UntitledCreated with Sketch. UntitledCreated with Sketch. footer-accordion icon-twitter logo-trainline


Last updated: 05.08.2019

Privacy Policy


Quick links:



We’re Trainline and we help customers make smarter journeys every single day. We’re made up of a core group of companies (Trainline.com Limited, Trainline International Limited and Trainline SAS), all working together to help you get where you need to be. Like you, your data goes on a journey, depending on where you travel and which train or coach company you travel with.



We know that your personal data, and who you share it with, is super important. So, we’re committed to four privacy promises to keep your data safe and secure –

  • We’ll be crystal clear about the personal data we use, how we use it and – most importantly – why we need it.
  • We’ll only use your personal data where we need to.
  • We’ll keep your personal data secure, using the best possible combo of technology, people and processes.  
  • We want you to be able to make real, informed choices about your personal data. So, we’ve helped by cutting the jargon.

Whenever you use our services, either on our website or app, we’ll look after your personal data in the way we’ve set out in this Privacy Policy and in line with our promises to you (above).



  • You may need to actively provide us with your personal data to use our services and book tickets. We’ve explained this in more detail in our table below.
    • At a glance, when we say “personal data”, we’re talking about things like your name, email address, age, payment card details, billing address, phone number and the details of any relevant Railcards, coach discount cards or loyalty cards you might use.
    • You may also need to give a limited amount of personal data for someone else. That could be info like the names of any passengers you’re booking tickets for. By entering someone else’s personal data, you confirm you’ve got their permission to give it first. Or, if that person’s under 16, you confirm you’ve got permission from their parent or guardian to provide their data.

Personal data type

Why we use it

Legal basis

Who we share it with

Payment info –

Payment card details and the address your card’s registered to. 

To make your booking and take payment for your tickets.

We need this info to offer these services to you, it’s part of our contract with you.

Some of the travel operators we work with may run your data through their own payment and eticket systems, to issue your tickets.

Age details –

Date of birth or age bracket.

Operators have different ticket costs, based on your age. So, we use this info to make sure you buy the right ticket.

We need this info to offer these services to you, it’s part of our contract with you.

Some of the operators offer Youth tickets. If so, they may need your date of birth to confirm you’re the age you say you are.

Contact details and journey details –

Name, email address, phone number and details of your journey.

To make sure you get your tickets.

The train and coach operators you’re travelling with may need this info to let you travel with them too.

To contact you with essential info – we’re talking booking confirmations, disruption messaging, refund info: that sort of thing.

Keeping your account up to date (only if you choose to set one up, that is). 

We need this info to offer these services to you, it’s part of our contract with you.  

Relevant rail, coach and bus operators, who need it to create your tickets and provide services in relation to your journey or to deal with after sales matters.  We also sometimes need to contact these operators in order to perform our contract with you; or where its in your or our legitimate interests to do so. 

These operators may get in touch with you to let you know about essential service messaging, for example, if your train’s disrupted or cancelled. 

We may send you marketing if you’ve told us you want to receive it, when you register an account with us. 

We may send you push notifications about your booked journeys and offers we have.  Push notifications are the little pop-up banners and alerts you get in our app when we want to tell you about something. You can turn on (enable) or turn off (disable) push notifications in the settings on your iPhone or Android device.

Your consent – if you haven’t bought anything from us we’ll explicitly ask you if you want to hear from us- we’re nice like that.

Your consent through your device settings.  We want to send you relevant and up-to-date travel info and offers when you’re using our app and website.

We don’t routinely share this type of data.  We use carefully selected third parties to help us carry out this task, on our behalf.

We may send you marketing emails, letting you know about our news and offers when you book a ticket with us –unless you’ve asked us not to that is (spam’s not our thing).

We may carry out surveys and market research activities (to improve our booking service for you), send notifications in your account, and involve you in our competitions and promotions.

Legitimate interests. Put simply, that’s the necessary use of your data (balanced with your rights) in order for us to provide services to you. 

