The Royal Armouries Group has recently implemented a new Customer Records Management (CRM) System to store the personal information of our stakeholders, including visitors, shop customers, educational contacts, members, supporters, donors and sponsors, and commercial clients, which was previously held in a number of separate databases. As part of this process we have reviewed our existing mailing lists, which have been compiled over a significant period of time, and identified some overlap in the interests of some the stakeholders in some of the lists. We have therefore consolidated some of these stakeholders into new mailing lists based on their common interests. The new CRM System allows us to better understand our customers and their interests, and to communicate with them more efficiently and effectively. It also allows us to better ensure that our customers information and their rights under data protection legislation are fully observed. The information held in the old databases has been securely destroyed.
When we ask you to provide us with your personal information we will let you know why we need your data and how we will use it, and will direct you towards this notice for further information.
- Who we are
The Royal Armouries Group consists of the Royal Armouries (RA), the National Museum of Arms and Armour in the United Kingdom; Royal Armouries Trading and Enterprises Limited (RATE), a company registered in England and Wales, which carries out commercial activities on behalf of the Museum; and Royal Armouries (International) plc (RAI), which previously provided café facilities, catering and corporate events at the Museum and was acquired in 2018.
In this privacy notice and in the data protection statements which you will see wherever we collection your personal information, ‘Royal Armouries’, ‘the Museum’, and ‘we’ refer to the Royal Armouries Group.
The Museum is the data controller of your personal information.
- What information do we collect about you
The personal information we collect from you will vary according to how you engage with the museum, but may include:
- Contact details for communications, e.g. postal address, email address and telephone number
- Confirmation of your ID and current address
- Ticket purchase and event registration/attendance
- Special requirements, such as diet or access
- Bank account, bank or credit card details, including Direct Debit bank details where applicable
- Donation information
- Gift Aid status
- Information about your interests and activities
- Employment information and professional activities
- Copies of correspondence sent to/received from you
- How will we use the information about you
We may use your personal information in a number of different ways to:
- ensure that you enjoy your visit to the museum or our website;
- provide you with the opportunity to book and attend our events;
- enable you to take part in our competitions;
- allow you to purchase items from our shop or online;
- allow you to bring school, college or university groups to participate in classroom sessions or self-guided tours of the museum;
- permit you to bring other groups to the museum for guided tours of the galleries, and a glimpse behind the scenes;
- encourage you to donate or lend items to the collections;
- enable you to request information about our collections, arms and armour, the Tower of London and related subjects;
- allow you to visit our Library and Archives Reading Room and access our Study Collections for research;
- enable you to purchase and license film and images from our Image library;
- enable you to license the Royal Armouries brand;
- encourage you to support the work of the museum through donations;
- enable you to become a member or patron and enjoy private views of new exhibitions and other exclusive events;
- enable you to hire our corporate and private function facilities at Fort Nelson;
We may also use your personal information to:
- keep you up-to-date with news about the museum, and information on exhibitions and events, retail offers, fund raising activities etc.;
- process your payments by sharing your bank or credit card details with third parties such as Shopify Pay and Natwest Bank;
- deliver your goods;
- protect your consumer rights;
- allow you to feedback on your experience;
- permit us to deal with your complaints;
- maintain records relating to your engagement with us as a customer;
- analyse your interests and shopping habits and send you information about products we feel may be of interest to you;
- enable you to contribute to our market research;
For more detailed information on the how we use your personal information, why we use it, and how long we keep it for please refer to our Data Protection Register, a summary of which can be found at www.armouries.org.uk.
We may use your personal information for marketing purposes either with your consent or where we believe that we have a legitimate interest in sending you news about the Museum, and information relating to our collections, exhibitions, events and activities, retail offers, fund raising activities etc. and where this coincides with your interests based on your previous engagement with us.
You may create an online account to provide us with more information about your interests, and to refine your marketing options.
