Privacy notice

v3.0.2

Last reviewed October 2023

Legal entity processing data: Ferries Trains Planes Ltd. (t/a Raileasy), registered at 10 Station Parade, Wanstead E11 1QF (referred to as ‘us’ in this document)

As a responsible company, the stewardship of your personal data provided to us is a top priority. As such, we feel it’s important that we detail what data of yours we handle, why we need it and – most importantly – how we keep it safe.

What data is collected, and why?

In order to fulfil your booking with a Raileasy-powered brand, we may need to collect the following PII (Personal Identifiable Information) from you:

Data Type

What data do we collect?

Why we need it

Basis for processing the data

Who handles this
  • Full name
  • Full physical address
  • Telephone number

 
  • Assist with payment processing
  • Pass through to our fulfilment provider for Ticket on Departure (ToD) fulfilment
  • Assist with support requests
  • Us
  • Third-party fulfilment providers
  • Third-party support providers
  • Third-party payment provider 
  • Email address
  • User account management
  • To send service emails to you, such as booking confirmations, e-tickets and disruption emails
  • Newsletter-based marketing, if opted in.
  • Assist with support requests
  • Collect customer reviews
  • Us
  • Third-party newsletter provider
  • Third-party support providers
  • Third-party reviews provider
  • Payment card information
  • Assist with payment processing
  • Third-party payment provider (We do not handle or hold the raw card details ourselves, in accordance with PCI-DSS guidelines)
  • Technical data related to your visit such as IP address, browser version and device details
  • This allows us to assist with stopping bot traffic, debugging any technical issues and for statistical analysis.  
  • Us
  • Our analytics provider
  • Our CAPTCHA service provider

If you purchase a Railcard from us via https://railcards.trainsplit.com, we may also need to process the following information:

Data Type

What data do we collect?

Why we need it

Basis for processing the data

Who handles this

  • Full name

  • Email address

  • Assist with collecting information relevant to railcard purchasing and fulfilment 

  • Us

  • Rail Delivery Group

  • Photo

  • Allows visual verification that a railcard is being used by the authorised person(s)

  • Us

  • Information from identity documents (e.g. passport number, driving licence number)

  • Allows verification of details for issuance of railcards with specific eligibility requirements

  • Us

  • Payment card information

  • Assist with payment processing

  • Third-party payment provider (We do not handle or hold the raw card details ourselves, in accordance with PCI-DSS guidelines)

  • Technical data related to your visit such as IP address, browser version and device details

  • This allows us to assist with stopping bot traffic, debugging any technical issues and for statistical analysis. 

  • Us

  • Our analytics provider

  • Technical data related to the device your railcard is stored on, such as UID and manufacturer/model number

  • Allow us to monitor railcard installations, assist with issues and enables technical compliance with device limits 

  • Us

Where is my data handled and stored?

Your personal data is controlled by a UK-based company, so comes under UK GDPR laws and ICO guidelines. However, ourselves and partner organisations whom we pass your data through to may use trusted cloud storage providers with global locations (such as Google’s Cloud Platform and Amazon’s Web Services). All PII is stored within the UK/EEA.

What data security measures are in place?

Our cloud provider, Google, and ourselves use a range of both physical and digital protections to keep your personal data safe. In addition, we regularly run both semi-automated and manual checks on our digital infrastructure and periodic security reviews of third parties that process user data.

A note if you use third-party authentication providers such as Apple or Google

If you choose to use one of our third-party providers such as Apple or Google for signing in to your account with us, we only take a limited amount of personal data. Any data you provide to these platforms directly remains under their own data protection principles, and is subject to their own Privacy Policy as well as our own.

How do I remove my data from your systems?

At any time, you can ask us to remove or anonymise (as appropriate) any personal identifying information that we hold within our systems – please contact us if you’d like to do this. We will aim to do this in a timely manner, but within one calendar month at the latest.

Who do I ask if I’ve got questions or concerns on how my data is handled?

Raileasy’s Data Controller is:

Joe Sikking (management@raileasy.co.uk)

We take the security of your personal data seriously, so if you think there’s been a breach in trust in this for any reason, please contact our Data Controller using the details above in the first instance.

If, after contacting us, we’re unable to resolve your concerns to your satisfaction, you also have the right to make a complaint to the ICO.

You also have the right to a copy of all personally identifying data on yourself held by us in the form of a Subject Access Request (SAR) - if you would like us to do this, please contact us.