Privacy Policy (including use of cookies)
This privacy notice (Notice) explains how Historic Royal Palaces (HRP), collects, uses and shares your personal data through your use of our website and other technologies outlined in this Notice, and your rights in relation to the personal data we hold.
In this Notice, us, we and our all refer to HRP and you and your refer to our customers, application users, visitors to our website and all other users of our services and those who interact with us in any other way.
ABOUT THIS NOTICE
We may modify this Notice at any time. Any major changes or updates will be notified directly to those affected wherever practicable.
DATA CONTROLLER AND CONTACT DETAILS
HRP is a registered charity (registered charity number 1068852) having its principal place of business at Hampton Court Palace KT8 9AU. HRP will be the ‘controller’ of your personal data and we are subject to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, Privacy and Electronic Communications Regulations 2003 and any successor legislation or regulations governing data protection and privacy in the UK.
If you have any questions about this Notice, or if you would like to exercise any of your legal rights in respect of your personal data, please contact our Data Protection Lead at mydata@hrp.org.uk.
HOW WE COLLECT YOUR INFORMATION
We may collect your personal information in a number of ways, including:
- from the information you provide us when you fill in one of our forms on our websites, or during a visit to one of our locations (if applicable);
- when you correspond with us by phone, email, or by other means;
- through the due diligence we may conduct if you make a donation to HRP or conduct business with us;
- when you subscribe to our e-mail updates or newsletter;
- when you take part in a market research survey or evaluation exercise, including where we need your personal information in order to contact you about a project, respond to any of your comments recorded in a survey, or record your consent for the use of photographs or video content, or individually-attributable comments;
- from third parties with whom we work closely, including (but not limited to) business partners, professional advisers, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies and trade partners. Please note that we may combine and use this information we receive from third party sources with information that you provide us; and
- in various other ways in which you may interact with us.
THE TYPES OF INFORMATION WE COLLECT
Information you give us
This may include your name, email address, postal address, billing address, telephone number (including any telephone number used to call our customer service number) and financial and credit card information.
Information we collect about you on the Historic Royal Palaces website. With regard to each of your visits to our website we may automatically collect the following information:
- technical data, including the Internet protocol (IP) address, cookie identifier, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform and geographic information; and
- website data, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
Other personal information
In addition to the above, we may collect, use, store and process the following personal information about you, where relevant:
- marketing data such as engagement with our direct marketing emails (such as whether the email was opened and if you opened hyperlinks within the email);
- market research and evaluation data such as engagement with survey invitation emails (such as whether the email was opened, if you engaged with the hyperlinks and whether you have responded to the survey); correspondence data such as personal information provided by you in correspondence with us, including your request, our reply and your contact information in order to increase the efficiency of our business and to track our communications with you.
OUR LEGAL BASIS FOR USING YOUR INFORMATION
Where we have a contractual relationship with you
We will process your personal data where it is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract. In this respect, we use your personal data to carry out our obligations arising from any contracts entered into with you.
Legitimate interests
We also process your personal information because it is necessary for our or a third party’s legitimate interests. Our legitimate interests include the provision of services in relation to the Image Library and the promotion, conservation, restoration and maintenance of the palaces in our care and developing/providing an attractive visitor experience to the palaces in an efficient and sustainable manner, in accordance with all relevant legal rights and obligations. In this respect, we may use your personal data to:
- advertise, promote and market our services, including providing suggestions and recommendations to you and other users regarding goods or services that may be of interest, where appropriate (unless we provide material directly to you under contract, or in situations where it is required or appropriate to gain your consent), and to measure the effectiveness of such activities;
- process enquiries, complaints, survey comments, collect feedback, analyse our services and manage our internal record-keeping in relation to the same;
- carry out our internal processes, such as quality control, website performance, data analysis, troubleshooting, research, testing, security, system administration and to evaluate your use of our website, and other services, so that we can provide you with enhanced services; and
- analyse and improve the services we provide, including improving our website, and processing feedback.
Legal obligations
We may also process your personal information for our compliance with our legal obligations. In this respect and if required, we may use your personal data to:
- comply with legal and regulatory obligations;
- deal with legal claims and requests, including those made under data protection law, or requests for formal disclosure by competent authorities; and
- administer and maintain such records as may be required by UK regulations and legislation from time to time.
