Trainhugger is committed to protecting and respecting your privacy when you use our services.
The data controller is:
Migaloo Ltd. (trading as Trainhugger)
27-29 The Hop Exchange
24 Southwark Street
Registered in England
Company Number: 12185670
Our Data Protection Manager is:
27-29 The Hop Exchange
24 Southwark Street
More information about the Data Protection Act can be found on the Information Commissioners Website. The Information Commissioner is our regulator for data protection matters.
We may collect and process information about you when you: buy tickets, use our website or apps, respond to a survey, use a product from us or make a sales enquiry; contact Customer Relations, enter a competition or sign up to receive updates or marketing.
We collect information such as your contact details, ticket purchases, stations visited, payment and refund details. We may require additional details for some services, such as your age for age restricted tickets, or health and/or data about your accessibility needs in order to assist you with your travel. This information is generally provided by you.
Sometimes we obtain details from third parties, for example if we have taken over a franchise or a complaint is passed to us from another operator.
We will only use the information you provide as permitted by Data Protection Law. This depends on how you contact us, use our services, the consent you have given, our legitimate interests, or legal obligations we may have, such as ensuring that our services are accessible.
We may use information held about you in the following ways:
We will only share or disclose your information as set out in this Policy or in accordance with Data Protection Law and will obtain your consent where we are required to do so. We will only use third parties to process information where we are satisfied that they comply with these standards and can keep your data secure. We may share or disclose information for the following reasons:
You can find out more below about the information we collect and how we use, share or disclose it.
This section shows the information we collect when you use our website. Before providing us with your details, please read the following important information regarding:
We will only use the information that we collect about you lawfully, in accordance with the Data Protection Law.
The details you provide about yourself and any other information which identifies you (‘Personal Information’) is held by us on this website (the “Site”) for operational purposes, for example customer registration or processing payments. We may also use your Personal Information to personalise your experience on the Site by informing you of new products or services that we may think are of interest to you.
We gather general information about users, for example, what services users access the most and which areas of the site are most frequently visited. Such data is used in the aggregate to help us to understand how the site is used. We gather this information so that we can continue to improve and develop our services to benefit our users. We may make this aggregated information available to users of the site and also to auditors. These statistics are anonymous and contain no personal information and cannot be used to gather such information.
When you register with us to set up a travel alert, enter a competition, or buy a ticket, we ask for personal information such as your name, contact details, and other details. Once you register with us and accept our Terms & Conditions, you are not anonymous to us. We may use information that you provide to alert you to our own products and services. We may contact you regarding site changes or changes to the products or services that you use.
You may opt-in to receive newsletters, exclusive discounts, special offers, updates on your trees planted, Trainhugger projects and other marketing emails from us. You may unsubscribe at any time by logging in to your account and updating your preferences.
Please note changes to your subscription preferences can take up to 14 days to take effect.
Alternatively you can write to our Customer Relations Team at: email@example.com
For your convenience, our website and apps may contain links to sites owned and operated by third parties. They have their own privacy policies, and we urge you to review them before browsing those sites. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.
A cookie is a small piece of information that is sent to your browser when you access a website. Cookies contain information about your visits to that website and the purpose of cookies is to enable our websites to remember you, and your browsing habits, when you visit it again in the future.
With most Internet browsers you can configure your browser so that it refuses new cookies, prompts you to accept cookies or disables cookies altogether. Exactly how this is done is dependent on the browser you use.
In order to increase security we ask you to input a password when you register as a user of the site. Please keep this password secret.
We encrypt your financial information using SSL (Secure Sockets Layer) technology so that no one else can access your credit card details as they travel through the Internet. SSL as of November 2020 is certified by Let’s Encrypt and is recognised as a secure way to pay on-line. As you may be aware, no data transmission over the Internet can be entirely secure. We will always use reasonable endeavours to protect the personal information you provide to us but we cannot guarantee the security of your information and the use of our facilities (e.g. email) is at your own risk.
If you have any questions about paying for your ticket through the Site, please contact Customer Relations. Trainhugger will never ask for your financial information outside the booking process.
The information that we collect from you will only be stored in the European Economic Area or in the United Kingdom. With consent, your name may be used in order for Trainhugger to send you emails via a third party platform such as MailChimp.
We use a range of technical and organisational measures to safeguard access to and use of your personal information and to ensure it retains its integrity and availability. These include structured access controls to systems, network protection, intrusion detection, physical access controls and staff training. We also consider anonymising or pseudonymising personal data where practical.
To prevent marketing to you, you have the right to ask us not to process your personal information for marketing purposes. We will usually inform you before collecting your information if we intend to use or disclose it for such purposes. If you do not want us to use your information for marketing purposes either:
It is possible that you may receive a pre-scheduled communication whilst your request is being processed as this can take several days. If you have any other objections as to how we are using your personal data, please contact our Data Protection Manager.
