Our museum and historic rooms will close at 13.00 Monday 24 January for necessary maintenance work.

Privacy and cookies policy

Privacy notice for Fulham Palace

Fulham Palace is the former home of the Bishops of London situated in Fulham, southwest London. It is open to the public as a historic house and garden with exhibitions and educational activities. There is a café and shop on site.

Fulham Palace Trust is a registered charity (charity number 1140088) and company (company number 07464167).  Fulham Palace Enterprises Community Interest Company (company number 07574413) is an associated company handling the commercial income on the site. Under this policy, ‘we’ and ‘Fulham Palace’ refers to both Fulham Palace Trust and Fulham Palace Enterprises Community Interest Company.

We are committed to protecting your privacy and ensuring the confidentiality of the personal information we collect.

This Privacy Notice sets out the basis upon which information is collected about you by us through the use of the Fulham Palace website and any other electronic communication networks by Fulham Palace and the use of the personal information you provide to us in person or online, via email, phone, in writing or other correspondence.

Further details on the safe storage, handling and use of personal data are provided in our full privacy policy, which can be requested from Siân Harrington, chief executive, by emailing admin@fulhampalace.org. This document also refers to how we manage personal data held on employees and volunteers.

How we collect personal information
  • We collect information about you in the following ways:
  • When you join as a Friend, Patron or Corporate Patron;
  • When you book a ticket for an event, tour or museum visit (either online or in person)
  • When you donate (either online, in person, or by filling out a form);
  • When you sign up to Fulham Palace email updates, either via the website or by filling in a form on site;
  • When you sign in to use Wi-Fi on your visits;
  • When you provide visitor feedback.

We also use a CCTV system for the prevention of crime.

Consent on how personal information is used

We will give a clear explanation of the purpose for which personal information is collected and processed. Where necessary, we will also ask for consent to be given by a positive opt in choice. Sufficient information will be provided for an informed choice to be made. The personal data will not be used for any extra purpose without additional consent being obtained. It will also be made clear how consent can be withdrawn.

Data security

We have in place physical, electronic and managerial procedures to safeguard and secure the personal information we collect.

We do use external ‘data processors’ to manage ticket purchases, online donations, hold membership and donation information and hold email mailing lists. All our data processors have provided statements on how they keep your personal data safe and secure in compliance with the General Data Protection Regulation (GDPR) 2018.

All our employees and data processors, who have access to, and are associated with the processing of personal data, are legally obliged to respect the confidentiality of our visitors’ and supporters’ personal data.

Sharing personal information

We do not share personal information with any third parties for marketing purposes.
Some of our third party data processors store information on remote servers across the world, and we have agreements with them to ensure that your information is safe and secure and not shared with other organisations.

NHS Test & Trace

In order to comply with NHS Test & Trace rules we must hold booking details for 21 days after the booked event or visit takes place. After this period, if you have not opted in to our marketing list, we will anonymise this data. Please see the privacy policy on our booking website for details of how to opt out.

No indirect collection of personal information

We do not collect personal data indirectly, for instance by tracking people individually when they have used our social media accounts.

Retention of data

We will not retain personal data if you have unsubscribed from one of our mailing lists.
Paper records such as visitor feedback, membership forms*, and email sign up forms will be destroyed after two years.

If you are a donor, we will only retain limited personal data if we haven’t had any contact with you within the last two years.

*Gift Aid records are kept on file for a minimum of six years in order to comply with HMRC regulations.

Rights to access, remove or correct personal information

You have the right to request a copy of the information that we hold about you.  Our contact details are as follows:

If a member of the public asks for their personal data to be removed from our current record systems, this will be done within one week of the request being received. The same timescale will apply when we are notified that personal information needs to be corrected or updated.
You can also opt out of email correspondence immediately by following the links to unsubscribe.


A cookie is a small file downloaded on to the hard drive of a computer or mobile device when the user logs on to a website.

One cookie we use is to remember your font size preference.

We also set Google Analytics cookies to collect general statistical information to help us understand how our website is used and to improve the service we provide. We learn whether visitors have used the website before, which pages are the most popular and how users move around the site. This information does not allow users to be identified individually.

It is important for us to be able to include your visit in our statistics. By continuing to use the website without changing settings, you are agreeing to our use of these cookies.

To find out more general information on cookies and how to control or delete them please go to AboutCookies.org or AllAboutCookies.org.

Cookies on our website

These are the cookies set commonly on our website:

  • _ga: Google Analytics. This helps us count how many people visit the website by tracking if you’ve visited before. Expires: 2 years.
  • _gat_UA-4986127-50: Google Analytics. Used to throttle request rate. Expires: 1 min.
  • _gid: Google Analytics. Used to distinguish users. Expires: 24 hours.
Other websites

On our website we occasionally provide links to other websites for your convenience and information. Please be aware that these sites may have different security and privacy policies and we have no control over and take no responsibility for any information submitted to these sites.

Changes to our privacy notice

This notice will be amended in the light of any relevant changes in legislation or related good practice.  This privacy notice was last updated in September 2020.

How to contact us

Please contact us if you have any questions about our privacy policy.  Our contact details are as follows: