Privacy and Cookies

Privacy policy

The Royal Mint Museum, its charitable trading company The Royal Mint Museum Services Limited, and its websites royalmintmuseum.org.uk, rm50th.royalmintmuseum.org.uk, and collection.royalmintmuseum.org.uk (“The Royal Mint Museum”), which this privacy policy covers, will ensure that when we collect your Personal Data it is:

  • processed lawfully, fairly and in a transparent manner
  • collected only for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary for the purposes for which it is processed
  • accurate and up to date
  • not kept in an identifiable form for longer than is necessary for the purposes for which you provided it
  • secured by appropriate technical and organisational measures
  • not transferred without adequate protection

It is important that we keep your information accurate and up-to-date and so in return, we ask you to:

  • give us accurate information
  • tell us as soon as possible if there are any changes, such as a new address

Other links within this website to other websites are not covered by this policy.

Who are we?

The Royal Mint Museum consists of the below listed companies.

Any Personal Data provided to, or gathered by, The Royal Mint Museum (this includes royalmintmuseum.org.uk, rm50th.royalmintmuseum.org.uk, and collection.royalmintmuseum.org.uk) is controlled by The Royal Mint Museum incorporated and registered in England and Wales with company number 07105875 whose registered office is at Llantrisant, Pontyclun, Mid Glamorgan, South Wales, United Kingdom CF72 8YT. The Royal Mint Museum is also a registered charity with charity number 1138877.

Information Commissioner’s Office Registration Number: ZA324180.

VAT Registration Number: GB 991 2251 18

Any Personal Data provided to, or gathered by, The Royal Mint Museum Services Limited is controlled by The Royal Mint Museum Services Limited incorporated and registered in England and Wales with company number 07106468 whose registered office is at Llantrisant, Pontyclun, Mid Glamorgan, South Wales, United Kingdom CF72 8YT.

Information Commissioner’s Office Registration Number: ZA320379.

For further information regarding this policy, please contact our Data Protection Officer at the above listed address or using the following telephone or e-mail address:

What is Personal Data?

Personal Data is any information identifying you or information relating to you that allows us to identify you. This can be either directly or indirectly from that data alone or in combination with other identifiers we possess or can reasonably access.

Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Personal Data includes special categories of Personal Data and pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed.

Special Categories of Personal Data is information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, and biometric or genetic data. Although Special Categories of Information do not include information about criminal allegations, proceedings or convictions, there are separate safeguards relating to this type of information.

Pseudonymisation or pseudonymised is the replacing of information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is kept separately and secure.

What types of Personal Data do we collect?

The types of Personal Data that we collect include:

  • Name;
  • Age/date of birth;
  • Contact information and user preference;
  • Credit and debit card information and payment details;
  • Contractual details including goods and services provided;
  • Copies of documents you provide to prove your age or identity;
  • Device / Electronic identification data (the type of device that you use and unique device identifiers such as your IP address, device’s IMEI number, the MAC address of the device’s wireless network interface, and the mobile phone number, network and operating system used by the device);
  • Content data (information stored on your device including login information, photos, videos or other digital content, and check-ins);
  • Location data (some of our platforms utilise GPS technology to determine your current location. Some of our location-enabled services require your personal data for these features to work. If you wish to use this particular feature you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.);
  • Usage data (this includes details of your use of any of our apps and your visits to any of our websites including but not limited to traffic data and other communication data, and the resources that you access.);
  • Unique application numbers (when you want to install or uninstall a service containing a unique application number or when such a service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.);
  • Information collected through cookies; and
  • Your vehicle details and registration number, your representative organisation (if applicable), and image (which may be recorded on CCTV) if your visit us.

We do not gather any Special Categories of Personal Data.

We do not routinely collect Personal Data about children under 16. There are a limited number of activities that we undertake which may involve the collection of children’s’ Personal Data, for example competition entries and photo/video permission forms. Where children’s’ Personal Data is processed it will be done so with the consent of whoever holds parental responsibility of the child.

For further information on the types of Personal Data that we hold on you, please contact us.

How and why do we collect Personal Data?

We collect Personal Data, for example, when you visit any of our websites or locations, when you contact us with enquiries or become involved with us in another way, for example, seeking information, historical and coinage advice, entering a competition, or making a donation to us.

We collect and process your Personal Data based on one or more of the following reasons / legal bases:

  • It is necessary for us to perform a contract that you have entered into with us, or because it is necessary before entering into a contact (for example, to provide you with historical and coinage advice);
  • You have given us consent to process your Personal Data for a specific purpose (for example, where you have shared your experiences working for The Royal Mint Museum or The Royal Mint and consented to us sharing your experiences with others);
  • The processing is necessary for us to comply with our legal obligations (for example, to conduct know your customer checks);
  • We have a legitimate interest to do so, and have taken your rights into consideration (for example, to obtain feedback on our products and services or to better understand you as a customer); and/or
  • The processing is necessary to protect your vital interests (for example, to protect your life)

As referenced above, we have a legitimate business interest (and in some cases a legal obligation) to process Personal Data in order to better understand our customers. To do this we may combine the data that we collect directly from you from your interactions with The Royal Mint Museum, with data that we obtain from third parties.

