Shop Account

Privacy

At Blenheim we take the security and privacy of data very seriously. Our security measures are continuously maintained and adhered to along with our privacy policy below. Blenheim is the data controller and our registered address is Blenheim Palace, Woodstock, Oxfordshire, OX20 1PP.

Updated 17/10/2025

1. Who are we

2. Important information about this policy

3. Personal information we process

4. How we collect personal information

5. How we use personal information and our lawful basis for processing it

6. Marketing

7. Disclosures of your personal information

8. International transfers

9. Data security

10. How long we retain personal information

11. Your legal rights

12. Contact details

1. Who are we

Blenheim Palace includes a number of related entities, including for the purpose of this privacy policy ("policy"), the following entities:

The Blenheim Palace Heritage Foundation ("BPHF"), whose principal office is at The Estate Office, Blenheim Palace, Woodstock, Oxfordshire, OX20 1PP, is a registered charity in England and Wales (charity registration number: 1166164), which primarily focuses on the online and in-person sale of Admissions Tickets for Blenheim Palace, Park and Gardens; and
Blenheim Visitors Limited ("BVL"), whose principal office is at The Estate Office, Blenheim Palace, Woodstock, Oxfordshire, OX20 1PP, is a company registered in England and Wales (company registration number: 5957291), which primarily focuses on the sale of Blenheim Palace products and services via its website and in-person in its retail outlets, restaurants and cafes.

BPHF and BVL (together referred to as "we", "us" and "our") collect, use and store (collectively referred to as "processes") information about individuals ("personal information"), including visitors to our website: https://www.blenheimpalace.com/ ("Websites") and Blenheim Palace, Park and Gardens ("you", "your").

BPHF and BVL each act as a "Controller" regards the personal data it collects and processes. While this policy includes information that applies to both entities, where information specifically relates to BPHF or BVL, it is clearly identified throughout this policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact us via at dataprotection@blenheimpalace.com

2. Important information about this policy

The purpose of this privacy policy ("policy") is to: (i) make you aware of what personal information we will hold, how and why your personal information will be used, and how long it will be retained for, and (ii) provide you with certain information that we are required to notify you of under the UK data protection laws.

Please read this policy carefully as it explains how we use personal information. We keep this policy under regular review and may change this policy and, when we do, we update this page, so please check back frequently.

We have designed this policy to make it easier for you to navigate the information contained within it and locate the information that is most relevant to you. For example, we use clearly worded sections headings, which are always visible as a navigation tool on the left-hand side of the page, to make it easy for you to explore the information of most interest to you by clicking on the relevant section heading.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us, for example a new address or email address.

Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

3. Personal information we process

Personal information (also referred to as "personal data") means any information describing or relating to an identified or identifiable individual, which we process during our interactions with you. To the extent permitted by applicable laws, and only under the circumstances identified in this policy, we may collect and process a limited amount of personal information falling into "special categories of personal information" often referred to as "sensitive personal information".

We collect and process various types of personal information about you during our interactions with you, which we have set out in the table below, as well as identifying the relevant Blenheim processing entity:

Category	BPHF	BVL
Personal Details	Name Password Age	Same as BPHF
Contact Details	Address Email address Telephone or mobile number	Email address Telephone or mobile number
Transaction and Profile Data *Please note we do not collect or store card payment details.	Purchases made by you, annual pass status, Gift Aid declaration, details of donations and gifts Your interests, preferences, feedback and enquiries	Purchases made by you (including in our physical shops and online) Table bookings made (including date of table booking and number of guests) Your interests, preferences, feedback and enquiries
Marketing and Communications Data	Preferences in receiving marketing from us (and our third parties) and your communication preferences	Same as BPHF
Usage Data	Information about how you interact with and use our Website, including analysis of visitor traffic on our Website and the performance of our Website so we can improve the user experience	Same as BPHF
Technical Information	Internet protocol (IP) address Login data Browser type and version Time zone setting and location Operating system and device type (and ID) Display settings Session start / stop time Referral URL Geo-location address	Same as BPHF
Safety and Security Data	Images / recordings Vehicle registration plate number In the event of a health emergency or incident) sensitive personal data about your health or medical condition) and details of the emergency, accident or injury Where any criminal activity or alleged criminal activity (including fraud) is discovered by us via our interactions with you or our use of CCTV or ANPR) criminal offences data	Same as BPHF

We only collect children's personal data where it is provided by a parent or individual with parental responsibility. If you purchase an Admissions Ticket or additional experience that includes a child, we only collect information about the child necessary for such purchase [and will only use this information to better understand how to improve our future offerings to families in terms of offers and events, we will not contact your child directly]. Our Education Department welcomes children from various local schools, and we only collect information about children necessary for the purposes of administering educational visits.

