Privacy Policy 6: Credit and debit card details

We process payment card details and related data in order to take payments for tickets and other services. Cardholder data is only handled by employees who have a legitimate need to do so and it is kept in locked storage at all times when not in use. CVV / CVC numbers are not stored and are always securely destroyed once a transaction is completed.

No cardholder data is stored electronically or transmitted over the internet via email or any other end-user technology.

Cardholder data that is no longer required for business reasons is securely destroyed. This process is carried out annually with data that is required to be kept for six years being held offsite in a secure storage facility.

We do not share credit and debit card details without your consent to do so (e.g. with your consent we may process payments on your behalf with Lloyds or Barclaycard services).