Privacy Policy
International Rail
Ltd - Protecting Your Privacy
International Rail
Ltd - Privacy Notice for GDPR
This page contains multiple sections.
Please ensure that you read each section that is relevant
to you.
Introduction
This Privacy Notice explains in detail the type of
personal data that we may collect about you when you, or your employer, or your
authorised representative interacts with us. It also explains how we store,
process and keep your data safe. This notice applies to current, future and
former recipients of International Rail Ltd services.
With this document we endeavour to keep you fully
informed about our policy, and how International Rail Ltd uses your data for
the purpose of providing rail travel services.
This Privacy Notice will be updated from time to time.
The last update date of this policy will be at the bottom of this page.
In respect of data we already hold about you, received
either for your current or previous rail ticket or pass order and any data
submitted to us in future by you, or your authorised representative(travel
agent) International Rail Ltd is the data processor.
Definitions
The use of the words "we", "our" and
"us" in this Notice refers in each case to International Rail Ltd.
The use of "you" and "your" in this
Notice refers in each case to Rail Ticket &/or Pass holder the traveller.
When referring to “your information” or “your data” this
applies to the data of the Rail Ticket &/or the Pass holder/traveller in
the order that includes information or data supplied by you, your authorised
representative.
The terms defined in the singular have a comparable
meaning when used in the plural, and vice versa.
Who is International Rail?
International Rail Ltd provide global rail passenger services
to public and trade on&offline directly and/or via authorised
representatives.
Explaining the legal bases on which we rely
The law on data protection sets out a number of different
reasons for which a company may collect and process your personal data,
including:
Legitimate
interests
This effectively means that we can collect, process and
store your information if:
We have a genuine and legitimate reason and we are not harming any of
your rights and interests
When you provide your information to us we use your
information to pursue our legitimate interests in a way which might reasonably
be expected as part of providing Rail Travel Services to you, which does not
materially impact your rights, freedom or interests.
We will use your data which you have given to us to
issue your with Rail Travel Services as part of your order or via your
authorised representative. .
Consent
For specific purposes or requests, we collect, process
and store your data with your consent.
When you are purchasing Ticket &/or Pass,
online, via call centre or by sending us a form relating to your order.
Legal compliance
If the law requires us to, we may need to collect,
process and store your data.
This means that we must pass details of alleged Travel
Irregularities or fraudulent use of our services to: Train Operating Companies,
their agent (providing your travel services), so that they can investigate. We
also pass on details where or a law enforcement agency believe you or other
individuals in that order are involved in fraud or other criminal activity.
Why do we collect your data?
We have a genuine and legitimate reason to collect,
process and store your data solely for the purpose of administering and issuing
you with Rail Ticket &/or Pass service. We only collect, process and store
data that is required to issue your Rail Ticket &/or Pass.
Why we collect your data:
·
To
administer, fulfil and issue Rail Ticket &/or Pass to you.
·
To
check the eligibility to Rail Ticket &/or Pass service that you request, purchase,
amend or cancel.
·
To
respond to your queries and complaints.
Holding your information enables us to respond to your
queries. We may also keep a record of this to inform any future communication
and to demonstrate how we communicated with you throughout. We do this on the
basis of our legitimate interests in providing you with the best service and,
in addition, understanding how we can improve our service based on your
experience.
·
To
process payments for lost and damaged Ticket/Pass. We do this on the basis of
our legitimate business interests.
·
To
identify any fraudulent requests or purchase of Ticket/Pass service that would
comprise the integrity or continuing provision for added service you may
require (for example seat reservation).
If we discover, or are made aware of, any criminal
activity or alleged criminal activity from contacts at the Train Operating
Companies, employers, or other national and international rail travel
providers, we process this data for the purposes of preventing or detecting
unlawful acts.
·
To
comply with our legal obligations to share data with law enforcement.
·
Time
to time to send you information of our products if you have opted in. You are
free to opt out of receiving these requests from us at any time by letting us
know.
In specific circumstances, we also have your consent to
collect, process and store your data solely for the purpose of administering
and issuing you with rail ticket &/or pass product services. We only
collect data that is required to validate your eligibility for such product.
