Privacy Policy

Last updated: 26 March 2026

1. Introduction

This privacy policy explains how The Secret Still Limited ("we", "us", "our"), the company behind the Midhurst Jazz, Food & Blues Festival ("MJFBF" or "the Festival"), collects, uses, stores, and protects your personal data. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal data is:

The Secret Still Limited

Email: info@midhurstjazzandblues.com

If you have any questions about how we handle your data, please contact us using the details above.

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

•       Name and contact details (email address, phone number, postal address)

•       Payment and billing information (processed securely by our third-party payment providers; we do not store full card details)

•       Account registration details

•       Membership and subscription preferences

•       Correspondence and communications with us

•       Dietary requirements or accessibility needs you share with us in connection with attending the Festival

3.2 Information Collected Automatically

•       Website usage data (pages visited, time spent, referring URLs)

•       Device and browser information

•       IP address and approximate location data

•       Cookie and similar tracking technology data (see Section 9)

3.3 Information from Third Parties

We may receive information about you from third-party platforms you use to interact with us, such as social media platforms, ticketing services, or email marketing tools.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Contract: Processing necessary to fulfil a contract with you, such as processing ticket purchases, managing memberships, and providing access to Festival events.

 Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, understanding our audience, administering the Festival, and communicating with attendees about relevant events and opportunities. We always balance our interests against your rights and freedoms.

 Consent: Where you have given us specific consent to process your data, such as subscribing to our newsletter or opting in to marketing communications. You may withdraw consent at any time.

 Legal obligation: Processing necessary to comply with a legal obligation to which we are subject.

5. How We Use Your Information

We use your personal data for the following purposes:

•       Processing ticket purchases, memberships, and related transactions

•       Communicating essential Festival information (scheduling, logistics, safety)

•       Sending marketing communications where you have opted in or where we have a legitimate interest to do so

•       Managing the Midhurst 50 Club and Festival membership programmes

•       Improving our website, services, and the Festival experience

•       Responding to enquiries and providing customer support

•       Analysing attendance patterns and preferences to plan future events

•       Complying with legal and regulatory obligations

•       Preventing fraud and ensuring the security of our services

6. Third-Party Service Providers

We work with carefully selected third-party service providers to operate the Festival and our digital platforms. These providers process your data on our behalf and under our instruction. They include:

•       Ticket Tailor — ticketing and event management

•       MailerLite — email marketing and newsletter distribution

•       Stripe / payment processors — secure payment processing

•       Squarespace — website hosting

•       Xero — accounting and financial record-keeping

•       Meta (Facebook/Instagram) — social media advertising and communications

We require all third-party processors to handle your data in accordance with UK GDPR and to maintain appropriate security measures. We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.

7. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. Where your data is transferred internationally, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office, adequacy decisions, or the provider’s participation in recognised data protection frameworks.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are as follows:

•       Transaction records and purchase history: 6 years (in line with HMRC requirements)

•       Marketing consent records: retained until you withdraw consent or unsubscribe

•       Website analytics data: 26 months

•       Customer correspondence: 3 years from the date of the last communication

•       Membership records: duration of membership plus 2 years

When data is no longer needed, we securely delete or anonymise it.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your experience and to help us understand how our site is used.

9.1 Types of Cookies We Use

Strictly necessary cookies: Required for the website to function (e.g., session management, security). These cannot be disabled.

Analytics cookies: Help us understand how visitors interact with our website (e.g., pages visited, traffic sources). We use these to improve our site.

 Marketing cookies: Used to deliver relevant advertising and track the effectiveness of our marketing campaigns. These are only set with your consent.

9.2 Managing Cookies

When you first visit our website, you will be asked to consent to non-essential cookies. You can change your cookie preferences at any time through your browser settings or via the cookie consent tool on our website.

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

•       Right of access — to request a copy of the personal data we hold about you

•       Right to rectification — to request correction of inaccurate or incomplete data

•       Right to erasure — to request deletion of your data in certain circumstances

•       Right to restrict processing — to request that we limit how we use your data

•       Right to data portability — to receive your data in a structured, commonly used format

•       Right to object — to object to processing based on legitimate interests or direct marketing

•       Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at info@midhurstjazzandblues.com. We will respond to your request within one month, as required by law.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: ico.org.uk

Telephone: 0303 123 1113

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, loss, or destruction. These measures include encryption of data in transit, access controls, and regular review of our security practices. All payment processing is handled by PCI DSS-compliant third-party providers; we do not store full payment card details on our systems.

12. Children’s Privacy

Our services are not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately and we will take steps to delete it.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. Any significant changes will be communicated via our website or by email where appropriate. We encourage you to review this policy periodically. The date at the top of this document indicates when it was last updated.

14. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or how we handle your personal data, please contact us:

Email: info@midhurstjazzandblues.com

Organisation: The Secret Still Limited

 

For data protection complaints, you may also contact the ICO directly at ico.org.uk.