Privacy and Cookies
- processed lawfully, fairly and in a transparent manner
- collected only for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for the purposes for which it is processed
- accurate and up to date
- not kept in an identifiable form for longer than is necessary for the purposes for which you provided it
- secured by appropriate technical and organisational measures
- not transferred without adequate protection
It is important that we keep your information accurate and up-to-date and so in return, we ask you to:
- give us accurate information
- tell us as soon as possible if there are any changes, such as a new address
Other links within any of our platforms to other platforms are not covered by this policy.
Who are we?
The Royal Mint consists of the below listed companies.
Any Personal Data provided to, or gathered by, The Royal Mint Limited is controlled by The Royal Mint Limited incorporated and registered in England and Wales with company number 06964873 whose registered office is at Llantrisant, Pontyclun, Mid Glamorgan, South Wales, United Kingdom CF72 8YT.
The Royal Mint Limited’s platforms include, but are not limited to, our website www.royalmint.com and our mobile applications.
Information Commissioner’s Office Registration Number: Z2075700.
VAT Registration Number: GB 256 5227 96.
Any Personal Data provided to, or gathered by, RM Assets Limited is controlled by RM Assets Limited incorporated and registered in England and Wales with company number 09058416 whose registered office is at Llantrisant, Pontyclun, Mid Glamorgan, South Wales, United Kingdom CF72 8YT.
Information Commissioner’s Office Registration Number: ZA320379.
Any Personal Data provided to, or gathered by, RM Experience Limited is controlled by RM Experience Limited incorporated and registered in England and Wales with company number 10953110 whose registered office is at Llantrisant, Pontyclun, Mid Glamorgan, South Wales, United Kingdom CF72 8YT.
Information Commissioner’s Office Registration Number: ZA324165.
For further information regarding this policy, please contact our Data Protection Officer at the above listed address or using the following telephone or e-mail address:
- Telephone: 0800 032 2154
- E-mail: firstname.lastname@example.org
What is Personal Data?
Personal Data is any information identifying you or information relating to you that allows us to identify you. This can be either directly or indirectly from that data alone or in combination with other identifiers we possess or can reasonably access.
Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.
Personal Data includes Special Categories of Personal Data and pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed.
Special Categories of Personal Data is information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, and biometric or genetic data. Although Special Categories of Information do not include information about criminal allegations, proceedings or convictions, there are separate safeguards relating to this type of information.
Pseudonymisation or pseudonymised is the replacing of information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is kept separately and secure.
What types of Personal Data do we collect?
The types of Personal Data that we collect include:
- Age/date of birth;
- Contact information and user preference;
- Credit and debit card information and payment details;
- Contractual details including goods and services provided;
- Information related to and disclosed by agents, suppliers, trading partners and other individuals and organisations which engage with us;
- Copies of documents you provide to prove your age or identity;
- Device / Electronic identification data (the type of device that you use and unique device identifiers such as your IP address, device’s IMEI number, the MAC address of the device’s wireless network interface, and the mobile phone number, network and operating system used by the device);
- Content data (information stored on your device including login information, photos, videos or other digital content, and check-ins);
- Location data (some of our platforms utilise GPS technology to determine your current location. Some of our location-enabled services require your personal data for these features to work. If you wish to use this particular feature you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.);
- Usage data (this includes details of your use of any of our apps and your visits to any of our websites including but not limited to traffic data and other communication data, and the resources that you access.);
- Unique application numbers (when you want to install or uninstall a service containing a unique application number or when such a service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.);
- Information collected through cookies; and
- Your vehicle details and registration number, your representative organisation (if applicable), and image (which may be recorded on CCTV) if your visit us.
We only routinely gather special categories of Personal Data with respect to visitors to The Royal Mint Experience booked on a VIP Tour. Visitors will be required to complete a Health Questionnaire before arriving. These questions are asked in order for us to determine if reasonable adjustments are required and if these can be made in relation to the tour. For example, visitors will be asked if they have a pace maker fitted as magnetic frequencies are in operation in some of the areas you may visit. Visitors will also be asked if they have a nut allergy as nuts are used in processes that visitors may encounter. Visitors to The Royal Mint Experience may also be asked to provide allergy information when ordering food or attending a catered event.
