The event organiser, Royal Armouries, has the legal responsibility to tell ticket buyers and event attendees how their personal information will be collected and used. You can find their Privacy Policy below or contact them to request it.
Privacy Notice
When we ask you to provide us with your personal information we will let you know
why we need your data and how we will use it, and will direct you towards this
notice for further information.
1. Who we are
The Royal Armouries Group consists of the Royal Armouries (RA), the National Museum of
Arms and Armour in the United Kingdom; Royal Armouries Trading and Enterprises Limited
(RATE), a company registered in England and Wales, which carries out commercial
activities on behalf of the Museum; and Royal Armouries (International) plc (RAI), which
previously provided café facilities, catering and corporate events at the Museum and
was acquired in 2018.
In this privacy notice and in the data protection statements which you will see
wherever we collection your personal information, ‘Royal Armouries’, ‘the Museum’,
and ‘we’ refer to the Royal Armouries Group.
The Museum is the data controller of your personal information.
2. What information do we collect about you
The personal information we collect from you will vary according to how you
engage with the museum, but may include:
• Name
• Contact details for communications, e.g. postal address, email address and
telephone number
• Confirmation of your ID and current address
• Ticket purchase and event registration/attendance
• Special requirements, such as diet or access
• Bank account, bank or credit card details, including Direct Debit bank details
where applicable
• Donation information
• Gift Aid status
• Information about your interests and activities
• Employment information and professional activities
• Copies of correspondence sent to/received from you
3. How will we use the information about you
We may use your personal information in a number of different ways to:
• ensure that you enjoy your visit to the museum or our website;
• provide you with the opportunity to book and attend our events;
• enable you to complete visitor surveys or provide feedback;
• enable you to take part in our competitions;
• allow you to purchase items from our shop or online;
• allow you to bring school, college or university groups to participate in
classroom sessions or self-guided tours of the museum;
• permit you to bring other groups to the museum for guided tours of the
galleries, and a glimpse behind the scenes;
• encourage you to donate or lend items to the collections;
• enable you to request information about our collections, arms and armour,
the Tower of London and related subjects;
• allow you to visit our Library and Archives Reading Room and access our
Study Collections for research;
• enable you to purchase and license film and images from our Image library;
• enable you to license the Royal Armouries brand;
• encourage you to support the work of the museum through donations;
• enable you to become a member or patron and enjoy private views of new
exhibitions and other exclusive events;
• enable you to hire our corporate and private function facilities at Fort Nelson;
We may also use your personal information to:
• keep you up-to-date with news about the museum, and information on
exhibitions and events, retail offers, fund raising activities etc.;
• process your payments by sharing your bank or credit card details with third
parties such as Stripe, Shopify Pay and Natwest Bank;
• deliver your goods;
• protect your consumer rights;
• permit us to deal with your complaints;
• maintain records relating to your engagement with us as a customer;
• analyse your interests and shopping habits and send you information about
products we feel may be of interest to you;
• enable you to contribute to our market research;
For more detailed information on the how we use your personal information, why we
use it, and how long we keep it for please refer to our Data Protection Register, a
summary of which can be found at www.armouries.org.uk.
4. Marketing
We may use your personal information for marketing purposes either with your
consent or where we believe that we have a legitimate interest in sending you news
about the Museum, and information relating to our collections, exhibitions, events
and activities, retail offers, fund raising activities etc. and where this coincides with
your interests based on your previous engagement with us.
You may create an online account to provide us with more information about your
interests, and to refine your marketing options.
You may opt out of receiving marketing information at any time by:
• logging onto your online account;
• using the opt-out link at the bottom of any email we send you;
• emailing us at communications@armouries.org.uk;
• writing to us at Communications Department, Royal Armouries, Armouries
Drive, Leeds, LS10 1LT;
Please note. Requests to opt-out of marketing information may take 48 hours to
process.
5. How we use CCTV
CCTV is used extensively throughout the Museum to protect our visitors and staff, to
deter and detect crime, and to assist in the investigation of incidents. We abide by
the CCTV Code of Practice in the management of any information recorded, and
the footage is usually kept for 30 days and then destroyed, unless there is a need to
retain it as evidence as part of an on-going investigation and in case we are
required to disclose it as evidence in any legal proceedings. Further information may
be found in our CCTV Policy.
