Privacy Policy

Welcome to Trainline’s Privacy Policy. When you use our services, you're trusting us with your information. This Privacy Policy will inform you as to how we look after your personal data when you use our services. We understand this is a big responsibility and we work hard to protect your personal data.

Effective November 23, 2020 / Version 1.5 

Who are we and what do we do?

We’re Trainline. We’re made up of a core group of companies working together to help you get where you need to be: 

  • Limited
  • Trainline SAS 

Like you, your data goes on a journey. How we collect and use your data depends on where you travel and which train or coach company you travel with. 

Your personal data and our promises to you

Your personal data is very important to us. Whenever you use our website or app, we’re committed to these four privacy promises: 

  • We’ll be crystal clear about the personal data we use, how we use it and – most importantly – why we need it.
  • We’ll give you choices when it comes to your data and we’ll make it clear how we use your data.
  • We’ll keep your personal data secure, using the best possible technology, people and processes.
  • We’ve cut the jargon, to help you make informed choices about your personal data.

Personal data you give us

You may need to give us your personal data to use our services and book tickets – more on that below. 

Personal data is anything that helps identify. It’s things like: 

  • name 
  • email or billing address 
  • age 
  • payment card details 
  • phone number  
  • details of any relevant railcards, discount or loyalty cards you might use

Personal data you give us about others

You may be doing a trip with other guests whose details we may also need in order for them to travel.

By entering someone else’s personal data, you confirm you’ve either got their permission to give it, or permission from their parent or guardian (if the passenger is under 16).

How we use your information

We use your information in a number of different ways — what we do depends on the information. This has been explained below in detail, showing what we do and why.

  • Necessary to pay for ticket, provide refunds and compensation for journey delays, where eligible.
  • Some of the travel operators we work with may run your data through their own payment and eticket systems, to issue your tickets.

Legal basis for processing: Processing is necessary for the performance of a contract.

  • To prevent and detect fraud against either you or Trainline.

Legal basis for processing: Processing is necessary for the purposes of Trainline's legitimate interest.

  • To make sure you get your tickets.
  • To contact you with essential info – booking confirmations, disruption messaging, refund info, compensation info for journey delays and service message.
  • Keeping your account up to date (only if you choose to set one up).
  • The operator needs this info to create your tickets and may need to contact you if there is service disruption.

Legal basis for processing: Processing is necessary for the performance of a contract.

  • If you choose to give us feedback through our website or app, we’ll use your comments, combined with others, at an overview level, to improve our products and services.
  • When you email us or use our chat option, we use this info to help us with things like arranging refunds, or helping you pick the right ticket.
  • If you call us, we may record your phone call temporarily to help our Customer Service and Operations teams fix any issues you’ve raised, as well as for training and quality purposes.

We do not routinely share this type of data. We use carefully selected third parties to carry out this task, on our behalf.

  • We may send you marketing if you’ve told us you want to receive it, when you register an account with us.

Legal basis for processing: Processing is conducted based on consent.

  • We may send you things like push notifications about your booked journeys.

(Push notifications are the little pop-up banners and alerts you get in our app when we want to tell you about something. You can turn on (enable) or turn off (disable) push.

We do not routinely share this type of data. We use carefully selected third parties to carry out this task, on our behalf.

Legal basis for processing: Processing is conducted based on consent.

Your consent through your device settings. We want to send you relevant and up-to-date travel info and offers when you’re using our app and website.

  • We may send you marketing emails, inbox messages and push: letting you know about our news and offers when you book a ticket with us – unless you’ve asked us not to.
  • We may carry out surveys and market research activities (to improve our booking service for you), send notifications in your account, and involve you in competitions and promotions like our Refer-a-Friend programme.

Legal basis for processing: Processing is necessary for the purposes of Trainlines’ legitimate interest.

We use the absolute minimum amount of your data to provide our services to you. We want to send you these types of marketing messages to give you the best travel deals, and we’ll only send you relevant messages. You can choose not to hear from us at any time. We want your input in our market research, so we can keep improving our products and services.

  • Travel operators have different ticket costs, based on your age. We use this info to make sure you buy the right ticket.
  • Some travel operators offer discounted Youth/Senior tickets. If so, they may need your date of birth to confirm you’re entitled to those discounts.

Legal basis for processing: Processing is necessary for the performance of a contract

We may collect personal data (including your name, age, email address, photograph, and railcard details) when you purchase or use Railcards at Trainline.

  • We collect this info for the purpose of retailing you Railcards and checking your eligibility for purchase of certain Railcards.
  • We will also collect this info to offer you a discount on your tickets (where applicable) or add points to any loyalty scheme you are signed up to.  
  • We share this data with relevant travel operators and loyalty card scheme providers.
  • We will also share data (name and email address) with ATOC Ltd who acts as an independent Data Controller for the purposes of selling Railcards. Customers enter into a separate contract with ATOC Ltd when purchasing a Railcard. For more info please see ATOC’s Privacy Policy.
  • ATOC Ltd who acts as an independent Data Controller will use this data (name and email address) for the purposes of fraud prevention and verification. For more info, including further uses for this data, please visit ATOC’s Privacy Policy.

