Privacy Policy

Personal Information Protection Policy

TheConcertHall.ca (the Site) is an offer of the Vancouver Symphony Orchestra (VSO). With this privacy policy, we inform you about the processing of personal data in connection with the use of this website. If you are redirected to other websites via a link, the privacy policy of the respective website operator applies. We recommend that you inform yourself about the handling of personal data on the respective website. We know that the protection of your data is important to you and appreciate the trust placed in us. VSO strictly adheres to the legal provisions of the applicable data protection law when collecting, processing, and using your data.

1. Who is responsible for the data processing and whom can I contact?

‍The Privacy Officer or designated individual is responsible for ensuring VSO’s compliance with this policy and British Columbia’s Personal Information Protection Act. You may contact our Privacy Officer at:

Vancouver Symphony Orchestra – Attn. Kenneth Livingstone
500-843 Seymour St Vancouver, BC  
V6B 0G4
Canada

Email: kenn@vancouversymphony.ca

2. What sources and data do we use?

‍2.1 Visiting our Website

When you visit our website, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is collected and stored until it is automatically deleted: IP address of the requesting computer; date and time of access; name and URL of the accessed file; website from which access is made (“referrer URL”); if applicable, the search engine you used; the browser used; and, if applicable, the operating system of your computer as well as the name of your access provider.

The mentioned data will be processed by us for the following purposes: ensuring a functioning connection of the website, ensuring comfortable use of our website, billing, statistical evaluation using a pseudonym in order to optimize our website as well as the quality and range of our offers, evaluation of system security and stability, and for other administrative purposes.

For each access, VSO compiles the following – completely anonymous– statistics on the basis of this data: Number of individual users (total/active); minutes viewed (total/average per institutional individual user); usage time (total/average per institutional individual user); number of rejected/blocked institutional individual users, total usage by device type (mobile, TV, desktop). In addition, we use cookies and analysis services when you visit our website in accordance with point 4 below.

2.2 Using TheConcertHall.ca

‍In addition, we process personal data that we receive from you in the course of our business relationship. For example, we process personal data if you provide it to us when registering as a customer of TheConcertHall.ca. VSO may require the following data for the execution and processing of the streaming services offered in TheConcertHall.ca: title, full name, phone number, email address, address (billing address and, if applicable, different shipping address) and bank details or credit card data. When registering as a customer of TheConcertHall.ca, you must also choose a password to allow future access to the customer area without having to re-enter your personal data. When customers register, the VSO sets up a customer account in which the customer's data is stored for further concert visits in TheConcertHall.ca. You can access and correct the data stored thereat any time. You can request permanent deletion of your data by contacting the Privacy Officer. Deleting your data will result in cancellation of your registration and end your access to TheConcertHall.ca services.

3. For what purpose and on what legal basis do we process your data?

‍While we have always respected our customers privacy and safeguarded their personal information, we have strengthened our commitment to protecting personal information as a result of British Columbia’s Personal Information Protection Act (PIPA).  PIPA, which came into effect on January 1, 2004, sets out the ground rules for how B.C. businesses and not-for-profit organizations may collect, use and disclose personal information.

We will inform our customers of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.

This Personal Information Protection Policy, in compliance with PIPA, outlines the principles and practices we will follow in protecting customers’ personal information.  Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our customers’ personal information and allowing our customers to request access to, and correction of, their personal information.

This Personal Information Protection Policy applies to VSO and its business partners. This policy also applies to any service providers collecting, using or disclosing personal information on behalf of the VSO.

3.1 For the performance of contracts and pre-contractual measures The processing of personal data takes place for the provision of the (streaming) services offered on our website, for billing, implementation of pre-contractual measures and for answering your inquiries in connection with our business relationship.

Further details for the purpose of data processing can be found in the respective contractual documents and terms and conditions.

