Last Updated: 24 July 2025
1 – Introduction
The Chiswick House and Gardens Trust takes the privacy of all its customers and supporters very seriously and is committed to respecting and protecting data or information which identifies you or can be used to identify you (“Personal Data”). We aim to be transparent about what information we hold about you, whichever way you are connected with us.
The purpose of this policy is to explain how the Chiswick House and Gardens Trust and its wholly owned subsidiary, Chiswick House and Gardens Trading Company Ltd, collect, use and protect any Personal Data that we collect about you.
Collecting Personal Data helps us to develop a better understanding of everyone who engages with us – from House and Garden attendees and website users to our members and supporters. This allows us to work more effectively and helps us to provide you with a better, more tailored service that we hope encourages you to get closer to our work and enjoy everything we have to offer.
We use your Personal Data strictly in accordance with the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018, and you can be assured that any Personal Data provided will only be used in accordance with this privacy policy.
We will publish any updates to our privacy policy here and we recommend you check this page from time to time. If we make any significant changes to how we treat your Personal Data we will make it clear in this policy, or notify you where appropriate.
2 – Who are we?
The Chiswick House and Gardens Trust Company Limited is a registered charity (number 1109239). Our registered office is The Estate Yard, Chiswick House and Gardens, Hogarths Lane, Chiswick, London W4 2QN.
Our wholly owned subsidiary is: Chiswick House and Gardens Trading Company Ltd, a registered company in England and Wales (number 07152064) (together with The Chiswick House and Gardens Trust Company Limited, “we”, “us” or “our”).
We collect Personal Data through a variety of methods as described in section 5 of this privacy policy, including:
websites operated by us, including chiswickhouseandgardens.org.uk (our “Website”);
our social media properties including Instagram, Facebook, and LinkedIn (our “Social Media”);
email messages and other communications we may send to you (“Emails”);
any other offline business interactions you may have with us (“Offline Interactions”).
Collectively, we refer to the Website, our Social Media, Emails, and Offline Interactions as the “Services”.
3 – How to contact us
If you have any questions regarding this privacy policy or your Personal Data, please contact dataprotection@chgt.org.uk or write to us at: Data Enquiries, Chiswick House and Gardens Trust Chiswick House London W4 2QN.
4 – How to change the Personal Data we hold about you
The accuracy of your Personal Data is important to us, and you can help to keep our records up-to-date by telling us when your contact details and other Personal Data changes, and if you change your mind about how we should contact you.
Every email that we send to you will include details on how to change your communications preferences or unsubscribe from future communications.
It is important that the Personal Data which we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
If you would like to update the details that we hold, or change your contact preferences, please notify us at dataprotection@chgt.org.uk.
5 – What Personal Data do we collect?
Personal Data that we receive from you:
Identity Data: includes your first name, last name, title, date of birth, gender and contact details (such as email address, telephone numbers and delivery address), including for your parent or guardian if you are under 16.
Education Data: if you are a student, including name of your college/university/community group and your course details.
Financial Data: includes bank account and payment card details (including billing address) if you are making a purchase or donation and your preferences relating to Gift Aid.
Transaction Data: includes details about payments to and from you and details of tickets or services you have purchased from us.
Supporter Data: includes information relating to memberships, donations, attendance at events and interests.
Health Data: if you have a disability, information about your access requirements (for example if you require wheelchair access, an assistance dog, assisted hearing audio descriptions, BSL interpretation or a seat for a personal assistant); information about your allergies or dietary requirements if you are participating or attending an event and information about your health if we are investigating an accident or other incident that has occurred at the Chiswick House and Gardens Trust.
Image Data: includes your image and likeness as captured on our CCTV cameras and in photographs, video and audio recordings if you participate in a workshop or other event, or where such photos and videos and submitted by you while using our Services.
Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
User Content: such as information about how you use our website and services, including reviews about our Services and other content that you may create or share with us during our relationship, including posts on our Social Media and comment sections.
Personal Data collected automatically through your use of our Services:
Technical and Online Activity Data: includes the technical data we collect automatically when you visit our Website such as the IP address used to connect your computer to the Internet; other technical information including your login information, browser type and version, time zone setting, language settings, browser plug-in types and versions, device type (e.g., phone, tablet), operating system and platform, mobile device carrier, radio/network information (e.g., WiFi, 4G/5G); information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including time and date), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and/or Website; this includes data obtained through cookies and similar technologies. This includes data obtained through cookies and similar technologies, as described in our Cookie Policy.
