Privacy Policy

Shakespeare Birthplace Trust (SBT or we) are committed to protecting and respecting your privacy.

Shakespeare Birthplace Trust Privacy Notice

Please read the following information carefully. This Privacy Notice explains how the Shakespeare Birthplace Trust (“the Trust”, “we”, “us”) collects, uses, shares and protects personal data, and the rights individuals have under data protection law.This Privacy Notice applies to:

visitors to our websites and heritage sites;
customers, donors, members, supporters and event attendees;
researchers, users of our archives and collections;
individuals who contact or otherwise interact with the Trust.

About Us

The Shakespeare Birthplace Trust is an independent charity established to care for the Shakespeare heritage sites in Stratford-upon-Avon and to promote the enjoyment and understanding of Shakespeare’s works, life and times worldwide.For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, the Data Controller is:

The Shakespeare Birthplace Trust
 Administrative Offices
 38 Henley Street 
Stratford-upon-Avon 
Warwickshire
CV37 6QW

Registered Charity Number: 209302

Privacy and Data Protection are fundamental human rights, we respect every individual’s right to privacy and data protection, and to process their data in a way that is fair and lawful.

Contact Us

If you have any questions about this privacy notice or the information we hold about you, please contact our Data Protection Team at [email protected] or by letter to the Data Protection Officer, The Shakespeare Birthplace Trust, 38 Henley Street, Stratford-upon-Avon, Warwickshire, CV37 6QW

If it would be helpful to have this notice provided in another format, please let us know.

How To Make a Complaint

If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority or seek redress through the courts. The UK supervisory authority is the Information Commissioner’s Office who can be contacted by calling 0303 123 1113 or by visiting their website at https://ico.org.uk/for-the-public.

Changes to this Privacy Notice

We continually review our Privacy Notice and update it where necessary. We advise that you regularly check our Privacy Notice for updates. We do not wish to bother you with lots of minor amendments, but where we make significant changes to our policy, we may contact you to inform you. Please contact us if you require this information in an alternative format.

Your Rights

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data in certain circumstances, including where we are processing your personal data for direct marketing purposes.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party in certain circumstances. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you want more information about your rights under the UK GDPR, please see the Guidance from the Information Commissioners Office on Individual's rights under the GDPR by visiting https://ico.org.uk/for-the-public.

If you want to exercise any of these rights, please contact our Data Protection Officer at [email protected] or by letter to the Data Protection Team, The Shakespeare Birthplace Trust, 38 Henley Street, Stratford-upon-Avon, Warwickshire, CV37 6QW

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We aim to respond to all valid data protection rights requests within one month of receipt.

In certain circumstances, the time limit for responding may be paused (“stopped”) in accordance with data protection law. This may occur where:

we need to request additional information to verify your identity; and/or
we require further clarification to understand the scope of your request.

The response period will be paused until the requested information is received. Once sufficient information has been provided, the time limit will resume from where it was paused. We will keep you informed if this applies and explain what information is needed.

Where a request is particularly complex or where multiple requests have been made, we may extend the response period by up to a further two months, as permitted by law. If an extension is required, we will notify you within the original one-month period and explain the reasons for the delay.

Keeping Your Data Secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used/accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data for specified purposes, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How Long Will We Store Your Personal Data?

We maintain retention schedules which define the periods for which we will store your personal data. We will only store personal data for as long as we have a legitimate need to retain it, either for statutory/legal reasons or because we need the data to be able to provide you with services or for other legitimate business needs.

When we no longer need this information, we will anonymise your data and/or dispose of it securely. A copy of our retention schedule is available by request to the Data Protection Officer.

Transfer Of Your Information Outside of the United Kingdom and EU

Under the provision of providing our services, it may be necessary to transfer your personal data outside the UK and EU.

Whenever we transfer your personal data out of the UK/EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
We will put in place appropriate safeguards as set out in the UK and EU GDPR, including the use of International Data Transfer Agreement/Standard Contractual Clauses or other specific contracts approved for use in the EU and UK which give personal data the same protection it has in EU/UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK. If you would like any further information, please contact us via

Automated decision-making.

Automated decision-making is the process of making a decision by automated means without any human involvement. We do not currently process your personal data in this manner.

The Data We Collect About You

Personal data is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may process different kinds of personal data about you as follows:

Contact Data – such as your name, postal address, email address and telephone number.

Financial Data – such as payment information relating to donations, memberships, ticket purchases or other transactions. Payment card details are processed securely by our payment service providers.

Transaction and Contractual Data – details of tickets, memberships, donations, event bookings, purchases, services provided to you, and related contractual information.