3.2 For legitimate interests If necessary, we process your data beyond the actual fulfillment of the contract to protect the legitimate interests of us or third parties, for example in the following cases:
◦  Answering your questions outside of a contract or pre-contractual measures
◦  Advertising or market and opinion research, unless you have objected to the use of your data
◦  Operation and optimization of the website
◦  Use of cookies in accordance with point 4 below
◦  Enforcement of legal claims and defense in legal disputes
◦  Ensuring our IT security and IT operations
◦  Prevention and investigation of criminal offences
◦  Anonymized evaluation of streaming behavior

3.3 On the basis of your consent If you have given us your consent to process personal data for specific purposes, this processing is lawful on the basis of your consent. You can withdraw your consent at any time by contacting the Privacy Officer. Please note that the withdrawal will only take effect for the future. The lawfulness of our processing based on your consent which took place before the withdrawal is not affected.

4. Cookies

If you have given your consent on our website, we use the following tracking cookies (and tracking pixels) for advertising purposes:

4.1.1 Google AdWords with conversion tracking This website uses the online advertising service Google Adwords with conversion operated by Google LLC, 1600 Amphitheater Parkway,Mountain View, CA 94043, USA (“Google”).

We use the service to place ads on the results page of a Google search or a Google advertising network website using Google(so-called AdWords). Our purpose is to draw your attention to our offers. Conversion tracking enables us to measure how successful our individual advertising measures are by means of certain parameters (e.g. insertion of advertisements or clicks by the user).

When you click on an ad placed by Google, Google stores a conversion tracking cookie on your computer. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement(frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies help Google recognize your browser. If you visit certain websites on an AdWords customer's website and the cookie has not yet expired, Google and the customer may recognize that you clicked on the ad and were redirected to the website. A different cookie is assigned to each AdWords customer. Cookies therefore cannot be traced through the websites of AdWords customers. We do not collect and process any personal data when using Google AdWords. We only receive statistical evaluations from Google with the total number of users who clicked on an ad and were redirected to a website with a conversion tracking tag. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the technologies used, your browser automatically establishes a direct connection to a Google server in the USA. By integrating AdWords with conversion tracking, Google receives the information that you have called up the corresponding website of our web presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate the data with your account. Even if you are not registered or logged in to Google, it is possible that Google may obtain and store your IP address.

You can prevent participation in this tracking procedure by choosing the appropriate cookie settings in your browser (see above) or by setting your browser so that cookies are blocked by the domain www.googleadservices.com (https://www.google.de/settings/ads). This setting is deleted if you delete your cookies. You can also deactivate personalized ads from providers that are part of the “About Ads” self-regulation campaign (http://www.aboutads.info/choices) which will also be deleted if you delete your cookies. You can also permanently deactivate personalized advertising in your browsers (Firefox, Internet Explorer, Google Chrome) at http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of our website in full.

Further information on data processing in the context of Google AdWords can be found at https://policies.google.com/privacy?hl=policies.

4.1.2 Google Analytics Remarketing (Cross-Device-Tracking). This website uses Google Analytics Remarketing, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the purpose of cross-device remarketing.

This tool links the advertising target groups created with Google Analytics Remarketing to the cross-device features of Google AdWords and Google DoubleClick. This means that personalized and interest-related advertisements that were displayed to you on one device (e.g. smartphone) based on your previous usage and surfing behavior can also be displayed on other devices you use (e.g. tablet, PC).

If you have given Google permission, Google will link your web and app browsing history to your Google Account for this purpose. This allows the same personalized ads to appear on every device you sign in to with your Google Account. You can withdraw your consent to the summary of information collected in your Google Account with Google at any time.

When you use these features, Google Analytics collects Google's authenticated user IDs that are temporarily linked to our Google Analytics data to define and create cross-device ad targeting.

You can permanently opt out of cross-device remarketing and retargeting by disabling personalized advertising in your Google Account at https://www.google.com/settings/ads/onweb. You can permanently opt out of cross-device remarketing and retargeting by disabling personalized advertising in your Google Account athttps://policies.google.com/technologies/ads?hl=en in Google's privacy policy.

4.1.3 Facebook Retargeting (Facebook Custom Audiences). This website uses the remarketing function “Custom Audiences” of Facebook Inc, 1601 Willow Road, Menlo Park, CA 94025, USA (“Facebook”). This allows users of the website to view interest-based advertisements (“Facebook ads”) when visiting the social network Facebook or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website more interesting for you.

