A.G. Carrick (trading as Highgrove Enterprises)
Privacy Notice v.03
This privacy notice tells you what to expect when A.G. Carrick, trading as Highgrove Enterprises, collects personal information.
It applies to information we collect about you if you:
- visit the gardens, tea room, and attend our events.
- receive our group mailings
- purchase Highgrove merchandise
- register to receive regular updates on Highgrove merchandise
- register to receive our e-newsletter
- enter a competition, prize draw or raffle
- complete a "stay in touch" card
- visit our website
- register for an account on our website
- make a donation
- contact us.
Your privacy is extremely important to us. Any personal information we gather from you will be used in accordance with the Data Protection Act 2018.
The information we collect
When you visit the gardens, restaurant, and attend our events.
When you purchase tickets to visit The Royal Gardens at Highgrove your personal information is processed by the Royal Collection Trust (RCT) through their ticketing system on our behalf.
If you purchase tickets in advance of your visit date, the RCT will request your name, e-mail address, postcode, house number, country, and telephone number. If you have chosen to receive e-tickets, the RCT will use your email address to deliver your electronic tickets and receipt to you. If you choose to have your tickets delivered by post, the RCT will use your postal address to send your tickets to you. The RCT will use your email address to confirm the booking, and to send you a follow up email after the event asking for your feedback. The RCT keep your personal details for six financial years in order to comply with financial regulations.
For group visits, we will collect names of individuals within the group and menu choices, where applicable.
Where food and drink are offered during the visit, we may collect information about allergens; where visits require step free access, we may collect vehicle details (registration, make/model, colour, registered owner); and, where there are students with special needs, we may be provided with their requirements (students are not identified by name). This information is held until the visit is complete and then destroyed.
If you attend an event, we may ask you for your feedback. This may include a request for such personal details as: postcode and age range. We ask for these details in order to build a background profile of the range of people taking part in particular events. We collect this data in a way which ensures it does not personally identify you.
On occasions, there may be a photographer employed by A.G. Carrick at an event. If you agree to be photographed, we may ask you to sign a model release form to confirm your consent. If we wish to take photographs of children at an event, we will obtain written consent from their parents or guardians, or from their school, before we do that. We keep these consent forms indefinitely as proof of consent. If there is a large group of children at a family event, we may ask that children who do not wish to be photographed wear a sticker so that we do not include them in any photographs. We use these photographs to promote our activities.
If you have an accident whilst visiting the site, we will need to collect your name, contact details and a description of the nature of your injury in order to complete an Accident Form. We are obliged to do this under Health and Safety Regulations. Depending on the nature of the accident, we may also have to report it to government regulators, in which case we would also need to inform the regulators of your age. We will retain this personal information securely in locked facilities for six years in order to comply with relevant legislation.
If you receive our group mailings
We offer people who represent groups, and the travel trade, regular updates which include new exhibitions, site news, and an up to date opening and closures list. These updates are emailed from time to time to people who have made a group booking with us previously and have provided us with their contact details for this purpose, and/or have indicated to us that they wish to receive this material. In order to do this, we collect these people's names and email addresses. They can unsubscribe from these email updates at any time by clicking on "Unsubscribe" or "Update my Preferences" at the bottom of any email they receive from us.
We also collect the personal information of individuals who make group bookings with us, or who request to be added to our group mailing list, in order to post them a copy of our annually updated Group Visits and Private Tours Brochure. For this purpose, we process their names and addresses, and the group with which they are affiliated. These individuals may request their details be deleted from our group mailing list at any time by contacting the Administrator at A.G. Carrick by telephone, email or post.
A.G. Carrick relies on the legitimate interest basis for consent to process the personal data of people who receive our group mailings.
If you purchase Highgrove merchandise
When people purchase goods over our website, or over the telephone using our home delivery service, we ask them to provide their name, email address, telephone number, billing address and delivery address. We do this in order to process their orders and maintain a record of correspondence.
We retain this information as part of our financial records according to legislative requirements (six financial years) and whilst the customer continues to use our service.
If you register to receive our e-newsletter
We send emails out several times a month to subscribers to our e-newsletter on the topics they wish to hear about, depending on each user's stated preferences. Users can edit their preferences or unsubscribe from a link in the footer of every email we send.
