Register

Welcome! Register in to your account

Name*

Telephone*

Email*

Password*

I have read and agree to AAYUBO LIMITED's Privacy Policy.

Yes, I would like to receive information and offers from AAYUBO LIMITED about upcoming Sri Lankan film screenings, community events, and cultural activities (including emails, mobile text messages, and push notifications, which may be subject to fees charged by my wireless carrier). You may unsubscribe at any time. Your consent is sought by AAYUBO LIMITED, 4 Barnes Mews, Broughton, Aylesbury, HP22 7EH. Contact: admin@aayubo.co.uk

Introduction

Welcome to AAYUBO LIMITED. We're passionate about bringing the magic of Sri Lankan cinema and culture to audiences across the UK. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you interact with us through our website, events, screenings, or other services.

We take data protection seriously and are committed to being transparent about how we handle your personal data. This policy applies to all personal data processed by AAYUBO LIMITED in connection with our film screenings, community events, and related activities throughout England, Wales, Scotland, and Northern Ireland.

Who We Are

AAYUBO LIMITED is a cultural enterprise dedicated to showcasing Sri Lankan cinema and hosting community events across the UK. We carefully handpick films that capture the beauty, diversity, and spirit of Sri Lanka, partnering with leading cinemas nationwide to deliver premium viewing experiences. We also host Sri Lankan community events that bring people together to celebrate culture, traditions, and shared heritage.

Our registered office is 4 Barnes Mews, Broughton, Aylesbury, HP22 7EH, and we are registered with Companies House under registration number [16179179]. We are registered with the Information Commissioner's Office (ICO) under registration number [Z7679133].

Lawful Basis for Processing Personal Data

We process your personal data only when we have a lawful basis under Section 6 of the Data Protection Act 2018. For AAYUBO LIMITED, this typically includes:

Contractual necessity: When you purchase tickets for film screenings or register for events, we need your name, contact information, and payment details to fulfil our contractual obligations.

Consent: For marketing communications about upcoming screenings and events, we obtain your explicit opt-in consent as required by Section 11 of the DPA 2018.

Legitimate interests: We may process limited data to improve our services, prevent fraud, and ensure the security of our events and screenings

Recognised Legitimate Interests: Under the Data (Use and Access) Act 2025, we process personal data without requiring a balancing test for specific legitimate interests, including:

- Crime prevention (particularly for ticket fraud detection and prevention)
- Safeguarding vulnerable individuals at our community events
- Responding to emergencies at screening venues
- Security screening for events
- Compliance with legal obligations

For example, we may share relevant customer information with cinema partners or authorities to prevent fraudulent ticket purchases, similar to how "an online marketplace transfers seller-account details and IP addresses to Trading Standards after counterfeit goods are uncovered."

Types of Personal Data We Collect

We collect and process the following categories of personal data:

- Basic contact information: Name, email address, telephone number, postal address
- Payment information: Credit/debit card details (processed securely through third-party payment processors)
- Event preferences: Film preferences, event attendance history
- Technical data: IP address, browser type, device information when you visit our website
- Special category data: When you voluntarily participate in community events, you may share information about your ethnic origin or cultural background, which we process only with your explicit consent as required by Section 7 of the DPA 2018
- Security-related data: For venue security purposes, including CCTV footage at event locations (processed under our Recognised Legitimate Interest for crime prevention)

How We Use Your Personal Data

We use your personal data for the following purposes:

- To process ticket purchases and event registrations
- To communicate with you about your bookings and events
- To send you marketing communications about upcoming screenings and events (only with your consent)
- To improve our services and tailor experiences based on your preferences
- To ensure the security of our events and prevent fraud through Recognised Legitimate Interests
- To comply with legal obligations
- To respond to emergencies at screening venues
- To safeguard vulnerable individuals at our community events

Our processing activities adhere to the data protection principles outlined in Section 4 of the DPA 2018, including data minimisation, accuracy, storage limitation, and integrity measures.

Legal Professional Privilege and Data Subject Access Requests

Under the Data (Use and Access) Act 2025 (DUAA), which amended Section 45 of the DPA 2018, we operate under the "reasonable and proportionate" standard when responding to Data Subject Access Requests (DSARs). This means:

- We will respond to your DSAR within one month of receipt, but may pause this timeframe while verifying your identity or clarifying your request
- We conduct searches that are reasonable and proportionate to the request
- Information protected by legal professional privilege (LPP) is exempt from disclosure under new Section 45A of the DPA 2018

To exercise your right of access, please contact our Data Protection Officer at hasmitha@aayubo.co.uk

Your Rights Under the DPA 2018

You have the following rights regarding your personal data:

- Right of access: Request a copy of your personal data we hold
- Right to rectification: Correct inaccurate or incomplete information
- Right to erasure: Request deletion of your data in certain circumstances
- Right to restriction: Limit how we use your data
- Right to data portability: Receive your data in a structured, commonly used format
- Right to object: Object to certain types of processing

To exercise any of these rights, please contact us using the details in Section 12.