Based on the marketing tools used (Facebook tracking pixel), your browser automatically establishes a direct connection to a Facebook server in the USA. By integrating Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence, or have clicked on an advertisement from us. Facebook also receives the same information when it visits third-party websites, which also contain a Facebook tracking pixel. If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying information.

We do not receive access to this tracking data (except in aggregated form) and you remain anonymous to us.

You can deactivate the “Facebook Custom Audiences” function as a logged-in user at https://www.facebook.com/settings?tab=ads. As faras Facebook uses retargeting cookies, you can deactivate the storage of cookies in the settings of your browser or athttp://www.aboutads.info/choices. For more information about data processing by Facebook, please visit https://www.facebook.com/about/privacy

5. Email marketing

‍5.1 Newsletter

If you have expressly consented, we use your email address to inform you in our email newsletter about us, in particular about our concerts. Your consent is recorded and can be called up at any time under “Your account” in TheConcertHall.ca.

To receive the newsletter, it is sufficient to provide an email address.

You can unsubscribe at any time, via the link in “Your Account” or the link at the end of each e-mail. Alternatively, you may send your request to unsubscribe by email to help@theconcerthall.ca at anytime or by contacting the Privacy Officer. In this case your email address will be deleted from TheConcertHall.ca email distribution lists and added to our blacklist. The withdrawal of your consent will only take effect for the future and there may be a delay of up to 1 month for removal from all pre-scheduled emails. The lawfulness of any processing based on your consent carried out before the withdrawal is not affected by this.

Newsletter-Tracking

Please note that we evaluate the behavior of the recipients of our emails using usage statistics. For this purpose, the emails contain so-called web beacons or tracking pixels and links, which are each linked with an individual ID. Thus, we record the time of opening and forwarding the e-mail as well as the clicking of the links contained therein, the IP address (to determine the country of retrieval) and the email program used. The evaluation is based on usage statistics (delivery rate, opening rate, click rate, number of redirects, number of clicks on the links contained in the email, email programs used, openings and clicks by time of day and date, country of retrieval), that we can associate with your e-mail address. The evaluation of usage behavior serves to check the success of our email marketing and to constantly improve it. You can withdraw your consent to the evaluation at any time by unsubscribing from the newsletter (e.g. via the link at the end of each email); an isolated withdrawal of your consent only against the evaluation is (currently) not possible for technical reasons. We store your usage data until you withdraw your consent.

5.2 Existing customers

If you have already purchased goods or services from VSO, we inform you from time to time by email or letter about similar goods and services from VSO if you have not objected to this.

You can object to the use of your email address and postal address for advertising purposes at any time without additional costs, for example via the link at the end of each email or by email to help@theconcerthall.ca.



6. Social-Media-Plugins (Facebook, Twitter)

‍This website uses social media plugins of various social networks. These plugins are functions of the respective social network that enable you to share content from our website with your contacts in the social networks or to recommend this content, for example. The social media plugins can be recognized by the logo of the respective social network.

We use social media plugins from the following social network operators:
Facebook: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Twitter: Twitter Inc., Folsom St., Suite 600, San Francisco, CA 94107, USA
LinkedIn: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
Instagram: Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA

On our website, all social media plugins are deactivated by default, which means that simply accessing our website does not result in any data being transferred to the social network providers. If you want to use the functionality of the respective social network and therefore activate an initially deactivated social media plugin, you are expressly consenting for data to be transferred to the social network operator from that time forward. We have no influence on the scope of data collected in this way by the providers of social networks.

To our knowledge, the following data is transferred:
IP address
User identification, if you are logged into the respective service
Previously visited page (referrer), if you followed a link
Type of browser and browser settings
installed plugins like Adobe® Flash® or Adobe® Reader®
URL of the page on which the social media plugin is integrated
The date and time of the visit
Technical data relating to the operating system
Location-specific information
Cookies

Through the integration of the plugin, the operators of the social networks receive the information that you accessed the respective pages of our online presence. If you are at the same time logged into a social network, the operator can associate these page views with your account on the respective social network. If you then go on to interact with the social media plugins, e.g., clicking the Facebook “Like” button, that information is also transmitted to the respective social network.

