Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Historic Royal Palaces, including our subsidiary Historic Royal Palaces Enterprises Limited, (also referred to as "we", “us” or “our”) is fully committed to both protecting and respecting your privacy. We are registered with the Information Commissioners Office and our registration number is Z7917960.
Historic Royal Palaces (Reg. Charity number 1068852) is a charitable organisation with the aim to manage, conserve, renovate and repair the Palaces in our care to a high standard consistent with their status; to help everyone to learn about the Palaces, the skills required for their conservation and the wider story of how monarchs and people together have shaped society, by such means as are appropriate.
Historic Royal Palaces Enterprises Limited (Reg. Co. number 03418583 ) carries on a range of commercial trading activities to generate income for Historic Royal Palaces including sale of gifts and souvenirs at shops and online, income from commercial partnerships including sponsorship, affinity marketing and product licensing and commercial activities that are deemed outside the charitable purposes of Historic Royal Palaces. These activities include events, intellectual property rights, and access to properties for filming rights and advertising revenues.
By visiting this or any of our websites (also referred to as “sites”) or other any other applications or technologies outlined in this policy, you are accepting and consenting to the practices described in this policy.
The data controller is Historic Royal Palaces of Hampton Court Palace, Surrey, KT8 9AU. This means it decides how your personal data is processed and for what purposes.
We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy and schedule that you can request a copy of by contacting us at firstname.lastname@example.org.
We may collect and process the following data about you:
Information you give us
Information we collect about you on the Historic Royal Palaces website
With regard to each of your visits to our site we may automatically collect the following information:
Information we receive from other sources
Information we collect about you on the Royal History Quiz app
With regard to each of your visits to our app we may automatically collect the following information:
We use information held about you in the following ways:
Information you give to us:
1. When using an online form:
2. When signing up for e-mail updates:
3. When purchasing a ticket or other product online:
4. When filling in a form during a visit or applying for one of our programmes or events:
5. When joining the HRP Teacher Network:
Information we collect about you:
We will use this information:
We may share personal information held about you in the following ways:
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
For more information, or to make a Subject Access Request, please download our Subject Access Request form.
The Act defines 'sensitive personal data' as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee:
What are cookies and why do we use them?
Cookies are tiny text files that are stored on your browser if you agree. Most cookies contain a unique identifier called a cookie ID: a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows us to distinguish your browser from other browsers, to recognize your browser by its unique cookie ID and to store information about your preferences on a particular website. This information may remain on your computer or other internet enabled device after your internet session finishes and you leave the website, but you can delete them using some browsers, manually or using system utilities. Most internet browsers are pre-set to accept cookies. Cookies cannot be used by themselves to identify you. We may share statistical information regarding cookies with third parties.
The cookies we use on our website last for different time periods depending on the use:
What cookies do we use?
The cookies we use fall into the following categories.
1. Strictly necessary cookies
These cookies help us to run the website efficiently and allow access to features on the website.
2. Functional cookies
Functional cookies allow us to remember preferences and settings to improve a website visit.
3. Performance and analytical cookies
4. Targeted/ advertising cookies
5. Third-party cookies
During your visits to this website you may be delivered cookies by third-party websites. When you visit a page with content embedded from, for example, Facebook, Twitter, YouTube or Flickr, you may be presented with cookies from these websites. You should check the privacy policies of these third-party websites for more information about these.
You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled. You may wish to visit www.aboutcookies.org which contains comprehensive information on how to modify the cookie settings on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies. For information on how to do this on the browser of your mobile phone or tablet you will need to refer to your device manual. If you'd like to opt out of advertising cookies, please go to the Network Advertising Initiative website http://www.networkadvertising.org/.