Other sources from which we collect Personal Data:
Social Media: Depending on your settings or the privacy policies for social media and messaging services like Facebook, X (formerly Twitter) and Instagram you may give us permission to access information from those accounts or services, such as profile pictures, social media account ID, and other public social media profile information, including lists of friends/followers on social media.
Ticket Agents: You transfer Personal Data to us when you book a ticket via ticket agents for a production or other event at the Chiswick House and Gardens Trust.
Chiswick Cricket Club: During the cricket season, Chiswick Cricket Club manages bookings to hire our cricket pitch and pavilion. When you make a booking through Chiswick Cricket Club, we receive Personal Data from Chiswick Cricket Club about your booking. We and Chiswick Cricket Club are jointly responsible for the processing your Personal Data for this booking process. You may contact us at dataprotection@chgt.org.uk or Chiswick Cricket Club if you would like more information about the joint arrangement between the Chiswick House and Gardens Trust and Chiswick Cricket Club, if you have questions about how your Personal Data is jointly processed for this purpose or if you wish to exercise your legal rights with respect to this processing. Outside of the cricket season, bookings are made directly through Chiswick House and Gardens Trust.
Artists Studio Company: Artists Studio Company manages the studios that we have onsite. When you enter into a sub-licence agreement with Artists Studio Company, we receive Personal Data about you from Artists Studio Company. We and Artists Studio Company are jointly responsible for the processing of your Personal Data in connection with the studio sub-licence. You may contact us at datprotection@chgt.org.uk or Artists Studio Company if you would like more information about the joint arrangement, if you have questions about how your Personal Data is jointly processed in relation to the sub-licence or if you wish to exercise your legal rights with respect to this processing.
Analytics Providers: Such as Google or social media platforms such as Facebook and X (formerly Twitter).
Other third parties: We may collect information from publicly available sources such as newspapers or online, such as Companies House or the Charity Commission, marketing partners or other third-party providers.
6 – How do we use your Personal Data?
We process your Personal Data where we have a valid legal basis under the UK GDPR, including:
| Processing Purpose | Legal Basis for Processing and Examples of Related Activities | Personal Data Used |
| Administering the Services | We engage in the following activities to manage our contractual relationship with you: Providing the Services’ functionality to you, such as when you register for an account on our Website, book a ticket or other event; when you hire our cricket pitch or pavilion or hire any of our grounds or buildings; when we need to contact you with important information relating to a contract we have with you; and to manage and administer our relationship with you, such as by keeping our database up to date, responding to you if you have donated, contacting you about administrative matters, renewing your membership or responding to your complaints or feedback. | Identifiers; User Content; Preferences; Marketing and Communications Data; Image Data; Financial Data; Transaction Data; Education Data; Health Data; Online Activity Data; Technical Data. |
| Operations and general business | We engage in the following activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest: Manage and improve the Services, including by administering online Services (including troubleshooting and diagnostic testing, ensuring the security of our Website and other technology systems, conducting performance analyses of our systems and Services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and hosting data); and for the management of our business, including keeping financial records, to allow us to pay suppliers and to charge, invoice or refund customers. | Personal Data as relevant for the specific business operation. |
| Events, workshops and other visits | We engage in the following activities to manage our contractual relationship with you and/or based on our legitimate interest: Facilitating and participating in events or workshops, improving the quality of our events. Where required under the UK GDPR, we obtain your consent to share your details with our partner organisations; and we obtain your explicit consent to process Personal Data about your health or access needs in order for us to provide you with tailored services, such as a wheelchair accessible space. | Identifiers; Financial Data; Transaction Data; Device Data; Image Data; Health Data; Online Activity Data. |
| Marketing | Where required under the UK GDPR, we obtain your consent to send you newsletters, event invitations and updates via email or post about what’s on, priority booking, Chiswick House and Gardens news or information about membership or supporting us that we think may be of interest to you; and/or share your details with our partner organisations where you’ve consented to this. Where permitted under the UK GDPR, we engage in marketing activities based on our legitimate interest, such as to promote our Services, to learn about our audience and classify our audience into groups or segments, using booking, survey and publicly available information and to ensure we are sending relevant messages to each group; and/or to invite you to take part in research, a survey or a competition. | Identifiers; Financial Data; Transaction Data; Marketing and Communications Data; Image Data; User Content; Online Activity Data; Technical Data; Supporter Data. |
