Privacy (reviewed November 2023 for new website).

At Rutland Railway Museum, we’re committed to protecting and respecting your privacy.

The General Data Protection Regulation (GDPR) says that the information we provide to people about how we process their personal data must be:

  • concise, transparent, intelligible and easily accessible;
  • written in clear and plain language;
  • free of charge.

Our privacy notice below explains how, when and why we collect personal information about who visits our website – including how we use it and how we keep it secure.

Members and Volunteer Members should also read the Members Privacy notice at the end.

Who are we?

We are Rutland Railway Museum. Registered Company number 5409096. Charity number 1115462.

How do we collect information from you?

When you use our website, including when you contact us about products and services or sign up for our newsletter, we collect information from you.

What type of information is collected from you?

We collect personal information that might include your IP address, geographical location, browser type, source of referral as well as which pages you looked at and for how long. It also includes contact information that you give us when you make an enquiry.

How is your information used?

We may use your information to:

  • improve your browsing experience by personalising the website;
  • seek your views or comments on the services we provide;
  • notify you of changes to our services;
  • send you communications which you have requested and that may be of interest to you;
  • provide third parties with statistical information about our users – but this information will not be used to identify any individual user;
  • handle enquiries and complaints made by or about you relating to the website.

Who has access to your information?

We will not sell or rent your information to third parties.

We do not share your information with third parties for any purposes other than those set out in Disclosures an if you are a Member or Volunteer Member the additional privacy notice below.

What about social media?

If you make comments or posts on social media (our Facebook or Twitter page, for example), then the rules of that platform apply, so please be aware that your comments or reactions could be made public.

We don’t have any control over Facebook orTwitter so please make sure you review their privacy policies as well as the terms and conditions of any other social media platforms you use. It’s important that you understand what they do with your information – and it means you can adjust your privacy settings if you don’t want things shared or in the public domain.


We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose information about you:

  • to the extent that we are required to do so by law.
  • in connection with any legal proceedings or prospective legal proceedings.
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
  • to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.

Peace of mind about your choices

We will not contact you for marketing purposes by post, email, phone or text message unless you have given your prior consent.

How you can access and update your information

If you change email address, or any of the other information we hold is inaccurate or out-of-date, please email us at

What we do to protect your personal information

When you give us personal information, we take great care to ensure that it’s treated securely. We have strict procedures and security features in place to try to prevent unauthorised access.

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We will store all the personal information you provide on our secure (password-protected and firewall-protected) servers. Some of this data may be stored in secure servers outside the EU. It may also be processed by people operating outside the EEA who work for one of our suppliers. When you submit your personal data to us, you give your consent to it being stored and processed in this way.

All electronic transactions you make to, or receive from us, containing sensitive information will be encrypted using SSL technology.

We take great care to ensure any confidential information remains protected, but we cannot guarantee the security of data sent over the internet.

Use of ‘cookies’ (not the interesting, edible kind)

Like many other websites, ours uses cookies – small pieces of information that enable us to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. Cookies help us to improve our website and deliver a better service.

We use both ‘session’ cookies and ‘persistent’ cookies on our websites. We will use the session cookies to keep track of how you move around our website and to monitor user behaviour for statistical and marketing purposes. We will use the persistent cookies so that we recognise you when you visit our website.

Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

We use Google Analytics to analyse how our website is used. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. View Google’s privacy policy.

We use StatCounter to analyse the use of this website. StatCounter generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. StatCounter will store this information. View StatCounter’s privacy policy.

WordPress also store personal information in their user profile. View their privacy notice here.

You can switch off cookies by changing your browser preferences. Be aware that this might affect functionality when using our website.

Links to other websites

Our website may contain links to other websites run by other organisations.
This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit.
We are not responsible for the privacy notices and practices of other websites even if you access them using links from our website.

16 or under?

Welcome, young visitors!
We feel strongly about protecting the privacy of children aged 16 or under.
If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Onsite CCTV monitoring

Sadly there are a few individuals who think it is acceptable to damage and steal things.
A recent vandalism attack causing several thousands of pounds of damage to the site has reluctantly forced the Museum to install CCTV onsite. We hold CCTV recordings for a short period purely for the purposes of crime prevention and identifying those criminals. Our system is secured by logins and the recordings only accessibly to those who need to. Our CCTV system is also registered with the Information Commissioner’s Office (ICO) which can be checked here:
You can also direct questions about our CCTV monitoring to

Review of this notice

This notice was last updated in November 2023.
We review our policies on a regular basis and may update our privacy notice on our website.
You should check this page occasionally to make sure you are happy with any changes.
We may also notify you of changes to our privacy notice by email.

Members and Volunteer Members additional privacy notice

  • Your data is stored securely and carefully.
  • Cloud based systems are not used for the storage of your data and there is no expectation that your data would be transferred outside the EU.
  • Your details will never be passed to third parties, sold or exchanged with any outside organisation without your express consent.
  • As a member of Rocks by Rail you are consenting to the storage and processing of your data.
  • You should expect periodic contact regarding aspects of your membership (for example to notify you that renewal is due).
  • You can choose how we contact you but you should expect that general notifications such as Newsletters, Updates, Notice of the Annual General Meeting and Membership Renewal Notices will be sent by email as first choice method of contact.
  • Some items (such as Notice of the AGM) may be sent by letter as an alternative. Membership Lists are made available to the Trustees of Rocks by Rail and the General Manager of the Museum in order to assist with the smooth running of the organisation.
  • If you are an active volunteer working on any aspect of the running of the Museum, your details may be shared with other volunteers within your working group (for example the working group for an Open Day might all need to be able to contact each other).
  • Your details will not be shared with the General Membership of the Museum without your express consent or unless you accept a volunteer role where this is an integral part of the job.
  • If you leave the organisation your contact details will be retained for a reasonable period.
  • After you leave Rocks by Rail you can withdraw permission for the continued storage of your details at any time; your contact details will then be deleted from the list of members and paper copies will be shredded.
  • If you have any queries about the storage of your data please contact the Membership Secretary in the first instance.