Last updated: 31 July 2020
What data do we collect?
Our Company collects the following data:
- Personal identification information (name, billing address, email address, phone number, etc.)
- Payment information (payment card number, expiry date, and name on card)
How do we collect your data?
You directly provide Our Company with most of the data we collect. We collect data and process data when you:
- Buy train tickets online or by phone
- Register for an account online
- Sign up for alerts or other services online
- Use or view our website via your browser’s cookies
- Contact us via email or phone
How will we use your data?
Our Company collects your data so that we can:
- Process your order and manage your account
- Contact you regarding your journey
- Email you about our services or about special offers
- Help you to resolve any issues or to obtain a refund or make an amendment to your ticket
Where necessary, and to the minimum extent possible, we share your information with the train operating companies and with the Rail Delivery Group. This is so that, for instance, you have a seat reservation, you can collect your tickets from a ticket machine, or your ticket cancellation details are known. We will share your information on request from relevant authorities, such as the British Transport Police, in order to investigate fraud or other matters.
Our Company passes your payment information to a third party payment gateway service in order to process your payment.
When Our Company processes your order, it may send your data to, and also use the resulting information from, credit reference agencies and counter-fraud agencies to prevent fraudulent purchases.
If you choose to have your tickets delivered by post, then Our Company passes relevant personal information on to our fulfilment partner, in order that your tickets may be delivered to you.
We do not share your personal information with other parties.
How do we store your data?
Our Company securely stores your data in AWS’s EU West-1 data centre in Dublin, Ireland. All data is stored in encrypted form and only certain authorised personnel have access to it.
We store part of the long card number of your payment card, in the form 1234******567890. We do not store the full long card number, or the CVV data (the three numbers on the back of a Visa or Mastercard; the 4 numbers on the front of an Amex card); these are only stored by the payment gateway service (a third party supplier), and we do not have access to this. The payment gateway service is certified to PCI-DSS Level 1 (the highest possible level for card and payment security).
Your payment details are transmitted in secure form at all times.
Our Company will keep your personal data for 5 years. Once this time period has expired, we will anonymise your data.
Our Company would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date.
You have the right at any time to stop Our Company from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please contact us at firstname.lastname@example.org.
What are your data protection rights?
Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us via email@example.com.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
- Keeping you signed in
- Understanding how you use our website
- Managing your shopping basket
- Analysing use of our website
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
- Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
- Analytics – Our Company uses Google Analytics to track your usage of our website
How to manage cookies
You can set your browser not to accept cookies; some of our website features may not function as a result, and your experience may be degraded as a result.
Privacy policies of other websites
How to contact us
Email us at firstname.lastname@example.org or write to us at:
c/o Assertis Limited
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.
Our Company is registered with the Information Commissioner’s Office: https://ico.org.uk/ESDWebPages/Entry/Z207283X.