We take the issue of personal data very seriously, as it should be. Let’s be clear from the outset, we make a living by selling train tickets, not by selling personal data on the sly; so we will not sell on your data to unscrupulous merchants. This page is here to give you some essential (and some not so essential) information with regard to the law, so that you know where you stand. If you feel inclined to read further, the lines below explain how we collect information when you use our service. This enthralling page also specifies why we use and transfer your data as part of our job.
When you go down to the bakery to buy a nice baguette (not too well done), you’re unlikely to be asked to declare your identity, age or email address. The transaction takes place in complete anonymity. If you pay with cash, you don’t even leave any bank details behind you. Even when the staff in the bakery know your first name, it’s quite unlikely that the bakery’s marketing department will try to make a profit out of it. So, in small everyday business dealings, your personal data is rarely revealed.
On the internet, everything gets more complicated. When you make a purchase online, the merchant may ask you to transmit a whole stack of personal data, data that can be collected, used, transferred, amended, misrepresented, stolen and so on. So it’s important to know what you’re getting into before you make a purchase. Which is precisely why we publish our policy on personal data, so you know what we’re doing with your data when you come to one of our booking channels.
Let’s begin by defining some useful terms.
- When we say “we” or “Trainline”, we mean the company CAPITAINE TRAIN SAS, which is subject to French law.
- When we say “our service”, we’re not talking about tennis, but the ticket booking service set up by the company CAPITAINE TRAIN SAS – that means us.
- When we say “you” or “user”, we mean the private individuals or professionals who have chosen to use our service – that means you.
- When we say “iOS application” or “Android application”, we mean our application for iPhone and iPad in the first instance, and our application for Android in the second, two applications that you can download for free from our friends at Apple and Google.
“Thinking about it, means no.” — Alain, Philosopher
“Consent means saying yes.” — Julie, Lawyer.
Generally speaking, we use your data to offer you a service you requested, fulfill our legal obligations, respond to a legitimate need, or with your consent.
In certain cases, when it seems necessary, we will explicitly ask you to give us your consent to use your data – you’ll spot this easily because you’ll probably have a box to tick. This happens, for example, at the moment you register on our website, since we ask you whether or not you want to receive our promotional emails, in order to use your email address to send you our news.
4. Right of inspection
You may consult, amend, or request the deletion of your personal data by sending us an email at the following email address: email@example.com.
5. Account closure
If you have created an account on our website or in our applications, and you want to close it, write to us using our contact form. Once your request has been received, we will deactivate your account and make your data unusable while we’re at it. After they have been archived, old accounts are stored on our servers for some time, in case we need them as an evidence, for example in case of a fraud, outstanding payments, legal disputes, criminal investigations or any other recourse permitted by law.
6. Questions and contact
If you have any questions about the content of this page, we’d be delighted to answer them. Drop us a line by email at firstname.lastname@example.org or by post at the following address:
Trainline 20 rue Saint-Georges 75009 Paris FRANCE
COLLECTING PERSONAL DATA
Your personal data may be found on our servers for the following reasons:
1. You directly provide us with the data
Data does not appear from nowhere, it is provided by you. When you buy a ticket on our website or our applications, when you write to our customer service, when you publish a comment on our blog, or when you communicate with us, you provide us with personal data every time. This information may, for example, contain your name, date of birth, gender, discount or loyalty cards, email address, telephone number, bank details, or even your purchasing history. This is also the case for all the information you provide us about the passengers for whom you book tickets. By the way, we assume that you have informed your passengers and obtained their consent from the moment you transmit their personal data.
2. You transmit the data to us passively
Without you supplying information directly through the forms, we also collect and process information on the use you make of our service. We use the wording passive collection to designate the data we put in a register, like a court clerk, to reconstruct the sequence of your visits. This basically means all the traces you leave behind every time you take any action on our website. This register could contain, for example, your IP address, the date of your last log in, the browser used, ticket purchases, and after sales operations carried out on your tickets.
3. Cookies and monitoring technologies
USE OF PERSONAL DATA
We use and transmit personal data in the following cases:
1. When you book and pay for tickets
We don’t have our own trains. So we have to make commercial agreements with the people who run the trains, so that we can offer their tickets on our site and on our applications. Consequently, the majority of the information we request from you is actually the information required by the carriers we work with. We cannot sell you tickets without your personal data, or without the help of our service providers and the carriers, because we don’t have our own trains, or our own bank, or our own payment platform – and we don’t expect to branch out any time soon.
As travellers’ personal data is a big deal for carriers, you must provide accurate information about yourself and your passengers. For example, the ticket inspector has the right to request ID to confirm that the date of birth given at the time of purchase is correct.
2. To promote our service and send you newsletters
For example, if you give us your email address when you create an account on our site, and you tick the box that lets you receive our promotional emails, then it is possible for us to use your address to send you a reminder email a few days later to remind you the benefits of our service. You can decide not to receive our promotional emails again by using the unsubscription link at the bottom of these emails.
3. To offer you services tailored to your needs
Like everybody, to keep our service running, we promote it with online or offline advertising as well as with promotional emails for those of you who consented to receive these. And to be sure that this is not completely off the mark, we analyse your habits with the help of service providers, so we can propose offers which fit your interests. For example, we’re not going to tell you about Spanish trains if we can see that you’re travelling to Germany all the time.
4. To collect your payments
When you buy a ticket through our service, you give us access to your bank details. We can then send you transactional emails, payment receipts, direct debit authorisations and alerts in case of any glitches with your bank. We use a service provider to make payments secure. This service provider therefore has access to your billing information, too, but not to your travel details, or information about your passengers, tickets or purchasing history. To make sure your payments don’t get lost, we only work with service providers we trust to be reliable.
