Privacy notice for retail customers

This privacy notice tells you who we are and what to expect when the Royal Armouries Online Shop collects your personal information. It is intended for customers, supporters and anyone who has a relationship with the Royal Armouries online shop.  

Our history and who we are

The Royal Armouries is the United Kingdom's national museum of arms and armour, and one of the most important museums of its type in the world.

Its origins lie in the Middle Ages: its celebrated core collection originating in the nation's working arsenal, assembled over many centuries at the Tower of London.

In the reign of Elizabeth I, selected items began to be arranged for display to visitors, making the Royal Armouries heir to one of the oldest deliberately created visitor attractions in the country.

The collection of about 75,000 items – excluding approximately 2,700 loans to other bodies – is now displayed and housed not only in the Tower of London but also at our purpose-built museum in Leeds, and at Fort Nelson near Portsmouth. Since 2005, the museum has also managed the national collection of firearms, started in 1631 by Charles I and assembled by the British Army, now housed at the National Firearms Centre.

The Royal Armouries Trading and Enterprise (RATE) carries out the commercial activities of the Museums (eg events, retail and Licencing). As a wholly owned subsidiary, RATE is subject to the Museum's policies and procedures.

In this privacy notice and in the data protection statements which you will see wherever we collect your personal information, 'the Royal Armouries', 'the Museum' and 'we' refer to the Royal Armouires Trading and Enterprise.

The Museum is the data controller of your personal information.

How we use your information

When you give us your personal data we will explain specifically how we will use it in a fair processing statement with a link to this privacy notice. The main purposes for which we collect and process the details of Customers, Members, enquirers, donors and potential donors are to provide the service, goods or information that you have requested:

  • for administration purposes (eg to administer donations, and to keep a record of our relationship with you)
  • to further our charitable aims, including fundraising activities
  • to gather feedback
  • to enable the best possible supporter journey and experience

We may use your data to contact you by email (if you have given us your consent or are a business contact), post or phone with news and information about the Museum Shop that we feel may be of interest to you as well as about our other special events, activities, products and services. We will not use your personal information in this way if you have opted out, unsubscribed or otherwise indicated that you do not wish to be contacted for such marketing purposes.

When we ask you to provide personal information we will let you know why we are asking, and how we will use your data, and will direct you towards this notice for further information. This privacy statement explains how we use any personal information we collect about our visitors who purchase items from our shop or online.

What information do we collect about you?

The personal information we collect about our customers may include:

  • Name
  • Contact details for communications and parcel/ order delivery, e.g. postal address, email address and telephone number
  • Bank account, bank or credit card details
  • Details of correspondence sent to/received from you

How will we use the information about you?

You may opt out at any time by using any of the following options;

  • The opt out section at the bottom of an email from Royal Armouries online shop 
  • By emailing us at shopping@armouries.org.uk 
  • By post-  to the Retail Department, Royal Armouries, Armouries Drive, Leeds, LS10 1LT.

Purchasing goods from our museum shop or online

The purchase of goods from our museum shop or online is governed by legal and contractual obligations. We will use the personal information that you provide to process your order, to take payment, to deliver your goods, and to protect your rights as consumers. We will share your bank or credit card details with Shopify Pay, and use NatWest Bank to process payments.

Instore we are required to keep bank and credit card receipts for up to three years, and records of sales for up to seven years, after which time they are destroyed.

Helping us to improve our Retail service

It is within the Museum's legitimate interests to hold and analyse your data to continue to improve our understanding of our target audiences, customers and supporters. This is so we can provide world-class, customer service and effective and appropriate customer engagement. We are also looking at how we might in the future use the latest technologies to improve and personalise the services and goods that we offer.

We carry out customer analytics to improve our understanding of our target audiences. We do this by analysing your commercial transactions and activities (eg email interaction with the Museum Shop, such as which emails you open and how often). This helps us target our marketing more efficiently, understand what topics you are interested in, and personalise and improve your experience if you have consented to receive marketing from us, by providing the most relevant and timely content.  