If you have contacted us on behalf of an organisation, for example making an enquiry regards filming at Blenheim or an educational visit, we will also store details of individuals in their professional capacity including the name of their employer and any relevant business contact details.

Apart from personal information relating to you, if you provide us with the personal information of any third parties, before you provide such third-party personal information to us, you must first inform these third parties of any such information which you intend to provide to us and of the processing that we will carry out, as detailed in this policy.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal information as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to analyse general trends in how users are interacting with our Website to help improve it and our product and service offering.

4. How we collect personal information

We use different methods to collect information from and about you including through:

Your interactions with us

You may give us your personal information in person, by filling in online forms or by corresponding with us by post, phone, email or otherwise.

This includes personal information you provide when you:

create an online account with us;
make a purchase from us (whether online or in-person);
make a donation to us (whether online or in-person);
visit, or interact with us via, our Website;
request our newsletter to be sent to you;
give us feedback or contact us, make enquiries, requests or complaints (whether via our Website, email, over the phone or in-person);
participate in or enter (as applicable) a promotion, competition or prize draw via our Website or social media, or complete a survey;
visit us and use our car parks via our Closed Circuit Television (CCTV), Automatic Plate Recognition Technology (ANPR), which record your image (and as applicable your vehicle registration plate number) during your visit;
where you provide products or services to us;
And where a tenancy arrangement exists

Automated technologies or interactions

As you interact with our Website, we will automatically collect Technical Data and Usage Data (further details of which are set out above). We collect this personal information by using cookies and other similar technologies. Please see our Cookie Policy for further details.

Trusted Third Parties

From time to time we will augment or engage third parties to augment the personal data we have obtained from your interactions with us with information publicly available.
We may also carry out research using publicly available information to identify individuals who may have an affinity with our objectives but whom we are not already in touch with. This research helps us to understand more about you as an individual so we can focus our communications in the most effective way. We conduct this on the basis of Legitimate Interest.

5. How we use personal information and our lawful basis for processing it

Whenever we process your personal information we do so on the basis of a lawful basis or justification for that processing. Processing of sensitive personal information is always justified on the basis of an additional lawful basis.

In most cases, we rely on one or more of the following lawful bases:

Performance of a contract with you: where the processing is necessary to perform the contract we are about to enter into or have entered into with you.
Legal obligation: where the processing is necessary for compliance with a legal obligation that we are subject to.
Legitimate interests: where the processing is necessary for our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information.

In exceptional circumstances we may carry out processing based on your consent. Where we rely on consent, we will make it clear at the time.

We have set out below, in a table format, a description of all the ways we use your personal information, and which of the lawful bases we rely on to do so. We have also identified what our legitimate interests are (where appropriate).

