The Mary Rose Trust (“The Trust”) values your privacy and is committed to complying with the UK General Data Protection Regulation 2018 (GDPR). This policy explains how we collect, process, and safeguard your personal data when you interact with our website (www.maryrose.org).
What data do we collect?
- Information you provide:
- Contact information – name, email, address, phone
- Payment details – for donations or purchases
- Preferences for communications and events
- Membership information
- Survey responses or feedback
- Automatic collection:
- Device data – IP address, browser, operating system
- Website usage – pages viewed, time spent, links clicked
- Cookie data – see our separate Cookie Policy
- Third-Party Sources:
- Google Analytics – demographics, interests, location (anonymised)
- Social media platforms – if you interact with our accounts
How do we use your data?
- Legal basis: We process data based on one or more of the following:
- Consent: For specific purposes where you’ve explicitly agreed (e.g., email newsletters)
- Contractual necessity: To fulfil transactions or agreements (e.g., memberships, purchases)
- Legitimate interests: To operate our charity, improve services, and communicate effectively where our interests outweigh your privacy rights (e.g., direct marketing where relevant, website analytics)
- Legal obligation: When required by law for record keeping or reporting.
- Specific purposes:
- Providing products and services
- Personalising your website experience
- Sending communications about news, events, or fundraising – with your consent or legitimate interest
- Processing donations and memberships
- Analysing website usage to improve functionality
- Security and fraud prevention
Your data protection rights
Under GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate personal data.
- Erasure (“Right to be Forgotten”): Request data deletion under specific circumstances.
- Restriction: Ask us to limit processing of your data in certain situations.
- Object: Object to processing based on legitimate interests, including direct marketing.
- Data Portability: Receive your data in a usable format in some cases.
- Withdraw Consent: Withdraw your consent at any time where processing is based on it.
Exercising your rights:
Contact us at [email protected] to submit a request related to your rights. We aim to respond to all valid requests within one calendar month.
Data security
The Trust takes appropriate technical and organisational measures to protect your personal data from unauthorized access, disclosure, alteration, or loss. These include:
- Limiting access to data on a need-to-know basis
- Using secure servers and data storage facilities
- Regular security updates and staff training
Data breach notification
We have a robust procedure for identifying and addressing data breaches. In the event of a breach that poses a risk to individuals, we will notify the Information Commissioner’s Office (ICO) within 72 hours and affected individuals without undue delay
Retention of personal data
The Trust retains data only for as long as necessary to fulfil the purposes for which it was collected or in accordance with legal requirements. Anonymised data for reporting purposes may be kept longer.
Third-party data processors
We may share personal data with trusted third parties for specific purposes, such as:
- Payment providers
- Ticketing platforms
- Communication providers
We ensure these providers have appropriate data protection measures in place.
Changes to this policy
We may update this policy from time to time. We will post changes with a revised “last updated” date and highlight any significant modifications.
Contact us
If you have questions about our privacy practices, please contact:
Privacy Officer
The Mary Rose Trust
1/10 College Road
HM Naval Base
Portsmouth
PO1 3LX
UK