Privacy policy

    A view across Lake Windermere towards fells in the Lake District, Cumbria

The privacy and security of your personal information is extremely important to us. This privacy policy explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information.

Your personal data is in safe hands with the National Trust

We do: use your personal data to help us provide a great experience for you. This includes tailoring the information we share to ensure you find it relevant, useful and timely.

We do: respect your privacy and work hard to ensure we meet strict regulatory requirements.

We don’t: sell your personal data to third parties.

We’ll always protect your personal data and, as part of this, we regularly review our privacy notice so that you can see how we use your data and what your options are. If there are any further changes to the ‘General Data Protection Regulation’ (or GDPR) or related laws, we may need to amend this statement in the future.

A few quick notes:

  • This privacy policy explains what data we collect as well as how and why we use your personal data
  • The policy applies to you if you’re a supporter of the Trust (whether that’s as a member, donor, volunteer, tenant, customer or employee) or use any of our services, visit our website, use our mobile app, email, call or write to us. In certain circumstances we may also provide an extra privacy notice, which will always refer to this page
  • We’ll never sell your personal data. We will only share it with organisations we work with who meet our high privacy standards.

Index:

1. Who are ‘we’?

In this policy, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘National Trust', it refers to The National Trust for the Preservation of Historical Places or Natural Beauty and its wholly owned subsidiary The National Trust (Enterprises) Limited. (Our ICO registration number is Z5945928).

If you have any questions relating to this privacy policy or how we use your personal data, please send them to dpo@nationaltrust.org.uk or post them to the Data Protection Officer, National Trust, Heelis, Kemble Drive, Swindon, SN2 2NA.

Back to index

2. What personal data do we collect?

We will collect and use your personal data (this means any information which identifies you, or which can be identified as relating to you personally, such as your name, address, phone number, email address or member number). We’ll only collect the personal data we need and we’ll make it clear at the point of collection why we are collecting it. 

This personal data you give us may include your name, title, address, date of birth, age, gender, employment status, demographic information, email address, telephone numbers, personal description, photographs, CCTV images, attitudes, opinions, usernames and passwords.

We may automatically collect information as you use our digital services such as the app and website. This may include the pages you have visited, information about the device or browser you are using, any errors you encountered and data relating to any online transactions such as the order number for memberships, donations, renewals, holiday bookings and online shop purchases.

We’ll also collect data on your activity when you create or log in to your ‘My National Trust’ account. In whatever way you interact with us, such interaction may create other items of personal data. This could include details of how you’ve helped us by volunteering or by supporting our campaigns and other activities. If you decide to donate to us, we’ll also keep records of when and how much you give to support our cause.

For supporters who use our mobile app, please refer to our App Privacy Policy.

Back to index

2.1 Information from third parties

We buy anonymous external data (such as census data, Experian’s Mosaic consumer data, or Target Group Index marketing survey data) and combine it with your personal data to help us assist you in finding the services and products that you are looking to receive from us.

Back to index

2.2 Sensitive personal data

We sometimes have to collect and use ‘sensitive personal data’ on our employees and volunteers. This is defined as information about racial or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. At times we’ll collect sensitive personal data to help us monitor equal opportunities, and to research whether we deliver great experiences for everyone, regardless of their background or beliefs, but this is only ever analysed at an aggregate rather than individual level.

Back to index

2.3 Volunteer

If you’re a volunteer we may collect extra information about you (such as references, criminal records checks, details of emergency contacts or medical conditions). We will keep this information for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim), and for safeguarding purposes.

Back to index

2.4 CCTV

Some of our locations and properties have Closed Circuit Television (CCTV) and you may be recorded when you visit them.

CCTV is used to provide security and protect both our members and visitors and the National Trust. CCTV will only be viewed when necessary (for example, to detect or prevent crime) and footage is stored for a set period of time, after which it is recorded over. The National Trust complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices so you know when CCTV is used. 

Back to index

3. Children’s personal data

3.1 Family membership

Children under 18 are included on family memberships and are members of the National Trust. We collect their names and dates of birth to ensure they get free admission at our places. We don’t ask children on family memberships for consent to receive marketing communications, so they won’t receive them unless they’ve asked for them through our online service 'My National Trust', which is only available to people aged 13 and over. If a young person has done this, we’ll carry over this information when they turn 18.

