Policies & Governance

We’re actively committed to improving the delivery of arts and culture in Luton. Our policies set the standard on how our organisation is run and how we deliver services of the highest quality.

Our policies

Privacy policy

Purpose of Privacy Notice


Luton Culture is committed to protecting your personal information and being transparent about what information we hold about you.

Using personal information allows us to develop a better understanding of our customers and in turn to provide you with relevant and timely information about the work that we do. As a charity, it also helps us to engage with potential donors and supporters.

The purpose of this Privacy Notice is to give you a clear explanation about how we collect and use the information we collect from you directly and from third parties.

We use your information in accordance with all applicable laws concerning the protection of personal information. This notice explains:


• What information we may collect about you

• How we may use that information

• In what situations we may disclose your details to third parties

• Our use of cookies to improve your use of our website

• Information about how we keep your personal information secure, how we maintain it for and your rights to be able to access it.


If you have any queries about this notice, please contact the Data Protection Officer at Luton Cultural Services Trust or email: Privacy@lutonculture.com


Who we are

Luton Cultural Services Trust (Luton Culture) is a charity and our registered charity number in England and Wales is 1122964 and we are also registered as a company in England and Wales under registration number 06373488.

LCST Trading Limited carries out the commercial activities of the Trust, and is a wholly owned subsidiary.  LCST Trading Limited is subject to Luton Cultural Services Trust’s Policies and Procedures.   LCST Trading Limited is a registered company under registration number 6474682.


Information collection

The main purposes for which we collect and process the details of customers, visitors, library members, Library & Museum Makers, service users, enquirers, donors and potential donors are:

• To provide the service, goods or information that they have requested.

• For administration purposes e.g. ticket sales, finance transactions, book borrowing records, donations etc.

• To gather feedback to help improve our work

• To further our charitable aims, including fundraising activities


How we use this information

We will also hold and analyse your data in order to continue to improve our understanding of our target audiences and our supporters.  This will enable us to create a profile of your interest and preferences in order to personalise the services we offer and we may contact you in the most appropriate way and with the most relevant information. 

We may use your data to contact you by post, email, phone and/or SMS with news and information about our products, services, events and activities that we feel may be of interest to you.  We will not use your personal information for such purposes if you have told us that you do not wish to be contacted.

When you use our services and provide your personal data, you do not need to subscribe to marketing from us.  If you have consented to receiving marketing information from us, you can withdraw your consent at any time by emailing privacy@lutonculture.com, stating your name, address and email address. 


Legitimate business interests

In certain situations we collect and process your personal information for purposes that are in our legitimate organisational interests. However we only do this if there is no overriding prejudice to you by using your personal information in this way. The following are situations where we may use this basis for processing.

Marketing communications

We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.

We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy.  We will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.

Other processing activities

In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:

We may analyse data we hold about you to ensure that the content and timing of communications that we send you are as relevant to you as possible.

We may analyse data we hold about you in order to identify and prevent fraud.

In order to improve our website we may analyse information about how you use it and the content that you interact with.

In order to ensure system and staff efficiency, we may use your data for testing and training purposes.

We are part of the London Libraries Consortium and our library data can be accessed by authorised library staff across the consortium, and may also be used for training and testing purposes.

In all data processing activities, we will always keep your rights and interests at the forefront to ensure they are not overridden by your own interests or fundamental rights and freedoms.

Third parties

There are certain circumstances under which we may disclose your personal information to third parties for example, when it is necessary for them to be able to provide you with products or services that you’ve requested.


How we work with Third parties

We may occasionally outsource functions when we do not have the capacity and expertise required in-house, such as a mailing house for mailings, and analytical services that enable us to target our communications with customers and supporters more effectively. 

In addition, we work with third party organisations to provide systems such as the library management and box office ticketing systems.  In such cases, we will only use reputable and well vetted firms and have contracts and processes in place that ensure the safe and confidential processing of personal data at all times. In these cases we require that these third parties comply strictly with our instructions and with data protection laws, for example around security of personal data.  In some instances, your data may be moved from one provider to another when a change of provider occurs. 

We may also disclose personal information where we are under a duty to comply with any legal obligation (for example to government bodies and law enforcement agencies).