You may opt out of receiving marketing information at any time by:
- logging onto your online account;
- using the opt-out link at the bottom of any email we send you;
- emailing us at email@example.com;
- writing to us at Communications Department, Royal Armouries, Armouries Drive, Leeds, LS10 1LT;
Please note. Requests to opt-out of marketing information may take 48 hours to process.
- How we use CCTV
CCTV is used extensively throughout the Museum to protect our visitors and staff, to deter and detect crime, and to assist in the investigation of incidents. We abide by the CCTV Code of Practice in the management of any information recorded, and the footage is usually kept for 30 days and then destroyed, unless there is a need to retain it as evidence as part of an on-going investigation and in case we are required to disclose it as evidence in any legal proceedings. Further information may be found in our CCTV Policy.
- How we ensure your information is up to date
We carry out routine checks of the personal information we collect to ensure that it is accurate and up-to-date. We will also contact you from time to time to check that any information we hold about you is relevant for the purposes of processing.
- Who we share your information with
We will not share your details with any third parties, nor disclose your personal information to any third parties or external organisations, other than those data processors and service providers carrying out work on our behalf. The Museum carries out comprehensive checks on any companies working on our behalf before we work with them, and we put contracts in place in line with the data protection legislation that sets out our expectations and requirements, especially regarding how they manage your personal information. For specific information on who we share your personal information with please refer to our Data Retention Schedules, a summary of which can be found in the policies section at www.royalarmouries.org.
In the event where we wish to share your personal information in a way that is not covered in this statement, we will apply for your explicit and informed consent.
- How we keep your information secure
The Museum has implemented security procedures to ensure that the personal information under our control is protected from unauthorised access, improper use, unauthorised modification, accidental or malicious disclosure. All employees and data processors are obliged to respect the confidentiality of the personal information of our visitors, friends and supporters.
- How long do we keep your information
Your information will be retained within our secure information systems for as long as you continue to engage with us, and it will then be securely destroyed or transferred to the Museum’s archives as appropriate. For specific information on how long we keep your personal information please refer to our Data Retention Schedules, a summary of which can be found at www.royalarmouries.org.
- How you can access your information
Access to personal information collected by the Museum is provided under the terms of the General Data Protection Regulations. You may request a copy of the personal information that we hold about you at any time by emailing or writing to us at the contact details below. There is usually no charge for making this request, and we will normally respond to you within one month (twenty working days). We may ask you for proof of identity and request further details to assist us in the location of your personal information.
If we hold a large amount of information about you or your request is complicated, then we may need to charge you a reasonable fee, based on the cost of providing the information, and extend the deadline by up to two months. We will advise you of any charges or delays in responding to your request.
If we consider your request to be manifestly unfounded or excessive we may refuse to respond, and we will write to you explaining our decision. You have the right to appeal, and if you are still unhappy to complain to the Information Commissioner’s Office, or to seek a judicial remedy.
- What other rights you have
The General Data Protection Regulations also grant you the rights:
- to have your personal information rectified if it is inaccurate or incomplete;
- to request the deletion or removal of your personal information (the right to be forgotten);
- to ‘block’ or suppress the processing of your personal information;
- to obtain and reuse your personal information for your own purposes across different services;
- to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics; and
- not to be subject to a decision when it is based on automated processing, and it produces a legal effect or a similarly significant effect on you.
You may ask us to change or remove any personal information you have given us at any time by emailing or writing to us at the contact details below. There is no charge for making this request, and we will normally comply within one month (twenty working days). We will keep a record of your request for a period of two years in order to show that we have complied with the Regulations after which it will be destroyed.
For further information on your rights visit the Information Commissioner’s website, https://ico.org.uk/for-the-public/.
- How to contact us?
Data Protection Officer
If you feel that we have not upheld your rights and wish to make a complaint, you should contact our Data Controller:
- How to contact the Information Commissioner?
If you are not satisfied with our response to your request to remove, change or provide any personal information, or if you believe that we are not processing your personal information in accordance with the law, you have the right to complain to the Information Commissioner’s Office:
Information Commissioner’s Office
Telephone 0303 123 113