Back to index

3.2 Junior and Young Person membership

Junior membership is available to everyone under the age of 18. Under 13s can have their membership bought for them as a gift by an adult, while those aged between 13 and 17 can buy membership online, by phone or at one of our places. Young Person membership is available from the age of 17.  

When a Junior or Young Person member becomes 18, we’ll carry over their marketing preferences and consent, if they have given any.

Back to index

3.3 Employment and volunteering opportunities

We don’t want to exclude under-18s from exciting opportunities to support our work through employment opportunities such as work experience or apprenticeships or by volunteering. We may therefore need to collect and store their personal information as set out in the volunteering and employment sections of this document.  Children should always ask a parent or guardian for permission before sending personal information to anyone online.

Back to index

4. What else do we generate from your personal data? 

We conduct research and analysis on the information we hold which can in turn create further personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you. The sections Research and Profiling give more detail about how we use information for profiling and targeted advertising, including giving you more relevant digital content. We use this information to identify ways in which you could support the National Trust and invite you do to so if appropriate.

This analysis may be carried out by us or by third party organisations working for us.  

We may also host encrypted personal data on third party websites (for example, social media platforms) to ensure you only see relevant, personalised and interesting content from those organisations. 

Back to index

5. How we use your personal data

We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation and Privacy of Electronic Communication Regulation.

We will use your personal data for the purpose or purposes outlined at the time you gave it to us. This may have been during the course of a sale, when signing up for membership or when simply visiting our website.

We use this information: 

  • to provide the service, product or essential information you expect from us
  • where you have given us your consent to do so, to keep you informed about: visiting our places, volunteering with us, membership, events, conservation work, fundraising, our shops and holidays.
  • to enable trusted partner organisations to perform services on our behalf or to help us understand our supporters more effectively.
  • to better understand how we can improve our services for you

We may also need to provide your personal data if we’re asked by the police, or any other regulatory or government authority investigating suspected illegal activities.

Below are the main ways we will use your data. These all depend on the nature of our relationship with you and how you interact with and use our various services, websites and activities. 

Back to index

5.1 Providing our services to you

Membership 

We use the personal data you provide as a member to fulfill your membership. This includes posting National Trust magazines and Handbooks, providing information about our Annual General Meeting, and sending renewal information to annual members by mail and email. It’s also used to check who you are when you contact our Supporter Services Centre or sign up for a 'My National Trust' account.

We also scan membership cards at our places to check you are entitled to free entry or free parking.

Back to index

Retail sales, holidays and events management 

We process customer data in order to fulfil holiday bookings and retail activities. Your data will be used to communicate with you throughout the process, including confirming we’ve received your order and payment, to confirm dispatch, to clarify where we might need more detail to fulfil an order or booking, or to resolve issues that might arise with your order or booking. Properties may also hold dietary requirements for weddings and events.

Back to index

Tenants

If you are a tenant of the National Trust and/or hold a license for some form of land use activity, we will use your personal information to fulfill our contract with you. This may include, but is not limited to, sending you rental invoices, tenant and landlord correspondence, and contacting you with information about issues or activities relating to your lease or license. We will not pass your details to third parties except where you have provided explicit consent or where we need to do so in order to fulfill our landlord responsibilities, for example if we need to send your address to a maintenance contractor so they can carry out repairs.

5.2 Our digital services

Location data 

We use the location data provided by the devices you use to access our main website, our mobile app and the myvolunteering site. If you let your device share this information with us, we’ll use it to personalise your experience with us. Your device or web browser will usually prompt you when this is requested.

The type of things we may use your location for include:

  • Sorting search results for properties, activities or events by your location
  • Making our homepage relevant to you and your location

You can change your location settings at any time in your device or computer settings.

Back to index

5.3 How we share your data

We will not sell your personal information to a third party. 

We may share your information with partners to allow them to perform services on our behalf. Where applicable we have contracts in place with our suppliers, which require them to comply with the General Data Protection Regulation and The Privacy and Electronic Communications Regulations (or PECR), and to have robust systems and processes to protect the security of your information. 

We may provide your email address to digital advertising or social media companies who work on our behalf, such as Facebook and Instagram. This is so we can reach you and others like you with information about how you can support our cause. This data is always provided in an encrypted format and is deleted immediately after use. If you don’t want to see targeted advertising from us on social media, please refer to the instructions provided by the social media site, for example on Facebook, Instagram, Twitter and Google.

