We will not sell your personal information to any third parties or external organisations.
Sharing your information with the National Gallery Company Ltd.
We share information with the National Gallery Company Ltd., which runs the shops and venue hire in the Gallery, and oversees the running of the cafes and restaurants in the Gallery and the sale of audio guides in the Gallery. Complaints and feedback we receive about the shops, restaurants, cafes, and audio guides may be shared with the Company and in the event of a security incident taking place in a shop, cafe, or restaurant, or at a venue hire event which is run by the Company, CCTV footage may be shared with the Company.
If you agree to receive email communications from the Gallery, we will share your information with the National Gallery Company Ltd., but they will not contact you about shops or other services they provide unless you specifically consent to this through our email preference centre.
Sharing your information with our service providers/external data processors
We may share some of your personal information with our service providers/external data processors, to carry work out on our behalf. Examples of such service providers/data processors include:
- Securitas, which provides security and visitor services within the Gallery; we share CCTV footage and other information about security incidents in the Gallery with Securitas; Securitas processes information enquiries (including requests to use the Gallery’s disabled parking space) received in the Gallery on our behalf; Securitas provides trained first-aiders in the Gallery, who record details of any accidents within the Gallery if they are called to assist; Securitas sells Memberships and exhibition tickets on desks in the Gallery, and records on our behalf personal data of those making these purchases; Securitas processes comments and complaints submitted to the Gallery and responds to these on our behalf and in liaison with us;
- The National Gallery Company Ltd. who sells Memberships and tickets online on our behalf;
- Our email distribution service provider who sends out our marketing emails;
- Our mailing house who sends out our Membership welcome and renewal packs;
- Our ticketing service provider;
- Our service provider enabling us to evaluate our education programmes; and
- Our third-party Wi-Fi infrastructure provider who collects and processes MAC addresses and information regarding usage of our Wi-Fi service on our behalf.
Any such companies are acting as our data processors and the contracts we enter into with them require them to comply with UK data protection laws, to process only for the purposes we specify, and ensure they have the appropriate controls in place to protect the security of your information.
Sharing information of patrons and donors
If you are a patron or donor we may share information with the National Gallery Trust or the American Friends of the National Gallery, London Inc. if you make your donations through one or other of those supporting charities. See What this means for our donors, patrons, and potential supporters for more information.
Sharing CCTV footage and Wi-Fi usage data
CCTV footage and Wi-Fi usage data (including MAC addresses) may, in the event of a security incident, be shared with the police and/or local authorities where it is lawful and appropriate to do so, in accordance with our legitimate interests outlined above.
Sharing with YouTube
Although we do not share your personal data with Google or YouTube, we are contractually obliged to include information about how the Gallery uses the You Tube API. The Gallery website uses YouTube API services to show YouTube videos and playlist information in its pages. We do not access, collect, store or otherwise use any user personal information from YouTube. We also do not share any website user personal information with YouTube.
By accessing the YouTube videos through the YouTube API on the Gallery website, your personal information may be collected by YouTube. For further information on how Google and YouTube handle your personal information, please refer to the Google Privacy Policy.
The Gallery’s Cookies policy explains what cookies or other similar technology may be placed on a user’s device when accessing video content through the YouTube Player.
Sharing as part of NHS Test and Trace
How we share your personal data with NHS Test and Trace is described in the What this means for your visit to the Gallery section of the Privacy Policy.