We also have a legitimate interest, for example, to help ensure that we provide information, products and services that are most relevant to the interests of our customers.

We will not reuse your Personal Data for a new purpose other than for what it was originally collected, unless the new use is compatible with the original purpose for which the Personal Data was collected, we have notified you of the new use and given you a reasonable opportunity to object to it, or the new use is otherwise permitted or required by law.

Please note that if you do not share your Personal Data, we may not be able to provide you or have to stop providing you with the information, products or services that you have requested.

For further information on how and why we have collected your Personal Data, please contact us.

How do we use cookies and similar technologies?

When you visit our websites your device / electronic identification data is logged to track your session. This is automatically recognised by our servers and is used for system administration, to provide you with a good experience, and to provide statistics, which The Royal Mint Museum uses to evaluate use of the platforms to help us improve them.

We collect usage data which includes details of your use of any of our apps and your visits to any of our websites. This includes, but not limited to, traffic data and other communication data, and the resources that you access. Some of this data is gathered from the use of cookies, which are also sometimes used to distinguish you from other users.

Cookies are small text files made up of letters and numbers that are stored on your computer, tablet or mobile device when you visit particular webpages.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include cookies that enable you to log into secure areas of our website, use a shopping cart or make use of the payment services.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Your device will need to accept cookies to enable the personalised features found on our websites.

Your device can be used to restrict, block or delete cookies from our platforms or any other platforms, if you would prefer this. This differs from device to device, please consult your device’s ‘help’ documentation or alternatively you can visit aboutcookies.org for more information on how you can delete and control the cookies that are stored on your device. If you’d like to opt out of advertising cookies, please go to the Network Advertising Initiative website networkadvertising.org, Digital Advertising Alliance website optout.aboutads.info, or the European Interactive Advertising Alliance website youronlinechoices.com.

The data that we collect and share through the use of cookies is typically anonymous and not personally identifiable. It does not typically contain your name, address, telephone number, or e-mail address. Cookies store a generated ‘key’ which is associated with all this information.

We also use pixels, or transparent GIF files, to help manage online advertising. These GIF files are provided by our advertisement management partners. These files enable our partners to recognise a unique cookie on your device, which in turn enables us to learn which advertisements bring users to our website. The cookie was placed by us, or by another advertiser who works with our partners.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below.

 

Collection Royal Mint Museum (Modes)

Name of Cookie

Why we use it

Type

Maximum Expiry

ASPSESSIONID#

Preserves users states across page requests

Necessary

Expires following the session

For more information visit: https://www.modes.org.uk/site/terms-and-conditions.html

Cookiebot

Name of Cookie

Why we use it

Type

Maximum Expiry

CookieConsent

Stores the user's cookie consent state for the current domain

Necessary

1 year

CookieConsentBulkSetting-#
CookieConsentBulkTicket

Enables cookie consent across multiple websites

Analytical/Performance

Persistent

For more information visit: https://www.cookiebot.com/en/cookie-declaration/

Double click

Name of Cookie

Why we use it

Type

Maximum Expiry

IDE

To register and report the website user's actions after viewing or clicking ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

Targeting

1 year

test_cookie

Used to check if a users browser accepts cookies

Functionality

1 day

For more information visit: For more information visit: https://policies.google.com/privacy?hl=en

Google

Name of Cookie

Why we use it

Type

Maximum Expiry

rc::c

This cookie is used to distinguish between humans and bots.

Necessary

Expires following the session

_ga
_gat
_gid

Cookies track browsing habits and activity when using the Royal Mint Museum platforms

Analytical/Performance

2 years

collect

Used to collect data about the users device and behaviour

Analytical/Performance

Expires following the session

__utm.gif

Google Analytics Tracking Code that logs details about the visitor's browser and computer

Analytical/Performance

Expires following the session

__utma

Collects data on the number of times a user has visited the website as well as dates for the first and most recent visit.

Analytical/Performance

2 years

__utmb
__utmc

Registers a timestamp with the exact time of when the user leaves the website.

Analytical/Performance

1 day

__utmt

Used to throttle the speed of requests to the server

Analytical/Performance

1 day

__utmz

Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used.

