Delfont Mackintosh Theatres Privacy Policy

About Us

We are Delfont Mackintosh Theatres Limited of 1 Bedford Square, London, WC1B 3RB (“Delfont Mackintosh”).

This Privacy Policy covers the use of your information by Delfont Mackintosh. Delfont Mackintosh is the Controller of the information described in the use of your information by Delfont Mackintosh. We are required under data protection legislation to notify you of the information contained in this privacy notice.

As such, any references in this Privacy Policy to “we”, “our”, “us” etc will be interpreted as a reference to Delfont Mackintosh.

This privacy policy applies to the following websites:

Our websites are not intended for children and we do not expect to collect information relating to children. As such, this Privacy Policy is written for adults.

What information do we hold?

The information we hold on you and how we use it will vary depending on the nature of your relationship with us.

We will collect, process and store personal information about you. This personal information will include:

  • the information that you provide by filling in forms on our site, including information provided at the time of registering to use our site, purchasing tickets online, filling in our mailing list and hospitality and groups / education online forms (including name, address, contact details, account log-in details and billing/payment information);
  • the basic information and contact details that we might ask you to provide to support NHS Test and Trace (please refer to the Privacy Notice To Support NHS Test And Trace as set out below);
  • details of your visits to our site, including records of transactions carried out on the site and the fulfilment of the booking;
  • if you contact us, records of that correspondence;
  • information about the frequency of visits to our websites, the pages you have visited, the length of time spent on our websites and your other activities on, and use of, our websites; and
  • if you apply to work with us, the information you have provided to us (such as in your curriculum vitae, covering letter, application form and/or during any interview(s)) This may include your name, title, postal address, telephone number, personal email address, date of birth, gender, employment history, and qualifications. We may also collect, store and use more sensitive personal information about: (a) your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation; (b) your health (including any medical condition, health and sickness records); and (c) any criminal convictions and offences.

We collect the information described above directly from you when you send us information (for example, by contacting us or registering with us) or indirectly from you (such as from your browsing activities whilst on our websites – for further information on this, please see our Cookies Policy at If you apply to work with us, we may also collect the information from recruitment agencies, the Disclosure and Barring Service (DBS) in respect of criminal convictions, and your named referee(s).

How and why do we use your personal information?

We process your personal information so that we can perform our everyday functions, including where you have given your consent, for our legitimate interests and to perform a contract with you.

We only use this information for the purpose of legitimate interests being pursued by us in relation to the services or products that we provide. For example, we may use your information: to contact you to discuss our services and products (and any changes to them); to respond to any questions or concerns you have raised; to deal with administrative matters such as invoicing and renewal; and to otherwise carry out our obligations arising under a contract and to enforce the same.

In particular, we use your information:

  • Where we have obtained your consent (and before any withdrawal of your consent – see below). Including to provide you with information on products or events and other information we think you might like.
  • Where it is necessary for the performance of a contract with you (or to take steps at your request before entering into a contract). Including to:
    • notify you about changes to our service;
    • create and manage your account with us;
    • provide you with products or services (e.g. tickets or gift vouchers);
    • confirm your booking for a production, and to send you communications in connection with your transaction and the show you attend; and
    • send you emails about your account or a ticket purchase.
  • In line with our legitimate business interests to:
    • ensure that content from our site is presented in an effective manner for you and for your computer;
    • send you emails to ask you if you would like to provide feedback on a show you attended;
    • conduct market research and analysis to better understand trends and patterns in ticket sales, to improve our services, and to inform future marketing activities;
    • enforce legal rights or defend legal proceedings;
    • prevent fraud;
    • ensure compliance with our rules and procedures; and
    • decide, if you apply to work with us, whether to appoint you to the relevant role since it would be beneficial to our business to appoint someone and to enter into an employment contract with you. This may involve assessing your skills, qualifications, and suitability for the relevant role; carrying out background and reference checks, where applicable; communicating with you about the recruitment process; keeping records related to our hiring processes; and complying with legal or regulatory requirements.

We will not use your information for any other purposes unless we are required to do so by law, in connection with any legal proceedings or any regulatory obligations, or in order to establish, exercise or defend our legal rights.

Where we have relied on our legitimate interests to process your personal data, this will be where we have a business or commercial reason to use your information, provided this is not overridden by your own rights and interest. You may contact us to obtain more information, including in relation to our assessment of the impact on you.

If you are applying to work with us, we will use your particularly sensitive personal information in the following ways:

  • we will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process;
  • we will only use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to enable meaningful equal opportunity monitoring and reporting; and
  • if you are applying to work with us in an eligible role (e.g. a role involving working with children), we envisage that we will collect and process information about your criminal convictions history if we would like to offer you the work (conditional on checks and any other conditions, such as references, being satisfactory). We would carry out a criminal record check (where required or entitled) in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the relevant role. In particular, we would be legally required to carry out a criminal record check for an eligible role involving working with children. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

Please note that if you are applying to work with us and you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for the relevant role and you fail to provide us with the relevant details, we will not be able to take your application further.