Below are some examples of the types of organisations with which we may share your data: 

  • Advertising partners – to enable us to ensure our advertising is relevant to the recipients.
  • Analytics partners – to enable us to track the effectiveness of our website or mobile apps.
  • Social media partners – so that we can effectively communicate with our supporters on social media platforms.
  • Website and app partners – to help us develop websites and apps that give our customers the best possible onine experience.

For further detail on the processes used to share your information please refer to our cookie policy.

Back to index

5.4 Cookies and links to third party websites

Cookies

Cookies are small text files stored on your computer when you visit certain websites. We use first-party cookies (cookies that we have set, that can only be read by our website) to personalise your online experience. We also use third-party cookies (cookies that are set by an organisation other than the owner of the website, in this case the National Trust) to help us measure and analyse the use of our website and to provide targeted advertising. You can control the use of cookies via your browser. You can find further information in the National Trust’s cookie policy.

How do I change my cookie settings?

Cookies can be controlled by your web browser settings. Whether our cookies are used will depend on your browser settings, so you are in control. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, please use the following links: 

Further information on cookies and how to mange your cookies can be found in the National Trust’s cookie policy.

Back to index

Links to other websites

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, they will have their own privacy policies for which we do not accept any responsibility or liability.

Back to index

5.5 Marketing communications 

If you agree to receive marketing information from us you can always change your mind at a later date. For more on withdrawing your consent, please see the information in section 9 under Your data protection rights. We’ll never share your information with companies outside the National Trust who want to use it for their marketing. 

Back to index

Marketing to young people

We won’t send marketing emails and letters or make marketing calls to people under 13. We won’t send any marketing communications requesting donations to young people aged between 13 and 17, but we will send them information on how to fundraise on our behalf if  they specifically request this.

Back to index

5.6 Fundraising, donations and gifts in wills 

Where we have your permission, we may invite you to support vital conservation work by making a donation, buying a raffle ticket, getting involved in fundraising activities or leaving a gift in your will. 

Occasionally, we may invite supporters to attend events where they can find out more about the ways donations and gifts in wills make a difference. We’ll keep a record of which events you are invited to and whether you were able to attend

If you make a donation, we’ll use any personal information you give us to record the nature and amount of your gift, claim Gift Aid where you’ve told us you’re eligible, thank you for your gift or let you know if you have won a raffle prize. If you interact or have a conversation with us, we’ll note anything relevant and store this securely on our systems.

If you tell us you want to fundraise to support our cause, we’ll use the personal information you give us to record your plans and contact you to support your fundraising efforts.

Charity Commission rules require us to know where funds have come from, as well as any conditions attached to them. We follow a due diligence process which involves researching the financial soundness, credibility, reputation and ethical principles of donors who’ve made, or are likely to make, a significant donation to the National Trust.

As part of this process we’ll carry out research using publicly available information and professional resources. 

Major gifts

Where we have your consent to do so, we may use your contact information to invite you to meetings and events; send information about conservation projects you may be interested in supporting; and update you on the impact your support is making.

As a conservation charity reliant upon fundraised income, it is in our legitimate interests to use personal information in the ways described below, to help us understand our supporters and potential supporters, tailor our communications and use our resources effectively: 

  • If we invite you to an event or to meet with one of our fundraisers, or if we are in discussions with you about how you can support us now or in the future, we will use your personal information to ensure that we can have a more informed conversation with you: 
    • if you are a National Trust member this typically includes: contact and membership details; the amount and purpose of any previous donations; a record of communications we have sent or received from you. 
    • we may note conversations and interactions we have with you where it is relevant to your relationship with us. 
  • We may use your information in an aggregated format to help us understand the profile of supporters like you, so that we can target our communications more effectively in future and use our resources as cost effectively as possible. 
  • We may also conduct research to understand areas of our work that you may be interested in supporting. Where we do this, we use publicly available information, such as: professional profiles (for example, corporate biographies and/or LinkedIn profiles); search engine and public social media results; resources such as Companies House and the Charity Commission; and third-party publications such as Debretts, Who’s Who and the Sunday Times Rich List. We may also use third-party aggregators of publicly available information to review financial, philanthropic and professional information. If you would rather we did not do this, please just let us know and we will, of course, respect your wishes. 
  • In line with Charity Commission requirements, we follow a due diligence process to assess the financial soundness, credibility, reputation and ethical principles of donors who have made, or are likely to make, a significant donation to the National Trust. As part of this process we will conduct research using the methods referenced above. 
  • We are committed to looking after your data carefully and we store your personal data on our secure systems. If you are attending a meeting or event, we may need to share some basic information about you with staff, Trustees or advocates who are helping us to fundraise on a voluntary basis. It is only shared with those who need to know the information for the purposes set out in this privacy notice, when they need to know it.