| Targeted advertising | Where required under the UK GDPR, we obtain your consent to send you targeted advertising. Where permitted under the UK GDPR, we also engage in targeted advertising based on our legitimate interest, such as providing tailored Services based on your preferences by engaging advertising partners, including third-party advertising companies and social media companies, to display ads to you on other websites and online services. These companies may use cookies and similar technologies to collect information about your interaction over time across the Services, our communications, and other online services, and use that information to serve online ads that they think will interest you. We may also share information about our users with these companies to facilitate interest-based advertising to our or similar users (known as a “lookalike audience”) on other online platforms. | Identifiers; Financial Data; Transaction Data; Marketing and Communications Data; Image Data; User Content; Online Activity Data; Technical Data. |
| Personalising our Services | Where required under the UK GDPR, we obtain your consent to provide personalised Services. Where permitted under the UK GDPR, we also personalise Services based on our legitimate interest, by personalising our interactions with you and providing you with information and/or offers tailored to your interests, delivering content via our Services that we believe will be relevant and interesting to you; when you provide us with information about your health or access needs in order for us to provide you with tailored services, such as a wheelchair accessible space. | Identifiers; Financial Data; Transaction Data; Marketing Data; Image Data; Online Activity Data; Health Data; Technical Data. |
| Improving and developing Services that we may provide to you | We engage in the following activities based on our legitimate interests, such as conducting and using data analysis and market research, to improve the quality of the Services we offer and define our marketing strategy; considering ways to enhance, improve, repair, maintain or modify our Services; identifying usage trends, for example, understanding which parts of our Services are most interesting to users; determining the effectiveness of our promotional campaigns, so we can adapt to the needs and interests of our users; to help us provide you with the best possible customer service and experience at the Chiswick House and Gardens. | Identifiers; Financial Data; Transaction Data; User Content; Image Data; Online Activity Data; Technical Data. |
| Relationship building and engagement | We engage in the following activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest, such as facilitating and responding to any social sharing and posts on our Services and other customer relationship building activities. | Identifiers; Marketing and Communications Data; Image Data; Online Activity Data; Technical Data; User Content. |
| Aggregation and/or anonymisation | We engage in the following activities based on our legitimate interest, such as collecting and aggregating information about your use of our Services with that of other users to generate statistical and demographic insights; conducting analysis and producing reports for internal use and for stakeholders such as English Heritage Trust and the London Borough of Hounslow; understanding how visitors engage with our Services, for example by calculating the percentage of users accessing a specific feature; and using insights to improve the accessibility, performance and relevance of our Services. Where any aggregated data is combined with information that can directly or indirectly identify you, we treat this aggregated data as Personal Data in line with this privacy policy. | Personal Data as relevant for the specific business purpose. |
| Security and fraud prevention | We engage in the following activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest: Conducting audits, verifying that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements; monitoring for and preventing fraud, to help ensure our customers are genuine; and for security purposes, including maintaining system security and on-site security of our premises, on-site personnel and visitors by using CCTV to prevent and detect crime and to keep people who visit and work at the Chiswick House and Gardens Trust safe and secure; to record and investigate health and safety and other incidents which have happened at the Chiswick House and Gardens Trust. | Identifiers; Financial Data; Transaction Data; Image Data; Health Data; Technical Data. |
| Legal and compliance | We engage in the following activities to manage our contractual relationship with you, to comply with a legal obligation and/or based on our legitimate interest: Fulfilling our legal and compliance-related obligations, including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities (such as reporting Gift Aid details to HMRC) and requests from you when you exercise your rights under the UK GDPR; meeting national security or law enforcement requirements, compliance with requirements set by industry-specific supervisory bodies; enforcing our terms and conditions and standards; protecting our operations; protecting the rights, privacy or property of Company; responding to auditors; and allowing us to pursue available legal remedies and make insurance claims, defend claims, and limit the damages that Company may sustain. | Personal Data as relevant for the specific legal action, regulatory investigation, and/or legal processes in question. |
| Emergency and incident response | We engage in these activities to manage our contractual relationship with you, to protect individuals’ vital interests, to comply with a legal obligation, and/or based on our legitimate interest: Ensuring the safety of our premises, on-site personnel and visitors; responding to, handling and documenting on-site accidents and medical and other emergencies; actively monitoring our properties to ensure adequate incident prevention, response and documentation (including CCTV); requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio-visual device prompts etc). | Personal Data as relevant for the specific emergency or incident. |
| Fundraising | Where required under the UK GDPR, we obtain your consent to process your Personal Data for fundraising purposes. Where permitted under the UK GDPR, we rely on our legitimate interests to carry out fundraising activities such as processing donations, managing donor relationships, tailoring donor outreach and running fundraising campaigns, including alerting you to opportunities to support the Chiswick House and Gardens Trust through making a donation, becoming a member or attending events. Further information about how we process Personal Data for fundraising is set out below in section 14 below entitled “Fundraising”. | Identifiers; Marketing Data; Supporter Data; Financial Data; Transaction Data; Online Activity Data; Technical Data; Social Media; User Content; Image Data; Education Data. |
