Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).


Historic Royal Palaces, including our subsidiary Historic Royal Palaces Enterprises Limited, (also referred to as "we", “us” or “our”) is fully committed to both protecting and respecting your privacy. We are registered with the Information Commissioners Office and our registration number is Z7917960.

Historic Royal Palaces (Reg. Charity number 1068852) is a charitable organisation with the aim to manage, conserve, renovate and repair the Palaces in our care to a high standard consistent with their status; to help everyone to learn about the Palaces, the skills required for their conservation and the wider story of how monarchs and people together have shaped society, by such means as are appropriate.

Historic Royal Palaces Enterprises Limited (Reg. Co. number 03418583 ) carries on a range of commercial trading activities to generate income for Historic Royal Palaces including sale of gifts and souvenirs at shops and online, income from commercial partnerships including sponsorship, affinity marketing and product licensing and commercial activities that are deemed outside the charitable purposes of Historic Royal Palaces. These activities include events, intellectual property rights, and access to properties for filming rights and advertising revenues.

This notice (together with our Terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By visiting this or any of our websites (also referred to as “sites”) or other any other applications or technologies outlined in this notice, you are accepting and consenting to the practices described in this notice.

The data controller is Historic Royal Palaces of Hampton Court Palace, Surrey, KT8 9AU. This means it decides how your personal data is processed and for what purposes.


We comply with our obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes:

  • To enable us to provide a service for the benefit of the public as specified in our constitution;
  • To administer membership records;
  • To fundraise and promote the interests of the charity;
  • To manage our employees and volunteers;
  • To maintain our own accounts and records (including the processing of gift aid applications);
  • To inform you of news, events, activities and services running at Historic Royal Palaces.


We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy and schedule that you can request a copy of by contacting us at [email protected].


We may collect and process the following data about you:

Information you give us

  • You may give us information about you by filling in forms on our website or at any of our sites, purchasing tickets, membership or other products / services, making a donation, or by corresponding with us by telephone, email or otherwise.
  • This includes information you provide when you subscribe to our newsletter, or place an order on one of our sites; when you report a problem with our site; or if you join one of our special public engagement programmes.
  • The information you may give us may include your name, email address, postal address and telephone number and financial and credit card information.
  • You may also provide us with the above information, as well as certain information about your employment, if you participate in one of our schools initiatives such as the HRP Teacher Network or Access Fund.

Information we collect about you on the Historic Royal Palaces website

With regard to each of your visits to our site we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

Information we receive from other sources

  • We may receive information about you if you use any of the other websites we operate or the other services we provide. There are certain third parties with whom we have to work closely (including, for example, business partners, professional advisers, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and we may receive information about you from them;
  • If we are doing business with you or accepting a donation, we may have to conduct due diligence on you, for example where we are under a legal or regulatory requirement;
  • We may combine information we receive from other sources with information you give to us and information we collect about you;
  • We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Information we collect about you on the Royal History Quiz app

With regard to each of your visits to our app we may automatically collect the following information:

  • technical information, including usernames and a unique ID. All the data collected will be anonymous and for the purpose of administering the app only;
  • in a case of an error we collect log data and information (through third party services) on your phone, which may include your device Internet Protocol (“IP”) address, device name, operating system version, the time and date of your use of the app, and other statistics;
  • information about your visit (through third party services), including device model, geo-location, through and from our app (including date and time); length of time on certain screens, screen interaction information (such as scrolling and clicks), game statistics including scores, levels and correct/incorrect answer rate, number of shares and challenges sent statistics.


We use information held about you in the following ways:

Information you give to us:

1. When using an online form:

  • We ask for your details so we can respond in an appropriate way, for example when enquiring about a venue for hire or requesting materials.
  • In accordance with your preferences, you may be contacted with relevant promotions, offers or information that you have expressed an interest in or that might be of interest to you. If you wish us to stop contacting you please email [email protected].

2. When signing up for e-mail updates:

  • We ask for your details so we can add you to our email database and send you updates you’ve requested.
  • This information will not be given to any third party, except to the extent and for the purpose we may be required to do so by any law, or where you have consented to it. If you wish us to stop contacting you please email [email protected].