Purpose/Use	Type of personal information	Blenheim entity	Lawful basis for processing
To provide our products and services, including: (i) Admission Tickets purchased online (via your online account or otherwise) or in-person, (ii) gifts, vouchers and other items purchased online or in our shops, restaurants and cafes, and (iii) filming and educational visits arranged via our Website, email, over the phone or in-person	Personal Details Contact Details	BPHF and BVL	The processing is necessary for the performance of a contract ("performance of a contract"). We may also process certain personal information to comply with legal obligations to which we are subject such as tax and financial reporting.
To manage our relationship with you including: (i) via your online account, (ii) notifying you about changes to our terms of business, this policy [or cookie policy], and (iii) dealing with your enquiries, requests, complaints and queries	Personal Details Contact Details Transaction and Profile Data	BPHF and BVL	The processing is necessary for the performance of a contract. Additional processing is necessary for our legitimate interests to respond to any correspondence or queries you send us.
To enable you to participate in a promotion, competition, prize draw or survey	Personal Details Contact Details Marketing and Communications Data	BPHF and BVL	The processing is necessary for the performance of a contract. Additional processing is necessary for our legitimate interests to analyse how our visitors interact with us and use our products and services, and to help us improve our products and services.
To send relevant marketing and/or fundraising communications and recommendations about our products and services and any relevant events that may be of interest to you based on your Transaction and Profile Data and Marketing and Communications Data	Personal Details Contact Details Transaction and Profile Data Marketing and Communications Data	BPHF and BVL	This processing is necessary for our legitimate interests to carry out direct marketing, fundraising, develop and improve overall visitor experience and our products and services. Where information is solicited, consent, for example, where you consent to receiving direct marketing from us.
To share our plans in relation to the conservation, restoration and maintenance of Blenheim Palace. Through this we will share how you can support us in fulfilling our charitable objective of carrying out vital restoration and preservation projects whilst sharing the Palace and Park's extensive history and beauty to the public.	Personal Details Contact Details Marketing and Communications Data	BPHF	This processing is necessary for our legitimate interests of sharing and promoting our charitable goals
To fundraise and promote our charitable objectives	Personal Details Contact Details Transaction and Profile Data Marketing and Communications Data	BPHF	As a charitable organisation, we undertake in-house research and from time to time engage trusted specialist wealth screening agencies to fast track the research to identify individuals who may have an affinity to our cause. This is a legitimate interest
To administer and protect our Website and deliver material to our Website including trouble shooting, data analysis, testing, system maintenance, support, reporting and hosting of data	Technical Information	BPHF and BVL	This processing is necessary for our legitimate interests to run our operations effectively and securely, the provision of administration and IT services, network security, and improve, develop and protect our Website. Where any personal information is collected for any of the above-mentioned purposes via a cookie used on our Website, we rely on consent.
To use data analytics to improve our Website, products, fundraising and services, visitor relationships and experiences and to measure the effectiveness of our Website, communications, marketing and fundraising.	Technical Information Usage Data Marketing and Communications Data	BPHF and BVL	This processing is necessary for our legitimate interests to define types of customers for our products, fundraising and services, to keep our Website updated and relevant, to develop our operations and to inform our marketing strategy. Where any personal information is collected for any of the above-mentioned purposes via a cookie used on our Website, we rely on consent.
To protect and secure Blenheim Palace, Park and Gardens and for the safety and security of its employees and visitors	Safety and Security Data	BPHF	This processing is necessary for our legitimate interests in ensuring that our operations, visitors and employees are protected and action is taken to mitigate risk and to prevent and detect any criminal activity or alleged criminal activity. We will process this data for the purposes of preventing or detecting unlawful acts. Depending on the circumstances, this processing may also be necessary to protect the vital interests of you or another individual.
To administer and manage our relationships with other third parties such as suppliers assisting us with the provision of products, fundraising and services to, and management of, visitors, including disclosure of information to third parties acting as our "Processors" for the provision of services as set out in section 7	Personal Details Contact Details	BPHF and BVL	This processing is necessary for our legitimate interests to ensure that we can engage with suppliers effectively and that they can access the relevant information they need to provide us with the services for which they have been engaged. Effective communication with and engagement of suppliers is important for business continuity, fundraising, development and improvement.
Complaints, claims and litigation to enforce our legal rights and obligations, and for the purposes in connection with any complaint or legal claim made against us	Potentially all types of personal data	BPHF and BVL	This processing is necessary for our legitimate interests in protecting Blenheim Palace from breaches of legal obligations owed to it and defending itself against litigation. It is important to protect our business from damage or loss to ensure its continued success and growth.
Legal or regulatory disclosures to comply with lawful requests by public authorities (including law enforcement), discovery requests, or where otherwise required or permitted by applicable laws, court orders, governmental regulations or regulatory authorities	Potentially all types of personal data	BPHF and BVL	This processing is necessary to comply with our legal obligations where there is a legal obligation to disclose information or a court or legal order to provide information. Where not legally required, necessary for our legitimate interests in co-operating with relevant authorities, government bodies or regulators for the provision of information where appropriate. We wish to maintain our reputation as a good corporate citizen and to act ethically and appropriately.

We only process the following types of sensitive personal information if the circumstances set out below arise during our interactions with you, in which case, we will rely on the additional lawful basis set out below:

Purpose/Use	Type of sensitive personal information	Lawful basis for processing
Safety and security	Information about health and medical conditions	This processing is necessary to comply with relevant health and safety laws. Depending on the circumstances, this processing may also be necessary to protect the vital interests of you or another individual, for example, if there is a danger to life.
Preventing and detecting unlawful acts	Information about criminal activity or alleged criminal activity	This processing is necessary for compliance with legal obligations to which we are subject, for example, where we become aware that a criminal offence (or potential criminal offence) has taken place in Blenheim Palace, Park and Gardens, where we have a legal requirement to report such offence (or potential offence) to law enforcement.
Enforcing our legal rights and obligations regards any complaints, claims and litigation, and for the purposes in connection with any complaint or legal claim made against us	Potentially any of the above.	This processing is necessary to establish, exercise or defend legal claims.