7 – Sharing of your Personal Data
We may share your Personal Data with third parties and for the purposes described below, in compliance with the UK GDPR:
| Recipients | Purpose |
| Third-party service providers | Including service providers that provide website hosting, IT and related infrastructure, email delivery, analytics, and other services for the following purposes: Administering the Services Improving the Services Operations and general business Marketing Personalising our Services Relationship building and engagement Events, workshops and other visits Legal and compliance Fundraising |
| Advertising networks | Improving the Services Marketing Targeted advertising Personalising our Services Relationship building and engagement Fundraising |
| Analytics providers | Aggregating and/or anonymising Personal Data Security and fraud prevention Improving the Services Marketing Operations and general business Personalising our Services Fundraising |
| Business partners | Event co-sponsors (e.g., Chiswick Cricket Club) Third parties in connection with licensing, joint development or similar arrangements |
| Law enforcement, public, regulatory, and government authorities, courts, tribunals, or third parties where necessary to comply with applicable law and regulations | Emergency and incident response Security and fraud prevention Legal and compliance Responding to a request or providing information to public and government authorities (including authorities outside your country or region of residence) Responding to law enforcement requests and orders or provide information to law enforcement For dispute resolution purposes To enforce our terms and conditions To protect our rights, privacy, safety, property, and/or that of our affiliates, you or others |
| Professional advisors, such as accountants, actuaries, auditors, experts, consultants, lawyers, banks, and financial institutions | Security and fraud prevention Legal and compliance Improving the Services |
8 – Visiting our Website
Our Website may contain links to websites, plug-ins and applications that are operated by third parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those websites and this Privacy Policy does not apply to those websites. Please consult the terms and conditions and privacy policy of those websites to find out how they collect and use your Personal Data and to establish whether and for what purpose they use cookies.
9 – Cookies
Cookies are small text files that are automatically placed onto your device by some websites that you visit. They are widely used to allow a website to function (for example to keep track of your basket) as we as to provide website operators with information on how the site is being used. We use cookies to identify how the website is being used and what improvements we can make.
You can set your browsers to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.
10 – Young people
We are committed to protecting the privacy of any young people that engage with or participate in our work. If you are under 16, please ensure that you obtain your parent/guardian’s consent before and whenever you provide Personal Data. Personal Data will be appropriately protected and only accessible to a limited number of staff members.
11 – Cross-border transfers
Your Personal Data may be stored and processed in any country or region where we have facilities or engage service providers. By using the Services, you understand that your Personal Data will be transferred to countries outside of the UK to other jurisdictions, which may have data protection rules that are different from those of your country or region. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries or regions may be entitled to access your Personal Data.
Some countries outside of the UK are recognized by the UK government as providing an adequate level of data protection according to UK standards: the list of the UK’s adequate jurisdictions is available here. For transfers from the UK to countries not considered adequate by the UK government, we have put in place adequate measures, such as the standard data transfer clauses adopted by the UK government to protect your Personal Data. You may obtain a copy of these measures by contacting us in accordance with the “Your legal rights” at section 17 below.
12 – Third-party payment services
The Services may provide functionality allowing you to make donations using third-party payment services. When you use such a service to make a payment to us, your Personal Data will be collected by such third party and not by us and will be subject to the third party’s privacy policy, rather than this privacy policy. We have no control over, and are not responsible for, this third party’s collection, use and disclosure of your Personal Data.
13 – Opting out
You can ask us to stop sending you marketing information at any time by requesting the Unsubscribe button in an e-communication and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us any time as set out above in section 3.
Where you opt out of receiving marketing information, this will not apply to Personal Data provided to us when your purchase a ticket or other service from us.
Please be aware that if you opt out, it may be that we cannot provide you with certain Services. We may still send you important administrative messages, from which you cannot opt out.
14 – Fundraising
Each year we need to raise more than £1m in addition to our core grant income from English Heritage Trust and the London Borough of Hounslow. We consequently encourage support from individuals, companies and foundations who want to help us achieve our mission and reach the widest possible audience.
We process Personal Data for fundraising purposes based on our legitimate interests, including to build relationships with our supporters and ensure our fundraising efforts are effective, proportionate and targeted, in compliance with the UK GDPR and Charity Commission expectations.
