Privacy Policy

Privacy Statement

Effective: August 08, 2018.
Updated: August 08, 2018.

We, Dana de Waal and Anne de Waal in partnership as WindSong Arts, take your online and offline privacy very seriously. We are committed to respecting and protecting your privacy.

In this document, we aim to explain what personal information we ask you to share with us, and how we care for your privacy; in plain terms.

Who we are

Site URL:
Address: 33 Hexham Walk, Derby, DE21 4FQ
Phone number: 07947910002

What personal data we collect and why we collect it

Ticket Purchase

When you buy a ticket, we ask that you provide the following personally identifiable information (PII):

Your name and surname

Your email address

Your phone number

Our intended purpose for obtaining this information is so that we may email you your ticket(s), address the tickets to you, and phone you about any extenuating circumstances.


You will never receive marketing unless you have actively subscribed to a mailing list, from which you can always unsubscribe by following the link in the email, or emailing a request to

We may use your email address to notify you of any changes to this privacy statement, our terms of service, a change to business practices or information of any data breaches.

Our lawful basis is that of having being granted consent by you by making a positive and distinct action to tick the box on our ticket purchase cart form that asks you if you have read and understand this privacy policy.

We make every effort to keep the information that we hold for ticket purchases to a minimum; we don’t ever hold information on a ‘just in case’ basis, and we certainly never share it with any third parties.

You have to the ‘right to be forgotten’. If you would like us to remove, destroy and delete any/all of the information we hold on you, please contact privacy@thismantickets. We will rid our database of your information within 48 hours of your request.

We have introduced an annual data protection audit where we remove, destroy and delete any information stored on our website database on our web server of any customer(s) that we have not been in contact with for 6 months prior to the audit. This further ensures that the data we hold is kept to an absolute minimum.

You have the ‘right of access’. This means you can always ask us what data we hold on you, and we will provide it in a structured, commonly used and machine readable format such as CSV. We will of course verify your identity prior to revealing any information to you.

You have the right to ‘data portability’.

We don’t share any information with any third parties. PayPal shares your email address with us, this is covered in an agreement between you and PayPal.

We use PayPal as a PCI compliant payment gateway because it means our transactions are safe, secure and compliant with all necessary procedures, requirements and regulations. Such a level of security is far beyond the scope of our own business. PayPal handle card information on our behalf. This information is sensitive and PayPal do not share this with us.

No financial data or digital footprint (e.g., IP address) is stored.

Data Transmission

You’ll notice your browser recognises and confirms that your connection to any of our web pages is encrypted using 256-bit AES Secure Socket Encryption (SSL). This is a security measure that we invest in to ensure any information shared between your Internet browser and our web server is encrypted using one of the highest available encryption methods (256-bit) before being transmitted over the Internet.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

We ensure that any images you allow us to upload, are free from any location/identification data.
Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data

If you have bought tickets on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Our website servers are located in Germany, we never transfer personal information outside of the EU.


Cookies are used to remember user’s shopping carts. Cookies last one week.