top of page

Privacy Policy

Privacy Policy

At Miniature Railway Workshop we are committed to safeguarding your privacy, both whilst visiting our website and communicating electronically with us. 


This Privacy Policy, together with our terms of use, explains what happens to any personal data that you provide to us, or that we collect from you when you are on this site.


We do update this Policy from time to time so please do return and review this Policy regularly.


Privacy Notice


Data Controller: Miniature Railway Workshop Ltd. 38 High Street, Watton, Norfolk High Street, Watton, Thetford, Norfolk, United Kingdom, IP25 6AE.

Target Audience: Clients and members of the public accessing or communicating with Miniature Railway Workshop Ltd via email.


Miniature Railway Workshop is committed to preserving your privacy whilst interacting with our digital presence, communication and services. Miniature Railway Workshop’s Privacy Policy and Terms of Use, outline what we do with your personal data and how we may collect it. Our Privacy Policy is subject to change as our business evolves and so we recommend you revisit and review this page to ensure you are satisfied with the methods in which your personal data is collected. Personal data collection by Miniature Railway Workshop will always be knowingly in line with the General Data Protection Regulations and relevant UK law applicable to Miniature Railway Workshop.


This Privacy Notice has been constructed to raise awareness for users of our digital presence, users of our online services and electronic communication about why we collect external personal data. The Privacy Policy outlines the user’s rights with regards to the collection and processing of their personal data. 

By means of this privacy notice, we would like to inform users of our websites why we collect and process personal data and data subject’s rights relating to that collection and processing of their personal data.


Definitions of Data Protection Terminology 

The data protection notices of Miniature Railway Workshop are formed from the terms used by the European legislator for the adoption of the General Data Protection Regulations. For the ease of understanding the following definitions apply:


Data Controller:

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided by Union or Member State law.

Personal Data:

Any information relating to an identified or identifiable natural person (“Data Subject”) is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location date, on online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Subject:

Any identified or identifiable natural person, whose personal data is processed by the controller responsible for processing.


A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of personal data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.


Third Party:

A natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Restriction of processing: The marking of stored personal data with the aim of limiting their processing in the future.



Any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.



Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.



Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


Use of Cookies


When you visit our website, we may collect information regarding your computer or other internet browsing device. By having an awareness of this information we are able to improve our online services and if appropriate, provide statistical information to advertisers on our website. Any information collected will not serve to identify you personally and is merely statistical data about our website’s visitors, its traffic and how our website is used. With this in mind our website is unable to identify users by any of their personal information or personal data whatsoever.


We also sometimes collect information about your general internet use by using a cookie file. Where applicable, cookie files are downloaded to your computer or internet browsing device automatically and this is now common practice. Cookie files are stored on the physical memory of your computer or internet browsing device as the cookies contain information that is then transferred to your device’s hard drive. The purpose of cookie files is to improve our website and the services that the business provides to you.


Your computer or internet browsing device will have the ability to decline cookies by the activation of your browser’s decline cookies option. If you choose to decline cookies, not all of our website may be accessible. Our advertisers may also use cookies and this is not within the control of the business. If you follow an advertisement on our website, our advertisers cookies could download upon your click and we cannot control this functionality.

Information We Collect


Through the operation of our website, we may process information about you such as the following:


-Information regarding  your visit to our website and the facilities you access, including but not limited to traffic data, weblogs, location data and other communications data.


-Data that you provide by filling in our online forms, such as registering for our mailing list or making a purchase.


-Communications information if you contact us for any reason.


-Directly provided data (e.g. information you entered onto forms or documents), these may include but are not limited to emails, payment details, emails, delivery and billing addresses, Value Added Tax (VAT) details, names of recipients, etc.


-Data provided to us indirectly (e.g. when you browse our websites, such as IP addresses or your internet browsing device’s operating system)


-Research provided by Third Party Providers (including search engines).