6. Marketing & Fundraising

You will receive marketing communications from us if you have requested information from us (such as a newsletter), purchased products or services from us, donated to us, or not opted out of receiving the marketing.

You can ask to stop sending you marketing communications at any time by following the unsubscribe links within any marketing communication sent to you or by contacting us via the contact details provided below. It may take up to 14 days for your change in preference to take effect and the change will not affect any marketing emails which have already been scheduled to be sent in the future. If you opt out of email marketing, we may still need to send you service communications by email occasionally, such as information about changes to our services.

We may also analyse your Personal and Contact Details, Technical Information and Usage Data to form a view which of our products and services may be of interest to you so that we can then send you relevant marketing and fundraising communications.

For more information about the cookies we use and how to change your cookie preferences, please see our Cookie Policy.

7. Disclosures of your personal information

Within BPHF and BVL personal information is shared internally on a need-to-know basis with each entity's respective staff and personnel including trustees, directors, shareholders, employees, contractors and other temporary workers.

Depending on your dealings with us, we may share some or all of the personal information set out in section 3 where necessary with the following third parties for the purposes set out in section 5:

Category of recipients	Details of disclosure
External	We engage third party service providers, suppliers and vendors from time to time (some as our processors) to: IT service providers to help us manage our IT and back-office systems. Data and website service providers including web hosting, storage and web analytics. Analytics providers to help us improve and optimise our products and services. (where you attend an event hosted or sponsored by us) event organisers and logistics companies in connection with the event. Sub-contractors, suppliers or service providers engaged by us to deliver a product or service what we have instructed them on or assist with visitor management. Other third parties with a legitimate need to have access to data Professional advisors such as tax and legal advisors.
External	We may disclose personal information if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process (including to law enforcement or competent authorities like the policy and tax authorities).
External	Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Some or all personal information set out above may be disclosed in the case of a corporate transaction. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

8. International transfers

We may transfer your personal information to service providers that carry out certain functions on our behalf. This may involve transferring personal information outside the UK to countries which have laws that do not provide the same level of data protection as the UK law.

Whenever we transfer your personal information out of the UK to service providers, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place (as applicable):

We will only transfer your personal information to countries that have been deemed by the UK to provide an adequate level of protection for personal data.
We may use specific standard contractual terms approved for use in the UK which give the transferred personal information the same protection as it has in the UK, namely The International Data Transfer Addendum to the European Commission's standard contractual clauses for international data transfers. To obtain a copy of these contractual safeguards, please contact us at the contact details set out in section 12 below.

9. Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

10. How long we retain personal information

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we must keep basic information about our visitors (including Personal and Contact Details) for 7 years after they ceased being active customers for tax and financial reporting purposes. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. If you opt-out of future marketing from us, we will only retain the information required to appropriately record your opt-out for the purposes of our opt-out/suppression list for an indefinite period.

In some circumstances you can ask us to delete your personal information: see section 11 below for further information.

11. Your legal rights

Depending on the circumstances, you have a number of rights under data protection laws in relation to your personal information. You have the right to:

Request access to your personal information (i.e. a "data subject access request" or "DSAR")	This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you	This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal information in certain circumstances	This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your information (including carrying out profiling based on our legitimate interests)	In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object. You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes (see section 6 for details of how to object to receiving email marketing communications).
Request the transfer of your personal information to you or to a third party (where applicable)	This will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal information (where applicable) (see the table in section 5 for details of when we rely on your consent as the legal basis for using your data)	Where this is applicable, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Request restriction of processing of your personal information	This enables you to ask us to suspend the processing of your personal information in one of the following scenarios: If you want us to establish the accuracy of the data; Where our use of the data is unlawful but you do not want us to erase it; Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to make a complaint at any time to the Information Commissioner (ICO)	See Contact Us below for further details.

If you wish to exercise any of the rights set out above, please contact us at the contact details provided in section 12.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12. Contact details

If you have any questions about this policy or about the use of your personal information or you want to exercise your privacy rights, please contact us at dataprotection@blenheimpalace.com. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Newsletter sign-up

Stay up to date with our latest news, offers and events by entering your details here...

Select Language

Web Accessibility