HomeKnowledge base › Cinemas and theatres
Culture

Cinemas and theatres: destroying visitor data

A cinema and theatre's ticket and subscriber data ready for confidential destruction

A cinema or theatre processes the data of everyone who buys a ticket or comes by: name and email address on a reservation, payment and order data from the webshop, subscription and membership pass holders, CCTV footage in the auditorium and foyer and the data of staff and volunteers. Part falls under the tax retention obligation, part you keep as briefly as possible. This guide shows, by part, what you keep, when it may go and how to have it destroyed confidentially.

The quick answer: the payment administration falls under the tax seven years, single ticket and reservation data you keep no longer than needed for the visit. Subscription and membership pass data you keep as long as the membership runs. CCTV footage you keep briefly. What may go disappears confidentially and with a certificate.

Two frameworks: retention obligation and the GDPR

At a cinema or theatre two things run together. The tax retention obligation requires you to keep the financial administration for seven years, including invoices and payment overviews. Alongside it the GDPR applies, which asks you not to keep personal data longer than necessary for the purpose you collected it for. The retention obligation sets the floor for what you must keep, the GDPR the ceiling for what you may not keep too long.

So treat the visitor data by type. A single reservation for a performance has a different status than a running subscription or a CCTV image from the foyer. If you make that distinction, you keep exactly what you must and clear out the rest on time.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the visit or the membership.

PartStarting pointPeriod
Invoicing and payment administrationTax retention obligation7 years
Ticket and reservation dataUntil the visit is settledpurpose-bound
Subscription and membership pass holdersAs long as the membership runsmembership + cancellation
CCTV footage auditorium and foyerSecurity, storage limitationa few weeks
Staff and volunteer dataPartly tax, partly HR2 to 7 years
Correspondence and draftsNo retention obligationclear out at once

Use this as a guideline, not a substitute for your own assessment per situation. A full overview per type of data is in the GDPR retention periods cheatsheet.

Ticket and reservation data

For every performance you collect reservations with a name, email address and sometimes a phone number. As soon as the visit has taken place and no complaint or refund is in play, the reason to keep that single data lapses. The underlying payment you keep for tax, the visitor's contact details not. So do not keep reservation lists endlessly in mailboxes or exports.

Paper tickets, guest lists and numbered seating lists belong with confidential destruction after the event, not with the waste paper. Many tickets are also printed on thermal paper. How to handle those slips is in thermal paper, receipts and boarding passes. Handling attendee and visitor lists resembles that at event agencies and attendee lists.

Subscribers, membership pass holders and payment data

Subscribers, film pass holders and friends of the house give you a ground to keep data as long as the membership runs. If someone cancels, you keep only what tax requires and clear out the rest within a reasonable period. Keeping an old member file years after the last renewal is not a valid ground.

If you sell tickets and subscriptions through a webshop, you collect payment and online order data that need extra care. The approach is comparable to that at an ordinary web shop, described in webshop and destroying customer data. Payment data falls under the tax administration, marketing profiles and stored order history you keep only as long as there is a ground for it.

CCTV footage in the auditorium and foyer

Many auditoriums have cameras in the foyer, at the box office and sometimes in the auditorium itself. That footage is personal data and should be kept briefly, usually a few weeks, unless a concrete incident is in play that you want to keep longer. After the retention period you overwrite or erase the footage automatically. The full explanation is in CCTV footage: retention period and destruction.

Watch the hardware too. An old recorder, hard drive or backup with footage still contains personal data, even when the device is taken out of service. Such data carriers you have physically destroyed, so the footage cannot be recovered.

Staff and volunteer data

A theatre often runs on a mix of permanent staff and volunteers. For both groups you record data, from contracts and payslips to rosters and contact lists. Payroll data has its own tax period, the rest of the personnel file you keep as briefly as possible after departure. Volunteer lists with addresses and phone numbers you clear out as soon as someone is no longer active. Treat these files just as carefully as visitor data.

How to handle it in 6 steps

  1. Split the data into administration, tickets, subscriptions, CCTV footage and staff.
  2. Keep the payment administration for the tax seven years.
  3. Clear out single reservations as soon as the visit is settled.
  4. Set a short retention period for CCTV footage and have old recorders destroyed.
  5. Collect what may go in closed containers, not with the waste paper.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Have it destroyed confidentially with a certificate

Visitor data you have destroyed confidentially, because it contains contact, payment and sometimes image data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old till computer, reservation system or backup with visitor data belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Visitor data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping reservation lists endlessly. After the visit and its settlement the purpose lapses.
  • Holding on to old member files. After cancellation you keep only what tax requires.
  • Keeping CCTV footage too long. Set a short period and overwrite automatically.
  • Throwing away unshredded. A guest list on the street is a reportable data breach.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long does a cinema or theatre keep visitor data?

The invoicing and payment administration fall under the tax retention obligation of seven years. Single ticket and reservation data you keep no longer than needed for the visit and its settlement. Subscription and membership pass data you keep as long as the membership runs and clear out afterwards.

May we keep CCTV footage from the auditorium and foyer?

CCTV footage you keep briefly, usually a few weeks, unless a concrete incident is in play. After the retention period you overwrite or erase the footage. An old recorder or hard drive with footage you have destroyed confidentially.

What do we do with subscription and membership pass data afterwards?

As long as someone is a subscriber or friend of the house, you have a ground to keep the data. If someone cancels, you keep only what tax requires and clear out the rest within a reasonable period.

How do I destroy visitor data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A cinema or theatre works with contact, payment and sometimes image data of every visitor, between a tax retention obligation and the GDPR. Keep the payment administration for seven years, clear out single reservations after the visit and keep subscription data as long as the membership runs. CCTV footage you keep briefly and old recorders you have destroyed. What may go you have destroyed confidentially with a certificate as proof. That way you meet both frameworks and protect the data of your audience.

Read also: theme parks: destroying visitor data, sauna and wellness: destroying customer data, casinos and arcades: destroying customer data and the GDPR retention periods cheatsheet.


Have visitor data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.