Your personal data
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Who we are
Historic Royal Palaces, including our subsidiary Historic Royal Palaces Enterprises Limited, (also referred to as "we", “us” or “our”) is fully committed to both protecting and respecting your privacy. We are registered with the Information Commissioners Office and our registration number is Z7917960.
Historic Royal Palaces (Reg. Charity number 1068852) is a charitable organisation with the aim to manage, conserve, renovate and repair the Palaces in our care to a high standard consistent with their status; to help everyone to learn about the Palaces, the skills required for their conservation and the wider story of how monarchs and people together have shaped society, by such means as are appropriate.
Historic Royal Palaces Enterprises Limited (Reg. Co. number 03418583 ) carries on a range of commercial trading activities to generate income for Historic Royal Palaces including sale of gifts and souvenirs at shops and online, income from commercial partnerships including sponsorship, affinity marketing and product licensing and commercial activities that are deemed outside the charitable purposes of Historic Royal Palaces. These activities include events, intellectual property rights, and access to properties for filming rights and advertising revenues.
By visiting this or any of our websites (also referred to as “sites”) or other any other applications or technologies outlined in this policy, you are accepting and consenting to the practices described in this policy.
The data controller is Historic Royal Palaces of Hampton Court Palace, Surrey, KT8 9AU. This means it decides how your personal data is processed and for what purposes.
How do we process your personal data
We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
- To enable us to provide a service for the benefit of the public as specified in our constitution;
- To administer membership records;
- To fundraise and promote the interests of the charity;
- To manage our employees and volunteers;
- To maintain our own accounts and records (including the processing of gift aid applications);
- To inform you of news, events, activities and services running at Historic Royal Palaces.
How long will you use my personal data for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy and schedule that you can request a copy of by contacting us at [email protected].
Information we may collect from you
We may collect and process the following data about you:
Information you give us
- You may give us information about you by filling in forms on our website or at any of our sites, purchasing tickets, membership or other products / services, making a donation, or by corresponding with us by telephone, email or otherwise.
- This includes information you provide when you subscribe to our newsletter, or place an order on one of our sites; when you report a problem with our site; or if you join one of our special public engagement programmes.
- The information you may give us may include your name, email address, postal address and telephone number and financial and credit card information.
- You may also provide us with the above information, as well as certain information about your employment, if you participate in one of our schools initiatives such as the HRP Teacher Network or Access Fund.
Information we collect about you on the Historic Royal Palaces website
With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources
- We may receive information about you if you use any of the other websites we operate or the other services we provide. There are certain third parties with whom we have to work closely (including, for example, business partners, professional advisers, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and we may receive information about you from them;
- If we are doing business with you or accepting a donation, we may have to conduct due diligence on you, for example where we are under a legal or regulatory requirement;
- We may combine information we receive from other sources with information you give to us and information we collect about you;
- We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Information we collect about you on the Royal History Quiz app
With regard to each of your visits to our app we may automatically collect the following information:
- technical information, including usernames and a unique ID. All the data collected will be anonymous and for the purpose of administering the app only;
- in a case of an error we collect log data and information (through third party services) on your phone, which may include your device Internet Protocol (“IP”) address, device name, operating system version, the time and date of your use of the app, and other statistics;
- information about your visit (through third party services), including device model, geo-location, through and from our app (including date and time); length of time on certain screens, screen interaction information (such as scrolling and clicks), game statistics including scores, levels and correct/incorrect answer rate, number of shares and challenges sent statistics.
Information we collect about you on the Tower Superbloom AR app
With regard to each of your visits to our app we may automatically collect the following information:
- technical information, including a unique ID. All data collected will be anonymous and for the purpose of administering the app only;
- in a case of an error in the operation of the app we collect log data and information (through third party services) on your phone, which may include your device Internet Protocol (“IP”) address, device name, operating system version, the time and date of your use of the app, and other statistics;
- information about your visit (through third party services), including device model, geo-location, through and from our app (including date and time); length of time on certain screens, screen interaction information (such as scrolling and clicks), game statistics including pollinator collection and flowers spotted, number of captured images.
Uses made of the information
We use information held about you in the following ways:
Information you give to us:
1. When using an online form:
- We ask for your details so we can respond in an appropriate way, for example when enquiring about a venue for hire or requesting materials.
