Privacy Policy & Cookies Statement

This website is run by The Crown Estate, the data controller, who is committed to the protection of your privacy. All personal information given to us through this website will only be held and used in accordance with this policy, and the General Data Protection Regulation ((EU) 2016/679) (“GDPR”).

Information automatically collected and stored

We will not collect any personal information about you except where it is specifically and knowingly provided by you, for instance if you request information from us, fill in an online form or provide feedback on the website.

When personal information is collected, it may be used by us to process and fulfil requests for information or to help us to develop or personalise the website to make it more useful to you. If you complete a form on this website, you will be told why and how we will process the personal information you submit before you submit it.

Cookies are small text files sent to your computer and stored by your browser. They are used to remember browsing information. Because of cookies, your web browser can remember you are logged in, whether you’ve visited our site before and what your preferences are. Although cookies contain identifying information, the cookies we use do not contain any information that identifies you personally, and they allow us to recognise your computer or mobile device when you return to our website. It is possible to block cookies by changing the settings on your browser, but be aware that some functionality of this site may not be as rich if you do. For more information on how we use cookies, please visit our Cookies Page.

Use of emails

If you send us an email (e.g. to request information or provide feedback on website content), the information you provide will be used to help us gather the information requested and to respond to your message.

The Crown Estate scans emails, using automated monitoring techniques, for malicious software and unsuitable material.

Links to other websites

We may refer to, or establish relations with, other companies, organisations and public bodies that will enable you to access their websites directly from ours. Each company, organisation or public body will operate its own policy regarding the use of cookies and collection and use of information. If you have any concerns regarding the way in which your data will be used, you are advised to read the privacy statement on the relevant website.

We will try to provide you with links to high quality, reputable websites which we think will be of interest and relevance to you. However, please note that such third party websites are not under our control and we do not contribute to the content of such websites. We cannot accept responsibility for any issues arising in connection with the third party’s use of your data, the website content or the services offered to you by these websites.

Your rights

Your personal data is protected in the UK by the GDPR. Under this Regulation, we will process personal data we hold about you in a fair and lawful manner and will keep it secure from unauthorised access by third parties.

Your personal data may have to be disclosed if we are required by law or as a result of a lawful request by a governmental or law enforcement authority.

If you would like to complain to The Crown Estate, please refer to our complaints page for our complaints process.

Policy changes

Any changes to the privacy policy will be posted here and will take effect immediately.

Website Cookies Statement

Cookies are text files sent to your computer and used by your web browser to store information. The cookies we use allow your browser to remember whether you’ve visited our site before and what your preferences are.

As with most websites we use cookies to improve your user experience by enabling our website to ‘remember you’, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’). There are also use two different types of cookies – first party (which we own) and third party (where we allow a third party, such as Google, to set cookies on your computer or mobile device).

Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website. Cookies make the interaction between you and the website faster and easier. If a website doesn’t use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it won’t recognise you and it won’t be able to keep you logged in.

How to refuse or withdraw consent

Although the cookies we use on this website are quite harmless and do not reveal your identity, not everyone wishes to have text files downloaded onto their computer or mobile device. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functionality on this website.

You can manage how cookies engage with your computer or mobile device via your browser (e.g. Internet Explorer, Chrome, Safari, Firefox, Android), so you are alerted when cookies are sent or you can refuse cookies altogether. You can also delete cookies which have already been set.

There is also a very useful website explaining how to control your interaction with cookies – please visit this site for more information:

About Cookies

The BBC website also has a clear and comprehensive section explaining what they do and how they work. Please be aware that this section is aimed at users of their website, which employs more cookies than our own.

