(including use of cookies)
(including use of cookies)
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Historic Royal Palaces, including our subsidiary Historic Royal Palaces Enterprises Limited, (also referred to as "we", “us” or “our”) is fully committed to both protecting and respecting your privacy. We are registered with the Information Commissioners Office and our registration number is Z7917960.
Historic Royal Palaces (Reg. Charity number 1068852) is a charitable organisation with the aim to manage, conserve, renovate and repair the Palaces in our care to a high standard consistent with their status; to help everyone to learn about the Palaces, the skills required for their conservation and the wider story of how monarchs and people together have shaped society, by such means as are appropriate.
Historic Royal Palaces Enterprises Limited (Reg. Co. number 03418583 ) carries on a range of commercial trading activities to generate income for Historic Royal Palaces including sale of gifts and souvenirs at shops and online, income from commercial partnerships including sponsorship, affinity marketing and product licensing and commercial activities that are deemed outside the charitable purposes of Historic Royal Palaces. These activities include events, intellectual property rights, and access to properties for filming rights and advertising revenues.
This policy (together with our Terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By visiting this or any of our websites (also referred to as “sites”) or other any other applications or technologies outlined in this policy, you are accepting and consenting to the practices described in this policy.
The data controller is Historic Royal Palaces of Hampton Court Palace, Surrey, KT8 9AU. This means it decides how your personal data is processed and for what purposes.
We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy and schedule that you can request a copy of by contacting us at [email protected].
We may collect and process the following data about you:
Information you give us
Information we collect about you on the Historic Royal Palaces website
With regard to each of your visits to our site we may automatically collect the following information:
Information we receive from other sources
Information we collect about you on the Royal History Quiz app
With regard to each of your visits to our app we may automatically collect the following information:
We use information held about you in the following ways:
Information you give to us:
1. When using an online form:
2. When signing up for e-mail updates:
3. When purchasing a ticket or other product online:
4. When filling in a form during a visit or applying for one of our programmes or events:
5. When joining the HRP Teacher Network:
Information we collect about you:
We will use this information:
We may share personal information held about you in the following ways:
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
For more information, or to make a Subject Access Request, please download our Subject Access Request form.
The Act defines 'sensitive personal data' as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee:
Any changes we may make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. This policy was last updated on May 2020.
Questions, comments and requests regarding this privacy policy should be addressed to [email protected].
What are cookies and why do we use them?
Our websites uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
Cookies are tiny text files that are stored on your browser if you agree. Most cookies contain a unique identifier called a cookie ID: a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows us to distinguish your browser from other browsers, to recognize your browser by its unique cookie ID and to store information about your preferences on a particular website. This information may remain on your computer or other internet enabled device after your internet session finishes and you leave the website, but you can delete them using some browsers, manually or using system utilities. Most internet browsers are pre-set to accept cookies. Cookies cannot be used by themselves to identify you. We may share statistical information regarding cookies with third parties.
The cookies we use on our website last for different time periods depending on the use:
What cookies do we use?
The cookies we use fall into the following categories.
1. Strictly necessary cookies
These cookies help us to run the website efficiently and allow access to features on the website.
2. Functional cookies
Functional cookies allow us to remember preferences and settings to improve a website visit.
3. Performance and analytical cookies
We use analytical cookies to collect information about how visitors use and navigate the website so that we can improve the experience. For example, the number of visitors to the site, pages they visit and whereabouts they came to the site from. One of the performance cookies we use is Google Analytics. This information is anonymous and cannot be used to identify individuals. To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout. Sometimes we also use cookies to serve variations of pages (A/B tests) to see which version of a page works better.
4. Targeted/ advertising cookies
We use cookies to target and improve our advertising - for example, to improve reporting on advertising campaign performance, to avoid showing ads the user has already seen, or to enable us to display advertising that is more relevant to users. These cookies contain no personally identifiable information.
5. Third-party cookies
During your visits to this website you may be delivered cookies by third-party websites. When you visit a page with content embedded from, for example, Facebook, Twitter, YouTube or Flickr, you may be presented with cookies from these websites. You should check the privacy policies of these third-party websites for more information about these.
You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled. You may wish to visit www.aboutcookies.org which contains comprehensive information on how to modify the cookie settings on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone or tablet you will need to refer to your device manual. If you'd like to opt out of advertising cookies, please go to the Network Advertising Initiative website http://www.networkadvertising.org/.