"Visitors looking at the obelisk in the garden at Kingston Lacy, Dorset".
Image ref 193742. © National Trust Images/Arnhel de Serra
This privacy notice sets out the way we process your information
and details our privacy and fair processing policy. We will always
refer to this page when we ask you for your consent. We'll keep
this page updated to show you all the things we do with your
personal information so that you can be confident when sharing your
information with us that it will be only used for what we say
2. How we use personal information
Personal information provided to us will be used for the
purposes outlined at the time of collection or registration in
accordance with the preferences you express.
Personal data collected and processed by us may be used for the
- Administration of membership(s)
- Fulfilment of orders for goods and services requested
- Administration of donations and legacies
- Research and statistical analysis
- Communication about our conservation, membership, fundraising
and other activities that we think may be of interest to you
- Tell you about special offers especially for our supporters
from partners that support our cause
- Ensuring all marketing communications you receive from us are
relevant, such as tailoring messaging to our existing supporters
and potential supporters across the trust
We may host encrypted personal data on third party websites such
as social media platforms to allow us to profile our supporters and
target similar audiences with our communications. This data is not
linked to any personally-identifiable information. Your data would
only ever be analysed or profiled through encrypted and protected
data, which only ever identifies broad statistics.
Personal data collected and processed by us may be shared with
the following groups where necessary:
- National Trust employees and volunteers
- Also under strictly controlled conditions:
When we allow access to your information, we will always have
complete control of what they see, what they allowed to do with it
and how long they can see it.
We do not sell or share your personal information for other
organisations to use.
You are always in control of how we communicate with you. You can
update your choices by contacting the address in section 7
Your Marketing Permissions
The National Trust always acts upon your choices around what
type of communications you want to receive and how you want to
receive them. However there are some communications that need to
happen regardless of your marketing preferences. These are what we
would describe as essential communications to fulfil our promises
to you as a member or buyer of goods or services from the Trust.
Examples of this type of communication would be:
- Transaction notification messaging, such as Direct Debit
- Membership related mailings such as your renewal reminder, our
regular magazine and AGM notices
We hold your information only as long as necessary for each
purpose we use it, we will provide examples of some of our
retentions in this paragraph soon to give you an idea of how long
we hold your information for.
4. Your location where provided
We use geolocation on both our main website and mobile app. If
you let your device share this information with us, we will use it
to personalise your experience with us. Your device or web browser
will usually prompt you when this is requested.
The type of things we may use your location for include:
- Sorting search results by your location
- Making our homepage relevant to you and your location
Where we need your consent, we will ensure always that you are
as fully informed as possible at the time on what we do with your
information, with whom it may be shared and how long we will keep
it. This is in line with the requirements of the current Data
Protection Act and other relevant legislation.
6. Accessing your personal data held by the National
You have the right to ask us, in writing, for a copy of all the
personal data held about you (this is known as a 'subject access
request') upon payment of a fee of £10.
A copy will be sent to you as soon as possible but this will not
be later than 40 days after your request.
If you would like to access your personal data held by us,
please apply in writing to the National Trust Information Security
7. Updating and amending your personal
If, at any time, you want to update or amend your personal data
or preferences please write to:
PO Box 574,
For alternative communication methods, please check our Contact us
Verification, updating or amendment of personal data will take
place within 28 days of receipt of your request.
Please see our see our web page regarding the National
9. Links to third party websites
collected by the National Trust and does not apply to third party
websites and services that are not under our control.
We cannot be held responsible for the privacy policies of third
party websites and we advise users to read the privacy policies of
other websites before registering any personal data.
We recognise the concerns that many people have about giving
personal information online. These are the measures that we take to
secure your information whilst using our web based services.
We use strong encryption both when your information is moving to
or from our web services and also whilst your information is held
Most 'nationaltrust.org.uk' web pages are available in both the
secure encrypted https format, as well as the standard http format.
The secure version of the pages provides you with confidence that
your communications are safe and carried out directly with an
authentic National Trust website and web server.
We will shortly be moving to the secure version for all of our
web pages to ensure all of your 'nationaltrust.org.uk' activity is
private and secure.
However, currently all 'nationaltrust.org.uk' web pages that
require you to enter personal information are already in the secure
format. On any of our data entry pages you can check the security
and authenticity by right clicking on the padlock icon in the
Our web servers use strong encryption and only store information
for a temporary period. Once you have fully submitted your
information, any temporary information is purged from our
National Trust does not store any sensitive payment card data in
11. Payment card information
The National Trust has an active PCI-DSS compliance programme in
place. This is the international standard for safe card payment
processes. As part of our compliance to this very stringent
standard, we ensure that our IT systems do not directly collect or
store your payment card information; for example the full 16 digit
numbers on the front of the card or the security code on the
Our online payment solutions are carried out using a 'payment
gateway' which is a direct connection to a payment service provided
by a bank. This means that when you input card data into the
payment page, you are communicating directly with the bank and the
bank passes your payment to us, this means that your payment card
information is handled by the bank and not processed or held by
12. Scannable cards
We use barcodes on our membership cards to collect information
on your visits. This data includes the properties you have visited,
the date that you went and your membership number. We use this
information to understand our supporters visiting trends.
We also use this information to make our communications to you
13. What this page tells you and how it is
This page will hold the latest information regarding our privacy
and fair processing notification and we will refer to it when we
ask you for your consent. This page will be updated from time to
time to reflect the latest view of what we do with your data.