Legal basis for processing: Processing is necessary for the performance of a contract.

Personal data we collect automatically

Whenever you use our website or app, we automatically collect certain information using cookies and device info.

We use your location data, device number and IP address to make your travels easier, by showing you things like your nearest station and when the next train home is.

We also use this data to deliver you content as fast as we can by connecting you to the closest server to you. (For example, Load Balancing and Content Distribution Network)

This data also helps with security and protection from fraudsters.

Legal basis for processing: Processing is conducted based on legitimate interest.

Web browsers on all devices, and apps on phones and tablets, can accurately pinpoint your location using GPS and assisted GPS.

Your location can be determined with varying degrees of accuracy by:

  • GPS
  • IP address

Whilst some location data is collected automatically for the purposes we set out above, you’ll be asked when you use a GPS-enabled web browser or device whether you want to share this info with us. You can change this in your device or browser settings any time you like.

By logging into your social media accounts like Facebook and Google, you drop cookies. These cookies can collect info about your IP address and the pages you visit.

  • IP address
  • Other potentially identifying data

Legal basis for processing: Processing is conducted based on consent

You choose if you want to register with us either using Google, Facebook or Apple.

Note, we don’t control Facebook, Google or Apple's actions. If you choose to use your Google, Facebook or Apple account to log in with us, you’ll be subject to Google, Facebook and Apple's privacy policies too. 

Third parties

We share your personal data with the following types of third parties.

These providers help us carry out many of the above activities. We only give them the parts of your personal data that they need. And we make it clear to them that they must keep your personal data safe and only use it for those specific services.

Sometimes we must share parts of your personal data with authorities such as the police. Generally, it’s to help them prevent fraud and crime. When we do give this data to the authorities, it’s over to them to protect your info. We only share what is legally necessary.

We work with travel operators who also need your data to create your tickets and provide services in relation to your journey as well as to deal with after-sales matters. Some travel operators may run your data through their own payment and eticket systems in order to issue your tickets or notify you of any travel disruption.

If another company takes over or merges with a Trainline company, or if there's a restructure of the Trainline group, we'd need to transfer your personal data. It goes without saying that we’ll treat your personal data with the utmost care and respect. We'll still use your personal data in the same way as we’ve outlined in our Privacy Policy.

Keeping your data

While you’re using our services, your personal data will be safe with us, but we’ll never keep it for longer than we need to.

As soon as we don’t need your personal data to offer our full services to you, we’ll make sure it’s either deleted or anonymised.



Our website and app are so easy to use, thanks to Cookies. Cookies are tiny crumbs of personal data that we automatically collect when you use our website or app.

Let’s say you visited our website and changed your settings to pay in euros instead of pounds. Cookies help us remember your currency preference - so we can show you prices in euros next time. Pretty neat, right? 

Our Cookies Policy gives a full breakdown of how we use Cookies, and how you can edit your preferences. 


Personalising your experience

Just like a friendly barista who knows your daily coffee order, we want to offer you a personal service. The barista recognises you when they see your face, but we rely on cookies to know it's you.

We combine cookie data with booking and search history to tailor your experience.

See our Cookies Policy for more info. 


International data transfers

We transfer your personal data to other Trainline companies in our core group and service providers outside the European Economic Area (EEA). We only work with service providers that prove to us that they have the same high standards around protection of your data as we do.

Your data is always securely processed. Where we transfer your personal data outside the EEA, we have rules and steps put in place to make sure your personal data is kept safe and protected. Usually this means we’ll have standard contractual clauses approved by the European Commission in our contracts with parties outside the EEA, or we will rely on European Commission adequacy decisions. For companies based in the United States, we also rely on the Privacy Shield in order to ensure adequacy of transfers made. 



We’ve put in place stringent and accredited security measures to prevent your personal data from being accidentally or maliciously accessed, used, altered or deleted without explicit authorisation. In addition, we strictly limit access to your data to just those employees, contractors and trusted third parties who have a business need to access it, and they are all subject to binding contractual confidentiality obligations. For further information on our security practices, please see our dedicated security page. 


Guest check out

If you’re in a rush, you can book tickets without signing in or creating an account. Your confirmation email gives you the option to create an account or link your booking to an existing account. We'd recommend doing this, it'll be easier to manage your booking.  

We'll update your account with any changes you make to your marketing preferences.

Your rights

You have personal data rights. These are:

Data portability

This applies to information you give us. You can ask us to transfer this information to another data controller in an easy-to-read manner.

Find out more


You can ask us to correct inaccurate or incomplete information.

Find out more

Restrict processing

You can ask us to restrict processing of your information in some circumstances. 

Find out more    


You can ask us for copies of your data. This right always applies but there are some exceptions. 

Find out more


You can ask us to erase your data in some circumstances.

Find out more

Object to processing

You can object to how we process your data.

Find out more

How to contact us

You can contact us using any of the following methods.


Post: Data Protection Officer, PO Box 23972, Edinburgh, EH3 5DA.      

You can complain about how we use your personal data at any time to the Information Commissioner’s Office. Find out more