We want to send you these types of marketing messages to give you the best travel deals. We’ll only send you relevant messages and you can choose not to hear from us at any time.

We want your input in our market research, so we can keep improving our products and services.

Railcard or loyalty card details –

Relevant card details & photo.  


To give you a discount on your tickets (where applicable) or add points to the loyalty scheme you’re signed up to, so you make the most of your money.

We need this info to offer these services to you, it’s part of our contract with you.

Relevant rail operators and loyalty card providers.

Comment details –

Name, email address and unique identifiers as required, and any comments you choose to give us.

If you choose to give us feedback through our website or app (and please do, our ears are always open), we’ll use your comments, combined with others, at an overview level, to improve our products and services.

Your consent. It’s your choice to give us this info and you also decide how much detail you want to share. 

We do not routinely share this type of data.  We use carefully selected third parties to carry out this task, on our behalf. 

Contacts from you and questions you’ve asked us –

Name, email address and any generated contacts, including calls.


When you email us, or use our chat option to get in touch with us, we use this info to help us with things like arranging refunds for you, or helping you pick the right ticket.

If you call us we may record your phone call to help our Customer Service and Operations teams fix any issues you’ve raised, as well as for training and quality purposes.

Your consent. You choose how and when you want to contact us. 

We don’t routinely share this type of data.  We use carefully selected third parties to carry out this task, on our behalf.

Fraud prevention info –

Name, legitimate contact info and unique identifiers as required and relevant device info.

To make sure neither you nor we are harmed by a scam.

Fraud is nasty stuff and would be bad for both you and us.

Legitimate interests. Put simply, that’s the necessary use of your data (balanced with your rights) in order for us to provide services to you. 

We work with third-party fraud prevention providers (try saying that three times quickly) to put a stop to any fake payments.  Sometimes the fraud-prevention tools used are automated.

Your personal data will be automatically checked when you pay (using a set of clever rules), to make sure there’s nothing phishy going on.

Because of this, there may be times when you might not be able to pay with a particular card or method, or we may not be able to take your booking.

If you’re worried about your payment being declined, please contact us - see our contact details below.

Social network login –

Name and email address.

To make things easier for you, we give you the option to log into your Trainline account by using your Google or Facebook accounts.

Your consent.

Google and Facebook. 

We don’t control Facebook or Google’s actions. If you choose to use your Google or Facebook account to log in with us, you’ll be subject to Google and Facebook’s privacy policies too: so please read them and take relevant choices via these platforms, in order to manage the way your data is used.


We also collect a limited amount of personal data from you, automatically, whenever you visit our website or app. It’s nothing to worry about, in fact, we do this to give you a better and more personalised experience. Cookies and your IP address are the sorts of tech we use to understand you better, as well as looking at how you use our website - for example, what routes you search for and whether you use a Railcard. The table below explains what we collect, why we collect it and how we collect it.


Personal data type

Why we use it

Legal basis

Who we share it with

Location info –

GPS info and device number.

We use your GPS to make your travels easier, by showing you things like your nearest station and when the next train home is.

Web browsers on all devices, and apps on phones and tablets, can accurately pinpoint your location using GPS and assisted GPS.

For analytics and reporting, as well as security and protection from fraudsters.

Your consent.

You’ll be asked when you use a GPS-enabled web browser or device whether you want to share this info with us. You can change this in your device or browser settings any time you like.

To make sure our service is as safe as houses for you, we work with third parties to put a stop to fraudulent payments (we’ve got more info on this above).

Device info –

Your IP address and device number, to give us your rough location (e.g. your city and country). 

To sniff out and put a stop to fraudsters.

To show you ads that’re relevant to you and to measure your reaction to our marketing that you interact with. 

To use your web sessions and web beacons to understand how you use our website and apps at a non-identifiable level. We collect this data to help us improve our services for you.

To protect our website from attacks from viruses and other harmful things on the internet. 

Legitimate interests.

