Privacy Policy

This policy tells you about how we collect, use and protect your personal information. We are required to provide you with this notice in accordance with the EU General Data Protection Regulations (GDPR). This policy replaces our Data Protection Policy.
Cookie Policy

Who we are

The Postal Museum is the public identity of the Postal Heritage Trust. In this policy, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to the Postal Heritage Trust, Postal Heritage Service Ltd, and Postal Heritage Trading Ltd. Each of these is registered as a ‘data controller’ with the UK information rights regulator: the Information Commissioner’s Office (ICO).

Who The Postal Museum collects information about

We need to collect and use certain types of information about people we interact with in order to operate and to meet our legal obligations. Groups of people we need to collect personal information about include:

  • Visitors to the museum and Mail Rail – for a range of purposes including processing ticket purchases, answering enquiries, responding to feedback, keeping visitors informed of future events, and supporting visitor safety via CCTV
  • Staff and volunteers who carry out work for The Postal Museum – for recruitment, payroll and performance review
  • Donors and members who support our work – for managing relationships
  • Potential donors – for furthering our charitable aims, including fundraising activities
  • External stakeholders including suppliers, contractors and other third parties who carry out work on our behalf (such as payroll administration or database management)
  • Enquirers who want specific questions answered (these people may not visit in person)
  • Researchers consulting original material in the Discovery Room or requesting copies of that material
  • Donors of material to the museum and archive collections and those who borrow elements of the collections for various purposes
  • Customers using our online shop or paid research services – to process orders
  • Contributors to our history initiatives (such as previous Post Office and Royal Mail employees sharing their stories)

In this context, The Postal Museum is known under data protection regulations as the ‘data controller’ and third parties who process personal data on our behalf are known as ‘data processors’. Those individuals who the personal information is about are known as ‘data subjects’.

We recognise and adhere to the seven principles of data protection as set out in the EU General Data Protection Regulations (GDPR).

Seven Principles of Data Protection

Your privacy

The Postal Museum (TPM) is committed to protecting the personal information of all those who interact with us, and to being transparent about what we do with your information. We won’t do anything with your information that you wouldn’t reasonably expect and we will only use your information for the purposes for which it was obtained.

Information about you may be collected when you visit our websites either by automatic tracking devices or, more directly, where you request a specific service, such as subscribing to the newsletter or contacting us via our contact form. By using this website, you consent to the collection and use of your information under the terms of this policy.

Who we share your information with

We promise never to sell or share your personal information with any third party for their own purposes, and you will not receive marketing from any other companies, charities or other organisations as a result of giving your details to us unless you consent to do so.

We will only share your data for these reasons:

NHS Test and Trace: Contact details we take from customers are kept in line with our retention schedule. If asked, your information (including your name and contact details which may include your email and/or contact number) may be shared with a legitimate public health authority for the purposes of the ‘NHS Test & Trace’ contact tracing scheme.

We are doing this to help reduce the risk of any local outbreak – by sharing your information NHS Test and Trace can quickly identify people who have come into contact with someone who has tested positive for COVID-19 and ask them to take the necessary precautions. We will share names and contact information in the event of a fellow customer or staff member testing positive for coronavirus.

More information about how your information will be used and protected once shared is available on the NHS Test & Trace website. The UK Government has stated that NHS Test & Trace service will handle all data according to the highest ethical and security standards and ensure it is used only for the purposes of protecting public health, including minimising the transmission of COVID-19. We will only provide information for Test & Trace on request from a legitimate public health authority for 21 days after a visit.

You can request more information by emailing us at [email protected] from the email you used to book tickets or make an appointment. Please provide the date and time of visit the visit you have booked.

To provide services we can’t deliver in house: We sometimes need to share your information with data hosting providers or service providers who help us to deliver our products and services and our internal administration. Examples include providers of systems used for customer relationship management, ticketing, mailing lists, and HR administration.

These third-party providers only act under our instruction as set out in individual data processing agreements with The Postal Museum (TPM). These agreements define TPM as the data owner and prevent use of the data for the provider’s own purposes unless fully anonymised. They also prevent selling or distribution of the data, and address return of data on contract termination.