Analytical/Performance

6 months

For more information visit: https://policies.google.com/technologies/cookies?hl=en-US

iPerceptions

Name of Cookie

Why we use it

Type

Maximum Expiry

incap_ses_#
visid_incap_#
nlbi_#

Preserves the visitor's session state across page requests

Necessary

Expires following the session

_utmvboEuMBRiB
_utmvmoEuMBRiB
___utmvbtYuMBRiB
___utmvmtYuMBRiB

 

Unclassified

1 day

For more information visit: https://www.iperceptions.com/en/legal/privacy-policy

Royal Mint

Name of Cookie

Why we use it

Type

Maximum Expiry

ASP.NET_SessionId

Preserves the visitor's session state across page requests

Necessary

Expires following the session

__RequestVerificationToken

This is an anti forgery token that helps us to prevent cross-site request forgery attacks.

Necessary

Expires following the session

EPi_NumberOfVisits

Tracks the number of pages visitied during a user session.

Analytical/Performance

1 year

_TRMV3ANON20180731

 

Unclassified

69 days

For more information visit: https://www.royalmint.com/help/trm-faqs/privacy-and-cookies/

Royal Mint Museum

Name of Cookie

Why we use it

Type

Maximum Expiry

ASP.NET_SessionId

Preserves the visitor's session state across page requests

Necessary

Expires following the session

Volume

Used by video players to remember the user's preferred sound volume

Functionality

Persistent

ANONID#
VISID222199

This track visit session identifier is used to agregate page usages.

Analytical/Performance

1 year

ANONID_FS#

This cookie is used in conjunction with the 'ANONID' cookie. The cookie only contains a creation date for the 'ANONID' cookie

Functionality

1 year

visitorDeviceClass

This cookie identifies the device you are using to access the website e.g. desktop, mobile, tablet. This cookie is for the purpose of customizing the user interface for the device you use to access the website.

Functionality

Expires following the session

Twitter

Name of Cookie

Why we use it

Type

Maximum Expiry

local_storage_support_test

The cookie is used in context with the local-storage function in the browser. This function allows the website to load faster by pre-loading certain procedures

Functionality

8 months

__widgetsettings

Provides functional support for the Royal Mint Museum twitter feeds

Functionality

Persistent

For more information visit: https://help.twitter.com/en/rules-and-policies/twitter-cookies

Youtube

Name of Cookie

Why we use it

Type

Maximum Expiry

GPS

Registers a unique ID on mobile devices to enable tracking based on geographical GPS location

Analytical/Performance

1 year

PREF

Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites.

Analytical/Performance

8 months

VISITOR_INFO1_LIVE

Tries to estimate the users' bandwidth on pages with integrated YouTube videos

Functionality

179 days

YSC

Registers a unique ID to keep statistics of what videos from YouTube the user has seen

Analytical/Performance

Expires following the session

yt-remote-cast-installed
yt-remote-connected-devices
yt-remote-device-id
yt-remote-fast-check-period
yt-remote-session-app
yt-remote-session-name

Stores the user's video player preferences using embedded YouTube video

Functionality

Persistent

For more information visit: https://policies.google.com/privacy

 

Third-party cookies

When you visit our platforms you may notice some cookies that aren’t related to us. If you visit a platform page that contains content which is embedded from other organisations, for example YouTube or Vimeo, you may be sent cookies from these organisations. We do not control these cookies and we would suggest that you visit these organisations’ websites to view information about their cookies and how they are used.

We do have relationships with select suppliers who may also set cookies during your visit to be used for marketing purposes, such as showing you our products depending on what you seem to be interested in.

Social media sharing

If you share our content with friends through social networks – such as Facebook and Twitter, you may be sent cookies from these websites. We don't control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.

Who might we share your information with?

While most of our work is done by our employees who access your Personal Data directly from our systems which are under our direct control, we do use third-party service providers to perform certain functions on our behalf.

We have listed below examples of the kind of third- party service providers that we work with. We have also listed examples of the types of information that they may have access to and reasons that we may need to share your Personal Data with them.

Order Fulfilment would have access to your personal data including contact information and the goods and services requested. The purpose for this type of transfer being to prepare and deliver the products and/or services that you have requested.

Payment Processing would have access to your personal data including contact information, credit/debit card information, and payment details. The purpose for this type of transfer being to process your payment for the products or services provided.

Professional Services would have access to your personal data including contact information. The purpose for this type of transfer being to ensure our compliance with our legal obligations (including anti-money laundering and counter-terrorist financing verification), to assess your suitability for credit (if you have applied for an interest free account)

Communications and Marketing would have access to your personal data including contact information. The purpose for this type of transfer being to send you information regarding our products and services, analysing data (including removing repetitive or out of date information from customer lists) and providing marketing assistance.

IT Support would have access to the personal data in our custody with which we require support. The purpose for this type of transfer being to resolve IT issues in order to provide the products and services that you have requested.

Data Storage would have access to all the personal data in our custody. The purpose for this type of transfer being to provide us with secure data storage and back-up.