Don’t worry, we’re not trying to be creepy and tie you to a precise location. We just want to make sure that what we show you when you use our services is relevant and something you’d actually be interested in. For example, there’d be no use in us showing you ads in French if you’re living in London.

We use location to understand roughly how many customers we have in various countries.

We also need to make sure that we’re protecting you, as well as our website, from viruses and fraudsters.

To make sure the security of our service is watertight, we work with third parties to put a stop to fake payments (we’ve got more info on this above). 

Selected third parties who advertise on our website and app with your consent. And, so that we can advertise our own offers to you when you’re browsing elsewhere on the internet. See our cookie policy for more info. 

Analytics info –

We use info about the searches and bookings you make -  basically how you use and navigate through our website and app. 

To understand how you use our website and app, to help us improve it and make it relevant to your interests.

We may combine data about your use of our services, so we can use it to understand our customers’ behaviour patterns.  For example, how many customers buy tickets from London to Manchester each day.  Don’t worry – we aren’t trying to identify you individually – we only use high-level overview data to understand what our customers like you are interested in.     

This helps us shape our shiny new features, like Price Prediction and Busy Bot!

Legitimate interests. Put simply, that’s the necessary use of your data (balanced with your rights) in order for us to provide services to you.

We don’t routinely share this type of data but we use tools provided by carefully selected service providers in order to carry out this task.  Please see our Cookie policy for more info.     

Social login –

IP address and other potentially identifying data.

By logging into your Social media accounts like Facebook and Google, you drop cookies. These cookies can collect info about your IP address and the pages you visit.

Your consent.  You choose if you want to register with us either using Google or Facebook.

Google and Facebook. 

We don’t control Facebook or Google’s actions. If you choose to use your Google or Facebook account to log in with us, you’ll be subject to Google and Facebook’s privacy policies too.


As well as in the above situations, we also need to share your personal data with the following third parties –

Service providers

  • We work with carefully selected third-party service providers to carry out many of the activities listed above. But don’t worry, we always give these service providers clear instructions to keep your personal data safe and sound. For example, we’ve made it crystal clear to these service providers that they can’t use your personal data for anything other than the specific service in question. And, we only give them the parts of your personal data that they actually need.

The authorities

  • Sometimes, for legal reasons, we have to share parts of your personal data with police or customs authorities, regulatory authorities, or government and law enforcement agencies. Generally, it’s to help them prevent fraud and crime. When we do give this data to the authorities, it’s over to them to protect your info. Don’t worry, we only share what’s absolutely necessary.


  • If another company takes over or merges with us, or if there’s a restructure of the Trainline group, there would be a transfer of your personal data. Hopefully it goes without saying that we’ll treat the confidentiality of your personal data, and your rights over your data, with the utmost care and respect. Your personal data will still be used in the same way as we’ve outlined in our Privacy Policy.



  • While you’re using our services, your personal data will be safe with us, but we’ll never keep it for longer than we need to.
  • If the time comes when we don’t need your personal data to offer our full services to you, we’ll make sure it’s either completely deleted or anonymised.



Our easy-to-use website and app is made so handy because we use cookies. You’ve heard of cookies, right? No, we don’t mean chocolate chip ones…

Cookies are what we call the tiny crumbs of personal data that we automatically collect whenever you visit our website or open our app.

For example, let’s say you visited our website, and changed your settings to pay in euros instead of pounds. When you returned to our website, say in a couple of days, the cookie that you dropped when you logged in before would remember that you preferred to pay in euros and would show you prices in euros again. Pretty neat, right?

Our Cookies Policy gives a full breakdown of how we use cookies, and how you can adjust your preferences.



It’s so much nicer when people remember your name and say, “Morning Tom”, instead of just “Morning”, right? Or, when the server in your local coffee shop sees you walk in for your daily caffeine fix and says, “One mocha light frappuccino coming right up, Susie.” without you needing to say anything. It makes you feel cared about.