You can object to our carrying out this kind of activity for marketing purposes by emailing shopping@armouries.org.uk , and we will review our basis for doing so in your case. Please note that objecting to this activity will mean that you are automatically unsubscribed from marketing.

We will also use your details to ask for feedback on your experience, and will use this information to help us evaluate our performance, and to improve the delivery of our retail services. 

Answering your letters and emails

When we receive correspondence from you, we will keep copies of your emails and letters together with any response we send you on your Shopify account. for the Shopify Privacy Policy please use this link. Shopify Privacy Policy

How we ensure your information is up to date?

We carry out routine checks of the personal information we collect to ensure that it is accurate and up-to-date. We will also contact you from time to time to check that any information we hold about you is relevant for the purposes of processing.

You can also log into your online shop account and change your personal details manually.

Who we share your information with?

We will not sell your details to any third parties, nor disclose your personal information to any third parties or external organisations, other than those data processors and service providers carrying out work on our behalf.

The museum carries out comprehensive checks on any companies working on our behalf before we work with them, and puts contracts in place in line with the Data Protection Act 2018, that sets out our expectations and requirements, especially regarding how they manage your personal information.

In the event where we wish to share your personal information in a way that is not covered in this statement, we will apply for your explicit and informed consent.

How we keep your information secure

The museum has implemented security procedures to ensure that the personal information under our control is protected from unauthorised access, improper use, unauthorised modification, accidental or malicious disclosure.

All employees and data processors are obliged to respect the confidentiality of the personal information of our visitors, friends and supporters. Your information will be retained within our secure information systems for as long as you continue to engage with us, and will then be securely destroyed or transferred to the museum’s archives as appropriate.

How you can access your information

The museum complies with the terms of the Data Protection Act 2018, and you have the right to request a copy of the personal information that we hold about you at any time by emailing or writing to us at the contact details below.

There is usually no charge for making this request, and we will normally respond to you within one month (twenty working days). However if we hold a large amount of information about you or your request is complicated, then we may need to charge you a reasonable fee, based on the cost of providing the information, and extend the deadline by up to two months. We will advise you of any charges or delays in responding to your request.

Your rights over your information

  • to have your personal information rectified if it is inaccurate or incomplete;
  • to request the deletion or removal of your personal information (the right to be forgotten);
  • to ‘block’ or suppress the processing of your personal information;
  • to obtain and reuse your personal information for your own purposes across different services;
  • to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics; and
  • not to be subject to a decision when it is based on automated processing, and it produces a legal effect or a similarly significant effect on you.

We will fully respond to any requests to remove, change or provide any personal information you have given to us. We will keep a record of your request for a period of two years in order to show that we have complied with the Act after which it will be destroyed.

For further information on your rights visit the Information Commissioner’s website, https://ico.org.uk/for-the-public/.

Complaints, Enquiries and Feedback

The Museum strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

How to contact us

If you have an enquiry, a complaint or suggestions regarding our data protection processes, please contact our Data Protection Officer:

Philip Abbott
Data Protection Officer
Royal Armouries
Armouries Drive
Leeds
LS10 1LT
dpa@armouries.org.uk

If you feel that we have not upheld your rights and wish to make a complaint, you should contact our Data Controller:

Malcolm Duncan
Data Controller
Royal Armouries
Armouries Drive
Leeds
LS10 1LT
dpa@armouries.org.uk

8. Information Commissioner

If you are not satisfied with our response, or believe that we are not processing your personal information in accordance with the law, you have the right to complain to the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 113
Website: www.ico.org.uk

Cookies

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

enabling a service to recognise your device so you don't have to give the same information several times during one task recognising that you may already have given a username and password so you don't need to do it for every web page requested measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast.

Removing & Disabling Cookies

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout.

We have tried to cover all cookies in this list that we or our service providers use. Please be aware that there may be a delay in updating this list. If you do notice any discrepancies please be sure to contact us and let us know.