Unsubscribed data is kept securely in our email system in order to ensure we have a record of people who do not wish to be contacted. If a user wants their data to be deleted, their record can be deleted from the email system on request.
If you enter a competition, prize draw or raffle
When entering any of our contests, prize draws or raffles, we collect your name, e-mail address and mailing address. If you win, we will send the prize to the address entered and notify you by e-mail. When you enter a contest, prize draw or raffle, you are also included in our Newsletter list to receive notice of promotions, specials and new additions to the website. You may unsubscribe from this news list by following the unsubscribe instructions in any e-mail received.
If you complete a "stay in touch" card
In our stores, we have a newsletter registration form which enables customers to subscribe to our mailing list. We ask for your name (optional) and e-mail address, which is collected and entered into our secure email system. The registration forms are subsequently securely shredded.
When you visit our website
During your use of the site we may collect information about your computer, including where available your IP address, operating system and browser types, for system administration and to report aggregate information to third parties (including organisations connected to Highgrove and/or The Prince of Wales). This is statistical data about our users' browsing actions and patterns and does not identify any individual.
If you register for an account on our website
If you wish to use features that require you to register with us, we ask you to create an account by registering. To do this you need to input some of your personal information on our web registration form. We ask for your name, e-mail address, and a password ('Personal Information').
When you create an account, you will be given the option to receive information from Highgrove Enterprises by e-mail about products, promotions or special offers that we feel may be of interest to you. In the event that you do not wish to be contacted for such purposes, please ensure that you do not tick the newsletter option as you go through the registration process.
Make a donation
When people support us, for example by making a charitable donation to a specific project, we will usually collect their name and contact details. We collect this data so that we can update people on how their donation has been used. We may ask for more support through donations. Names of donors may be published in the 'Prince of Wales's Charitable Foundation'' Annual Report, with their permission. If you have donated to us, we are required to keep this data for six financial years.
When people make a Gift Aid donation, we will collect the following information: title, forename, surname, postal address and information regarding their eligibility to make a Gift Aid donation. This personal data is retained for six financial years.
When you contact us
From time to time, people may write to us about Highgrove. We may keep their name and address or email address on file together with their enquiry and our response should there be any follow-up correspondence.
Who do we share your personal information with?
We work with a number of technology partners to maintain and improve our service to you.
Aside from our technology partners and, when required government regulators, your personal information will not be disclosed to other businesses or third parties outside Highgrove Enterprises except where specific data sharing agreements are in place; this includes ticket purchases made through our website which are processed by the Royal Collection Trust through their ticketing system on our behalf.
In limited circumstances, we may be required to disclose certain details to Gloucestershire Constabulary to ensure the security of our premises.
How do we protect your personal data?
We keep your information on a secure server and we fully comply with all applicable UK data protection and consumer legislation.
When people purchase Highgrove tickets or merchandise, whether over the telephone, through our website, or in one of our stores, we use a third party provider to process credit or debit card purchases. Our provider adheres to the international security standards within the credit industry.
When we engage our technology partners to process personal information on our behalf, they do so on the basis of written instructions which require them to process your personal data and keep it secure in line with relevant legislation.
What are your rights?
As a data subject, you have a number of rights ("Subject Rights"). You can:
- access and obtain a copy of your data on request;
- ask us to change incorrect or incomplete data;
- ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing;
- request a copy of the data you have provided to us in an agreed format, so that you can reuse it or transfer it to another data controller if you wish; and
- ask us whether we use automated decision making or profiling when processing your data.
Please note that none of these rights are absolute and we reserve the right to refuse your request where exceptions apply.
Changes to this privacy notice
Please check back frequently to see any updates or changes to our privacy notice.
How to contact us
If you have questions regarding our privacy notice, or would like to request a copy of your personal information, or exercise any of your other Subject Rights you can contact us via: The Administrator, A.G. Carrick Ltd, The Barn, Close Farm, Tetbury, Gloucestershire, GL8 8PH or by sending an email to firstname.lastname@example.org.
If you have concerns about the use of your personal data, the Information Commissioners Office is an independent body set up to uphold information rights in the UK. They can be contacted through their website: ico.org.uk, their helpline on 0303 123 1113, or in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
31st July 2018