Third party suppliers also have security and privacy obligations under data protection regulations in their role as ‘data processors’, including the obligation to inform us about the data processors they in turn use (known as ‘sub-processors’).
Some of the third parties we work with operate outside the European Economic Area. In the case of these transfers of information, we ensure that our data processors provide an adequate level of protection and that these measures form part of our agreements with them.

Where legally required: Where sharing of your personal data is required by law, we will act on these obligations. For example, we may disclose your personal information to the government for tax investigation purposes, or to law enforcement bodies for the prevention and detection of crime where a clear need for this is identified. We may also share your information with the emergency services if we think there is a risk of serious harm to you or someone else.

If you’re 13 or under

If you’re aged 13 or under, you must get your parent/guardian’s permission before you provide any personal information to us via the website or in person.

How and why we use your information

Tracking our online visitors
The Postal Museum (TPM) monitors how people use our website and aggerates general statistics about customers, traffic patterns and related site information in an anonymous form. We do this on the basis of our legitimate interests. To collect this data, TPM uses software that collects statistics from IP data. This software can determine what times of day people access our site, which country they access the website from, how long they visit for, what browser they are using etc.

This information is collected to measure the popularity of particular content, and of the website as a whole, allowing us to judge visitor needs and tailor future content.
Please see our Cookie Policy for further details.

IP addresses
IP addresses are collected via Mailchimp when you sign up. Please see their Privacy Policy for more information. IP addresses aren’t collected anywhere else on this website.

To purchase tickets online, you will need to submit your contact details so that we can book, and provide you with, your tickets [GDPR Lawful Basis for Processing: Contractual necessity]. When you click on a link to book a ticket, you are redirected to a web portal hosted by one of our third-party providers.

You will need to create an account to purchase tickets. When you complete your order, you will be asked if you want to join our mailing list; you will have an option to unsubscribe or change your preferences at the bottom of each email we send. Details of your transaction will be kept in line with our internal retention policies and may also be used to help us better understand our customers.

You will be providing payment card information directly to our card payment processor who operate a secure server to process payment details, encrypting your credit/debit card information and authorising payment.

Gift Aiding a donation on a ticket
When you buy a ticket online or in person at The Postal Museum or Mail Rail you will be asked if you want to gift aid your ticket (this applies to UK taxpayers only). If you do, this is part of a formal declaration and we will need to record your name and address to identify you as a current UK tax payer. If you wish to gift aid, we are legally required to disclose the information you have provided us to HM Revenue & Customs. We will retain a record of this transaction for three years after the current financial year [GDPR Lawful Basis for Processing: Compliance with legal obligations].

In order to purchase products online, you will need to submit your contact details so that we can process your transaction and ensure you receive your goods [GDPR Lawful Basis for Processing: Contractual necessity]. When you use our online shop, you’ll be redirected to a web portal hosted by one of our third-party providers. Details of your transaction will be kept in line with our internal retention policies and may also be used to help us better understand our customers.

Our card payment processor operates a secure server to process payment details, encrypting your credit/debit card information and authorising payment. TPM will not retain your payment card details after your order has been processed. We will retain your email and postal address to complete your order – these will not be used by a third party for any marketing purposes. When you complete your order, you have an option to join our mailing list; you may unsubscribe at any time following the link at the bottom of each email.

When you purchase any ticket from us you will be asked if you want to join our mailing list. You can also join our mailing list from the home page of our website or opting in using one of our forms. When you sign up, you will be asked to select your preferences so that we only send you messages that are of interest to you. You’ll have the opportunity to unsubscribe or change your preferences at the bottom of each email we sent you [GDPR Lawful Basis for Processing: Consent]. Your interaction with us may also be used to help us better understand our customers.