- In accordance with your preferences, you may be contacted with relevant promotions, offers or information that you have expressed an interest in or that might be of interest to you. If you wish us to stop contacting you, please email [email protected].
2. When signing up for e-mail updates:
- We ask for your details so we can add you to our email database and send you updates you’ve requested.
- This information will not be given to any third party, except to the extent and for the purpose we may be required to do so by any law, or where you have consented to it. If you wish us to stop contacting you, please email [email protected].
3. When purchasing a ticket or other product online:
- We collect various personal details about you when you purchase tickets or other products and services (e.g. memberships, donations, retail goods and image library content) online, including name, home address, billing address, telephone number, email etc.
- We use the information to process orders and to provide a more personalised service.
- We display donor names on our ‘sponsor a stone’ website if the donor consents.
- Collecting these details allows our system to create a customer account for you in order that we can sell you such products and services.
- Having a record of your personal details also allows us to identify you if we need to contact you regarding your booking or other order, if you need to contact us to change your booking or order, or to help identify you if collecting tickets at one of our palaces.
- We are also able to help if tickets or orders are lost by checking your personal details on the database.
- Additionally, our bank recommends that we take the billing address of people purchasing tickets in advance as this can help to prevent fraudulent use of credit cards.
- The information we collect in this way will not be given to any third party, except to the extent and for the purpose we may be required to do so by any law.
4. When filling in a form during a visit or applying for one of our programmes or events:
- We ask for your details so we can fulfil your specific request in accordance with your preferences. This will be explained to you at the time and on the relevant form.
5. When joining the HRP Teacher Network:
- We ask for your details so we can provide you with the benefits of membership, which will include keeping you and your school up to date with what is happening.
- In accordance with your preferences, we may offer products and services that will be of interest and relevance to you or your school.
Information we collect about you:
We will use this information:
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer, or other device being used to access our site;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them;
- to build profiles of lookalike customers for advertising and marketing purposes using website visitor data and online booking data
- to administer our Royal History Quiz app, including troubleshooting, data analysis, testing, research and statistical purposes
Disclosure of your information
We may share personal information held about you in the following ways:
- Within HRP, for legitimate purposes only.
- We may share your information with selected third parties including:
- Suppliers, sub-contractors and business partners for the performance of any contract we enter into with you or them.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site
- Analytics providers and third-party suppliers that assist us in the improvement and optimisation of our Royal History Quiz app
- We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If HRP or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for us to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data;
- The right to lodge a complaint with the Information Commissioner’s Office.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
For more information, or to make a Subject Access Request, please download our Subject Access Request form.
Sensitive personal data
The Act defines 'sensitive personal data' as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee:
- We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
- We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
- Data about an employee’s criminal convictions will be held as necessary.
- Data about an employee’s religious affiliations where they are employed at Hillsborough Palace are collated as required by NI Equal Opportunities Legislation
More information on giving consent to cookies
What cookies do we use?
The cookies we use fall into the following categories:
We use Google Analytics to collect anonymous information about how you use our website so that we can improve the experience. For example, we collect information about how you got to the website, the pages you visit, time spent on pages and how you move around the website. If you do not allow these cookies we will not know when you have visited our site and cannot monitor its performance.
These cookies may be set by third party websites and our advertising partners. We use these cookies to do things like track views of YouTube videos on our website and to target and improve our advertising - for example, to avoid showing advertising you may have seen, or to enable us to display advertising that is relevant to you. These cookies do not store any personally identifiable information. If you do not allow these cookies, you will experience less targeted advertising.
Functional cookies allow us to remember preferences and settings to personalise a website visit.
Strictly necessary cookies
These cookies are necessary for the website to function and always need to be on. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
How to manage cookies
You can prevent the installation of cookies in your browser at any time by using our cookie management tool or managing the cookie settings in your browser. However, you may not be able to access all features or areas of our site if cookies are disabled.
Visit https://www.aboutcookies.org.uk/managing-cookies for information on how to manage cookies in popular browsers.
If you do not wish to be tracked by Google Analytics cookies, you can opt out by installing a browser plug-in here: https://tools.google.com/dlpage/gaoptout/
You can also find more information on managing the storage of cookies on the website www.youronlinechoices.eu