Enhanced Viewer Privacy Controls

For cinema operations, we implement specific privacy controls to ensure your comfort and security:

- Age verification: For film content requiring age restrictions, we use minimal verification methods that comply with the DUAA's recognition of "IT and network security" as a Recognised Legitimate Interest
- Seating arrangements: We may collect limited data about seating preferences to optimise audience experience while maintaining privacy
- Event photography: At community events, we clearly indicate photo zones and obtain explicit consent before capturing images of attendees
- Fraud detection: Our ticketing system uses automated processes to detect and prevent fraudulent purchases, with appropriate human oversight

Automated Decision-Making

We do not make decisions about you based solely on automated processing that would have legal or similarly significant effects, except for:

- Automated systems that detect and prevent fraudulent ticket purchases
- Personalised recommendations for films and events based on your preferences

These systems incorporate appropriate safeguards as required by Section 20 of the DPA 2018, including human review of significant decisions. The DUAA 2025 has created a more permissive framework for automated decisions with specific safeguards that we adhere to.

International Data Transfers

While our primary operations are within the UK, we may occasionally transfer data to:

- Sri Lankan film distributors for licensing purposes
- International payment processors

Under the DUAA 2025, international transfers are assessed against whether protections are "not materially lower" rather than requiring "essentially equivalent" standards. We ensure all transfers comply with the amended requirements in Section 48 of the DPA 2018.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data as required by Section 27 of the DPA 2018, including:

- Encryption of sensitive data
- Secure payment processing
- Regular security assessments
- Staff training on data protection
- Access controls limiting data access to authorised personnel
- CCTV systems at event venues (processed under Recognised Legitimate Interest for crime prevention)

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and affected individuals without undue delay as required by Section 28 of the DPA 2018.

Cookies and Online Tracking

Our website uses cookies to enhance your experience. Under the DUAA 2025, certain "low-risk" cookies no longer require explicit consent, provided users can opt out. We use:

- Essential cookies: Necessary for site functionality (no consent required)
- Analytics cookies: To understand how visitors use our site (opt-out available)
- Security cookies: For preventing or detecting fraud (no consent required)
- Marketing cookies: For personalised advertising (explicit consent required)

You can manage your cookie preferences through our cookie banner. Our approach complies with the amended Privacy and Electronic Communications Regulations (PECR).

Making a Complaint

Under the DUAA 2025, we are required to maintain a formal internal complaint-handling mechanism for data protection concerns. If you have any concerns about how we process your personal data:

1. Contact our Data Protection Officer at hasmitha@aayubo.co.uk
2. We will acknowledge your complaint within 5 working days
3. We will investigate and provide a substantive response within 30 days

If you remain dissatisfied, you have the right to complain to the Information Commissioner's Office (ICO), which continues to be the UK's independent authority set up to uphold information rights. Contact details for the ICO are available at https://ico.org.uk/.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with Section 4 of the DPA 2018. Specifically:

- Ticket purchase records: 7 years for tax and accounting purposes
- Marketing preferences: Until you withdraw consent or 2 years of inactivity
- Event attendance records: 3 years for community engagement purposes
- Security footage: 30 days unless needed for crime investigation

Data Protection Impact Assessments

For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) as required by Section 22 of the DPA 2018. This includes any new processing activities that involve:

- Large-scale processing of special category data
- Systematic monitoring of public areas
- New technologies that present specific risks to individuals' rights

Research Processing

When we analyse anonymised data about audience preferences to improve our film selection and event planning, we follow the research processing requirements in Section 8 of the DPA 2018. The DUAA 2025 expressly includes commercial research in its definition, and we ensure data is appropriately anonymised or pseudonymized for these purposes.

Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices or relevant laws. The latest version will always be posted on our website with the "Last Updated" date at the top. Significant changes will be communicated via email where appropriate.

Contact Us

For any questions about this Privacy Policy or our data practices:

AAYUBO LIMITED Data Protection Officer
4 Barnes Mews, Broughton, Aylesbury, HP22 7EH
Email: admin@aayubo.co.uk
Phone: 07895860419

Data protection matters may also be reported directly to the Information Commissioner's Office (ICO):
https://ico.org.uk/
Tel: 0303 123 1113

My Account

Register