If you want to change whether or how you hear from us, or have any questions about the data we hold or how we long we hold it, please contact us at giving@nationaltrust.org.uk

Gifts in wills

If you’ve told us that you have left a gift in your will, or are thinking about doing so, we will keep details of this. If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, such as your solicitor), we’ll make a note of these throughout your relationship with us, as this helps to ensure we direct your gift as you wanted.

Where a donor has passed away and we are in the process of receiving their legacy gift, we will process personal data of individuals involved in the estate administration for the purpose of ensuring our compliance with legal obligations in receiving and using the legacy gift for our charitable purposes. Access to this personal data is restricted and stored for as long as necessary to administer our legacy. More detailed information about use of personal data for this purpose is provided to the estate Executors, Trustees or their professional advisors during the legacy administration process and can be found below.

We rely on legitimate interests to process personal data of individuals involved with the supporter and their estate. Where we would like to process data that is not for the direct purpose of the legacy administration process, we will seek specific consent from an individual - for example, if we would like to remain in contact with a donor’s relative to update them on how the legacy has been used to benefit a specific area of the National Trust’s work. 

Where we collect personal data from

  • Executors, Trustees, solicitors and any other professional third party instructed in the legacy administration process.
  • Third parties, such as the Smee & Ford notification service
  • Copies of wills either provided by Executors, Trustees or other professionals acting in the administration, or publicly available online.
  • Other co-beneficiary charities that have a similar interest to us under the will
  • The public domain

Whose personal data we collect

  • Donors who have left us a gift in their will
  • Employees of organisations that we need to communicate with during the administration process including charity legacy officers, solicitor employees, estate agents etc. 
  • Executors of the estate and Trustees of Will Trusts, who may be family or friends of the donor, or a professional advisor such as a solicitor, accountant or banker.
  • Other individuals named as beneficiaries in a will, including those who have a life interest in an ongoing Will Trust.
  • Next of kin and or family members that we seek permission to thank and report on the progress of a legacy gift and how it has benefited the National Trust.

What data do we collect for gifts in wills

  • Home address and contact details 
  • Co-beneficiaries’ level of entitlement to any gifts or share of an estate in which we receive a benefit.
  • Telephone, email, internet, fax, instant messenger use or other electronic communication details where provided to us.
  • Sensitive personal information such as health status, if it is pertinent to the legacy case and there is a clear reason for doing so.

How do we use gifts in wills data?

  • We will only use personal information for the purposes of the legacy administration process, the purposes for which it was obtained.  For example we will not use personal data to market or fundraise from the Executor or next of kin without their express consent to do so.
  • We only share your information internally where it is directly relevant to those who need to know, when they need to know it.
  • We may need to share your information with ‘data processors’ such as associated organisations and agents who provide us with a legacy administration service or other charity beneficiaries who have a similar interest to our own. These ‘data processors’ will only act under our instruction for use and security of your data.

How do we store gifts in wills data?

  • Personal data is stored on our electronic case management system and restricted access directory. Any paperwork containing personal data is kept to a minimum, locked away when not in use and securely destroyed when no longer needed. Our systems are subject to National Trust security policies.
  • Personal data is held for as long as is necessary to ensure our legal entitlement is administered without challenge. Some legacy administration cases can be ongoing for long periods, for example in a life interest case where we have an interest in an asset that someone else is entitled to live in during their lifetime. There may be some cases where a longer retention period is required, for example were the Trust is acting as Executor or Administrator and has an ongoing duty to comply with conditions attached to the gift.

Back to index

5.7 Managing volunteers 

We need to use your personal data to manage your volunteering, from the moment you enquire to the time you decide to stop volunteering with us. 

This could include: 

  • contacting you about a role you’ve applied for or which we think you might be interested in.
  • processing expense claims you’ve made
  • recording shifts you’ve booked 
  • recognising your contribution
  • asking for your opinions on your volunteering experience
  • next of kin details

Back to index

5.8 Research 

We carry out research with our supporters, customers, staff and volunteers to get feedback on their experience with us. We use this feedback to improve the experiences we offer and ensure we know what you find relevant and interesting. 

If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research we may ask you to provide sensitive personal data (for  example, ethnicity). You don’t have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate rather than individual level (for example, for reporting on equal opportunities).  

