Personal data refers to any information that identifies you as a specific individual. This page explains the what, how and why of the information we collect about you when you visit our website or use our services. It also explains the specific ways we use and disclose that information.
We take your privacy extremely seriously and we never sell your data.
Who we are
The Royal Mint Museum is the Data Controller for the personal information we hold to (i) operate our business including managing contracts with customers and partners, and (ii) market and sell to existing and potential customers and partners.
Below “we” and “us” refer to The Royal Mint Museum.
What types of information we collect and how we collect them
In order to provide our services, we must process some personal information about you. We may collect:
Contact details – including your name, organisation, organisation’s address, telephone numbers, job title and email addresses.
These are collected when:
- You complete a form on this website
- You volunteer this information to one of our employees over the phone
- You call or email us with an enquiry about our products or services
Marketing and communications data – including your preferences in receiving marketing from us and your communication preferences.
This is collected when:
- You do any of the above AND provide your consent to receive marketing communications from us
- You electronically or verbally update your communications preferences
- Correspondence – including email content which potentially contains personal data. This may be collected automatically when you correspond with us via email.
- Technical data – internet protocol (IP) address, type of device, browser type and version, web pages visited
- Usage data - including information about how you use our website
- Automated technologies – we collect information about you automatically via technology tools such as cookies
- Third parties – we may collect information about you from publicly available sources, your references, business-to-business market intelligence companies and other service providers
Our legal grounds for processing your data
There are different legal grounds (or bases) on which we rely to use your personal information, namely:
Where it is necessary to provide you with our Products and Services
We will process your data in the course of providing our products and services to you, in performance of our contract (or in the course of creating a quote, and gathering information to create a quote, for providing products and services to you).
Where it is in our Legitimate Interests to do so
The Royal Mint Museum collect information from you in the course of our business including through your use of our website, your relationship or interactions with our staff or when you engage us in the provision of services for the following purposes:
Based upon conducting a Legitimate Interest Assessment (LIA) – as advised by the ICO – it is deemed that the rights and freedoms of the data subjects would not be overridden in our correspondence regarding our services and that in no way would a data subject be caused harm by our correspondence.
Where you have provided consent for us to use your data for a particular purpose
Where you have given your explicit consent, we may use your data for specific purposes. Such as when you sign up to receive our blog email updates, we will process your contact details in order to send you those emails
How we use your personal data
We use your personal data, including any of the personal data listed in the “What types of Information we collect” section above, for the following purposes:
- To provide services and/or information to you
- To fulfil our legal and regulatory requirements including establishing, exercising or defending legal claims
- To respond to your requests and enquiries
- To manage and administer our relationship with you and our clients
- To prevent and detect fraud and other criminal offences
- To ensure network and information security
- To host, maintain and improve our marketing communications website
We also use your personal data for:
We may use your personal data to send you marketing communications about services, publications, industry updates, events, courses, surveys, promotions and competitions by The Royal Mint Museum to display content that we believe may be of interest to you.
We will only contact you for these marketing purposes in accordance with our legitimate business interests or where you have explicitly agreed to this. Your agreement to the use of your personal data for these purposes is optional and if you do not wish to provide your agreement, your visit and use of our website and/or provision of services by The Royal Mint Museum will not be affected.
You have the right to request us not to use your personal data for marketing communications. You can opt out of receiving these by clicking on the ‘unsubscribe’ link at the bottom of any such electronic communication or through following the opt-out instructions provided in any marketing communication.
Use of our website
There are facilities on our website which invite you to provide us with personal data including our contact us form and contact email addresses. The purpose of these facilities is apparent from the point at which you provide your personal data to us and we only use the information for those purposes.
Legal basis for using your personal data
We will only use your personal data when the law allows us to. In particular, we will use your personal data:
- Where it is necessary for our legitimate business purposes provided it does not override your rights and freedoms
- To perform a contract such as providing you with services
- To comply with legal and regulatory obligations including for the establishment, exercise or defence of legal claims
- Where we have received your explicit consent
How long we keep your data
In line with ICO guidelines, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you have a question about explicit retention periods for particular types of personal data we hold, please contact us (contact details below).
Who we share your data with
The Royal Mint Museum uses trusted third parties to provide support services for certain aspects of our business. Specifically, these include secure data storage, facilitating secure online transactions, website visitor analytics and sending email marketing communications.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also provide your information to regulators and law enforcement agencies where we are legally required to do so and where necessary for the purposes of preventing and detecting fraud or other criminal offences. If legally permitted, we will use reasonable efforts to notify you prior to disclosing your information to such parties.
The Royal Mint Museum has ensured that all of the third party organisations we share your data with are GDPR compliant and have signed a data processor agreement with us. We will never sell your data.
How we protect your information
We take our responsibilities around the safety and security of your data very seriously and are committed to ensuring this.
As such we take steps to safeguard this, including:
- Employing secure HTTPS encryption across our website to protect your data when completing online forms
- Storing all information you provide to us on our secured servers within the European Economic Area
- Limiting access to your information to only employees who need to process it
- Storing your information behind a password protected system internally
From time to time, your information may be transferred to and stored in a country outside the EEA in relation to provision of the services (i.e. the USA). The laws in these countries may not provide you with the same protection as in the EEA; however, any third party referred to above outside of the EEA has agreed with us to abide by European levels of data protection in respect of the transfer, processing and storage of any personal data.
Requesting a copy of your information
Under the GDPR you have several rights regarding your personal data, including the right to be informed about the data we hold about you, the right to ask us to rectify that data if it is incorrect, and the right to ask for a copy of that data (called a Subject Access Request).
If you would like to request a copy of the data that we hold about you, please complete our Subject Access Request form and send it to firstname.lastname@example.org. We will aim to acknowledge your request promptly and in any event will respond to your request within one month.
If you are concerned about our data processing
If you are unhappy with how we have collected or processed your personal data you have the right to make a complaint at any time to the Information Commissioner’s Office (https://ico.org.uk/) (ICO), which is the UK supervisory authority for data protection issues.
However, if you have such a grievance we would politely request the chance to deal with your concerns before you approach the ICO – so please do contact us in the first instance.
Queries and contact
If you have any queries regarding the above or would like update or obtain a copy of your data held by us, our appointed privacy representative is Data Protection Officer who can be contacted via email at email@example.com.
Whenever we make a material change to the information we collect or how we use it we’ll update the policy posted here. When this policy changes, we’ll announce it to let you know — or you can check back here for each update.
This policy was last updated on 1st August 2018