Privacy Policy

1. About Us

Mercury Musical Developments (“MMD”) and Musical Theatre Network (“MTN”) respect your privacy and are committed to protecting your personal data. MMD and MTN (together, “we”, “our”, or “us”) operate as a joint consortium, with shared staff and resources (including our contacts database), and are jointly responsible as controllers of your personal data under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Regulations) 2003.

This means that MMD shares responsibility with MTN for the way in which your personal data is held and processed, and you can exercise your legal rights with respect to your personal data against either organisation. As MMD and MTN operate as a consortium, with shared staff and resources, including our contacts database, it is only possible to share your data with both organisations or neither.

This website is not intended for children and we do not knowingly collect data relating to children.

2. Contacting Us

MMD and MTN share a single point of contact for you to contact with any questions about this privacy policy, including any requests you may have concerning your legal rights with respect to your personal data, against either controller. This point of contact is our Membership & Communications Manager, whom you can contact by emailing

3. What information we collect about you

Depending on which of our services you use, we collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

  • Contact Data, which includes email address(es), postal address(es), UK region in which you live, billing address, and telephone number(s).
  • Financial Data, which includes payment card details, method of payment, and other financial and billing information.
  • Identity Data, which includes first name, last name, title, professional role, and age range.
  • Marketing and Communications Data, which includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Equal Opportunities Data, which means personal data that you may have freely consented to give us (so that we are able to report to our funders on equal opportunities, diversity, equality, and inclusion in the demographic make-up of our members, service users and audiences for our events, programmes, and initiatives), and which includes your ethnic origin or race, sexual orientation, gender identity (including whether this differs from the gender assigned to you at birth), and details of whether you identify as D/deaf or as a disabled person or as neurodivergent. We will never identify you when reporting on Equal Opportunities to our funders or any other third party; in such cases, all Equal Opportunities Data is fully anonymised and aggregated before we disclose it so that you cannot be identified.
  • Website Profile Data, which includes your first name, last name, professional role, profile picture, contact details (should you wish to provide them) and the URL of your website (if you have one).
  • Social Media Data, which includes details of any of your social media handles that you provide to us.
  • Technical Data, which includes your internet protocol (IP) address, cookie identifiers, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

4. What purposes we use personal data for

We will only collect and process your personal data where we have a lawful basis to do so, i.e. where:

  • we need your personal data to perform a contract with you (for example, to process a payment from you);
  • the processing is in our legitimate interests (as described below) and not overridden by your rights;
  • we have a legal obligation to collect or disclose personal data from you; or
  • we have your consent to process your personal data.

Processing activity/purpose

What personal data we process

What are our lawful grounds for this processing?

Registering you as a member (and renewing your membership) and providing you with our services available to members, including (but not limited to) enabling you to attend online or in-person events that we have organised

– Identity Data
– Contact Data
– Technical Data
– Financial Data

Performance of a contract with you.

Processing payments from you and refunds to you, and collecting any money that you owe to us

– Identity Data
– Contact Data
– Financial Data

Performance of a contract with you; necessary for our legitimate interests (for collecting money owed to us)

Managing our relationship with you, including handling any complaints or queries and notifying you about changes to our membership terms and/or this Privacy Policy

– Identity Data
– Contact Data

Performance of a contract with you; necessary to comply with our legal obligations

Sending newsletters about certain opportunities, events and the relevant activities of the wider membership (such as our Friday Mail-Out).

– Contact Data
– Marketing and Communications Data

Your consent.

Including your public profile in our members directory for other members and website visitors to view

– Profile Data
– Social Media Data

Your consent.

Maintaining an industry database of relevant organisational representatives and freelance practitioners within the theatre industry (who have either attended one of our past events, met with us, been employed us and/or supplied us with goods/services, and have indicated that they would like to be kept informed of our activities, e.g. by emailing us or providing us with their business card), and contacting these individuals about industry events of events of particular relevance (e.g. the UK Musical Theatre Conference and BEAM industry showcases).

– Identity Data
– Contact Data

Necessary for our legitimate interest of inviting industry peers to our events and furthering industry-wide discussions on relevant topics and matters concerning musical theatre.

Aggregating and anonymising certain equal opportunities information in order to meet the reporting requirements of public bodies (e.g. Arts Council England) that provide us with funding (note that all of this personal data will be fully anonymised before we share this with any third party so you will not able to be identified)

– Equal Opportunities Data

Necessary for our legitimate interests of meeting the reporting requirements of public bodies that provide us with funding in order that we can continue to operate; your explicit consent.

Administering and protecting our website and databases (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

– Identity Data
– Contact Data
– Technical Data
– Profile Data

Necessary for our legitimate interests (for running our organisation, provision of administration and IT services, network security, and to prevent fraud); necessary to comply with our legal obligations

Maintaining a record of individuals who are invited to or who attend live events that we organise c.

– Identity Data
– Contact Data

Necessary for our legitimate interest of inviting industry peers to our events and furthering industry-wide discussions on relevant topics and matters concerning musical theatre.