Who do we share your information with?

Your information will be shared internally amongst our staff but they will only use it to carry out their duties in line with the purposes set out above. We will need to share your personal information with others from time to time, including to:

  • any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries;
  • the external third party ‘TixTrack Inc’, a third party provider of ticket software solutions, for the purposes described in the ‘HOW AND WHY DO WE USE YOUR PERSONAL INFORMATION?’ section above;
  • the external third party ‘Microsoft Corporation’, a technology company who provide us with web hosting services and online products and services, for the purposes described in the ‘HOW AND WHY DO WE USE YOUR PERSONAL INFORMATION?’ section above;
  • our professional advisers, such as our accounting, legal advisers where they require that information in order to provide advice to us;
  • any court, law enforcement agency or regulatory authority in accordance with our legal obligations;
  • if another entity acquires us or our assets, your information may be disclosed to that entity as part of the due diligence process and, if the acquisition goes ahead, your information will be transferred to that entity;
  • our group’s service providers for the provision of specific business operations (such as IT service providers, banks and mailing houses, and marketing agencies), but only if we have a written agreement in place with such providers to ensure they take appropriate measures to protect your information;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to protect the rights, property or safety of our organisation, our customers or others;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to protect the rights, property or safety of our organisation, our customers or others;
  • to successors in title or replacement operators of all or part of our organisation, subject to the data being used for the same purposes as originally specified; and
  • if you are applying to work with us, the Disclosure and Barring Service (DBS), your named referee(s) in order to obtain a reference and/or search/recruitment consultancies.

Our third-party service providers (including, for example, TixTrack Inc, Microsoft Corporation and the DBS) must take appropriate security measures to protect your personal information and must not process it for their own purposes. They can only process your personal data for specified purposes and in accordance with our instructions.

We will occasionally share limited personal information (such as your postcode) and anonymised sales data with third party audience insight agencies who will help us to analyse the demographics of people buying our tickets. This helps us to better understand trends and patterns in ticket sales, improve our services and inform marketing activities (e.g. by ensuring more targeted marketing strategies going forwards). We instruct these third parties not to combine postcode information with any other details that could identify an individual.

Sometimes the producers of our shows will ask us to provide them with information relating to our sales of their tickets so that they can conduct their own market research and analysis for these same purposes. Any information that we provide in these circumstances cannot be used to identify you (as it is non-identifiable, aggregated or anonymised information). For example, this information could include aggregated information that cannot be associated with you about patterns in ticket sales.

Additionally, we might share your data with a producer so they can contact you directly about their other shows. Before we share your personal data with any of our producers for direct marketing purposes, we will get your express opt-in consent. We do this when you make a booking online by asking you if you wish your data to be shared with the producer of the show you are booking to see. If you do not wish to receive marketing information from the producer, please ensure you do not tick the opt in option. You can ask the producer to stop sending you marketing information at any time. A producer will become the Controller of the information that we provide and, as such, will be responsible for handling it in a way that complies with data protection legislation. You should refer to their privacy policy for further information regarding their use of your information. Our current list of producers can be found here.

When making a booking online, you will be asked if you wish to be sent information about other productions in our theatres. You will also be asked if you wish to receive information from other carefully selected Arts / Cultural third party organisations. If you do not wish to receive marketing information from Delfont Mackintosh, our group or from third party organisations, please ensure you do not tick the opt in option. You can opt out of these marketing communications at any time.

We never disclose information to third party advertisers without your consent. Delfont Mackintosh is not responsible for the content or data protection / privacy policies of third party websites connected to our site.

Where and how is your information stored and kept secure?

Your information is stored on servers located within the UK and/or the EEA.

Your information is stored on servers located within the UK and/or the EEA. From time to time, it may be necessary for us to transfer your personal data out of the UK where, for example, electronic services and resources are based outside of the UK or to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law.

Whenever we transfer your personal data out of the UK to service providers, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:

  • We will only transfer your personal data to countries that have been deemed by the UK to provide an adequate level of protection for personal data, namely to (i) organisations in the European Economic Area (EEA) under Schedule 21, Data Protection Act 2018; (ii) organisations in the United States certified under the ‘EU-US Data Privacy Framework’ and which have included the ‘UK Extension to the Framework’ within their certification under The Data Protection (Adequacy) (United States of America) Regulations 2023 SI 2023/1028); and (iii) commercial organisations in Canada under sections 4 and 5, Part 3, Schedule 21, Data Protection Act 2018.
  • We may use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK. To obtain a copy of these contractual safeguards, please contact us by email at

We have appropriate security measures to prevent your personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your information to those who have a genuine business need to access it.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How long will we keep your information?

We retain your information for no longer than is necessary for the purposes for which the information is collected. When determining the relevant retention periods, we will take into account factors including:

  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • statute of limitations under applicable law(s);
  • (potential or actual) disputes; and
  • guidelines issued by relevant data protection authorities.

Otherwise, we securely erase or anonymise your information once it is no longer needed.

