Privacy Policy

The Autumn Festival of Norfolk (previously known as The Hostry Festival) is committed to protecting your privacy and personal information, and to be transparent about what information we hold and how we use it.
Collecting and processing personal data allows us to develop a better understanding of our audiences, participants and supporters. It allows us to provide you with timely and relevant information about the work that we present and to make important decisions about our programme of events and the opportunities that we create for people to engage with our work. As a registered charity it also helps us to engage with potential donors and supporters.
We will use any personal information that we collect about you in accordance with the General Data Protection Regulation and the Privacy and Electronic Communications Regulations 2003.



The Autumn Festival of Norfolk is an annual celebration of music, dance, performance & culture, celebrating our 10th Anniversary in 2021.



We collect various types of information in a number of ways:

Information that you give us.

For example, when you register on our website, we’ll store personal information you give us such as your name and email address.

Information about your interactions with us.

For example, when we send you a mailing, we may keep a record of this, and when we send you emails, we can see what you have opened and which links you have clicked.

Information from third parties.

We occasionally receive information about you from third parties. For example, we may use third party research companies to provide general information about you, compiled using publicly available data.
The information we hold about you may include:


Special categories of personal data (previously referred to as sensitive personal data)

We do not usually collect sensitive personal data, but there may be occasions when we need to collect and store more information; for example we might need to collect an individual’s age and health information in order for them to take part in an event or workshop, or we might also record information about access requirements to help us provide the best service. For children under 18 we will always ask for the consent of a parent or guardian to collect this information.

Film and Photography

During the course of public performances, events and workshops we may take photographs and video to document events and for use on our digital platforms, printed materials and other promotional activity. This includes, but is not limited to, our website, social media channels, leaflets, posters and media releases. We will also share these images with relevant partners and artists relating to an event or activity to use for the same purposes. We will put up signage at events to notify audiences if this is taking place.
If we are taking close-up images at public events, we will endeavour to ask for an individual’s permission. If you are aged 18 or over we will ask for your verbal consent, for anyone under 18 we will ask for written permission from a parent or guardian.
At educational workshops and participation events we will always ask for written consent for anyone aged under 18 and adults at risk. When working with schools this may be acquired through permissions that they have already sought.
Audiences at ticketed performances consent to filming, photography and sound recording of themselves as part of the audience.
If you would prefer not to be included in any image recording, please speak to a member of staff or a volunteer. They will be wearing an Autumn Festival of Norfolk staff t-shirt/badge at the event and will provide information on how to make sure you are not included. Notices will be posted at the entrance to any venue where photography or video recording is planned, with similar information.


The above information is used to select and inform you of events or activities we think may be of interest to you and to support our work as a charity.

We use your data to:

We may combine information you provide to us with anonymised information available from external sources (e.g. Census data) in order to gain a better understanding of our audiences and visitors. We use profiling and segmentation to ensure communications are relevant and timely, and to provide an improved experience to our customers and supporters. When building a profile, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications.

For fundraising purposes, we may use third party wealth screening and insight companies to provide us with information about you and combine this with information that is publicly available (for example from LinkedIn or the Charity Commission).


There are certain circumstances under which we may ask you to disclose your personal information to third parties in order to fulfil our contract to you, to deliver our activities and to our subsidiaries described above.
These third-party providers will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to Autumn Festival of Norfolk. These providers include ticketing system provider, ticketing agents, database software suppliers, email distribution services and mailing houses. In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.
We will share your personal information when required in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
Our website may contain links to and from the websites of other organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We may share some information, such as full postcodes and concessions purchased, with organisations such as The Audience Agency who will use the information to analyse and segment our audiences to help us plan and communicate better. They will also use the information to analyse ticket sales for national and regional research into patterns of arts attendance in England (for instance, comparison of sales trends over time and geographical comparisons).
We may share some information with specific named ‘partner companies’ (Festival presenting partners, venues and visiting companies) whose performances you have attended. In these cases, you will be asked your explicit consent at the time of booking and the partner company will be named. To check which other organisations, you have consented to share your information with, log into your ticketing account or contact the Norwich Theatre box office on 01603 598 676.

Please note that these ‘partner companies’ have their own privacy policies and that we do not accept any responsibility or liability for these policies. Our personal data will not be shared with third parties to use for direct marketing and will never be sold on to any other agencies or companies.


If there are aspects of your record that are inaccurate or that you would like to remove, or you want to change your contact preferences, you can usually do this by logging in to your account through the website.
You can also ask for your preferences to be updated at any time using the contact information below.
Every email communication you receive from us will provide you with the opportunity to opt-out of receiving subsequent communications.
If you have opt-ed out of receiving information from us, we may still use your personal information to contact you about a booking (for example to let you know if an event is cancelled or if there is a change to the programme).


Unless you ask us otherwise, we will continue to store your personal information. This allows us to maintain contact with you and ensure that any future bookings or engagement you have with us are linked back to one single record. You can ask for inaccuracies in your data to be corrected at any time using the contact details below.
Any objections you make to any processing of your data will be stored against your record on our system so that we can comply with your requests.


We have safeguards in place to keep your personal information as secure as possible and make every endeavour to ensure that any third parties we use for processing your personal information do the same. We use a secured server which supports our email servers and any cloud-based file storage system. Information can only be accessed by authorised staff within our organisation and our staff are trained to understand the importance of keeping personal data secure. Our computers are safeguarded by anti-virus software and the regular changing of security passwords.

Your debit and credit card information

If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here.
We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3- or 4-digit security code.



We may change this Privacy Policy from time to time. If we make any significant changes in the way, we treat your personal information we will make this clear on our website or by contacting you directly.



You have the right to request a copy of all of the personal information that we hold about you, and to have any inaccuracies in this data corrected. In order to do this, please use the contact information below.
We will provide a copy of the information within one month of receipt of the request. This information will be provided free of charge (unless the request is deemed to be repetitive, unfounded or excessive).
We will process any requests for information to be updated or deleted within one month of receipt of the request.



Please contact us if you have any questions about this policy or our organisational Data Protection Policy, if you would like to ask for your information to be updated, for your communication preferences to be amended or for your information to be removed.