Usage and Behavioural Data – information about how you use our websites, services, online platforms or Wi-Fi services, including interaction data and preferences.

Communications Data – information contained in correspondence with us, including emails, letters, telephone calls and other communications.

Technical Data – including IP address, browser type and version, device information, operating system, time zone settings and other technical data generated through your use of our websites.

CCTV and Image Data – images captured via CCTV systems at our premises, or photographs taken at events or activities where appropriate.

Open-Source and Publicly Available Data – information that is lawfully available from public records or openly available sources, where relevant to our activities.

Documentary and Identification Data – copies of documents provided where required for specific purposes.

Socio-Demographic Data – limited information such as occupation, organisation, or area of interest, where relevant to research, education, fundraising or engagement activities.

National Identifier Data – such as National Insurance numbers or other government-issued identifiers, processed only where strictly necessary ,for example, for Gift Aid claims.

Special Category Data

In limited circumstances, we may process special category personal data, which is afforded additional protection under data protection law. This may include information relating to health, accessibility needs or safeguarding concerns.

We only process special category data where it is necessary and where an appropriate lawful condition under Article 9 of the UK GDPR applies, including where processing is required for reasons of substantial public interest, to comply with legal obligations, for safeguarding purposes, or where explicit consent has been obtained.

How we use your personal data:

Shakespeare Birthplace Trust processes your Personal Data for the following purpose:

Purpose of Processing	Lawful Basis
To provide, manage and fulfil ticket sales, memberships, donations, events, products and services	Performance of a contract
To process payments, fees and refunds	Performance of a contract
To communicate with you about bookings, purchases, memberships or services	Performance of a contract
To administer memberships, passes, subscriptions and supporter schemes	Performance of a contract
To exercise or enforce contractual rights	Performance of a contract
To send direct marketing communications where consent is required	Consent
To manage marketing preferences and renew consent where applicable	Consent
To share testimonials, feedback or images where you have agreed	Consent
To conduct surveys or research where consent is required	Consent
To provide personalised online experiences using consent-based technologies	Consent
To respond to data protection rights requests	Legal obligation
To comply with accounting, tax, audit and Gift Aid requirements	Legal obligation
To meet safeguarding, regulatory and statutory obligations	Legal obligation
To prevent, detect and investigate crime or fraud	Legal obligation
To cooperate with law enforcement or regulatory authorities	Legal obligation
To manage internal administration and operational communications	Legitimate interests
To improve services, visitor experience and charitable activities	Legitimate interests
To ensure the security of our premises, systems and networks	Legitimate interests
To handle complaints, queries and correspondence	Legitimate interests
To verify identity where proportionate and necessary	Legitimate interests
To maintain accurate records and carry out data quality checks	Legitimate interests
To analyse engagement with our services and websites	Legitimate interests
To communicate with existing supporters about similar charitable activities where permitted by law	Legitimate interests

Glossary of Lawful Bases

Legitimate Interests 

This means processing personal data where it is necessary for the legitimate interests of the Trust in carrying out its charitable purposes and day-to-day operations, provided those interests are not overridden by the rights and freedoms of individuals. 

We carefully consider and balance the potential impact on individuals ,both positive and negative, before relying on this lawful basis. We do not rely on legitimate interests where our interests are overridden by an individual’s rights, unless we are otherwise required or permitted to do so by law. Further information about how we assess our legitimate interests for specific activities is available on request.

Performance of a Contract

This means processing personal data where it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request before entering into such a contract (for example, purchasing tickets, memberships or donations).

Legal Obligation 

This means processing personal data where it is necessary for compliance with a legal or regulatory obligation to which the Trust is subject.

Consent

This means you have given a freely given, specific, informed and unambiguous indication of your agreement to the processing of your personal data. You may withdraw your consent at any time.

Sharing Your Personal Data

We may share your personal data with the third parties such as:

suppliers and those who process data on our behalf.
those to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Any entity to whom we are legally required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, law enforcement agency or other regulatory authority.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Hotjar - Unlimited insights from your web and mobile sites

Last updated: May 2026

Shakespeare's Birthplace

Visit William Shakespeare's Birthplace and explore his childhood world, right where it all began.

Anne Hathaway's Cottage

Relive Shakespeare's love story at Anne Hathaway's Cottage

Shakespeare's New Place

Walk in Shakespeare's footseps

Plan Your Visit

Prices, booking, opening times and more to help you get organised

What's On

Enjoy seasonal activities and special events throughout the year

Visiting FAQs

Information to help you plan your visit to Shakespeare's family homes