Marketing communications may include but are not limited to:

  • Details of The Postal Museum’s products, promotions, services or events such as exhibitions, retail or café offers
  • News and updates about The Postal Museum such as learning or supporter newsletters
  • Details of fundraising opportunities and ways to support us
  • Surveys for marketing purposes

Your email address will be shared with the third-party provider (MailChimp) we use for bulk email distribution. They are not permitted to use your data for their own marketing purposes nor to sell or distribute it. Have a look at their MailChimp’s Privacy Policy for more information

We will contact you periodically to check that you still want to receive messages from us. If not, we will delete you from our database.

When you contact us via our online form, your message will be directed to the email account of the team who are able to answer your enquiry. You will be asked to submit your name and email address and/ or phone number so that we can get back to you. We process your information on the basis that you have provided consent by initiating contact with us. Your details may also be used to help us better understand our customers . All contact form submissions are stored securely on our website in case your enquiry doesn’t reach us via email where they are deleted every 12 months.

We maintain a presence on several social media platforms, such as Facebook, Twitter and Instagram. These providers control the use of any data you submit to the sites, so we suggest that you refer to their separate privacy policies and take care when submitting personal information. We may copy information from your social media platform to support our marketing activities where this is not in contravention of any data protection legislation. All information used will be anonymous unless by prior agreement with you.

When you use our online catalogue to search our archive holdings, you will be directed to a separate website hosted by one of our third-party providers . You will not be asked to provide any personal data unless you want to create an account. Having an account will allow you to save a wish list of items that are of interest to you. The only information you are required to provide to create an account is your name and email address. You can delete your account at any time. After a period of inactivity, you will be prompted to log back in and if you choose not to, your account will be deleted.

To purchase these services remotely, you will need to submit your contact information so that we can process your order [GDPR Lawful Basis for Processing: Contractual necessity]. We’ll ensure your payment is taken securely and won’t retain your card details. Your contact details won’t be transferred to any third-party other than to process your payment.

If you decide to visit us and look at original archival records in our Discovery Room, you will be asked to complete a registration form and provide us with your full address, phone number and email address (if you have one). These details are needed to ensure the safety of our collections and will be kept as part of our audit trail for a minimum of 20 years in case any issues are uncovered in the future [GDPR Lawful Basis for Processing: Task carried out in the public interest]. Your information will be kept securely and won’t be shared outside of TPM unless we are legally required to do so. It won’t be used to contact you for marketing purposes useless you have asked for this. It may occasionally be used to contact you about relevant changes to our service such as our opening hours.

If you decide to donate an object or document to The Postal Museum (TPM), we will need to collect your contact details. This is information that we keep permanently as part of our collections care policies. The information is needed to: provide a record of transfer of ownership; provide an audit trail of the provenance of our collections; assign copyright; contact you in case we have questions about the item; contact you in case we decide the item isn’t suitable for the collection. We process your personal data to safeguard our collections and ensure we comply to professional collections care standards [GDPR Lawful Basis for Processing – for Archive collections: Task carried out in the public interest; for Museum collections: Legitimate Interests]. This information will not normally be made publicly available; consent will be sought from the donor if an occasion arises in which the donor’s name is required to be linked to an item on display.

Your information will be kept securely and won’t be shared outside of TPM unless we are legally required to do so. It won’t be used to contact you for marketing purposes useless you have asked for this.

If you apply to work or volunteer at The Postal Museum (TPM), we will use the information you supply to us to assess your suitability for the role, process your application and to monitor recruitment statistics. We process your information on the basis that it is necessary to take steps to potentially enter into a contract or agreement with you [GDPR Lawful Basis for Processing: Contractual necessity/ Legitimate Interests]. If we need to share information with a third-party (such as to take up a reference or to check your criminal record under the Disclosure and Barring Service) we will always inform you of this beforehand.

Personal information about unsuccessful candidates will be held for 6 months after the recruitment exercise has been completed, after which it will be destroyed.

We may invite you to participate in surveys or market research to help us improve our website, fundraising, services and strategic development. Participation is always voluntary and while personal data may be collected for these surveys, no person will be identified as a result of research without their explicit permission. We process your information on the basis that you have provided consent by supplying feedback. Your details may be used to help us better understand our customers.