We do not routinely collect any information about criminal allegations, proceedings or convictions.
We do not routinely collect Personal Data about children under 16. There are a limited number of activities that we undertake which may involve the collection of children’s’ Personal Data, for example competition entries and photo/video permission forms. Where children’s’ Personal Data is processed it will be done so with the consent of whoever holds parental responsibility of the child.
For further information on the types of Personal Data that we hold on you, please contact us.
How and why do we collect Personal Data?
We collect Personal Data, for example, when you visit any of our platforms or locations, download or install one of our apps, create an account, place an order for products or services, make contact with us (including making a complaint or when applying to become an agent, trading partner or supplier), we make contact with you regarding procurement-related issues, you enter a competition, if you complete a survey we send or you otherwise provide a product or service review, or if you register to receive information about our competitions, products, services and offers.
We collect and process your Personal Data based on one or more of the following reasons / legal bases:
- It is necessary for us to perform a contract that you have entered into with us, or because it is necessary before entering into a contract (for example, to provide you with the product or service that you have requested or for us to ensure that you and/or your organisation’s capabilities match our requirements);
- You have given us consent to process your Personal Data for a specific purpose (for example, to provide you information about our competitions, products, services, offers and news);
- The processing is necessary for us to comply with our legal obligations (for example, to conduct know your customer checks);
- We have a legitimate interest to do so, and have taken your rights into consideration (for example, to obtain feedback on our products and services, to better understand you as a customer, and to operate a refer-a-friend scheme in order to reward existing customers and to bring in new customers); and/or
- The processing is necessary to protect your vital interests (for example, to protect your life)
As referenced above, we have a legitimate business interest (and in some cases a legal obligation) to process Personal Data in order to better understand our customers and the individuals and organisations that engage with us. To do this we may combine the data that we collect directly from you and your organisation (if applicable) and from your interactions with The Royal Mint, with data that we obtain from third parties.
Profiling, Personalisation, and Interest-Based Direct Marketing and Targeted Advertising
We also have a legitimate business interest, for example, to help ensure that we provide products and services that are most relevant to the interests of our customers. Also keeping customers informed and to ensure that the information that we send them via email, post, by phone, or presented to them on our and third party platforms is relevant to their interests.
To opt-out of profiling, personalised and interest-based direct marketing, personalised and interest-based targeted advertising, update your contact preferences to opt-out of all forms of direct marketing.
Those who opted out prior to March 15th 2019 will not receive direct marketing but may still be subject to profiling. To opt out of this profiling you will have to opt-out of all forms of direct marketing again to refresh your opt-out date. You are able to update your Personal Data and adjust your contact preferences at any time, please see “How can I access or correct my Personal Data, request that it be deleted, ask for it to be transferred to another organisation or exercise any of my other rights?”.
Where a product is awaiting stock you can sign up for stock alerts by registering your email under the ‘Email when back in stock’ sign up. We will then email you a one time notification when that particular item is back in stock. You will not receive direct marketing communications if you sign up to a stock alert, unless you have separately opted-in to receive those communications. Your stock alert sign-up will remain valid indefinitely until the item becomes available. If the product does not come back into stock, you will not receive a stock alert. If you want so remove your stock alert sign up, please contact us.
Credit Account Customers
If you apply for a credit account, we will use credit scoring to assess your application. The credit score will be provided by a credit reference agency. Your credit score will be used by us in conjunction with information that you provide as part of your application, along with information regarding your account conduct (if an existing customer), and official public records such as fraud and insolvency records. The use of credit scoring helps us make fair and responsible lending decisions. If your application for credit is declined you are able to request that this is reconsidered, based on a change of circumstances or a correction of your credit report (if an error was found). The credit scoring used is regularly tested by the professional services provider to ensure that it remains fair, effective and unbiased.
For further information on how to appeal a decision or on the credit scoring service used, please contact us.