Where the lawful basis stated above is your consent or explicit consent, you have the right to withdraw this consent at any time by contacting us (see section 2 above for details). If you do that, we’ll update our records immediately to reflect your wishes. You can withdraw your consent and unsubscribe from such communications at any time. We will always include an unsubscribe option on any such communications sent, so you can cease to receive these at any point. Please note that, where you opt out of receiving any marketing communications form us, this will not apply to your personal data that we are required to process if you have signed up as a member (and are still a member) in order to continue providing services to you.

You may also object to our processing in certain circumstances where our lawful basis for processing is our legitimate interests. Please see section 10 below for further information on how to exercise these rights.

Please note that, where we rely on your consent or our legitimate interests to process your personal data and you withdraw that consent or object to our processing, we may no longer be able to provide certain services to you that are dependent on this processing.

If any of your personal data (such as your Contact Data) changes, please ensure that you let us know by editing this in your account settings, so that the information we have about you is kept up to date.

5. Who do we share your data with?

As MMD and MTN operate jointly as a consortium for many of our activities and communicate mostly to the members of both organisations at the same time (for example when we send the Friday Mail Out), we operate a shared contacts database, so it is only possible for both organisations to hold your individual contact details and have permission to communicate with you. We will never share your contact details with a third party outside the consortium for marketing purposes without prior written consent from you, nor will we ever sell your personal data to any third party.

Depending on the services we provide to you, your personal information will sometimes be shared with other contractors or suppliers who assist us in providing the services (for example, events companies who help us to organise events for our members).

In each of the above cases, your personal information is shared securely, these activities are carried out under a contract which imposes strict requirements to keep your personal data confidential and secure.

If you have consented to provide your Website Profile Data for inclusion in our members directory, this Website Profile Data will be visible to other website visitors.

We use Stripe and GoCardless to collect payments. We are not responsible for how Stripe and GoCardless collect and handle your personal data, as these are independent controllers of your personal data. For more information, please see their respective privacy policies here and here.

We may be required to share your personal information for prevention of crime or for taxation purposes (for example, with the police or HMRC) or where otherwise required to do so by other regulators or by law.

6. How long do we retain your personal data?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

7. Cookies and third-party websites

This website uses cookies to distinguish you from other users of the website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.. Please see our Cookie Policy for further information.

Our website also contains links to other websites. We do not control these third-party websites and are not responsible for their privacy statements, notices, or policies.  When you leave our website, we encourage you to read the privacy notice of every website you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites. Please check these policies before you submit any personal data to such third-party websites.

8. Our Facebook Page and Members’ Group

MMD has a Facebook page, which you can follow here, and a private Facebook Members’ Group, which you can request to join here. If you use the Facebook page, any personal data that you share on it (such as your Facebook profile and any messages you post) is subject to a joint controller arrangement that we have with Facebook Ireland Limited. Details of that joint controller arrangement can be found here. You can read about Facebook’s own privacy practices by visiting its privacy policy here. If you wish to exercise any of your rights (as set out in section 10 below) in respect of personal data on our Facebook page, please contact Facebook via the contact details stated in its privacy policy.

9. International transfers of your personal data

In order to send out newsletters and other email communications to our members, we use a service called Mailchimp, which can be used to create, send, and manage emails and which is provided by the Rocket Science Group LLC (“Mailchimp”). Mailchimp is headquartered in the United States and its servers are also located in the United States. This means that, in order to send our newsletters and email communications to you, we send your name and email address outside of the UK to Mailchimp. Mailchimp does not sell, rent, or trade user data and has implemented encryption technologies across its infrastructure. Any transfers of your personal information that we make to Mailchimp are subject to standard contractual clauses approved for use in the UK that are designed to safeguard your privacy rights and provide you with remedies in the unlikely event of a misuse of your personal information.

If you would like further information on these transfers, please contact us using the details provided in section 2 above.

10. Your Rights

You have several rights under the UK GDPR and Data Protection Act 2018, which MMD and MTN will adhere to. These are listed below:

Right of access:
You can request access to a copy of their data in electronic form and details of how it is processed.

Right to rectification:
You are entitled to have their data corrected if it is inaccurate or incomplete.

Right to erasure:
Also known as ‘the right to be forgotten’, this permits you to request the deletion of your data in certain circumstances.

Right to restrict processing:
You can, in certain circumstances, request a halt on processing if you object to accuracy or purpose.

Right to data portability:
You can request that personal data that we process based on your consent or our legitimate interests be provided to you in a structured, commonly used, and machine-readable format and request us that data to a third party in certain situations (please note that this right does not apply to personal data contained only in hard-copy records).

Right to object:
You can, in certain cases, object to the processing of your data, e.g. in direct marketing.

Rights in relation to automated decision making:
You can object to potentially damaging decisions being taken against you based only on automated data processing.

To exercise any of the above rights, please contact our Membership & Communications Manager at

You will not have to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We hope that we can resolve any query or concern you raise about our use of your information. The UK GDPR also gives you the right to lodge a complaint with regarding any alleged infringement of data protection law with the Information Commissioner, who may be contacted at or on (+44) (0) 303 123 1113.

Updates to this Privacy Policy

We may amend this Privacy Policy from time to time as necessary to comply with law or for our legitimate purposes. Any changes we make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Privacy Policy.

This Privacy Policy was last updated on 16 January 2023.