Use of Your Information


We collect personal information to support our business of developing exciting product ideas for the future to customers, to maintain our accounts and records and manage our employees. Collected information relating to the subject user is used foremost to provide our services to you. Additionally, we may use the information for the following further purposes:


-To provide information to you, based upon your requests for our services, or other information we feel you may find useful or relevant where consented.


-To fulfil contractual commitments to you.


-Make you aware of changes to our website or changes to our services.


If you are a previous or existing customer, we may contact you with updates of improvements to our services of which are similar to those you are/were receiving.

If you are a new customer, we will only contact you or allow third third parties to contact you with your prior consent. You have the right to withhold consent if you provide us with the details of the form from which we received your data.

We do not reveal personal data about individuals to our advertisers, but we may provide them with aggregate statistical information about our visitors of a non-personal nature.


Legal Basis for the Processing


The legal basis for data processing applies where:


-You have given us consent to the processing of your personal information for one or more specific purposes such as updates about our services or business related communication.


-Processing is necessary for the completion of contract of which the data subject is part or in order to take steps at the request of the data subject prior to entering into a contract.


-Data processing is required for compliance with a legal obligation to which the data subject is involved.

-Processing of information is required to protect the interests of the data subject or of another natural person.


-Data processing is required for the process of a task carried out in the public interest or in the exercise of official authority vested in the controller.


-Data processing is required for the purposes of the legitimate interests pursued by the controller or a third party, except where interests are overridden by the interests or legal rights and freedoms of the data subject which require the safeguarding of personal information.


Storage of Your Personal Data


Occasionally we may need to transfer your personal data outside of the UK and so such information may be received by countries across the world. Transfers will be made in compliance with GDPR and inline with country specific legislation applicable to our business. Your information may be transferred to territories outside of the European Economic Area for processing and storage purposes, and likewise your information may be processed by staff outside the European Economic Area who work for us or one of our suppliers in the event of, for example, processing an order. The submission of your personal information is the agreement of the storage, transfer and processing of your data. All practical steps are taken to ensure the safeguarding of your personal information with respect to our Privacy Policy. Data that you provide us with is stored on our secure servers, however the transfer of information over the internet is never truly secure and the transfer and receipt of data to and from the data subject is at the data subject’s own risk.


Disclosing Information


We may disclose your personal data to parties within our group, including, where applicable, our subsidiaries or holding company and its subsidiaries.


We may disclose your personal data to third parties in the following events:


-We sell our business or part of our business and/or the businesses’ assets to a third party.


-Where we are required by law to disclose your personal information.


-To assist the protection against fraud and minimise credit risk. 


Third Party Links


Our website may contain links to third parties which have their own privacy policies which you should routinely check like ours. We accept no responsibility or liability for third party privacy policies as they not under our control.



Access to Information


We are able to provide a copy of a data subject’s personal information that we hold free of charge, by requesting such information via email from


Your Rights


As one of our data subjects, you have the following rights with regards to your personal information that we have collected:


You can:


-Obtain the personal information we have collected from you upon your request.


-Request a change to incorrect data or complete data sets that have not been fully completed.


-Request the deletion or end to the processing of your personal data, such as when you feel it is no longer a requirement for us to process your data.


-Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing. You must give a reason specific to yourself as a data subject as to justify it.


-Ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.

If you wish for us to action one your rights as outlined above, please get in contact via Requests for data subject access must be put in writing specifying what kind of data is being requested and for what time period.

Personal Data Retention Periods


The criteria used to determine the retention period of personal data is the respective statutory retention period with the member state. After the expiration of that period, personal information shall be deleted from our secure servers in a secure manner, so long as it is no longer necessary for the fulfilment of a contract and in relation to other legal proceedings.

Contacting Us


We welcome queries, comments, suggestions or requests you may have with regards to our privacy policy. Please contact us at




If you have any concerns about the methods we use to process your personal data, please contact us at You also have the right to bring a complaint with the Information Commissioner's Office. Information about the Information Commissioner’s Office is available at

bottom of page