You are entitled to request a copy of the personal information we hold about you.
Please contact us at firstname.lastname@example.org. Please let us know if you want to receive the information electronically. We aim to get the information to you without undue delay and within 30 days. If we have any trouble with this timeframe. we will let you know within 30 days and explain what the problem is. Sometimes we may hold information that we don’t have to provide, for example it would prejudice a police investigation or contain someone else’s personal data.
In most cases we provide the copy of your data to you for free. We have set out some information about when it might not be free, or provided below.
If you believe the information we hold about you is inaccurate or incomplete you can contact us and ask us to correct it. You may also request any data processing we are carrying out on your data is halted whilst a request for rectification or objection or a dispute over the lawfulness of processing is being considered.
We will provide a response confirming the action we have taken or disagree with taking within 30 days, or provide a response within 30 days if the matter is complex and a further time is needed.
You can request deletion or removal of personal information in some circumstances, such as when there is no compelling reason for its continued processing.
We will provide a response to you without undue delay and within 30 days, confirming whether/what personal data we have deleted and/or explaining why some data does not need to be deleted.
If we relied on consent as the ground for processing your personal data, you can withdraw this consent at any time. It does not affect the processing carried out beforehand. You can withdraw consent by contacting Customer Relations, our Data Protection Manager or the Data Protection Officer. Where you have consented to receive direct marketing communications, you can withdraw your agreement at any time by updating your preference centre or clicking on the appropriate link in the communication or contacting us as above. We will comply with your request without undue delay and within 30 days.
You also have a right to request that no further processing takes place in relation to some grounds of processing, such as for direct marketing. We will respond to your request without undue delay and within 30 days, confirming the action we will or won’t take.
Where you have provided us with personal data and the reasons we are processing it are based on consent or our contract with you, and the processing is automated, you have a right to ask for that information to be provided to you or another data controller in a structured, commonly used and machine-readable format. The right may be restricted if it is not practical for us to provide the information in this way or it adversely affects the rights of others.
If we are able to provide your personal data in this way, we will do so in 30 days or we will let you know within 30 days if we require more time or there are any issues with carrying out the request.
If you have signed up to receive marketing communications from us, we will use information such as the type of tickets you buy or the stations you use, to send communications which are more relevant to you. We will try and make the communications compatible with the device you are using.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
We will try to deal with your request without undue delay and at least within 30 days. In exceptional circumstances, we may need to extend the time to respond fully, if the request is particularly complex or there are multiple requests. But we will let you know within 30 days.
We will not charge you a fee for dealing with rights requests, unless they are manifestly unfounded or excessive or in circumstances where copies have been provided previously. We would always let you know if we thought this was the case, so that you can make a decision about what you wanted to do next.
There are various limitations and exemptions in relation to the exercise of rights in data protection law – for example if it would affect another’s rights and freedoms or if we need to retain the information to make or defend a legal claim. We intend only to rely on limitations and exemptions where it is fair to do so and always bearing in mind that it is your personal data.
If you are not happy with the way in which we deal with your data or have dealt with a rights request, then please let us know. Our Data Protection Manager is the first point of contact for dealing with Rights Requests and complaints, and they are assisted by Customer Relations. If you are not satisfied with their response you can complain to the ICO. Its contact details are:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Visit the Information Commissioner’s website
You also have the right to seek a judicial remedy, issue legal proceedings against us.
GDPR stands for the General Data Protection Regulation and it is now the law. it is designed to keep your personal information safe. Personal information can be your:
Trainhugger is a “Data Controller”. This means that it collects and uses information about you. As a data controller, we are responsible for looking after your information and only using this for relevant purposes.
GDPR has some important principles to ensure that we protect your information:
You must give us quite a lot of the information we need, but there is some information that you can choose whether to let us have it or not. When we ask you for information that you don’t have to give us, we will ask for your permission and let you know why we want it and what we will do with it. If you don’t want us to have the information, that’s your choice. If the information we are collecting is information that you can choose not to give, you can tell us to stop collecting it at any time.
We only keep your information for as long as we genuinely need it. We have a policy that tells us how long to keep it for.
We won’t share your information with anyone else without your permission, unless the law says we can or should. If we do share your information, it will generally be with your School or Local Authority.
You have the right to:
Sometimes it might be appropriate for the person who looks after you to ask us for this information.
If you’re worried about how we get and use your information, you can contact our Data Protection Manager, Felix Tanzer, at email@example.com.
If you want to complain about how we use your personal data, you can contact the Information Commissioner’s Officer. You can find out more information about them by visiting https://ico.org.uk/.
We may occasionally update this statement.
Last updated April 6th 2021.