We will not reuse your Personal Data for a new purpose other than for what it was originally collected, unless the new use is compatible with the original purpose for which the Personal Data was collected, we have notified you of the new use and given you a reasonable opportunity to object to it, or the new use is otherwise permitted or required by law.
Please note that if you do not share your Personal Data or adjust your contact preferences, we may not be able to provide you or have to stop providing you with the information, products or services that you have requested.
For further information on how and why we have collected your Personal Data, please contact us.
Who might we share your information with?
While most of our work is done by our employees who access your Personal Data directly from our systems which are under our direct control, we do use third-party service providers to perform certain functions on our behalf.
We have listed below examples of the kind of third-party service providers that we work with. We have also listed examples of the types of information that they may have access to and reasons that we may need to share your Personal Data with them.
Order Fulfilment would have access to your personal data including contact information and the goods and services requested. The purpose for this type of transfer being to prepare and deliver the products and/or services that you have requested. This includes where we arrange for delivery of the goods and/or services ordered by you to be made directly from our third party suppliers (also known as a ‘dropshipping’ arrangement).
Payment Processing would have access to your personal data including contact information, credit/debit card information, and payment details. The purpose for this type of transfer being to process your payment for the products or services provided.
Professional Services would have access to your personal data including contact information. The purpose for this type of transfer being to ensure our compliance with our legal obligations (including anti-money laundering and counter-terrorist financing verification), to assess your suitability for credit (if you have applied for an interest free account), debt recovery, and to support contract or procurement processes.
Advertising, Communications and Marketing would have access to your personal data including contact information. The purpose for this type of transfer being to analyse data (including profiling and removing repetitive or out of date information from customer lists), to send you information regarding our products and services, ensuring that information is personalised and interest based, and providing marketing assistance.
IT Support would have access to the personal data in our custody with which we require support. The purpose for this type of transfer being to resolve IT issues in order to provide the products and services that you have requested.
Data Storage would have access to all the personal data in our custody. The purpose for this type of transfer being to provide us with secure data storage and back-up.
Historical Archiving (The Royal Mint Museum and The National Archives) would have access to your personal data, for example, your name and contact information where you have entered a coin design competition. The purpose for this type of transfer being to keep an historical archive of the work of The Royal Mint and to fulfil our public records obligations.
Such companies, organisations and individuals will only have access to the personal data needed to perform these functions, they may not use it for any other purposes and are required to process the data in accordance with data protection laws and regulations applicable in the United Kingdom.
For further information on which service providers may have access to your personal data, please contact us.
We will only share your Personal Data with third parties for their own purposes in very limited and specific circumstances.
This will predominately be where you have given your consent at the time of supplying your personal data. For example, we may pass that data to a third party with whom we are collaborating with where you have registered your interest in the product or service. This would be to allow them to send you updates on the product or service and advise you on availability.
Please note that if we are requested by the police, government, regulatory, or other body investigating suspected illegal activities to provide your personal data and/or user details, we are entitled to do so.
Do we transfer information between countries?
It may sometimes be necessary to transfer your personal data outside of the United Kingdom or outside the European Economic Area (“EEA”). Any transfers made will be in full compliance with applicable data protection legislation, ensuring appropriate safeguards are in place and data subjects have enforceable rights and effective legal remedies. For example:
- There is an adequacy decision confirming that the country to which we transfer personal data ensures an adequate level of protection for the data subject’s rights and freedoms;
- Appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses, an approved code of conduct or a certification mechanism;
- You have provided your explicit consent to the transfer after being informed of any potential risks; or
- The transfer is necessary for one of the other reasons set out in data protection legislation including the performance of a contract between us and you, reasons of public interest, to establish, exercise or defend legal claims, to fulfil our legal or regulatory obligations, or to protect your vital interests where you’re physically or legally incapable of giving consent and, in some limited cases, for our legitimate interests.
For further information on which countries your personal data may be transferred to and the specific safeguards that are in place, contact us.
How long do we keep hold of your information?
We keep your Personal Data for as long as we need it to satisfy our business and legal requirements; if you hold a customer account normally this is no longer than 6 years after your cease holding an account. If you or the organisation you work for engage with us as an agent, supplier or trading partner, your personal details will be stored as part of those records and used accordingly, normally this Personal Data is kept no longer than 6 years after ending your relationship with us. Once Personal Data is no longer required, it is either deleted or anonymised.