Please note that if you are applying to work with us, we will retain your personal information for a period of up to 12 months after the closing date for the relevant application, unless your application is successful (in which case we will keep your information for longer). We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

Your rights

You have the following rights regarding your personal data information:

1 Right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy.
2 Right of access
You have the right to obtain access to your information (if we are processing it), and other certain other information (similar to that provided in this Privacy Policy).
3 Right to rectification (or correction)
You are entitled to have your information corrected if it is inaccurate or incomplete.
4 Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5 Right to restrict processing
You have rights to ‘block’ or suppress further use of your information in certain circumstances (for example, if you contest the accuracy of the information). When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6 Right to data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7 Right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).

Right to object to processing

In addition to the above rights, you also have the right to object to certain types of processing, in certain circumstances. In particular, you have the right to object at any time to the processing of your personal data for direct marketing and in other situations, such as where we use your personal data for our legitimate interests.

To exercise any of these rights at, any time, you can contact us using the details set out at the end of this Privacy Policy. When contacting us, please (a) provide enough information to identify yourself and any additional identity information we may reasonably request from you; and (b) let us know which right(s) you want to exercise and the information to which your request relates.

Privacy Notice to Support NHS Test and Trace

Purpose of this privacy notice

This privacy notice provides information on how Delfont Mackintosh Theatres Ltd collects and processes your personal data when you visit our theatres (including Gielgud Theatre, Noël Coward Theatre, Novello Theatre, Prince Edward Theatre, Prince of Wales Theatre, Sondheim Theatre, Victoria Palace Theatre and Wyndham’s Theatre) for the purposes of supporting NHS Test and Trace.

Any references to “Delfont Mackintosh”, “we”, “our” or “us” shall mean Delfont Mackintosh Theatres Limited. This privacy notice supplements our website’s general privacy policy. It is important that you read this privacy notice together with our website privacy policy.

What we use your personal data for

To support NHS Test and Trace (which is part of the Department for Health and Social Care (“DHSC”)) in England. For further information on the DHSC guidance, please visit and for more information on the NHS Test and Trace scheme, please visit:

By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to coronavirus.

What personal data we collect

As a customer or visitor of ours you might be asked to provide some basic information and contact details. The following information may be collected:

  • the names of our lead bookers, customers or visitors;
  • a contact phone number for lead bookers, customers or visitors; and
  • the date of visit.

This may be done in advance or we may ask you to complete a form on arrival to provide this information.

Responsibility for compliance with data protection legislation

We, as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time we hold the information. If that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time. NHS Test and Trace as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from Delfont Mackintosh.

Data retention

NHS Test and Trace as part of its guidance, has recommended that we retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period.

Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purpose and where the information is only collected for the purpose of contact tracing it will be destroyed by us 21 days after the date of your visit.

However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name and phone number). Where this is the case, this information only will continue to be held after 21 days and Delfont Mackintosh will use it as we usually would in accordance with our privacy policy, unless and until you tell us not to.

Who your data may be shared with

We will only share information with NHS Test and Trace if it is specifically requested by them. For example, if other customers at our Delfont Mackintosh theatre venue subsequently tested positive, NHS Test and Trace can request the log of customer, visitor and staff details on a particular day.

NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order).

Lawful basis for processing your data

Your information will always be stored and used in compliance with the relevant data protection legislation. The use of your information is covered by the UK General Data Protection Regulations Article 6 (1) (f) – legitimate interests of Delfont Mackintosh. The legitimate interest in this case is the interest of Delfont Mackintosh in co-operating with NHS Test and Trace in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus. Collection of information from or about children under the age of 18 requires the consent of their parent or guardian.

Your rights

You have legal rights as a data subject, such as the right to be informed, the right to access information held about you, the right to rectification on any inaccurate data that we hold about you. You have the right to request that we erase personal data about you that we hold (although this is not an absolute right). You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances. You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute). If you are unhappy or wish to complain about how your information is used, you should contact us in the first instance using our contact details to resolve your issue. If you are still not satisfied, you can complain to the Information Commissioner’s Office.

Changes to this Privacy Policy

From time to time we may make changes to this Privacy Policy to ensure that it is accurate and up to date and to reflect any changes in the law. This policy was last updated on 13 May 2024.

We are constantly looking for new ways to improve this website, and we may update it at any time.

It is important that the personal information we hold about you is accurate and current. To this end, please do keep us informed if your personal information changes during your relationship with us.

Contacting us and making a compliant

Please do contact us if you have any requests, questions or complaints about this Privacy Policy or about how we handle your personal information by post, email or telephone using the following details:

Address: 1 Bedford Square, London, WC1B 3RB

Calls to Delfont Mackintosh Theatres 03 numbers cost no more than a national rate call to an 01 or 02 number.

If you are calling from overseas, please use the following:

We hope we will be able to resolve any issues you have but if you are not satisfied with our response or you believe our use of your information does not comply with data protection law, you can also make a complaint to the UK regulator in relation to data privacy, the Information Commissioner. The Information Commissioner may be contacted on or by telephone at 0303 123 1113.