CONSENT
We may process your personal information where we have your specific consent to do so (for example, where we have sought and obtained your consent to send you direct marketing (including as detailed below) by email or to set non-essential cookies via our website). If you have given your consent and you wish to withdraw it, please contact us using the contact details set out above or click the “unsubscribe” link in the emails we send. You can also update your communication preferences at any time.
SHARING INFORMATION WITH THIRD PARTIES
For the purposes referred to in this Notice and relying on the bases for processing as set out above, we may share your personal data with certain third parties, including within HRP, for legitimate purposes only, or to the following selected categories of third parties:
- suppliers, sub-contractors and business partners for the performance of any relevant contract we enter into with you or them;
- data analytics, data processing and aggregating platforms and search engine providers for legitimate purposes to assist us in the improvement and optimisation of our website and marketing strategy;
- relevant third parties in connection with any internal/corporate reorganisation;
- internal and external auditors and our legal professional advisors; and
- any regulatory or government body, court, law enforcement agency and other authority of competent jurisdiction if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements, or to protect the rights, property, or safety of HRP, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
INTERNATIONAL TRANSFERS OF DATA
Your personal data is generally only processed within the UK and/or European Economic Area (EEA), to the extent required for business management purposes. There are adequacy regulations in respect of transfers between the United Kingdom and the EEA. This means that the countries in the EEA to which we transfer your data (if at all) are deemed to provide an adequate level of protection for your personal information.
As a matter of course, we do not transfer your data outside the EEA. We may, however, transfer your personal data around the world on an ad hoc basis, for example where this is necessary for our interaction with you, and you are located outside of the EEA. In such circumstances, we will consider whether any additional measures are required in order to give adequate protection for the information when it is transferred.
DATA SECURITY
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using Secure Sockets Layer (SSL) technology. In circumstances where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data by imposing strict procedures and security features to prevent unauthorised access, we cannot guarantee the security of your data transmitted to our website. As such, any transmission is at your own risk.
HOW LONG YOUR INFORMATION IS KEPT
We retain your personal data only for so long as is necessary to deliver our services to you, and to protect our legal interests or as otherwise stated to you when your data is collected.
To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm from any unauthorised use or disclosure, the purposes for which we process your personal data, whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our Retention Schedule which you can request a copy of by contacting us at mydata@hrp.org.uk.
YOUR RIGHTS
Under the UK GDPR you have the following rights in relation to our processing of your personal data:
- to obtain access to, and copies of, the personal data that we hold about you;
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data in certain circumstances;
- to require us to restrict our data processing activities in certain circumstances (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for transmitting that personal data to another data controller;
- to object, on grounds relating to your situation, to any of our processing activities where you feel this has a disproportionate impact on your rights;
- to complain about the processing of your data to the UK data protection regulator – the Information Commissioner’s Office (ICO) (www.ico.org.uk). The ICO does though recommend that you first try and resolve the complaint with us.
Date of last update: February 2023
COOKIE POLICY
INFORMATION ABOUT OUR USE OF COOKIES
Your privacy
Our websites use cookies saved on your device or computer to distinguish you from other users of our website. Cookies are used to store information about how you use the website such as the pages you visit. This helps us to provide you with a good experience and allows us to improve the website. We use different types of cookies and you can choose which ones you want us to use. However, blocking some types of cookies may impact your experience of our website and the services we offer.
WHAT COOKIES DO WE USE?
The cookies we use fall into the following categories:
Functional cookies: Functional cookies allow us to remember preferences and settings to personalise a website visit.
Strictly necessary cookies: These cookies are necessary for the website to function and always need to be on. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
How to manage cookies
You can prevent the installation of cookies in your browser at any time by using our cookie management tool or managing the cookie settings in your browser. However, you may not be able to access all features or areas of our site if cookies are disabled.
Visit https://www.aboutcookies.org.uk/managing-cookies for information on how to manage cookies in popular browsers.
You can also find more information on managing the storage of cookies on the website www.youronlinechoices.eu
CONTACT
Questions or requests regarding this cookie policy should be addressed to mydata@hrp.org.uk.