BBC Cookies

Cookies on our website

On this website we use only a small number of cookies. They are:

Name Owner Lifespan What does it do?
BC_BANDWIDTH Third party Session This stores the bandwidth of a user’s computer or mobile device.
tcecookie First party 6 months This stores acknowledgement of cookies notification.
PREF Third party 2 years This stores a user’s basic preferences, such as that the user wants search results in English, no more than 10 results on a given page, or has implemented a SafeSearch setting to filter out content.
_tmid Third party 10 years Tracking from Brightcove video. This is used for user analytics. Identifies unique viewers and new viewers.
__utmv Third party 2 years This is used for user-custom variables in Google analytics.
__utma Third party 2 years This stores each user’s amount of visits and the time of the first visit, previous visit and current visit.
__utmb Third party 2 years This stores how long a user stays on the site – when a visit starts and approximately ends.
__utmc Third party Session This stores how long a user stays on the site – when a visit starts and approximately ends.
__utmz Third party 6 months This stores where a visitor came from (e.g. search engine, search keyword, referral link).


Fair Processing Notice


Under the definitions in the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), The Crown Estate is the Data Controller.

Information We May Collect From You

We may collect and process the following data about you:

  • Information that you provide by filling in forms or providing information online to register an interest or to request further information or offers;
  • If you contact us by telephone, email, web form or letter, information that forms a record of that correspondence and your contact details;
  • If you visit the site in person, information, CCTV images and ANPR information we collect for health and safety and security purposes and to help us understand how our customers use our facility. We will also collect information in order to provide you with wi-fi services and for customer analysis at our sites.
  • Information you provide by responding to questionnaires, surveys and competitions and attending events.
  • Information you provide as part of your employment with us.
  • Information you may provide as part of a tenancy with us.

If you visit one of our dedicated consumer websites or The Crown Estate websites, further information may be collected – please refer to the Privacy Policy available on each website.

We treat all such data as Personal Data for the purposes of GDPR.

Where We Store Your Personal Data

The data we collect is stored on information technology systems owned and run by or on behalf of The Crown Estate or on systems run by those businesses processing it on our behalf. All information you provide to us is stored on secure servers. Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the Internet to our site; any transmission is at your own risk. Once we have received your information, we will use all necessary procedures and security measures to try to prevent unauthorised access, loss, disclosure or amendment.

How Your Personal Data Will Be Processed

We use information about you in the following ways:

  • To provide you with information on products, services offers and events provided by us or our retail tenants that you request or which we feel may interest you where you have consented to be contacted for such purposes;
  • To notify you about changes to our service;
  • To carry out obligations arising from contracts, leases or agreements entered into between you and The Crown Estate;
  • To perform surveys and analysis with the aim of improving the services we provide;
  • To ensure that your visit to our site is safe and secure.
  • To manage your tenancy or employment.
We may give your personal data to third parties where:
  • It is necessary for them to provide you with services on our behalf;
  • They provide profiling of our customer base so we can understand our customers better;
  • We sell or buy any business or assets, in which case we may disclose your personal data to the prospective buyer or seller of such business or assets insofar as they relate to them;
  • We are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce agreements or contracts or to protect our rights, our property, or the safety of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.

We will not share your personal data with a third party for the purposes of direct marketing.

Your Rights
You have the right of access to your information.

This includes a description of the data being processed, the purposes of processing and any recipients to whom the data is disclosed. To exercise this right, you must make a Subject Access Request in writing to the Data Protection Officer at The Crown Estate, 1 St James’s Market, London SW1Y 4AH, stating the information you require. We do not charge a fee. We may contact you to verify your identity or to clarify the precise information you require before processing your request, and will answer your request within one month.

You have the right to ask us not to process your personal data for direct marketing purposes.

You will be given an opportunity to opt in to processing for direct marketing purposes when you first engage with us. However, you can withdraw your consent to receive marketing material at any time by contacting us on the address above.

You have the right to rectify your personal data at any time.
You have the right to have your personal data erased under certain conditions.
You have a right to restrict or object to some forms of data processing.
You have the right to prevent any unwarranted processing likely to cause damage or distress.

If you feel that a situation has arisen or may arise and you wish to learn more about these rights or to exercise those rights, please contact us on the address above. Please note that this will not include processing where it is necessary to fulfil a contract or where a legal obligation for us to process the information exists

Transfer of Personal Data Outside the European Economic Area (EEA)

We will not process your personal data outside the European Economic Area.