Such companies and individuals will only have access to the personal data needed to perform these functions, they may not use it for any other purposes and are required to process the data in accordance with data protection laws and regulations applicable in the United Kingdom.

For further information on which service providers may have access to your personal data, please contact us.

We will only share your Personal Data with third parties for their own purposes in very limited and specific circumstances.

This will predominately be where you have given your consent at the time of supplying your personal data. For example, we may pass that data to a third party with whom we are collaborating with where you have registered your interest in the product or service. This would be to allow them to send you updates on the product or service and advise you on availability.

Please note that if we are requested by the police, government, regulatory, or other body investigating suspected illegal activities to provide your personal data and/or user details, we are entitled to do so.

Do we transfer information between countries?

It may sometimes be necessary to transfer your personal data overseas. When this is needed your personal data may be transferred to countries or territories outside of the EEA. Any transfers made will be in full compliance with all aspects of the data protection laws and regulations applicable in the United Kingdom.

We may only transfer your personal data outside the EEA if one of the following conditions applies:

  • The European Commission has issued a decision confirming that the country to which we transfer personal data ensures an adequate level of protection for the data subject’s rights and freedoms: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm ;
  • Appropriate safeguards are in place such as binding corporate rules (BCR), model contractual clauses, an approved code of conduct or a certification mechanism;
  • You have provided your explicit consent to the transfer after being informed of any potential risks; or
  • The transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and you, reasons of public interest, to establish, exercise or defend legal claims, to fulfil our legal or regulatory obligations, or to protect your vital interests where you’re physically or legally incapable of giving consent and, in some limited cases, for our legitimate interests.

For further information on which countries your personal data may be transferred to and the specific safeguards that are in place, contact us.

How long do we keep hold of your information?

We keep your Personal Data for as long as we need it to satisfy our business and legal requirements; if you hold a customer account normally this is no longer than 6 years after your cease holding an account. Once Personal Data is no longer required, it is either deleted or anonymised.

Where you have shared your experiences working for The Royal Mint Museum or The Royal Mint (including audio, photographic, video and written records) these will be held permanently as part of our historical archives. It is important to note that all employees at The Royal Mint Museum follow an organisation-wide security policy. Only employees authorised are provided access to Personal Data and these employees will have agreed to ensure confidentiality of this information.

What rights do I have in relation to the personal data you hold about me?

Unless subject to an exemption, you have the following rights with respect to your Personal Data:

  • The right to request a copy of your Personal Data which The Royal Mint holds about you;
  • The right to request that we correct any Personal Data if it is found to be inaccurate or out of date;
  • The right to request your Personal Data is erased where it is no longer necessary for us to retain such data;
  • The right to withdraw your consent to the processing at any time where we are relying on your consent as the legal basis for processing your Personal Data;
  • Where applicable, the right to request that we transfer your Personal Data directly to another data controller, (known as the right to data portability);
  • The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to request a restriction is placed on further processing;
  • The right to object to the processing of Personal Data where processing is based on legitimate interests, the performance of a task in the public interest/exercise of official authority, direct marketing and processing for the purposes of scientific/historical research and statistics;
  • The right to lodge a complaint with the Information Commissioner’s Office.

How can I access or correct my Personal Data, request that it be deleted, ask for it to be transferred to another organisation or exercise any of my other rights?  

The majority of the Personal Data that we collect is collected directly from you, in which case you are responsible for its accuracy. We encourage you to tell us as soon as possible if there are any changes to your Personal Data, such as a new address. When information is found to be inaccurate, either through our own checks or following a communication from you, it is updated.

You can update your Personal Data at any time by contacting us using the following information:

Please note that it may take up to 48 hours (during working days) to update your details.

For further information regarding this policy, to access your Personal Data, request that it be deleted, or ask for it to be transferred to another organisation, please contact the Data Protection Officer by using the above mentioned contact details.

How can I make a complaint about how you have handled my Personal Data or responded to a request to exercise my data subject rights?

If you are dissatisfied with the handling of your Personal Data or how we have responded to a request to exercise your data subject rights, you have the right to ask for an internal review.  An internal review will consider whether or not your Personal Data and/or request were handled appropriately, in line with applicable data protection laws and regulations.

Internal review requests should be submitted to the Data Protection Officer by using the contact information above. Internal reviews will be carried out by the Finance Director. We aim to respond within 20 working days of the receipt of the request for an internal review.

If you are dissatisfied with the outcome of the review, then you may seek a review by the Information Commissioner’s office, which has the powers to uphold or overturn the decision. Please see ICO contact information below.  The Royal Mint will abide by the decisions of the ICO, unless it considers itself to have grounds for an appeal to the First-Tier Tribunal (Information Rights).

Last Updated: 30/04/2019