It is important to note that all employees at The Royal Mint follow an organisation-wide security policy. Only employees authorised are provided access to Personal Data and these employees will have agreed to ensure confidentiality of this information.
Also specifically with respect to debit and credit card information submitted through our websites, we use secure socket layer technology to protect that information.
What rights do I have in relation to the Personal Data you hold about me?
Unless subject to an exemption, you have the following rights with respect to your Personal Data:
- The right to request a copy of your Personal Data which The Royal Mint holds about you;
- The right to request that we correct any Personal Data if it is found to be inaccurate or out of date;
- The right to request your Personal Data is erased where it is no longer necessary for us to retain such data;
- The right to withdraw your consent to the processing at any time where we are relying on your consent as the legal basis for processing your Personal Data;
- Where applicable, the right to request that we transfer your Personal Data directly to another data controller, (known as the right to data portability);
- The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to request a restriction is placed on further processing;
- The right to object to the processing of Personal Data where processing is based on legitimate interests, the performance of a task in the public interest/exercise of official authority, direct marketing and processing for the purposes of scientific/historical research and statistics;
- The right to lodge a complaint with the Information Commissioner’s Office.
How can I access or correct my Personal Data, request that it be deleted, ask for it to be transferred to another organisation or exercise any of my other rights?
The majority of the Personal Data that we collect is collected directly from you or the organisation you work for (if that organisation is, for example, engaged with us as an agent, supplier or trading partner), in which case you, and they, are responsible for its accuracy. We encourage you to tell us as soon as possible if there are any changes to your Personal Data, such as a new address. When information is found to be inaccurate, either through our own checks or following a communication from you, it is updated.
You can update your Personal Data at any time by logging into your account and choosing contact and delivery details.
To update your contact preferences, you should select this option within contact and delivery details.
Alternatively, contact customer services using the following information:
- Telephone: 0800 032 2154
- E-mail: email@example.com
- Mail: The Royal Mint, Llantrisant, Pontyclun, CF72 8YT
Please note that it may take up to 48 hours (during working days) to update your details.
For further information regarding this policy, to access your Personal Data, or request that it be deleted, please contact the Data Protection Officer by using the above mentioned contact details. If you are located within the EEA, you can contact our European representative using the following information:
Brödermann Jahn Rechtsanwaltsgesellschaft mbH - Dr. Johannes Struck
- Telephone: +49 (0)40 - 370 90 5 - 0
- E-mail: firstname.lastname@example.org
- Mail: ABC-Straße 15, 20354 Hamburg, Germany
Our European representative is authorised to act on behalf of The Royal Mint regarding matters concerning the EU GDPR, including dealing with any EEA based supervisory authorities.
How can I make a complaint about how you have handled my Personal Data or responded to a request to exercise my data subject rights?
If you are dissatisfied with the handling of your Personal Data or how we have responded to a request to exercise your data subject rights, you have the right to ask for an internal review. An internal review will consider whether or not your Personal Data and/or request were handled appropriately, in line with applicable data protection laws and regulations.
Internal review requests should be submitted to the Data Protection Officer by using the contact information above. Internal reviews will be carried out by the Finance Director. We aim to respond within 20 working days of the receipt of the request for an internal review.
If you are dissatisfied with the outcome of the review, then you may seek a review by the Information Commissioner’s office, which has the powers to uphold or overturn the decision. Please see ICO contact information below. The Royal Mint will abide by the decisions of the ICO, unless it considers itself to have grounds for an appeal to the First-Tier Tribunal (Information Rights).
- Website: https://ico.org.uk/
- E-mail: email@example.com
- Telephone: 03031231113
- Mail: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
If you are located within the EEA, you should contact the data protection supervisory authority local to you. For a list of supervisory authorities, please see the European Data Protection Board (“EDPB”) website: https://edpb.europa.eu/about-edpb/board/members_en .
Last Updated: 27/10/2021