Data protection and personal information
We’re serious about protecting your personal data, and we commit to comply at all times with the latest General Data Protection Regulations.
Personal data that we collect.
The personal data that we collect may include your name, address, date of birth, email address, telephone number, preferences, IP address (the number that uniquely identifies a specific computer), Twitter username.
We collected your personal data from you when you signed up to purchase one of our products, or when you subscribed to our mailing list for news updates or travel disruption alerts. We also collected some limited personal data from third parties, if for example you signed up to online direct debit facilities, then we will have consulted Experian to verify your identity. We always ensure that we have a lawful basis for processing the personal data that we collect. In this case the lawful basis for processing is to perform the contract / purchase terms and conditions between us and you in order to fulfil the order(s) that you have placed with us.
Your rights in respect of your personal data
You have the right to request access to your personal data, amendments to it and for it to be deleted. Further information about those rights and who to speak with if you have any queries about our approach to processing your personal data are shown below.
How and when we use your personal data
We’re committed to using your personal data responsibly and lawfully. Here’s what we do with your personal data:
- Use it to fulfil orders you’ve placed with us.
- Use it to focus our updates on information that you’ve shown an interest in
- Use it to ensure we deal with your enquiries about our services quickly and efficiently.
The majority of your personal data is stored on our servers within the UK, and we have ensured that any data that is held with third parties (for example on our CRM system database) on servers outside of the UK, is strictly held in compliance with General Data Protection Regulations.
To help us to maintain the accuracy of the personal data that we hold please let us know if we hold out of date or inaccurate information about you.
Sharing your personal data
There are only a few occasions where we will share your personal data with a third party. They are:
- Where we’re required to disclose it by law – to government bodies for example.
Between ourselves – for example to deal with a query that you may have which may involve our Customer Services team, sales order processing team, and depot operations teams.
- With our professional advisers such as Experian (who are required to keep your data confidential), for example where we need to verify your details .
- We use accepted standards of technology and security to protect your personal data. For how long will we keep your personal data, our ‘retention policy’ provides details as to the types of data we keep and the length of time we keep it is as follows:
Type of data – Customer contact details including postal address, email address, contact phone numbers, date of birth, preferences, IP Address, photographs for ID purposes where relevant
Retention period – Orders / purchases / contact with our Customer Services team: two years from the date of the last transaction on a registered account (whether that be a top-up or a journey made) Service updates: ongoing, but with option to unsubscribe at any time on all correspondence or online. Data is then permanently deleted within twelve months.