Tower Bridge Privacy Notice

Tower Bridge is one of the five London Thames bridges supported and maintained by Bridge House Estates, a registered charity in England and Wales (Charity No. 1035628). The City Bridge Foundation is the working name of Bridge House Estates. The City Corporation is charity’s sole corporate trustee.

The City Bridge Foundation privacy notice contains information on how it processes personal information, including by Tower Bridge. This Privacy Notice should be read in conjunction with the Privacy Notice available on the City Bridge Foundation website which is available here: City Bridge Foundation | Home

As the charity’s sole trustee, the City Corporation is the registered Data Controller in respect of personal information processed by Tower Bridge. If you have any concerns or questions about how we look after your personal information, please contact the City of London’s Information Compliance Team (who handle data protection matters on behalf of the Data Protection Officer) at information.officer@cityoflondon.gov.uk. Full details on how the City of London Corporation processes personal information more generally is available at: www.cityoflondon.gov.uk/privacy

1. Your personal information

Personal information is anything that directly or indirectly identifies and relates to a living person, such as a name, address, telephone number, date of birth, unique identification number, photographs, video recordings (including CCTV) etc.

Some personal information is ‘special category data’ and needs more protection due to its sensitivity. This includes any information about an identifiable individual that can reveal their sexuality and sexual health, religious or philosophical beliefs, racial origin, ethnicity, physical or mental health, trade union membership, political opinion, genetic/biometric data. Personal information relating to criminal offences and convictions, although not ‘special category data’, is still sensitive in nature and merits higher protection.

All personal data collected will be evaluated periodically and only kept as long as necessary or in line with legal requirements.

2. When and why does Tower Bridge collect personal information?

  • Personal information will be processed by Tower Bridge when we need to manage bookings, including for events, tours, general admissions, to request and undertake a Bridge Lift for river traffic, or when you contact Tower Bridge for any other reason. This information would usually consist of your contact details including your name, email address, address and telephone number. We may sometimes contact you (where we have your consent) to ask for feedback on your visit so that we can continue to improve our services. Special category (sensitive) information will only be processed when we need to ask you about access information.
  • Personal information may be provided to us by a third-party who manages and facilitates your bookings with us to enable a seamless booking experience. We encourage you to review the third-party booking company’s own privacy notice to understand how they handle your information when processing it on our behalf.
  • Tower Bridge may process personal information when you hire our spaces for your private events such as parties or weddings. Private event enquiries are received through the Tower Bridge Events website (https://towerbridgeevents.co.uk/). Some of the information processed for private events may be sensitive where it concerns access, dietary, data concerning a person’s sex life or sexual orientation or data revealing racial or ethnic origin or religious beliefs, and is required to ensure a bespoke service can be provided to meet the needs of your special event. 
  • Tower Bridge may also process personal and financial information, including payment information, when you purchase from the Tower Bridge shop, whether on-line or when you visit in person.
  • Tower Bridge may process personal information relating to the monitoring of the public on Tower Bridge. This may be through access to CCTV footage or from patrols carried out on the bridge for the purposes of securing the safety of the public. To send you communications by electronic means (emails and e-newsletters) in order to inform you of other relevant news, including promotions and products, and surveys related to Tower Bridge.
  • In addition to third-party booking companies, we also work closely with other third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive your personal information through them. We will notify you when we receive information about you and the purposes for which we intend to use that information.

3. Lawful grounds for processing your personal information

Generally, the processing of your personal information as described in this notice is permitted by one or more lawful grounds, including:

  • Where we have your consent for example, we only use your information to send you marketing communications with your consent.
  • Where the processing is reasonably necessary for the performance of a contract to which you are a party as an individual, for example, we may rely on this basis when you hire our venue and we enter into a contract with you
  • Where the processing is reasonably necessary for the purpose of a legitimate interest pursued by us and only when the processing does not override your privacy rights. The  “legitimate interests” of City Bridge Foundation include in the furthering of our charitable and policy objectives - running and managing the charity; maintaining and supporting the charity’s five Bridges, including Tower Bridge;
  • Where the processing is necessary for archiving, research or statistical purposes.
  • Where we process special category data, we will ensure we only do so in accordance with one of the additional lawful grounds for processing that type of data, for example where we have your explicit consent or to protect the vital interests of individuals (i.e those relating to life and death)

4. Consent

If we have consent to use your personal information for any particular reason, you have the right to remove your consent at any time. If you want to remove your consent, please contact funding@cityoflondon.gov.uk and tell us which service you are using, so we can deal with your request.

5. Your rights regarding your personal information

The law gives you a number of rights in relation to what personal information is used by the City Corporation , and how it is used. These rights are listed below, and more details can be found in the City of London’s Data Subject Rights Policy.

You can ask us to:

  • Provide you with a copy of the personal information that we hold about you.
  • Correct personal information about you which you think is inaccurate.
  • Delete personal information about you if you think we no longer should be using it.
  • Stop using your personal information if you think the data is incorrect, the processing is unlawful, or we no longer need to use your data.
  • Transfer your personal information to another organisation in a commonly used format.
  • Not use automated decision-making processes to make decisions about you.

Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that We do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.

6. Who do we share your personal information with?

In some circumstances, we use other organisations to either store personal information or use it to help deliver our services to you, for example a third-party database provider or an organisation that helps us gather customer feedback  Where we have these arrangements, there is always an agreement in in place to make sure that the organisation complies with data protection law.

Sometimes we have a legal duty to provide personal information to other organisations.

We may also share your personal information when we consider/believe that there is a good reason to do so, which is more important than protecting your privacy. This doesn’t happen often, but in these circumstances, we may share your information:

  • to find and stop crime and fraud; or
  • if there are serious risks to the public, our staff or to other professionals;
  • to protect a child; or
  • to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them

For all these reasons, the risk must be serious before we can override your right to privacy.

If we are worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation before doing so.

We may still share your information if we believe the risk to others is serious enough to do so.

If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why, if we think it is safe to do so.

7. How do we protect your personal information?

We have a legal duty to make sure we hold your personal information (on paper and electronically) in a secure way, and to only make it available to those who have a right to see them. Examples of our security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password).
  • Pseudonymisation, meaning that we will use a different name or identifier to hide parts of your personal information from view. This means that someone outside of the City of London could work on your information for us without ever knowing it was yours
  • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
  • Training for our staff allows us to make them aware of how to handle personal information, and how and when to report when something goes wrong

You can find more details of our Information Security expectations in our IT Security Policy.

8. Where we store your personal data

The data that we collect from you will be transferred to, and stored at, a destination outside the European Economic Area (EEA). It will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. These staff may be engaged in the fulfilment of your request, order or reservation, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to Our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We will collect and store personal data on your Device using application data caches and other technology.

Certain Services include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users.

Last updated: 7 December 2023