Managing your personal information

We strive at all times to ensure that your personal information is accurate and up to date. You may ask us to correct or remove information that you think is inaccurate by contacting us.

We will always hold your information securely through operating strong physical and electronic security safeguards. We also follow stringent procedures to ensure we work with all personal data in line with the General Data Protection Regulation (GDPR) that come into effect on 25 May 2018.
Luton Cultural Services Trust tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Luton Cultural Services Trust’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
Complaints and enquiries about, or suggestions for improvements to, our data protection processes should be directed to the Data Protection Officer using the contact details provided below.


Your debit and credit card information

If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard here.

We optionally allow you to store your card details for use in a future transaction. This is carried out in compliance with PCI-DSS and in a way where none of our staff members are able to see your full card number. We never store your 3 or 4 digit security code.


How we use Cookies

Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as well to provide website operators with information on how the site is being used.

We use cookies to keep track of your basket as well as to identify how the website is being used and what improvements we can make. They also enable us to identify how many people use our website.

We do not use cookies to provide us with access to your computer or any information about you, other than what you choose to share with us.


Devices detected by our free Wi-Fi service

Free Wi-Fi access is available throughout our sites. If you access the Trust’s free Wi-Fi network, you will be asked to agree to the Trust’s Wi-Fi Terms and Conditions of Use which provide information about how your data will be used.

If you do not use the free Wi-Fi network but you have Wi-Fi enabled on your smartphone, tablet or another internet-enabled device, your device can still be detected by the Wi-Fi service. We record data about the location and type of devices in the Trust’s venues that have Wi-Fi enabled so that we can monitor the flow of visitors to our sites and to improve our services.

We will not link the anonymous device data with any other personal data that identifies you individually without your express permission. If in future we want to process your data in this way to offer you new services, before doing so we will always ask you if you agree to take part.



Whilst CCTV is in operation throughout our buildings, the Trust does not control all of the CCTV, as part of this is controlled by the landlord - Luton Borough Council.  Where the Trust does control the CCTV, it does so in accordance with GDPR through legitimate interests and legal obligations.
Where the CCTV is controlled by Luton Borough Council, all requests for information should be directed to Luton Borough Council at cctvrequests@luton.gov.uk in the first instance.

Job and volunteering applicants

If you apply to work or volunteer for Luton Culture, we will use the information you supply to us to process your application and to monitor recruitment statistics.  Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from Disclosure Scotland or the Disclosure and Barring Service, we will not do so without informing you beforehand.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, after which it will be destroyed, unless you have asked us to destroy it earlier or allowed us to retain it for longer by written request.


How to contact us

If you wish to make a complaint, request further explanation of any issues relating to this privacy notice, or make a suggestions for improving our processes relating to the way we use personal data, then please direct your request to the Data Protection Officer by email at privacy@lutonculture.com or in writing to Data Protection Officer – Luton Cultural Services Trust, Luton Central Library, St. Georges Square, Luton, Bedfordshire, LU1 2NG.

You may opt out from receiving marketing communications from us at any time, change your contact preferences or ask to have your personal data removed or corrected in our records by emailing us at privacy@lutonculture.com or writing to us at: Data Protection Officer – Luton Cultural Services Trust, Luton Central Library, St. Georges Square, Luton, Bedfordshire, LU1 2NG.  Please ensure that you state your full name, address and email address in the letter or email so that we may locate your record on our database.  Please also state which services you have used within Luton Cultural Services Trust, i.e. Library, Ticket Purchase, volunteering, etc.

If you wish to request a copy of all or part of your personal information held by the Trust by making a subject access request you can do so by either emailing privacy@lutonculture.com, or by writing to Data Protection Officer – Luton Cultural Services Trust, Luton Central Library, St. Georges Square, Luton, Bedfordshire, LU1 2NG.


Changes to this privacy notice
We keep our privacy notice under regular review. You are advised to visit this page periodically in order to keep up to date with any changes. By continuing to use our services you will be deemed to have accepted such changes.


Updated 19/10/2018

Take a look


The Culture Trust Luton is a vibrant and progressive charitable trust. We…

Who's Who

We are one committed and customer friendly team made up of trustees, staff and…


Keep up-to-date with the latest goings on around the trust.

Back to top