5. To improve our service
This means that we collect information on how you use our service through cookies, and that we share this information with third party analysis tools, like Google Analytics.
6. For purchases you make without an account or without logging in
For a few months it is not necessary to register with our site to be able to buy a ticket. If you don’t have an account with us, or if you use our site without logging in to your account, then any purchases you may make outside your account will not appear in your account history. Each purchase made outside your account is considered an independent purchase, and we register it as such each time, so that we can find a trace of your order if you need any help. The personal data you provide when making a purchase without an account will be dealt with in the same way as in all other transactions.
7. To troubleshoot your problems
Our customer services department may communicate with you about your account, tickets or payment, in order to help you. Whatever happens, we will only stick our nose into your account when you ask us to.
8. For internal statistics or surveys
This means we can use your personal data to generate statistics on our users or ask you to participate in our own surveys.
9. To combat fraud
We may use part of your data to protect us against fraudsters.
SHARING DATA WITH THIRD PARTIES
We can only share your personal data with the persons listed below:
1. With carriers
In general, we do not control how carriers use your data. But here are the most common uses, for your information. To find out more, we suggest you read their privacy policies to see how your data will be used.
A. For ticket bookings and sales
We share certain elements of your information with carriers, because they need them to issue your ticket, or to enable you to take an option on a ticket. For example, when you buy a Eurostar e-ticket using our service, we have to transmit certain information to Eurostar, such as your name, surname, and date of birth, without which the sale would be impossible. In any case, we only transmit what the carrier requests, nothing more.
B. For cancelled trains and other glitches
We may transmit your email address or your telephone number to certain carriers, so that they can contact you if they need to. For example, if your Eurostar train is cancelled, Eurostar may wish to reach you by email, to warn you and suggest an alternative.
C. To pay certain e-tickets and send them by email
Certain carriers have their own payment and e-ticket distribution systems; in other words, they take care themselves of the transaction with your bank before sending the e-tickets to you via e-mail. To allow them to do so, we provide them with certain elements of your information, this is the case for iDTGV, for example.
D. For carriers’ loyalty schemes
We take into account discount and loyalty cards issued by the majority of carriers. Consequently, if you register your discount or loyalty cards with us, we will take them into account when we search for your tickets, to offer you the best rates and the best benefits. When you buy a ticket at a discounted rate, or with a loyalty card, we send your card number to the carrier, so that you can benefit from the reduction or collect your loyalty points. In exchange, the carriers can use this data to send you emails as part of their respective loyalty schemes. For example, you might receive emails sent by the carrier, telling you that you can benefit from a discount on your next train journey.
2. With our service providers
As we are now part of the Trainline group, we use Trainline to provide a variety of services. We also use service providers to carry out (always under our instructions and uniquely on our behalf) some of the activities mentioned above. For example, we use a service provider for the secure management of your payments and we send them your payment details when you get to the check out.
3. With the authorities
We may be legally obliged to send certain data to the police or customs authorities, or even government or administrative agencies. This could be, for example, in the case of fraud detection or prevention.
4. With your company’s travel agency
If you use Trainline for Business, our ticket buying service for companies, then we may send the details of your professional journeys to your company or the travel agency appointed by your company to manage your business travel. If you also use Trainline for your personal journeys, through an individual account, the details of your personal journeys will not be provided to your employer.
5. With a possible buyer
We may transfer your information as part of a takeover, merger, or reorganisation of the Trainline group. In this kind of case, the confidentiality of your data and your rights in relation to your data will always be respected.
6. With social networks
When you create an account on our website, you can register using your Facebook or Google account. These functionalities are based on cookies, which can, in the process, collect information about you, such as your IP address, or the pages you visit. As we cannot control the actions of Facebook or Google, we cannot answer for information you supply to us through the intermediary of these social networks. Your interactions with the functionalities offered by Facebook and Google are subject to the privacy policies of these companies.
7. With nobody else
We make a living by selling train tickets, not data. So we do not sell your data to third parties. If we were ever to significantly change our policy, we would keep you informed, because such a change would have serious implications for you.
RESPECTING THE RULES
1. Data transfer outside the EU
We use certain service providers based in the United States. For example, when you search for a ticket on our website, you enter the information about your journey, like your departure date or your arrival station, this information then crosses the Atlantic and transit via the United States to reach the service provider who helps us give you the rates and train times you need. Now, to cut a long story short, American law provides less protection than European legislation when it comes to the privacy of personal data. When we take your data out of Europe, we therefore ensure that these transfers are always carried out with contractual clauses from the European Commission, home clauses, you might say, or other protections approved by European law, intended to guarantee data processing that complies with the demands of the old continent. In other words, we don’t work with service providers who can’t pull themselves up to the standards of European regulations.
2. Localisation of data
We may need to pick up and record your IP address, to deduce your approximate geographic location.
B. Geolocation of your telephone
When you choose your departure station from our iOS or Android application, you can select the name of the station from our search form, or you can ask our application to use the GPS on your mobile to geo-locate you and suggest your nearest stations. If you do not want your mobile to give us your geographic position, deactivate the GPS function on your telephone, or at least refuse Trainline the option of geo-locating you.
We do our utmost to preserve your personal data and prevent it from being stolen, damaged or misrepresented. If you have created an account with us by selecting the duo: user name and password, we recommend that you keep your password safely tucked away. As your travel details are sensitive information, we don’t have access to your password. We cannot therefore resend your password if you suffer a memory lapse. You can however change it at any time on our website.
Links to third parties
Last updated: August 2016.