If we use a third party to conduct or coordinate this research for us, or if we use a third-party system to collect the data, we will have a data sharing agreement in place to ensure that your information is kept securely and isn’t used for any unspecified purposes.

Filming and photography may take place within The Postal Museum (TPM) during special events and other occasions. Visitors will be notified of this via invites and through the use of posters and verbal instructions at the event. If you don’t wish to be featured you should inform the photographer or a member of staff as soon as possible. Images/video content may be used on our website or social media platforms, in hard copy publications, press activity or for other marketing purposes. By attending an event and not informing us otherwise, you consent to being featured in this photography/filming. You have a right to withdraw your consent at any time and we will take reasonable efforts to follow your wishes (see ‘How to request further information’).

Visitors will be asked to provide verbal consent or to sign a consent form if they feature prominently in any recording made.

Identifiable images of children will never be captured for marketing purposes without the written consent of a parent or guardian. Consent for use of images of children by TPM will be time limited. When consent expires, images and their related consent forms will be deleted/destroyed.

When you contact us regarding venue hire, we’ll keep your name, email address and phone number in order to respond to your enquiry. We may use your email address to send you emails about venue hire offers and showcase events – you can opt out of marketing at any time.

If you book with us we’ll ask you permission to share your details with our preferred event partners and our exclusive caterer so that you can discuss your event needs with them directly. We have agreements in place with these third parties stating that they are not permitted to use your data for their own marketing purposes without asking for your consent.

Records relating to your booking will be kept for a maximum of 7 years in case of any disputes [GDPR Lawful Basis for Processing: Contractual necessity].

Sponsorship Schemes and Online Donation

 When you participate in a sponsorship scheme, such as sponsoring a sleeper, or becoming a member or patron, or donate to us online, you will be asked to provide your contact and payment details. These details are used to process your payment and to contact you if needed (for example, to book your “Walk The Rails” tour to see your sleeper). Details of your sponsorship will be kept for a minimum of five years in order to administer the benefits of the scheme [GDPR Lawful Basis for Processing: contractual necessity].

You will be providing payment card information directly to our card payment processor who operate a secure server to process payment details, encrypting your credit/debit card information and authorising payment.

Your details may also be used to help us better understand our supporters (See section below on fundraising research.) If you wish to opt-out of this, simply contact us by email at [email protected] or using the contact details below to contact us by post or telephone.

Fundraising Research

Fundraising research is vital to our development activities to ensure The Postal Museum continues to thrive for generations to come. We may, for the purposes of our legitimate interests, use your personal information which is available from publicly available sources, and which you have volunteered to us, to conduct profiling of our supporters or potential supporters, and to help us understand our visitors and donors. This is to help us target communications in a more focused, efficient and cost-effective way, helping us reduce the chances of supporters and potential supporters receiving inappropriate or irrelevant communications, and enabling us to ensure that our communications are relevant to you, and to give us insight into your interest or capacity to support the Museum and in getting involved in our activities.

We only use profile data internally for the purposes of our own fundraising. It will be shared with our customer relationship management system provider for relationship management purposes, but with no other third party.  You can choose to opt-out of being the subject of wealth screening, research, data cleansing or analysis simply by contacting us by email at [email protected] or using the contact details below to contact us by post or telephone. If you would like your profile information amended, you can contact us and we will make these changes (see ‘Further information and requests’).

Major donor analysis

We may carry out research to determine whether an individual could be a potential major donor. To do this we may use publicly available information from third party sources such as Google, Companies House, published biographies and publicly available LinkedIn profiles. The type of information we collect may include:

  • Career overview
  • Gift capacity
  • Areas of interest
  • History of giving to us and others
  • How the individual is connected with us and others
  • Public information on any philanthropic activities

When we undertake this research, we will inform the individual at the time of first communication that data has been obtained about them for the purpose of determining their capacity to make a major donation, and this communication will take place within a reasonable period. The individual can choose to request that the Postal Museum delete such research, and take no further action.

