Privacy Notice
Tower Bridge is one of the five London Thames bridges supported and maintained by Bridge House Estates, a registered charity in England and Wales (Charity No. 1035628). The City Bridge Foundation is the working name of Bridge House Estates. The City Corporation is charity’s sole corporate trustee.
The City Bridge Foundation privacy notice contains information on how it processes personal information, including by Tower Bridge. This Privacy Notice should be read in conjunction with the Privacy Notice available on the City Bridge Foundation website which is available here: City Bridge Foundation | Home
As the charity’s sole trustee, the City Corporation is the registered Data Controller in respect of personal information processed by Tower Bridge. If you have any concerns or questions about how we look after your personal information, please contact the City of London’s Information Compliance Team (who handle data protection matters on behalf of the Data Protection Officer) at information.officer@cityoflondon.gov.uk. Full details on how the City of London Corporation processes personal information more generally is available at: www.cityoflondon.gov.uk/privacy
1. Your personal information
Personal information is anything that directly or indirectly identifies and relates to a living person, such as a name, address, telephone number, date of birth, unique identification number, photographs, video recordings (including CCTV) etc.
Some personal information is ‘special category data’ and needs more protection due to its sensitivity. This includes any information about an identifiable individual that can reveal their sexuality and sexual health, religious or philosophical beliefs, racial origin, ethnicity, physical or mental health, trade union membership, political opinion, genetic/biometric data. Personal information relating to criminal offences and convictions, although not ‘special category data’, is still sensitive in nature and merits higher protection.
All personal data collected will be evaluated periodically and only kept as long as necessary or in line with legal requirements.
2. When and why does Tower Bridge collect personal information?
- When you purchase from the Tower Bridge Gift Shop, whether online or in person, personal information will be processed by us to manage orders, arrange postal delivery, or when you contact us for any other reason. This information would usually consist of your contact details including your name, email address, address, and telephone number. We may sometimes contact you (where we have your consent) to ask for feedback so that we can continue to improve our services. Special category (sensitive) information will only be processed when we need to ask you about access information.
- Tower Bridge may process personal information relating to the monitoring of the public on Tower Bridge. This may be through access to CCTV footage or from patrols carried out on the bridge for the purposes of securing the safety of the public. To send you communications by electronic means (emails and e-newsletters) in order to inform you of other relevant news, including promotions and products, and surveys related to Tower Bridge.
- In addition to third-party booking companies, we also work closely with other third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive your personal information through them. We will notify you when we receive information about you and the purposes for which we intend to use that information.
3. Lawful grounds for processing your personal information
Generally, the processing of your personal information as described in this notice is permitted by one or more lawful grounds, including:
- Where we have your consent for example, we only use your information to send you marketing communications with your consent.
- Where the processing is reasonably necessary for the performance of a contract to which you are a party as an individual, for example, we may rely on this basis when you hire our venue and we enter into a contract with you
- Where the processing is reasonably necessary for the purpose of a legitimate interest pursued by us and only when the processing does not override your privacy rights. The “legitimate interests” of City Bridge Foundation include in the furthering of our charitable and policy objectives - running and managing the charity; maintaining and supporting the charity’s five Bridges, including Tower Bridge;
- Where the processing is necessary for archiving, research or statistical purposes.
- Where we process special category data, we will ensure we only do so in accordance with one of the additional lawful grounds for processing that type of data, for example where we have your explicit consent or to protect the vital interests of individuals (i.e those relating to life and death)
4. Consent
If we have consent to use your personal information for any particular reason, you have the right to remove your consent at any time. If you want to remove your consent, please contact funding@cityoflondon.gov.uk and tell us which service you are using, so we can deal with your request.
5. Your rights regarding your personal information
The law gives you a number of rights in relation to what personal information is used by the City Corporation , and how it is used. These rights are listed below, and more details can be found in the City of London’s Data Subject Rights Policy.
You can ask us to:
- Provide you with a copy of the personal information that we hold about you.
- Correct personal information about you which you think is inaccurate.
- Delete personal information about you if you think we no longer should be using it.
- Stop using your personal information if you think the data is incorrect, the processing is unlawful, or we no longer need to use your data.
- Transfer your personal information to another organisation in a commonly used format.
- Not use automated decision-making processes to make decisions about you.
Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that We do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
6. Who do we share your personal information with?
In some circumstances, we use other organisations to either store personal information or use it to help deliver our services to you, for example a third-party database provider or an organisation that helps us gather customer feedback Where we have these arrangements, there is always an agreement in in place to make sure that the organisation complies with data protection law.
Sometimes we have a legal duty to provide personal information to other organisations.
We may also share your personal information when we consider/believe that there is a good reason to do so, which is more important than protecting your privacy. This doesn’t happen often, but in these circumstances, we may share your information:
- to find and stop crime and fraud; or
- if there are serious risks to the public, our staff or to other professionals;
- to protect a child; or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all these reasons, the risk must be serious before we can override your right to privacy.
If we are worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why, if we think it is safe to do so.
7. How do we protect your personal information?
We have a legal duty to make sure we hold your personal information (on paper and electronically) in a secure way, and to only make it available to those who have a right to see them. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password).
- Pseudonymisation, meaning that we will use a different name or identifier to hide parts of your personal information from view. This means that someone outside of the City of London could work on your information for us without ever knowing it was yours
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- Training for our staff allows us to make them aware of how to handle personal information, and how and when to report when something goes wrong
You can find more details of our Information Security expectations in our IT Security Policy.
8. Where we store your personal data
Shopify International Ltd. provides Tower Bridge with an online e-commerce platform and on-site point of sale system which allows us to sell our products and services to you. Your data is stored through Shopify’s databases and general application, on a secure server behind a firewall.
Payment:
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS) as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. Shopify is certified as Level 1 PCI DSS compliant and have been issued with SOC 2 Type II and DOC 3 reports.
Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For further information you should read Shopify’s Terms of Service - https://www.shopify.com/legal/terms
and Privacy Statement - https://www.shopify.com/legal/privacy
Last updated: 14 May 2024