Privacy and Cookies
- processed lawfully, fairly and in a transparent manner
- collected only for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for the purposes for which it is processed
- accurate and up to date
- not kept in an identifiable form for longer than is necessary for the purposes for which you provided it
- secured by appropriate technical and organisational measures
- not transferred without adequate protection
It is important that we keep your information accurate and up-to-date and so in return, we ask you to:
- give us accurate information
- tell us as soon as possible if there are any changes, such as a new address
Other links within this website to other websites are not covered by this policy.
Who are we?
The Royal Mint Museum consists of the below listed companies.
Any Personal Data provided to, or gathered by, The Royal Mint Museum (this includes www.royalmintmuseum.org.uk, https://rm50th.royalmintmuseum.org.uk, and http://collection.royalmintmuseum.org.uk/) is controlled by The Royal Mint Museum incorporated and registered in England and Wales with company number 07105875 whose registered office is at Llantrisant, Pontyclun, Mid Glamorgan, South Wales, United Kingdom CF72 8YT. The Royal Mint Museum is also a registered charity with charity number 1138877.
Information Commissioner’s Office Registration Number: ZA324180.
VAT Registration Number: GB 991 2251 18
Any Personal Data provided to, or gathered by, The Royal Mint Museum Services Limited is controlled by The Royal Mint Museum Services Limited incorporated and registered in England and Wales with company number 07106468 whose registered office is at Llantrisant, Pontyclun, Mid Glamorgan, South Wales, United Kingdom CF72 8YT.
Information Commissioner’s Office Registration Number: ZA324185.
For further information regarding this policy, please contact our Data Protection Officer at the above listed address or using the following telephone or e-mail address:
- Telephone: 01443623004
- E-mail: firstname.lastname@example.org
What is Personal Data?
Personal Data is any information identifying you or information relating to you that allows us to identify you. This can be either directly or indirectly from that data alone or in combination with other identifiers we possess or can reasonably access.
Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.
Personal Data includes special categories of Personal Data and pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed.
Special Categories of Personal Data is information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, and biometric or genetic data. Although Special Categories of Information do not include information about criminal allegations, proceedings or convictions, there are separate safeguards relating to this type of information.
Pseudonymisation or pseudonymised is the replacing of information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is kept separately and secure.
What types of Personal Data do we collect?
The types of Personal Data that we collect include:
- Age/date of birth;
- Contact information and user preference;
- Credit and debit card information and payment details;
- Contractual details including goods and services provided;
- Copies of documents you provide to prove your age or identity;
- Device / Electronic identification data (the type of device that you use and unique device identifiers such as your IP address, device’s IMEI number, the MAC address of the device’s wireless network interface, and the mobile phone number, network and operating system used by the device);
- Content data (information stored on your device including login information, photos, videos or other digital content, and check-ins);
- Location data (some of our platforms utilise GPS technology to determine your current location. Some of our location-enabled services require your personal data for these features to work. If you wish to use this particular feature you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.);
- Usage data (this includes details of your use of any of our apps and your visits to any of our websites including but not limited to traffic data and other communication data, and the resources that you access.);
- Unique application numbers (when you want to install or uninstall a service containing a unique application number or when such a service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.);
- Information collected through cookies; and
- Your vehicle details and registration number, your representative organisation (if applicable), and image (which may be recorded on CCTV) if your visit us.
We do not gather any Special Categories of Personal Data.
We do not routinely collect Personal Data about children under 16. There are a limited number of activities that we undertake which may involve the collection of children’s’ Personal Data, for example competition entries and photo/video permission forms. Where children’s’ Personal Data is processed it will be done so with the consent of whoever holds parental responsibility of the child.
For further information on the types of Personal Data that we hold on you, please contact us.
How and why do we collect Personal Data?
We collect Personal Data, for example, when you visit any of our websites or locations, when you contact us with enquiries or become involved with us in another way, for example, seeking information, historical and coinage advice, entering a competition, or making a donation to us.