Even if you are not a member of any said social networks, it is possible that via the social plugin they may become aware of your IP address and store it. For details about the purpose and scope of data processing, collection and use by the social networks used by us and your rights and setting options in this regard, please consult the privacy policies of the social networks:
Facebook: http://www.facebook.com/policy.php
Twitter: www.twitter.com/privacy
LinkedIn: http://www.linkedin.com/legal/privacy-policy
Instagram: https://help.instagram.com/155833707900388

If desired you can permanently activate the plugins of one or more social media providers. In this case, whenever you access a page, data is always transmitted to the social network provider. You can deactivate certain or all social media plugins at any time.

Moreover, you may be able to render data transmission to social media networks technically impossible. To do so, please adjust the security settings in your web browser, for instructions on how to do so, please consult the “Help” section in your web browser.

Furthermore, in individual cases, it is possible to block social media plugins using add-ons for your browser, e.g., blocking the Facebook plugin using “Facebook Blocker,” which you can download here: http://webgraph.com/resources/facebookblocker/

‍7. Who gets my data?

‍Within our organization, those departments or individuals get access to your data that need it in order to fulfil our contractual and legal obligations.

Processors may also receive data for the aforementioned purposes. These are companies in the categories of IT services, logistics, printing and shipping services, telecommunications, sales and marketing.

We share your personal data with third parties if this is necessary to fulfil an existing contractual relationship between you and VSO or to implement pre-contractual measures or for the purposes of legitimate interests.

We only share such information as is required by our partners or the service providers to perform the tasks assigned to them. The service provider or partner undertakes to treat the data confidentially in accordance with this data protection declaration and the relevant data protection laws and not to pass it on to third parties.

We will only use or disclose client, customer, member personal information where necessary to fulfill the purposes identified at the time of collection or for a purpose reasonably related to those purposes.

We will not use or disclose client, customer, member personal information for any additional purpose unless we obtain consent to do so. We will not sell customer lists or personal information to other parties, unless we have consent to do so.

In addition, your personal data will be disclosed or transmitted if required to do so by law or if you have given your consent.

Under these conditions, recipients of personal data may be, for example:
- Subcontractors (e.g. Google) used by VSO to provide the services offered via the website.
- Banks and Credit Card companies for the collection of fees.
- Public authorities and institutions in the event of a legal obligation or official order.
- Content partners presenting services on TheConcertHall.ca.

8. How long will my data be stored?

‍If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. It should be noted that our business relationship is a continuing obligation which– until termination of your registration on our website – is intended for years.

Log files and cookies are deleted after expiry of the above-mentioned storage periods.

9. What data protection rights do I have?

‍You have the right of access, the right to rectification, the right to erasure, the right to limitation of processing and the right to data portability. Restrictions apply to the right of access and the right of cancellation. You also have the right to object to data processing by us. If our processing of your personal data is based on consent, you can withdraw this at any time; the legality of data processing based on the consent until withdrawal remains unaffected by this.

10. Is there an obligation to provide data?

‍In the context of our business relationship you only have to provide the personal data which is necessary for the establishment, execution and termination of a business relationship or which we are legally obliged to collect. Without this data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.

Mandatory information is marked as such on our websites.

11. Data security

‍We take a variety of security measures to adequately protect personal data to an appropriate extent. We are committed to ensuring the security of the customer’s personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.

All customer information is stored on secure servers that are protected from access from other networks by a software firewall. Only those employees who need information to process a specific request or order have access to the data. The employees are trained in the safe handling of data.

Insofar as we collect personal data on our pages, the transmission is encrypted using the industry standard Secure Socket Layer (“SSL”) technology. This applies to all particularly sensitive data such as credit card numbers and account information.

We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.

12. Questions and Complaints

‍The Privacy Officer or designated individual is responsible for ensuring VSO’s compliance with this policy and the Personal Information Protection Act. Customers should direct any complaints, concerns or questions regarding VSO’s compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern customer may also write to the Information and Privacy Commissioner of British Columbia. Contact information for VSO’s Privacy Officer or designated individual:

‍Kenneth Livingstone
kenn@vancouversymphony.ca


Last updated: 29 September 2020