6. How we ensure your information is up to date
We carry out routine checks of the personal information we collect to ensure that it is
accurate and up-to-date. We will also contact you from time to time to check that
any information we hold about you is relevant for the purposes of processing.
7. Who we share your information with
We will not share your details with any third parties, nor disclose your personal
information to any third parties or external organisations, other than those data
processors and service providers carrying out work on our behalf. The Museum
carries out comprehensive checks on any companies working on our behalf before
we work with them, and we put contracts in place in line with the data protection
legislation that sets out our expectations and requirements, especially regarding
how they manage your personal information. For specific information on who we
share your personal information with please refer to our Data Retention Schedules, a
summary of which can be found in the policies section at www.royalarmouries.org.
In the event where we wish to share your personal information in a way that is not
covered in this statement, we will apply for your explicit and informed consent.
8. How we keep your information secure
The Museum has implemented security procedures to ensure that the personal
information under our control is protected from unauthorised access, improper use,
unauthorised modification, accidental or malicious disclosure. All employees and
data processors are obliged to respect the confidentiality of the personal
information of our visitors, friends and supporters.
9. How long do we keep your information
Your information will be retained within our secure information systems for as long as
you continue to engage with us, and it will then be securely destroyed or transferred
to the Museum’s archives as appropriate. For specific information on how long we
keep your personal information please refer to our Data Retention Schedules, a
summary of which can be found at www.royalarmouries.org.
10. How you can access your information
Access to personal information collected by the Museum is provided under the
terms of the General Data Protection Regulations. You may request a copy of the
personal information that we hold about you at any time by emailing or writing to us
at the contact details below. There is usually no charge for making this request, and
we will normally respond to you within one month (twenty working days). We may
ask you for proof of identity and request further details to assist us in the location of
your personal information.
If we hold a large amount of information about you or your request is complicated,
then we may need to charge you a reasonable fee, based on the cost of providing
the information, and extend the deadline by up to two months. We will advise you of
any charges or delays in responding to your request.
If we consider your request to be manifestly unfounded or excessive we may refuse
to respond, and we will write to you explaining our decision. You have the right to
appeal, and if you are still unhappy to complain to the Information Commissioner’s
Office, or to seek a judicial remedy.
11. What other rights you have
The General Data Protection Regulations also grant you the rights:
• to have your personal information rectified if it is inaccurate or incomplete;
• to request the deletion or removal of your personal information (the right to
be forgotten);
• to ‘block’ or suppress the processing of your personal information;
• to obtain and reuse your personal information for your own purposes across
different services;
• to object to processing based on legitimate interests or the performance of a
task in the public interest/exercise of official authority (including profiling);
direct marketing (including profiling); and processing for purposes of
scientific/historical research and statistics; and
• not to be subject to a decision when it is based on automated processing,
and it produces a legal effect or a similarly significant effect on you.
You may ask us to change or remove any personal information you have given us at
any time by emailing or writing to us at the contact details below. There is no charge
for making this request, and we will normally comply within one month (twenty
working days). We will keep a record of your request for a period of two years in
order to show that we have complied with the Regulations after which it will be
destroyed.
For further information on your rights visit the Information Commissioner’s website,
https://ico.org.uk/for-the-public/.
12. How to contact us?
If you have any questions about our privacy policy, or you would like to request a
copy of the personal information we hold about you, or ask us to change or remove
your personal information please contact our Data Protection Officer:
Philip Abbott
Data Protection Officer
Royal Armouries
Armouries Drive
Leeds
LS10 1LT
dpa@armouries.org.uk
If you feel that we have not upheld your rights and wish to make a complaint, you
should contact our Data Controller:
Malcolm Duncan
Data Controller
Royal Armouries
Armouries Drive
Leeds
LS10 1LT
dpa@armouries.org.uk
13. How to contact the Information Commissioner?
If you are not satisfied with our response to your request to remove, change or
provide any personal information, or if you believe that we are not processing your
personal information in accordance with the law, you have the right to complain to
the Information Commissioner’s Office:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone 0303 123 113
Website: www.ico.org.uk