These circumstances are:
·
To
administer and issue rail ticket &/or pass services to you which you are
eligible
·
To
check the eligibility to rail ticket &/or pass service that you may request
·
To
respond to your queries and complaints.
How do we collect your data?
To provide you with your rail ticket &/or pass
service, we can create a record on our database for you. We can only get this
initial data from you or authorised representative. Once we have a record for
you we will only collect, process and store data where it affects your rail ticket
&/or pass services or the eligibility to them in the following ways:
·
When
you advise us of any change that affects your rail ticket &/or pass service
for you
·
When
a Train Operating Company or law enforcement agency contacts us about possible
fraud involving you.
·
When
you’ve given a third-party permission to share with us the information they
hold about you.
What data do we collect?
We collect, process and store the following categories of
personal information about you. We will only collect your data where it affects
the administration of your rail ticket &/or pass service for the
eligibility to them of you.
o your names
including names in passport
o your title
o your nationality
&/or country of residency where it was required for the rail ticket
&/or pass service.
o your postal
address or that of your authorised representative, including date last
submitted or checked
·
date
of birth
·
contact
details:
- your
personal and/or work email addresses
- your
home and/or mobile phone numbers
o where we have made
notes on the system relating to the administration of your rail ticket &/or
pass services.
o We note your
preference as to whether or not you wish to be included in our promotional communication
We will also collect, process and store notes from our
conversations with you, details of any complaints or comments you make, and how
and when you contact us.
How do we protect your data?
We know how much security of your data matters. We treat
your data with care and take all appropriate steps to protect it.
We secure access to all areas of our systems and websites
including where you are uploading forms securely using encryption, for example
‘https’ technology.
We do not store payment card information.
We regularly monitor our systems for possible
vulnerabilities and attacks, to identify ways to further strengthen security.
Third parties only process your personal information on our instructions and
only where they have agreed to treat the information confidentially, to keep it
secure and destroy it as soon as it is no longer needed.
We want you to feel confident about using our Online Services to
make travel arrangements, and we are committed to protecting the information we
collect. While no Online Services can guarantee absolute security, we have
implemented appropriate technical and organisational measures to protect the
personal information that we collect and process about you. For example, we
employ firewalls and intrusion detection systems to help prevent unauthorised
persons from gaining access to your information. In addition, only authorised
employees are permitted to access personal information, and they may only do so
for permitted business functions”
How long will we keep your data?
One of the key principles of the General Data Protection
Regulations (GDPR) is that the personal data we collect, process and store
shall be adequate, relevant and limited to what is necessary for the purpose
for which it was originally collected. As rail ticket &/or pass services may
cover multiple years, it is necessary to retain your personal data for the duration
of the maximum length of the service including the duration of the time, laws for
taxation (HMRC) and law enforcement requirements and requests stipulate.
We are unable to erase your data where it is needed to store
for above purposes.
Who do we share
your data with?
We sometimes share your data with trusted third parties, such
as Train Operating Companies or their authorised agents in order to provide
your rail ticket &/or pass service validating your eligibility for that
service.
We also share your data with print and fulfilment facilities
that issue your rail ticket &/or pass services on our behalf.
We currently may supply your data to our IT system
operating companies in order to supply you your required rail ticket &/or
pass service for printing and fulfilment services:
The policy that we apply to those organisations is to
keep your data safe and protect your privacy is that:
·
We
provide only the information required to perform the specific service.
·
They
may only use your data for the exact purposes we specify to them.
o When the specific
rail ticket &/or pass service production has been completed, they do not hold
the data any longer than is otherwise legally required of them.
o If we stop using
their services, any of your data held by them will be requested to be deleted without
delay, unless it is otherwise legally required to be stored securely by them.
The IT companies that support our database and other
business systems may have access to your data in order to maintain our systems.
These are:
-
Random Digit Ltd
-
DotSquares Ltd
-
Horizon Telecom Ltd
These companies operating in the area governed by GDPR
legislation, have security measures in place which comply with GDPR regulations.
Sharing your data with third parties for their own
purposes:
We will only do this in very specific circumstances, for
example:
·
For
fraud management, we may share information about alleged fraudulent activity
that involves the use of rail ticket &/or pass services. This may include
sharing data about individuals with law enforcement bodies, Train Operating
Companies and their authorised agents. The data disclosed may also include
journey data where this is available.