3. When purchasing a ticket or other product online:

  • We collect various personal details about you when you purchase tickets or other products and services (e.g. memberships, donations, retail goods and image library content) online, including name, home address, billing address, telephone number, email etc.
  • We use the information to process orders and to provide a more personalised service.
  • We display donor names on our ‘sponsor a stone’ website if the donor consents.
  • Collecting these details allows our system to create a customer account for you in order that we can sell you such products and services.
  • Having a record of your personal details also allows us to identify you if we need to contact you regarding your booking or other order, if you need to contact us to change your booking or order, or to help identify you if collecting tickets at one of our palaces.
  • We are also able to help if tickets or orders are lost by checking your personal details on the database.
  • Additionally, our bank recommends that we take the billing address of people purchasing tickets in advance as this can help to prevent fraudulent use of credit cards.
  • However, if you would prefer not to provide us with any of your personal information, you can buy tickets in person at any of the ticket offices at our palaces. For further information please see our Terms of use.
  • The information we collect in this way will not be given to any third party, except to the extent and for the purpose we may be required to do so by any law.
  • By disclosing your personal information to us using this website or over the telephone, you consent to the collection, storage and processing of your personal information by Historic Royal Palaces in the manner set out in this Privacy Notice. If you have any questions or concerns about the information we hold about you, you can also email [email protected].

4. When filling in a form during a visit or applying for one of our programmes or events:

  • We ask for your details so we can fulfil your specific request in accordance with your preferences. This will be explained to you at the time and on the relevant form.

5. When joining the HRP Teacher Network:

  • We ask for your details so we can provide you with the benefits of membership, which will include keeping you and your school up to date with what is happening.
  • In accordance with your preferences, we may offer products and services that will be of interest and relevance to you or your school.

Information we collect about you:

We will use this information:

  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer, or other device being used to access our site;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our site safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them;
  • to build profiles of lookalike customers for advertising and marketing purposes using website visitor data and online booking data
  • to administer our Royal History Quiz app, including troubleshooting, data analysis, testing, research and statistical purposes


We may share personal information held about you in the following ways:

  • Within HRP, for legitimate purposes only.
  • We may share your information with selected third parties including:
    • Suppliers, sub-contractors and business partners for the performance of any contract we enter into with you or them.
    • Analytics and search engine providers that assist us in the improvement and optimisation of our site
    • Analytics providers and third-party suppliers that assist us in the improvement and optimisation of our Royal History Quiz app
  • We may disclose your personal information to third parties:
    • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
    • If HRP or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
    • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of use and other agreements; or to protect the rights, property, or safety of HRP, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction


The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.

Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data;
  • The right to withdraw your consent to the processing at any time;
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data;
  • The right to lodge a complaint with the Information Commissioner’s Office.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

For more information, or to make a Subject Access Request, please download our Subject Access Request form.


The Act defines 'sensitive personal data' as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee:

  • We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
  • We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
  • Data about an employee’s criminal convictions will be held as necessary.
  • Data about an employee’s religious affiliations where they are employed at Hillsborough Palace are collated as required by NI Equal Opportunities Legislation


Any changes we may make to our privacy notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy notice. This notice was last updated on July 2021.


Questions, comments and requests regarding this privacy notice should be addressed to [email protected].



Your privacy

Our websites use cookies saved on your device or computer to distinguish you from other users of our website. Cookies are used to store information about how you use the website such as the pages you visit. This helps us to provide you with a good experience and allows us to improve the website. We use different types of cookies and you can choose which ones you want us to use. However, blocking some types of cookies may impact your experience of our website and the services we offer.

More information on giving consent to cookies


The cookies we use fall into the following categories:

Performance cookies
We use Google Analytics to collect anonymous information about how you use our website so that we can improve the experience. For example, we collect information about how you got to the website, the pages you visit, time spent on pages and how you move around the website. If you do not allow these cookies we will not know when you have visited our site and cannot monitor its performance.

Targeting cookies
These cookies may be set by third party websites and our advertising partners. We use these cookies to do things like track views of YouTube videos on our website and to target and improve our advertising - for example, to avoid showing advertising you may have seen, or to enable us to display advertising that is relevant to you. These cookies do not store any personally identifiable information. If you do not allow these cookies, you will experience less targeted advertising.

Functional cookies
Functional cookies allow us to remember preferences and settings to personalise a website visit.

Strictly necessary cookies
These cookies are necessary for the website to function and always need to be on. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

How to manage cookies

Manage cookies

You can prevent the installation of cookies in your browser at any time by using our cookie management tool or managing the cookie settings in your browser. However, you may not be able to access all features or areas of our site if cookies are disabled.

Visit for information on how to manage cookies in popular browsers.

If you do not wish to be tracked by Google Analytics cookies, you can opt out by installing a browser plug-in here:

You can also find more information on managing the storage of cookies on the website 


Questions or requests regarding this cookie policy should be addressed to [email protected].