High value event planning

We may also use profiling to produce short biographies of people who are due to meet with our leadership or attend an event that we may be hosting. This helps our staff to understand more about those we engage with, and their interests or connection to us.

Ethical Considerations

As a registered charity, we are subject to a number of legal and regulatory obligations and standards. To this end, we may carry out appropriate due diligence of donors, check donations and implement robust financial controls to help protect the Postal Heritage Trust from abuse, fraud and/or money laundering.  We may also ethically screen supporters to minimise risk of creating an association with an individual or group that conflicts with our values.

If you have any questions or concerns, contact our Development team at [email protected] or at the postal address below.

From time to time we conduct analysis of our customers using personal data to better understand who visits the museum and their motivations/interests, make improvements to the customer experience, develop products and enhance our offer.

If at any time you no longer wish to have your personal data used in these ways, or if you would like your information amended, you can contact us and we will make these changes (see ‘Further information and requests’).

We operate a CCTV surveillance system throughout The Postal Museum and Mail Rail for the purposes of maintaining public safety, maintaining security of the property and premises and for preventing and investigating crime. We abide by the CCTV Code of Practice in the management of information recorded and retained by surveillance equipment.

Signage is prominently placed to inform visitors, members of the public and staff that CCTV is in use and includes contact details for further information.

Images captured by the system are recorded continuously and reviewed as required. Access to the images is limited on a need-to-know basis. Images are disclosed to third parties only when there is a legal requirement to do so. Images are deleted regularly in line with our retention policy [GDPR Lawful Basis for Processing: Legitimate Interests and Compliance with legal obligations].

How we protect your information

We use technical and organisational safeguards to ensure that your personal information is secure. We limit access to information on a need-to-know basis and ensure that staff are trained in data protection principles.

We utilise SSL (Secure Socket Layer) to encrypt data passed between our website and servers, ensuring all data remains private. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. Our online forms are always encrypted and our network is protected and routinely monitored.

If you use your credit or debit card to make a booking online, buy something or donate to us, we pass your card details securely to our payment processing partners. We do this in accordance with industry standards and don’t store the details on our website.

However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data disclosed or transmitted over public networks.

How long we keep your information

We will keep your personal information related to financial transactions for as long as the law requires us to do so for tax or accounting purposes (usually for the current financial year plus three further years).

If you request that we stop processing your personal information for the marketing purposes, we may need to add your details to a suppression list so we are aware that you don’t wish to be contacted.

Other categories of personal information will only be kept for as long as they are needed for the purpose for which they were collected, and in line with our internal retention policies.

Your rights to your personal information

The Postal Museum (TPM) aims to be as open as possible when giving people access to their personal information. You can find out if we hold any personal information about you by making a ‘subject access request’ under the EU General Data Protection Regulations (GDPR). If we hold any information about you we will, as far as practically possible:

  • Give you a description of it
  • Tell you why we are holding it
  • Tell you who it could be disclosed to
  • Provide you for a copy of the information in an intelligible form

To make a request to TPM for any personal information we may hold, you need to put the request in writing as detailed below. You may be asked for proof of identification to ensure we are lawfully disclosing information.

If we do hold information about you, you can ask us to correct any inaccuracies or to delete the information if we do not have a legitimate reason to hold it.

Requesting further information

To request information about yourself or to find out more about our privacy, data protection and records retention measures, please write to:

Data Protection Coordinator
The Postal Museum
15 – 20 Phoenix Place


Alternatively email [email protected]. Specify in your communication the exact nature of the information you wish to request.

You can also call us on 0300 0300 700.

For further information about our website please writer to Webmaster at the above postal address or email [email protected] 

How to make a complaint

If you are unsatisfied with the information we provide regarding your privacy and data protection, you can raise your concerns with the UK information rights regulator: the ICO (Information Commission’s Office).

Information Commissioner’s Office
Wycliffe House
Water Lane

T: 0303 123 1113, 01625 545 745

We reserve the right to make amends to this policy at any time.

This policy was last updated on 23/09/2020.