We may give some of your personal data (for example, contact information) to a research agency so that they can carry out research on our behalf.

Back to index

5.9 Profiling 

We know it’s important to our supporters that we use our resources in a responsible and cost-effective way. This is why we use automated profiling and targeting to help us understand our supporters and make sure that:

  • our communications (for example, emails) and services (for example, our website) are relevant, personalised and interesting to you.
  • our services meet the needs of our supporters
  • we only ask for further support and help from you if it’s appropriate
  • we use our resources responsibly and keep our costs down

To do this we’ll analyse how you interact with us (for example, on our website or at the places where you use your membership card) and use both geographic and demographic information to let you know what’s happening in your local area and understand your interests.

The personal information we collect includes transactional information (for example, order number) for memberships, card scans, donations, renewals, holiday bookings and online shop purchases. We’ll also collect your activity data on when you create or log into your 'My National Trust' account.

Much of the information we collect is aggregated, which means we look at it as a whole rather than at an individual level. However, we may also collect some personal data to personalise your experience, tailor our marketing campaigns to your interests, and ensure the website is functioning as we want it to.

If you’ve agreed we can contact you for marketing purposes, we may also gather additional information about you from external sources, for example; updates to address and contact information, or publicly available information regarding your wealth, earnings and employment at an aggregate level. 

Data Aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. A common aggregation purpose is to get more information about particular groups based on specific variables such as age, profession, or income.

We may also use personal data to create profiles which help us target our communications, to you and to other people. For example, we may use your membership data to ensure you don’t see adverts about membership online. Or we may use your personal data to find online users with a similar profile to you who may also be interested in our products or services.

We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and in line with the requirements set out in the GDPR.

We won’t profile anyone under the age of 18.

Back to index

5.10 Recruitment and employment 

If you work for us, or apply for a job with us, we will process your personal data, including sensitive personal data, to comply with our contractual, statutory and management obligations and responsibilities.

This data can include, but isn’t limited to, information relating to your health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data without explicit consent. You can find further information on the data we collect and why below.

Our contractual responsibilities include those arising from a contract of employment. This includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay, leave, maternity pay, pension and emergency contacts.

Our statutory responsibilities are those imposed by law on us as an employer. This includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits and equal opportunities monitoring.

Our management responsibilities are those necessary for the way the organisation functions. This includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters and contact details.

Back to index

5.11 Use of sensitive personal data

As explained in Section 2, in certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee or volunteer.

(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consents.

(b) We will process data about, but not limited to, an employee’s or volunteers racial and ethnic origin, their sexual orientation and their religious beliefs, but only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies.

(c) We will hold data about an employee’s or volunteer's DBS Check as necessary. 

Back to index

6. How we secure your data 

We want to keep our customers, members, volunteers, employees and contractors safe, so the security of your data and of our information systems is incredibly important to us. 

External threats to our data security are changing all the time, so we have a robust process for assessing, managing and protecting all of our new and existing systems to ensure they are up to date and secure. What’s more, we follow a ‘defense in depth’ security model, which means that your data is protected by multiple layers of security.

Our staff complete mandatory information security and data protection training when they start with us and every year afterwards, to reinforce their responsibilities and requirements.

When you trust us with your data we will keep your information secure to maintain your confidentiality. Whenever your information is stored or transferred, we use strong encryption to minimise the risk of unauthorised access or disclosure. You can check this when you enter information on our website by right clicking on the padlock icon in the address bar.

Back to index

6.1 Storing information

The National Trust operations are based in the UK and we store most of your data within the European Union (EU). Some organisations which provide services to us may transfer your data outside the European Economic Area but we’ll only allow this if your data is adequately protected. Some of our systems are provided by US companies and while it is our policy that we prefer data hosting and processing to remain in the EU, it may be that using their products results in your data being transferred to the USA. However, we only allow this when we are certain your data will be adequately protected in accordance with US Privacy Shield or Standard EU contractual clauses. 

Back to index

6.2 Payment card security

The National Trust has an active PCI-DSS (Payment Card Industry Data Security Standard) compliance programme. This is the stringent international standard for safe card payment processes. As part of our compliance, we ensure that our IT systems do not directly collect or store your payment card information, such as the full 16-digit number on the front of the card or the security code on the back.

Our online payment solutions are carried out using a ‘payment gateway’ (such as Sagepay) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us. This means that your payment card information is handled by the bank and not processed or held by us.

