Privacy Notice for Retail Customers

This privacy notice is intended for retail customers, newsletter subscribers and anyone else who has a relationship with the Royal Armouries shop.

When we ask you to provide us with your personal information we will let you know why we need your data and how we will use it, and will direct you towards this notice for further information.

Who we are

Royal Armouries is the National Museum of Arms and Armour. Our shop is part of Royal Armouries Trading and Enterprise (RATE) which carries out commercial activities on behalf of the Museum. As a wholly owned subsidiary, RATE is subject to the Museum’s policies and procedures.

In this privacy notice and in the data protection statements which you will see wherever we collect your personal information, ‘Royal Armouries’, ‘the Museum’, and ‘we’ refer to Royal Armouries and Royal Armouries Trading and Enterprise.

The Museum is the data controller of your personal information.

What information do we collect about you

The personal information we collect about our customers will vary according to how you engage with us. It may include:


  • Name
  • Contact details, e.g. postal address, email address and telephone number
  • Bank account, bank or credit card details
  • Copies of correspondence sent to/received from you


How we use your information


  1. Purchasing goods from our museum shop or online etc

We may use your personal information in a number of different ways to:


  • allow you to purchase items from our shop or online;
  • process your payments by sharing your bank or credit card details with Shopify Pay and Natwest Bank;
  • deliver your goods;
  • protect your consumer rights;
  • allow you to feedback on your experience;
  • permit us to deal with your complaints;
  • maintain records relating to your engagement with us as a customer;
  • analyse your shopping habits and send you information about products we feel may be of interest to you
  • keep you up-to-date with news about our products and retail offers


  1. Sending you copies of our newsletter

We may use your personal information with your consent to send you details of our products and retail offers.


You may opt out of receiving information at any time by:


  • using the opt out link at the bottom of an email from Royal Armouries shop; 
  • by emailing us at
  • by writing to us at the Retail Department, Royal Armouries, Armouries Drive, Leeds, LS10 1LT.


How we ensure your information us up to date

We carry out routine checks of the personal information we collect to ensure that it is accurate and up-to-date. We will also contact you from time to time to check that any information we hold about you is relevant for the purposes of processing.


If you are a registered customer you can also log into your online shop account and review your personal details.


Who we share your information with

We will not share your details with any third parties, nor disclose your personal information to any third parts of external organisations, other than those data processors and service providers carrying out work on out behalf.


The Museum carries out comprehensive checks on any companies working on our behalf before we work with them, and puts contracts in place in line with the General Data Protection Regulations that sets out our expectations and requirements, especially regarding how they manage your personal information.


In the event where we wish to share your personal information in a way that is not covered in this statement, we will apply for your explicit and informed consent.


How we keep your information secure

The museum has implemented security procedures to ensure that the personal information under our control is protected from unauthorised access, improper use, unauthorised modification, accidental or malicious disclosure. All employees and data processors are obliged to respect the confidentiality of the personal information of our customers and newsletter subscribers etc.


How long do we keep your information

Your information will be retained within our secure information systems for as long as you continue to engage with us, and will then be securely destroyed or transferred to the museum’s archives as appropriate. For specific information on how we use your personal information, why we use it, and how long we keep our personal information please refer to our Data Retention Schedules, a summary of which can be found at


How you can access your information

Access to personal information collected by the museum is provided under the terms of the General Data Protection Regulations. You may request a copy of the personal information that we hold about you at any time by emailing or writing to us at the contact details below.


There is usually no charge for making this request, and we will normally respond to you within one month (twenty working days). We may ask you for proof of identity and request further details to assist us in the location of your personal information.


If we hold a large amount of information about you or your request is complicated, then we may need to charge you a reasonable fee, based on the cost of providing the information, and extend the deadline by up to two months. We will advise you of any charges or delays in responding to your request.


If we consider your request to be manifestly unfounded or excessive we may refuse to respond, and we will write to you explaining our decision. You have the right to appeal, and if you are still unhappy to complain to the Information Commissioners Office, or to see a judicial remedy.


What other rights have you

The General Data Protection Regulations also grant you the rights:

  • to have your personal information rectified if it is inaccurate or incomplete;
  • to request the deletion or removal of your personal information (the right to be forgotten);
  • to ‘block’ or suppress the processing of your personal information;
  • to obtain and reuse your personal information for your own purposes across different services;
  • to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics; and
  • not to be subject to a decision when it is based on automated processing, and it produces a legal effect or a similarly significant effect on you.


You may ask us to change or remove any personal information you have given us at any time be emailing or writing to us at the contact details below. There is no charge for making this request. We will keep a record of your request for a period of two years in order to show that we have complied with the Regulations after which it will be destroyed.


For further information on your rights visit the Information Commissioner’s website,


How to contact us

If you have an enquiry, a complaint or suggestions regarding our data protection processes, please contact our Data Protection Officer:


Philip Abbott
Data Protection Officer
Royal Armouries
Armouries Drive
LS10 1LT


If you feel that we have not upheld your rights and wish to make a complaint, you should contact our Data Controller:


Malcolm Duncan
Data Controller
Royal Armouries
Armouries Drive
LS10 1LT


How to contact the Information Commissioner

If you are not satisfied with our response to your request to remove, change or provide any personal information, or if you believe that we are not processing your personal information in accordance with the law, you have the right to complain to the Information Commissioner’s Office:


Information Commissioner’s Office
Wycliffe House
Water Lane
Telephone: 0303 123 113