We may do some limited research and profiling using publicly available sources before contacting certain individuals or organisations to understand if there is a potential connection or shared interest. We also carry out research about our current supporters so we can provide the best experience possible, tailor our communications and suggest relevant opportunities to get closer to our work. For example:
Segmenting our database (for example, by postcode where we might send information to a specific group of people who live in the same area, or to prior event attendees);
Analysing past donations to the Chiswick House and Gardens Trust and your history with us (including event attendance, historic donation patterns);
Using publicly available sources (such as newspaper websites and archives, housing market websites, company records, charity websites, Companies House, Trustfunding.org.uk, social media and media coverage) to understand philanthropic interests or identify individuals who may be able and willing to support us further;
Conducting research to identify supporters who may have the ability and willingness to give at different levels (considering indicators such as job title, networks or approximate measures of affluence to inform appropriate engagement);
Recording the reasons you have chosen to donate to us, events you have attended and other relevant information about your involvement with the Trust;
Noting interests or relationships that individuals have chosen to share with us.
This activity assists us in understanding more about the people who support us. It also enables us to better understand your interests, anticipate your needs, and to provide exceptional customer service. In line with Charity Commission guidance, we may also use your Personal Data to detect and reduce fraud and credit risk.
Before contacting a small number of individuals we may seek further information including business network information and publicly available information relating to: residential location, wealth and assets, family (excluding information on children unless personally given by the individual concerned), career, donations to other organisations (including political parties where they are made public by the individual) and hobbies and interests to create a profile of their interests and preferences. This helps us understand the background of the people who may choose to support us and helps us to make requests for gifts to those who may be able and willing to give. We may also use publicly sourced images to help identify individuals who attend our special events.
We are mindful of your rights and undertake this research in a way that balances our legitimate interests with your rights and freedoms.
You may have the right to object to your Personal Data being used for these purposes – please see the “Your Legal Rights” at section 17 below for more information. If you would prefer not to be contacted about fundraising or would like to opt out of any research and/or profiling activities, you can do so by contacting development@chgt.org.uk.
We do not use automated decision-making or sell your personal data to third parties to facilitate fundraising.
15 – How we protect your Personal Data
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
Your Personal Data is contained behind secured networks and is only accessible by a very limited number of persons who have special access rights to such systems, and who are required to keep the information secure and confidential. All financial transactions are processed through a gateway provider and are not stored or processed on our servers.
Any credit card or payment information we hold is stored securely and encrypted so that only the last four digits of the long card number are identifiable. This allows our customers to complete transactions faster and easier.
We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator when we are legally required to do so.
We will do our best to protect your Personal Data. However, we cannot guarantee the security of your data transmitted to our website before it reaches us, and any transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
16 – How long do we keep your Personal Data?
We will only keep your Personal Data in accordance with data protection law for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where your information is no longer required, we will ensure it is disposed of, deleted or cached in a secure manner.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the information, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your legal rights
You are in control of your Personal Data. Under the UK GDPR, you have the right to:
request access to your Personal Data – this enables you to receive a copy of the Personal Data we hold about you and to check that we are processing it lawfully;
ask us to correct information that’s wrong, to delete it or to request that we only use it for certain purposes;
request that we provide your Personal Data to you or another organisation in a structured, commonly used and machine-readable format;
request to withdraw your consent to use using your Personal Data at any time;
object to us processing your Personal Data based on our legitimate interests;
change your mind and ask us to stop using your information, for example, unsubscribing from any marketing emails. Please be aware that if you ask us to stop using your Personal Data, we may not be able to provide certain services to you: we will let you know if this is the case;
object to decisions being made about you solely based on automated processing, including profiling, which produces legal effects or similarly significant effects.
If you would like to issue a request to exercise any of your rights in relation to the Personal Data that we hold about you, please email dataprotection@chgt.org.uk or write to us at: Data Enquiries, Chiswick House and Gardens Trust, Chiswick House London W4 2QN. We will respond to your request consistent with the UK GDPR.
Your request should identify you and include details of the request, for example, which Personal Data you would like to access or rectify or what restrictions you would like to apply to our use of your Personal Data. For security purposes, we may need to ask for proof of your identity before we comply with your request.
Please note that we may need to retain certain information where we are required to do so by law, for regulatory compliance or to complete transactions that you began prior to your request (e.g., when you make a donation or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such transaction). Some rights may not apply in all situations or may be subject to exemptions under the UK GDPR. If this applies, we will explain the reason when we respond to your request.
If you haves a concern about the way in which we use your Personal Data, you may make a complaint to a supervisory authority for data protection matters. In the UK, this is the Information Commissioners Office: https://ico.org.uk/concerns/.
