Privacy Policy

Welcome to Trainline’s Privacy Policy. When you use our services, you're trusting us with your information. This Privacy Policy will inform you as to how we look after your personal data when you use our services. We understand this is a big responsibility and we work hard to protect your personal data.

Effective: November 7th 2022 / Version 1.12

Who are we and what do we do?

We’re Trainline. We’re made up of a core group of companies working together to help you get where you need to be: 

  • Trainline.com Limited
  • Trainline SAS 

Like you, your data goes on a journey. How we collect and use your data depends on where you travel and which train or coach company you travel with. 

Your personal data and our promises to you

Your personal data is very important to us. Whenever you use our website or app, we’re committed to these four privacy promises: 

  • We’ll be crystal clear about the personal data we use, how we use it and – most importantly – why we need it.
  • We’ll give you choices when it comes to your data.
  • We’ll keep your personal data secure, using the best possible technology, people and processes.
  • We’ve cut the jargon, to help you make informed choices about your personal data.

Personal data you give us

You may need to give us your personal data to use our services and book tickets – more on that below. 

Personal data is anything that helps identify. It’s things like: 

  • name 
  • email or billing address 
  • age 
  • payment card details 
  • phone number  
  • home address
  • details of any relevant railcards, discount or loyalty cards you might use

Personal data you give us about others

You may be doing a trip with other guests whose details we may also need in order for them to travel.

By entering someone else’s personal data, you confirm you’ve either got their permission to give it, or permission from their parent or guardian (if the passenger is under 16).

How we use your information

We use your information in a number of different ways — what we do depends on the information. This has been explained below in detail, showing what we do and why.

Personal data we collect automatically

Whenever you use our website or app, we automatically collect certain information using cookies and device info.

Third parties

We share your personal data with the following types of third parties.

TPS

Keeping your data

While you’re using our services, your personal data will be safe with us, but we’ll never keep it for longer than we need to.

As soon as we don’t need your personal data to offer our full services to you, we’ll make sure it’s either deleted or anonymised.

 

Cookies

Our website and app are so easy to use, thanks to Cookies. Cookies are tiny crumbs of personal data that we automatically collect when you use our website or app.

Let’s say you visited our website and changed your settings to pay in euros instead of pounds. Cookies help us remember your currency preference - so we can show you prices in euros next time. Pretty neat, right? 

Our Cookies Policy gives a full breakdown of how we use Cookies, and how you can edit your preferences. 

 

Personalising your experience

Just like a friendly barista who knows your daily coffee order, we want to offer you a personal service. The barista recognises you when they see your face, but we rely on cookies to know it's you.

We combine cookie data with booking and search history to tailor your experience.

See our Cookies Policy for more info. 

International data transfers

We transfer your personal data to other Trainline companies in our core group and service providers outside the European Economic Area (EEA). We only work with service providers that prove to us that they have the same high standards around protection of your data as we do.

Your data is always securely processed. Where we transfer your personal data outside the EEA, we have rules and steps put in place to make sure your personal data is kept safe and protected. Usually this means we’ll have standard contractual clauses approved by the European Commission in our contracts with parties outside the EEA, or we will rely on European Commission adequacy decisions. 

 

Security

We’ve put in place stringent and accredited security measures to prevent your personal data from being accidentally or maliciously accessed, used, altered or deleted without explicit authorisation. In addition, we strictly limit access to your data to just those employees, contractors and trusted third parties who have a business need to access it, and they are all subject to binding contractual confidentiality obligations. For further information on our security practices, please see our dedicated security page. 

 

Guest check out

If you’re in a rush, you can book tickets without signing in or creating an account. Your confirmation email gives you the option to create an account or link your booking to an existing account. We'd recommend doing this, it'll be easier to manage your booking.  

We'll update your account with any changes you make to your marketing preferences.

Your rights

You have personal data rights. To exercise any of these rights please contact us at DPO@thetrainline.com. More info is available in the Getting in touch section below. 

Your rights are:

Data portability

This applies to information you give us. You can ask us to transfer this information to another data controller in an easy-to-read manner.

Find out more

Rectification

You can correct or change your personal information, like your name or email address, at any time by visiting your account on our app or website.

Find out more

Restrict processing

You can ask us to restrict processing of your information in some circumstances. 

Find out more    

Access

You can ask us for copies of your data. This right always applies but there are some exceptions. 

Find out more

Erasure

You can ask us to erase your data in some circumstances.

Find out more

Object to processing

You can object to how we process your data.

Find out more

Close your account

You can choose to close your account and delete data we hold, by clicking on the button below:

 

Close account

 

You will also need to log out of your account if you are currently signed in. 

Getting in touch

You can contact us using any of the following methods.

Email: DPO@thetrainline.com

Post: Data Protection Officer, PO Box 23972, Edinburgh, EH3 5DA. 

We would always appreciate the opportunity to answer any questions or resolve any complaints directly via the contact points above. If you are not satisfied with our response, you have the right to complain to the relevant supervisory authority for data protection matters. 

Contacting the relevant supervisory authority

You can make a complaint about how your personal data is used to the relevant supervisory authority. If you are a UK customer, you can find out more at this link.  If you are based within the EU, you can find out more here.