 

Cookies Set By Us - Strict

_ab

This cookie is generally provided by Shopify and is used in connection with access to the admin view of an online store platform

_orig_referrer

This cookie is generally provided by Shopify and is used in connection with a shopping part.

_secure_session_id

This cookie is generally provided by Shopify and is used in connection with navigation through a storefront

Cart

This cookie is generally provided by Shopify and is used in connection with a shopping cart.

cart_sig

This cookie is generally provided by Shopify and is used in connection with checkout.

cart_ts

This cookie is generally provided by Shopify and is used in connection with checkout.

checkout_token

This cookie is generally provided by Shopify and is used in connection with a checkout service.

Secret

This cookie is generally provided by Shopify and is used in connection with checkout.

Secure_customer_sig

This cookie is generally provided by Shopify and is used in connection with a customer login.

storefront_digest

There is no information about this cookie yet.

cookieconsent_status

There is no information about this cookie yet.

cookieconsent_preferences_disabled

There is no information about this cookie yet.

cart_currency

This is an essential cookie for the secure checkout and payment function on the website. This cookie is provided by shopify.com.

cart

This cookie is set by website built on Shopify platform and is used in assoication with shopping cart.

shopify_pay_redirect

This cookie is used by website using Shopify platform and is used in enabling secure payment and checkout from the e-commerce store.

baMet_visit

This cookie is used by website using Shopify platform

baMet_cs_id

This cookie is used by website using Shopify platform

ba_cart_token

This cookie is used by website using Shopify platform

 

Cookies Set By Us - Analytical

_shopify_fs

This cookie is associated with Shopify's analytics suite.

_shopify_s

This cookie is associated with Shopify's analytics suite.

_shopify_sa_t

This cookie is associated with Shopify's analytics suite concerning marketing and referrals.

_shopify_uniq

There is no information about this cookie yet.

_shopify_visit

There is no information about this cookie yet.

_shopify_y

This cookie is associated with Shopify's analytics suite.

_y

This cookie is associated with Shopify's analytics suite.

tracked_start_checkout

There is no information about this cookie yet.

_ga

This cookie name is associated with Google Universal Analytics

_gid

This cookie name is associated with Google Universal Analytics.

_gat

This cookie name is associated with Google Universal Analytics.

__atuvc

There is no information about this cookie yet.

__atuvs

There is no information about this cookie yet.

__utma

There is no information about this cookie yet.

__cfduid

There is no information about this cookie yet.

cusid

This cookie is set by Click Dimensions. This cookie is used to establish and continue a user session with the site. When a user views a page on the site, the script code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on the site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on the site for longer than 30 minutes.

soundestID

This cookie is used by Omnisend to identify an anonymous contact.

omnisendAnonymousID

This cookie is used by Omnisend to identify an anonymous contact.

omnisendSessionID

This cookie is used by Omnisend to identify a session of an anonymous contact or a contact.

soundest-views

This cookie is used by Omnisend to count number of pageview in a session.

omnisendCartProducts

This cookie is used by Omnisend to monitor content of a cart in a session

 

Cookies Set By Us - Marketing

_gads

There is no information about this cookie yet.

IDE

This domain is owned by Doubleclick (Google). The main business activity is: Doubleclick is Googles real time bidding advertising exchange

_s

This cookie is associated with Shopify's analytics suite.

collect

There is no information about this cookie yet.

GPS

This cookie is associated with YouTube which collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites.

PREF

This cookie, which may be set by Google or Doubleclick, may be used by advertising partners to build a profile of interests to show relevant ads on other sites.

BizoID

This is a Microsoft MSN 1st party cookie to enable user-based content.

_fbp

Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.

_fbc

There is no information about this cookie yet.

__adroll

This cookie is associated with AdRoll

__adroll_v4

This cookie is associated with AdRoll

__adroll_fpc

This cookie is associated with AdRoll

__ar_v4

This cookie is associated with AdRoll