You are here:>Home>Privacy policy

Privacy policy

"Visitors looking at the obelisk in the garden at Kingston Lacy, Dorset".

Image ref 193742. © National Trust Images/Arnhel de Serra

1. Introduction

This privacy notice sets out the way we process your information and details our privacy and fair processing policy. We will always refer to this page when we ask you for your consent. We'll keep this page updated to show you all the things we do with your personal information so that you can be confident when sharing your information with us that it will be only used for what we say here.

2. How we use personal information

Personal information provided to us will be used for the purposes outlined at the time of collection or registration in accordance with the preferences you express.

Personal data collected and processed by us may be used for the following purposes:

  • Administration of membership(s)
  • Fulfilment of orders for goods and services requested
  • Administration of donations and legacies
  • Research and statistical analysis
  • Communication about our conservation, membership, fundraising and other activities that we think may be of interest to you
  • Tell you about special offers especially for our supporters from partners that support our cause
  • Ensuring all marketing communications you receive from us are relevant, such as tailoring messaging to our existing supporters and potential supporters across the trust

We may host encrypted personal data on third party websites such as social media platforms to allow us to profile our supporters and target similar audiences with our communications. This data is not linked to any personally-identifiable information. Your data would only ever be analysed or profiled through encrypted and protected data, which only ever identifies broad statistics.

Personal data collected and processed by us may be shared with the following groups where necessary:

  • National Trust employees and volunteers
  • Also under strictly controlled conditions:
  • Contractors
  • Advisors
  • Agents

When we allow access to your information, we will always have complete control of what they see, what they allowed to do with it and how long they can see it.
We do not sell or share your personal information for other organisations to use.
You are always in control of how we communicate with you. You can update your choices by contacting the address in section 7 below.

Your Marketing Permissions

The National Trust always acts upon your choices around what type of communications you want to receive and how you want to receive them. However there are some communications that need to happen regardless of your marketing preferences. These are what we would describe as essential communications to fulfil our promises to you as a member or buyer of goods or services from the Trust. Examples of this type of communication would be:

  • Transaction notification messaging, such as Direct Debit confirmation
  • Membership related mailings such as your renewal reminder, our regular magazine and AGM notices

3. Retention

We hold your information only as long as necessary for each purpose we use it, we will provide examples of some of our retentions in this paragraph soon to give you an idea of how long we hold your information for.

4. Your location where provided

We use geolocation on both our main website and mobile app. If you let your device share this information with us, we will use it to personalise your experience with us. Your device or web browser will usually prompt you when this is requested.

The type of things we may use your location for include:

  • Sorting search results by your location
  • Making our homepage relevant to you and your location

5. Consent

Where we need your consent, we will ensure always that you are as fully informed as possible at the time on what we do with your information, with whom it may be shared and how long we will keep it. This is in line with the requirements of the current Data Protection Act and other relevant legislation.

6. Accessing your personal data held by the National Trust

You have the right to ask us, in writing, for a copy of all the personal data held about you (this is known as a 'subject access request') upon payment of a fee of £10.

A copy will be sent to you as soon as possible but this will not be later than 40 days after your request.

If you would like to access your personal data held by us, please apply in writing to the National Trust Information Security team:

Information Security
National Trust
Kemble Drive

7. Updating and amending your personal information

If, at any time, you want to update or amend your personal data or preferences please write to:

National Trust
PO Box 574,
S63 3FH

For alternative communication methods, please check our Contact us page.

Verification, updating or amendment of personal data will take place within 28 days of receipt of your request.

8. Cookies

Please see our see our web page regarding the National Trust's use of cookies.

9. Links to third party websites

This privacy policy applies solely to the personal data collected by the National Trust and does not apply to third party websites and services that are not under our control.

We cannot be held responsible for the privacy policies of third party websites and we advise users to read the privacy policies of other websites before registering any personal data.

10. Security

We recognise the concerns that many people have about giving personal information online. These are the measures that we take to secure your information whilst using our web based services.

We use strong encryption both when your information is moving to or from our web services and also whilst your information is held by us.

Most '' web pages are available in both the secure encrypted https format, as well as the standard http format. The secure version of the pages provides you with confidence that your communications are safe and carried out directly with an authentic National Trust website and web server.

We will shortly be moving to the secure version for all of our web pages to ensure all of your '' activity is private and secure.

However, currently all '' web pages that require you to enter personal information are already in the secure format. On any of our data entry pages you can check the security and authenticity by right clicking on the padlock icon in the address bar.

Our web servers use strong encryption and only store information for a temporary period. Once you have fully submitted your information, any temporary information is purged from our systems.

National Trust does not store any sensitive payment card data in our systems.

11. Payment card information

The National Trust has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store your payment card information; for example the full 16 digit numbers on the front of the card or the security code on the back.

Our online payment solutions are carried out using a 'payment gateway' which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us.

12. Scannable cards

We use barcodes on our membership cards to collect information on your visits. This data includes the properties you have visited, the date that you went and your membership number. We use this information to understand our supporters visiting trends.

We also use this information to make our communications to you more relevant.

13. What this page tells you and how it is updated

This page will hold the latest information regarding our privacy and fair processing notification and we will refer to it when we ask you for your consent. This page will be updated from time to time to reflect the latest view of what we do with your data.