Back to index

7. Disclosing and sharing information

We do not sell or share your personal information for other organisations to use.

When we allow third parties acting on behalf of the National Trust to access your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. 

Where necessary, we may share the personal data we collect and process with:

  • Third party research organisations
  • Third party IT providers, for example who host the website or provide IT support

Also, under strictly controlled conditions, we will share personal data with:

  • Contractors
  • Service providers
  • Advisors
  • Agents.

We may also disclose your personal information to third parties in order to comply with a legal obligation, or to enforce other agreement. It may also be used to protect the rights, property or safety of The National Trust and our members, supporters and visitors. This includes exchanging information with other companies and organisations to protect against fraud.

Back to index

7.1 Sharing employee personal data 

In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier. 
To meet an employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.

In order to fulfil our statutory responsibilities, we’re required to provide certain aspects of an employee’s personal data to government departments or agencies; for example, to provide salary and tax data to HM Revenue & Customs.

Back to index

8. Keeping your information

We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.

Back to index

9. Your data protection rights 

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and have provided further information about the rights that individuals have and how to exercise them below.

9.1 Access to personal data

You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at dpo@nationaltrust.org.uk, or write to us at: 

The Data Protection Office
National Trust, Heelis, Kemble Drive, 
Swindon,
SN2 2NA.  

You may be asked to provide the following details:

  • The personal information you want to access
  • Where it is likely to be held
  • The date range of the information you wish to access.

We will need you to confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (30 days). This timeframe may be extended by up to two months if your request is particularly complex.

9.2 Withdrawal of consent

Where you have given consent for the National Trust to use your personal data, you have the right to withdraw that consent at any time. You also have the right to ask the National Trust to stop using your personal data for direct marketing purposes. To stop receiving an email from a National Trust marketing list, please click on the unsubscribe link in the relevant email received from us or you can manage your marketing contact preferences using ‘My National Trust’ or contact us using the details below.

9.3 Amendment of personal data

We want you to remain in control of your personal data. You can update or amend your personal data via ‘My National Trust’ or myvolunteering.

When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections based on your updated information.

Alternatively, you may:

Call us: 
Telephone 0344 800 1895 (local call rates apply), 9.00am-5.30pm weekdays, 9.00am-4.00pm weekends and bank holidays

Write to: 
National Trust
PO Box 574,
Manvers,
Rotherham,
S63 3FH

The verification, update or amendment of your personal data will take place within 30 days of receipt of your request.

9.4 Other data subject rights

This privacy policy is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion (‘right to be forgotten’), to restrict or object to our processing of personal data and the right to data portability. There may be other legal reasons why we need to process your personal data, but please tell us if you don’t think we should be using it. If you wish to exercise any of these rights, please send an email to dpo@nationaltrust.org.uk, or write to us at The Data Protection Office, National Trust, Heelis, Kemble Drive, Swindon, SN2 2NA.  

Back to index

10. When we use Legitimate Interest

We sometimes use Legitimate Interest as our legal basis for processing personal data. We always conduct a Balance Test when doing this, weighing the protection of your rights and personal data with our use of your data to continue supporting our interests. These Balance Test are assessed by our Data Protection Office, to ensure that the rights of our supporters are maintained.

We use Legitimate Interest in some limited circumstances, in the following areas of our work: Volunteering, Membership, Data Analysis, Our Website, Fundraising, Marketing.

Back to index

11. What to do if you're not happy

In the first instance, please talk directly to us, so we can learn from and resolve any problem or query. You can send an email with the details of any data protection complaint to dpo@nationaltrust.org.uk. We will respond to any complaints we receive.

You have the right to contact the Information Commissioner's Office (“ICO”) (the UK data protection regulator).  For further information on your rights and how to complain to the ICO, please refer to the ICO website.

11.1 About this privacy policy

Please check the above policies before you submit any personal data on this website. This privacy policy applies solely to the personal data collected by the National Trust.  

We’ll amend this privacy policy from time to time to ensure it remains up to date, shows how and why we use your personal data, and reflects any new legal requirements. Please visit our website to keep up to date with any changes. The current version will always be posted on our website. 

Back to index

This privacy policy was last updated on 24 May 2018.

My National Trust

Amend your details using My National Trust

My Volunteering

Amend your details using MyVolunteering

Email us

Email: enquiries@nationaltrust.org.uk with your full name, full address and supporter/member number.