We collect and process your Personal Data based on one or more of the following reasons / legal bases:
- It is necessary for us to perform a contract that you have entered into with us, or because it is necessary before entering into a contact (for example, to provide you with historical and coinage advice);
- You have given us consent to process your Personal Data for a specific purpose (for example, where you have shared your experiences working for The Royal Mint Museum or The Royal Mint and consented to us sharing your experiences with others);
- The processing is necessary for us to comply with our legal obligations (for example, to conduct know your customer checks);
- We have a legitimate interest to do so, and have taken your rights into consideration (for example, to obtain feedback on our products and services or to better understand you as a customer); and/or
- The processing is necessary to protect your vital interests (for example, to protect your life)
As referenced above, we have a legitimate business interest (and in some cases a legal obligation) to process Personal Data in order to better understand our customers. To do this we may combine the data that we collect directly from you from your interactions with The Royal Mint Museum, with data that we obtain from third parties.
We also have a legitimate interest, for example, to help ensure that we provide information, products and services that are most relevant to the interests of our customers.
We will not reuse your Personal Data for a new purpose other than for what it was originally collected, unless the new use is compatible with the original purpose for which the Personal Data was collected, we have notified you of the new use and given you a reasonable opportunity to object to it, or the new use is otherwise permitted or required by law.
Please note that if you do not share your Personal Data, we may not be able to provide you or have to stop providing you with the information, products or services that you have requested.
For further information on how and why we have collected your Personal Data, please contact us.
Who might we share your information with?
While most of our work is done by our employees who access your Personal Data directly from our systems which are under our direct control, we do use third-party service providers to perform certain functions on our behalf.
We have listed below examples of the kind of third- party service providers that we work with. We have also listed examples of the types of information that they may have access to and reasons that we may need to share your Personal Data with them.
Order Fulfilment would have access to your Personal Data including contact information, goods and services requested. The purpose for this type of transfer being to prepare and deliver the products and/or services that you have requested.
Payment Processing would have access to your Personal Data including contact information, credit/debit card information, and payment details. The purpose for this type of transfer being to process your payment for the products or services provided.
Professional Services would have access to your Personal Data including contact information. The purpose for this type of transfer being to ensure our compliance with our legal obligations (including anti-money laundering and counter-terrorist financing verification) and/or to assess your suitability for credit (if you have applied for an interest free account).
Communications and Marketing would have access to your Personal Data including contact information. The purpose for this type of transfer being to send you information regarding our products and services, analysing data (including removing repetitive or out of date information from customer lists) and providing marketing assistance.
IT Support would have access to the Personal Data in our custody with which we require support. The purpose for this type of transfer being to resolve IT issues in order to provide the products and services that you have requested.
Data Storage would have access to all the Personal Data in our custody. The purpose for this type of transfer being to provide us with secure data storage and back-up.
Such companies and individuals will only have access to the Personal Data needed to perform these functions, they may not use it for any other purposes and are required to process the data in accordance with data protection laws and regulations applicable in the United Kingdom.
For further information on which service providers may have access to your Personal Data, please contact us.
We will only share your Personal Data with third parties for their own purposes in very limited and specific circumstances.
This will predominately be where you have given your consent at the time of supplying your personal data. For example, we may pass that data to a third party with whom we are collaborating with where you have registered your interest in the product or service. This would be to allow them to send you updates on the product or service and advise you on availability.
Please note that if we are requested by the police, government, regulatory, or other body investigating suspected illegal activities to provide your Personal Data and/or user details, we are entitled to do so.
Do we transfer information between countries?
It may sometimes be necessary to transfer your Personal Data overseas. When this is needed your Personal Data may be transferred to countries or territories outside of the EEA. Any transfers made will be in full compliance with all aspects of the data protection laws and regulations applicable in the United Kingdom.
We may only transfer your Personal Data outside the EEA if one of the following conditions applies:
- The European Commission has issued a decision confirming that the country to which we transfer Personal Data ensures an adequate level of protection for the data subject’s rights and freedoms: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
- Appropriate safeguards are in place such as binding corporate rules (BCR), model contractual clauses, an approved code of conduct or a certification mechanism;
- You have provided your explicit consent to the transfer after being informed of any potential risks; or
- The transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and you, reasons of public interest, to establish, exercise or defend legal claims, to fulfil our legal or regulatory obligations, or to protect your vital interests where you’re physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.
For further information on which countries your Personal Data may be transferred to and the specific safeguards that are in place, contact us.