal information will be held securely in our filing systems and archives.

9. How long we will retain your information

The period of time for which we keep your information will depend on the operational and legal requirements of each of our services. We will provide you with more detailed information wherever possible at the time we obtain it.  Our retention guidelines explain the periods of time for which we hold different types of information and the criteria we use to decide whether to continue to keep it.

10. Your rights concerning your information
The General Data Protection Regulation gives you a number of rights concerning your personal information. See the list below. Not all rights apply in every case - it will depend on the legal basis for collecting your information and how we use it.

  • The right to be informed
  • The right of access
  • The right to rectification
  • Rights related to automated decision making, including profiling
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • The right to erasure

Further details on your rights can be found on our website http://www.rushmoor.gov.uk/dataprotection

11. Right to complain to the Information Commissioner's Officee
If you have any queries or complaints about how the council or one of our services is handling your personal information, please let our data protection officer know using the contact details in paragraph 1, as we may be able to resolve it for you.

If you do not wish to do this or if having done so you are still not happy with the way we are handling your personal information, you have the right to lodge a complaint with the Information Commissioner's Office. (ICO).

You will find details of how to do so on the ICO website at https://ico.org.uk/ or by phoning their helpline on 0303 123 1113.

12. Why we need your information and the consequences of not providing it
We need your information for a wide variety of purposes, some in order to carry out our public functions and others more private in nature. Because of the complexity of the work we carry out, we will give you more information about the reasons we need it when asking you for your information.

We will also draw your attention to what will happen (or not happen) if you do not provide it to us.


Information about how and why we use cookies on our websites and how you can manage them.

What is a cookie

Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used.

We use cookies on our website www.princeshall.com to do many things including making the website function correctly, keeping track of your ordering, and also helping to identify how the website is being used and what improvements we can make.

Cookies we use

There are two different types of cookies set when you visit our website:

  • Session cookies set by this website or by third-party websites

These are cookies that are deleted when you close your browser. They do not contain personal information, and cannot be used to identify you.

  • Persistent cookies set by this website or by third party websites

These cookies remain on your computer when you close your browser. They help us identify you as a unique visitor (by storing a randomly generated number) and help your browser remember preferences when returning to our websites. They also help us find out more about how people use our websites, which helps us to improve user experience.

Cookies we use on our website

Content management system:

Name of cookie What it does


This cookie is essential to be able to use our website. It is created as soon as you visit our website, and stores a unique identifier for your session. This cookie is stored in temporary memory and is erased when you close your web browser.


These cookies are essential for our site, but are only seen by site administrators whilst accessing the website content management system (CMS). They are used in maintaining the session state of the logged-in user.


These cookies are set by our website hosting (Microsoft Azure). It is used to make sure that you always visit the same web server when using our website.


Cookie preferences:

Name of cookie What it does
CookieControl Used to remember your choice about which type of cookies we set for our website.


Measuring website usage (Google Analytics)

We use a service called Google Analytics  to collect information about how you use our website. We do this to help make sure the site is meeting the needs of our visitors and to help us make improvements.

Google Analytics stores information about:

  • The pages you visit on website - how long you spend on each page
  • How you got to the site
  • What you click on while you're visiting the site

They don't collect or store your personal information (e.g. your name or address) so this information can't be used to identify who you are

Name of cookie What it does


These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in a way that does not directly identify anyone.

Booking process

To use our online sales service (Spektrix) you must enable  third party cookies in your browser. Cookies are used to keep track of your order as you proceed through the online booking process. They do not collect personal information and are not used for advertising.


Cookie Name Expiration Time Description Category
QueueNumber When the user ends their browser session. Records the customer’s place in a queue for tickets. NECESSARY
SessionId When the user ends their browser session. Stores a unique session ID value used to remember what has been added to the basket. This is also essential to retain this information when using a combination of the Spektrix iframes and API. NECESSARY
CookieDetection When the user ends their browser session. Used to identify whether cookies can be set. NECESSARY
SpektrixClientName 1 year Used to distinguish Spektrix client systems. NECESSARY
.ASPXAUTH 10 Minutes since last interaction with the Spektrix Customer Interface or Spektrix API Contains a user's authentication information, meaning the user does not have to re-enter their login details for every request to the website. NECESSARY
ReturningCustomerCookie Forever/until cookies are cleared (most browsers now cap the cookie max-age at 400 days so may vary based on the browsers being used by the customer) Used to recognise return users PERFORMANCE


Blocking cookies

We do not recommend that you block or delete cookies from our website as parts of our websites may not work properly, and you may find them more difficult to use.

However, most web browsers allow you to block, manage or delete cookies through the browser settings. To find out how to do this, visit the All about cookies or use your browser's 'Help' guide.