That’s exactly how we want you to feel whenever you visit our website, open our app, or interact with us in anyway on the internet. Now, on the internet we can’t see you and put a name to a face, so we rely on technologies such as cookies and identifiers such as your IP address to give you a more personalised experience (unless, of course: you’d prefer it if we didn’t).  We combine this with info about the searches and booking you make and how you use our website and app, to give you the best-possible, tailored experience.  We also use carefully selected third party partners, like Google, to make ads more useful for you.  You use our service to easily book train, coach or bus tickets to destinations you want to visit: and we need to personalise your experience on our sites and apps to provide you with that service and make it relevant to your interests. See our Cookies Policy for more info.



  • We take the security of your personal data very seriously.
  • We use a whole bunch of clever security measures (physical, electronic and administrative) to protect the info that we collect about you from anyone who shouldn’t have it. The measures we put in place protect you from any unlawful processing of your data, as well as accidental loss, destruction and damage.



  • We transfer your personal data to other Trainline companies in our core group and service providers outside the European Economic Area (EEA). But, fear not, we only work with service providers that prove to us that they have the same high standards around protection of your data as we do.
  • Your data is securely processed at all times. Where we transfer your personal data outside the EEA, we have rules and steps put in place to make sure your personal data is kept safe and protected. Usually this means we’ll have standard contractual clauses approved by the European Commission in our contracts with parties outside the EEA, or we will rely on European Commission adequacy decisions.  For companies based in the United States, we also rely on the Privacy Shield in order to ensure adequacy of transfers made. For more information, please contact us - see our contact details below.



  • For times when you’re in a rush, we give you the option to use our booking service without logging in or registering as a new user – handy! 
  • If you’re already registered with us and you book a ticket as a guest using your registered email address –
    • Your confirmation email will have a link inviting you to log in and manage your bookings. If you follow the link and log in, you’ll be able to link your guest bookings to your account. If you don’t, you won’t see your guest bookings in My Bookings/My Tickets.
    • Any updates you make to your marketing preferences will be updated in your account.
  • If you book a ticket as a guest, because you don’t have an account with us, your confirmation email will have a link inviting you to register. Once registered, you’ll be able to link your guest bookings with your account to view them in My Bookings/My Tickets. You can see your marketing preferences in your account too.



Here’s where we cover the lowdown on what you need to know. We’ll happily take requests from you if you want to exercise your individual rights over your personal data. These rights are –

  • To be told about how your data is processed
  • To access your data
  • To stop or restrict certain processes
  • To correct incorrect info
  • To ask us to delete certain info
  • To port data (porting is just a fancy way to say “transferring data to another data controller in an easy-to-read manner”)
  • To access info about profiling or automated decision making
  • To object to how we’re handling your personal data.
  • To withdraw your consent at any time (in cases where we rely on your consent).

Because we know how important your personal data is to you, we do everything we can to respond to you in a timely fashion. Legally though, we have up to one calendar month from the date we get your request to reply to you (this deadline may be extended for very complex or large requests), as long as –

  • You’ve given us any info we need to confirm your identity and given us clarity about the relevant personal data you’re requesting.
  • We’ve not already responded to an identical or similar request within a very short timeframe.

Please bear in mind that if/when we get a request from you, we’ll need to balance your rights with the rules we have around processing your personal data. For legal reasons, we need to stick to the rules. If we can’t deal with your request, either in full or in part, we’ll explain our reasons clearly.

To make it simple, we’ve set up one single point of contact for all your personal data queries.  Please see the Contact Us section below if you need to get in touch. 

If you’re not happy about the way your personal data’s been handled, you have the right to contact the Information Commissioner’s Office (www.ico.org.uk/concerns).



We like to stay on top of things, so the way we use your info may change. If it does, we’ll update our Privacy Policy. You can see the date we last updated it right at the very top.  If there’s a significant change, we will notify you.



If you’ve got any questions that haven’t been covered, please contact our Data Protection Officer. Email us at DPO@thetrainline.com, or write to us Data Protection Officer, PO Box 23972, Edinburgh, EH3 5DA.