We may also need to share your information with a
regulator or to otherwise comply with the law.
We may also be required to disclose your data to the
police or other enforcement, regulatory or Government body, in your country of
origin or elsewhere, upon a valid request to do so. These requests are assessed
on a case-by-case basis and take your privacy into consideration.
For further information please contact us through below
contact details.
Where is your data
processed?
Sometimes we may share your data with third parties and
suppliers outside the European Economic Area (EEA) but only in response to a
request from you for specific rail ticket &/or pass services for these
countries. (Including the IT operators that support our database and other
business systems may have access to your data in order to maintain our systems)
Protecting your data outside the EEA
Apart from the circumstances described above, we do not
process or store any data outside of the EEA.
What are your rights over your personal data?
An overview of your different rights
You have the right to request:
·
Access
to your data that we hold about you, free of charge in most cases
·
The
correction of your data when incorrect, out of date or incomplete
·
That
we stop using your data for other than originally collected purposes
·
Deletion
of your data that we hold about you (excluding what current law requires us to hold)
·
You
can contact us to request to exercise these rights at any time as follows:
Contact Us: See
below section for contact details
If we choose not to action your request we will explain
to you the reasons for our refusal.
Where we rely on our legitimate interest
In cases where we are processing your data on the basis
of our legitimate interest, you can ask us to stop for reasons connected to
your individual situation.
We must then do so unless we believe we have a legitimate
overriding reason to continue processing your data.
Checking your identity
To protect the confidentiality of your information, we
will ask you to verify your identity before proceeding with any request you
make under this Privacy Notice.
If you have authorised a third party to submit a request
on your behalf, we will ask them to prove they have your permission to do so.
How can you stop the use of your data for service quality surveys?
If we have sent you a survey about our services and you
no longer want to receive surveys, simply let us know and we will stop. You can
do this by:
Contact Us: See
below section for contact details
International Rail
Ltd web page
International Rail Ltd Privacy Policy is documented at
-
https://www.internationalrail.com/privacy-policy
-
https://www.internationalrail.com/business/privacypolicy
Contacting the
Regulator
If you feel that your data has not been handled
correctly, or you are unhappy with our response to any requests you have made
to us regarding the use of your data, you have the right to lodge a complaint
with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens
in a new window; please note we are not responsible for the content of external
websites)
If you are not based outside the UK, you have the right
to lodge your complaint with the relevant data protection regulator in your
country of residence.
Any questions?
We hope this Privacy Notice has been helpful in setting
out the way we handle your data and your rights to control it.
If you have any questions that haven’t been covered,
please contact us and we will be pleased to help you: See below section for
contact details
Contact Details
·
International
Rail Ltd / GDPR Personal Data Handling
PO Box 153
Alresford, SO24 0BY
United Kingdom
privacy@internationalrail.com
About the use of
cookies
Cookies
and other technologies
Cookies are small data text files which can be
stored on your computer’s hard drive (only if permitted by your web browser). Our website uses cookies for the following main
purposes:
– To help us recognise your browser as a returning
visitor as well as save and remember any preferences that may have been set when
your browser previously visited our site.
– To help evaluate as well as research the
effectiveness of the features in the website and as well as offerings,
advertisements and emails (by determining which emails you view and act upon).
In most browsers the Help portion of the toolbar
will contain information how to prevent your browser from accepting any new
cookies, how set your browser to notify you in the event you receive a new
cookie, or instructions to assist you to disable cookies completely.
Our site may use web beacons (commonly known as
pixel tags, Web bugs or clear gifs), these are tiny graphics including a unique
identifier, function similar to cookies, placed in the web page code. Web
beacons are used to monitor user’s traffic patterns from one page to another within
our site, delivering or communicating with cookies, helping us to understand if
you came to our site via an online advertisement placed on a third-party
website, plus to improve site performance. Also our service providers may be
allowed to use web beacons to track the visitor traffic as well as their actions
whilst on our site. These are helping us measure and determine the
effectiveness of our content as well as other offerings.
In case you have questions regarding our use of
cookies and/or other technologies, please contact us via our email address: (see our
contact details)
(Last update – Mar 2019)