The Audience Agency is trusted by over 1,100 cultural organisations across the UK to process and analyse audience data to support organisational research and audience development. Data security is integrated into all aspects of our work and is of utmost importance to us.
For organisations looking to contribute ticketing and/or survey data to the Audience Finder Data Tools, before receiving data from any organisation we require a Data User Confidentiality Agreement (DUCA) to be read and signed by both parties. Our DUCA has been created in consultation with the ICO, Arts Council England and sector bodies such as UK Theatre, and has been scrutinised and agreed by all of the organisations across the UK that use Audience Finder. The Audience Agency will always be acting in the capacity of the Data Processor, and the client as the Data Controller.
Read our GDPR fact sheet for more information including:
- What data we use and how
- Where and for how long data is stored
- Who has access to data
- Security measures in place to protect data
Can you give me examples of organisations similar to mine who are already using the Audience Finder Data Tools and Services?
Yes. Our full list of our UK clients exceeds 1,100. A list of clients in Wales is here, and Scotland here. Our clients include local authorities, Welsh and English government organisations and some of the UK’s largest arts, cultural and heritage organisations. This includes theatres, arts centres, galleries, heritage sites and cinemas,
With regard to ticketing data – We extract transactional ticketing data, from those organisations with a ticketing feed/data extractor, that includes personal information. The personal information is then pseudonymised as part of our data transformation process and no longer stored in the Audience Finder data warehouse. More information can be found in points 3, 4, 5 and 6 of the Audience Finder Privacy Notice.
Can I send ticketing data in a different format (e.g. a password protected csv file)? Would this be a more secure method?
No, sending data in a different format (eg password protected csv file) would be less secure. All personal information must be sent through our data extraction software to be anonymised. To send anything to us outside of this software would contravene the data protection measures we have put in place to protect your data and comply with the UK regulations. That goes for anything password protected too.
Jacobson Consulting Associates are based in the USA. As of this time, the UK has not adopted an adequacy decision for the United States or for the EU-US Privacy Shield Framework. Do you have a Standard Contractual Clause in place with JCA to provide a level of data protection that is deemed adequate by current UK standards?
Our contractual relationship is directly with Baker Richards, who in turn subcontract parts of the work to Jacobson Consulting (JCA), providing them with the necessary and limited access to the data required by JCA to undertake the work. Baker Richards have Standard Contractual Clauses in place with JCA to cover this data sharing and mitigate against the inadequacies of Privacy Shield. Baker Richards are based in the UK and therefore such agreements are not necessary between ourselves and BR.