Cryptic takes the privacy of those whose data we hold very seriously. We have produced this Privacy Policy because it is important that you know what information (if any) we collect through our web-site & other channels; how we collect it and how we use that information

We regularly review our practices to ensure that your privacy is appropriately protected. We may update or modify this Privacy Statement from time to time so you should view this Privacy Statement regularly.

Data Protection

Cryptic is registered with the Information Commissioner’s Office in accordance with current data protection legislation: registration number ZA24873. When using your personal information we will act in accordance with the EU General Data Protections Regulation 2016 (GDPR) and aim to meet current good practice guidelines.

Our Website

We currently operate the websites and (“the Websites”).

In general terms, we do not obtain any personal information about you simply through you browsing our Site. It is only when you contact us through the Websites or by e-mail (for instance, if you sign up to our mailing list) that we obtain personal information about you, such as your name and your email address. You also give us your information when you buy a ticket, sign up for one of our events, make a donation or communicate with us. We also keep your details when you sign up to receive email from us.

The personal information which we collect from you will only be used for the purposes of processing and/or dealing with the matter you have contacted us about. So, for instance, if you sign up to our mailing list to receive news about Cryptic and our activities, we will only use your personal information for that purpose. We will always try to let you know what we will do with your information at the point we collect it, unless of course the purpose is obvious. By providing your personal details to us, you are consenting to us processing your personal data for such purposes.

We will only retain your personal information on our databases for as long as we deem necessary and it will be kept secure using appropriate security measures to prevent unauthorised access, modification or disclosure.

Like most websites, we receive and store certain details whenever you use the Websites.  We use “cookies” to help us make our Websites – and the way you might use them – better. Cookies mean that a website will remember you and enable online transactions. It also helps us understand how you use our Websites, where we can make improvements and how best to tell our audiences about events they might be interested in.

Cookies are files that store information on your hard drive or browser which means the Websites can recognise that you have visited them before. Cookies store your preferences, making the Websites easier to use. If you prefer not to receive cookies, you can adjust your browser to refuse cookies or to warn you of when cookies are being used. Disabling cookies will result in the website working less efficiently.

We use Google Analytics to collect information about how our visitors use and navigate the Websites. We analyse these findings so that we can continually improve the sites by adding new features and content, and by removing unused functionality, to improve your experience. Analytics cookies collect information on number of users, which pages are visited, and how they navigated to the Websites.

During your use of the Websites you may be delivered cookies by third-party websites. This may happen on pages that offer YouTube, Vimeo or SoundCloud embedded media. We do not control these cookies so you should check those third-party websites for more information about their cookies. Occasionally we use online surveys using SurveyMonkey to help us improve our Websites. Cookies are used to allow the survey to be hidden on your return visits. This is to prevent you from being shown the survey again unnecessarily. Cookies are also used to record the overall number of answers to the survey questions and to link these to Google Analytics. They do not store your personal data.

Social Media

We use social media to broadcast messages and updates about events and news. On occasion we may reply to comments or questions you make to us on social media platforms. You may also see adverts from us on social media that are tailored to your interests.

Depending on your settings or the privacy policies social media and messaging services like Facebook, LinkedIn or Twitter, you might give third parties (like us) permission to access information from those accounts or services.

How we keep your details safe and secure

Your personal data will be held and processed on Cryptic’s systems or systems managed by suppliers on behalf of Cryptic. We maintain a customer relationship management (CRM) system to hold contact details and a record of your interactions with us such as ticket purchases, donations, queries, complaints and attendance at special events. Where possible we aim to keep a single record for each customer.

Your data is always held securely. Access to customer information is strictly controlled. The CRM system can only be accessed by people who need it to do their job. Certain data, for example some sensitive information, is additionally controlled and is only made visible to members of staff who have a reason to work with it.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

What we use your personal information for

We aim to be clear when we collect your data and not to do anything you wouldn’t reasonably expect.

If you make a purchase, sign up for an event or give a donation we usually collect your name, contact details and your bank or credit card information (if making a transaction). Where it is appropriate (and you have the right to decline to give this information) we may also ask for your age, gender, ethnicity, or information relating to your health.

We use this data to provide you with the events, products, services or information you asked for, ensure we know how you prefer to be contacted, understand how we can improve our communications or events, administer your donation or to process Gift Aid.

When you register on our website, you can choose whether you would like to receive marketing and fundraising communications from us by email or post. We will include opt-out instructions in any marketing or fundraising communications you receive from us.

Cryptic’s websites may contain links to other websites owned and operated by third parties.  We cannot guarantee the privacy policies of these websites, and cannot accept any responsibility or liability for the privacy practices of third party websites.

Giving you control

With your consent, we will tell you about events, performances, installations, offers and priority booking. You can opt out from these marketing communications at any time – every email sent to you will tell you how to do this.

We do not sell personal details to third parties for any purpose.  We will only share personal details for the purposes of marketing if you have given explicit consent for us to do this. If you have opted out of marketing communications, we may still get in touch with you. For example, we may email you to give you important information about the events you’ve booked or to tell you about any changes.

We will give you the opportunity to opt out, at any time, from any marketing or fundraising email communications and postal fundraising communications you receive from us.

Third Parties

We may share anonymised personal information with other organisations, particularly Creative Scotland, who use this to analyse our audience development programmes, ticket sales and self-generated funding to understand the impact of the public investment made in Cryptic.

We will not otherwise share your personal information with third party organisations.

Sensitive information

Sometimes we ask you to provide sensitive information, for example when you book for certain events or participate in some activities, or when you apply for a job. As with all the personal information we hold, sensitive information is held securely and restricted to those who need to use it. We will delete sensitive information when we no longer need it.

Your Rights

You have the following rights related to your personal data:

  • The right to request a copy of personal information held about you
  • The right to request that inaccuracies be corrected
  • The right to request us to stop processing your personal data
  • The right to withdraw consent
  • The right to lodge a complaint with the Information Commissioner’s Office or Fundraising Regulator


Contact Us

Please contact us if you have any questions about our privacy policy or information we hold about you:

Email us:
Or write to us at: Cryptic, CCA, 350 Sauchiehall Street, Glasgow G2 3JD