Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
1.1 Information you give us (submitted information):
1.1.1 This includes information that you provide by filling in forms and submitting information such as compensation claims against rail operators (“Claims“), by e-mail or through the App or the Website. This includes information provided to us when you register to use the App, download or register the App, on submitting a Claim, subscribing to any one of our services, through surveys, or by requesting further services. We may also ask you for information when you enter any promotion sponsored by us.
1.1.2 The information you give us may include your name, address, e-mail address, age, personal description and photograph, username, password and other registration information, financial information, phone number, train ticket and information associated with a Claim, the device’s phone number and the device unique identifier.
1.1.3 Records of communications between you and us relating to services provided by us to you. If you contact us, whether through the App, the Website or otherwise we may keep a record of that correspondence. For example, if you submit a query, a complaint, report a problem with our service, Website or App, or otherwise liaise with our customer service, technical support or any other department in our company we may keep a record.
1.1.4 We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
2.1 Each time you visit our Website or use our App we may automatically collect the following information:
2.1.1 Technical information, including the type of mobile device you use, a unique device identifier (for example, your device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), your mobile operating system and time zone setting (“Device Information”);
2.1.2 Information stored on your mobile device, including contact information, login information (your e-mail address, forename and surname), photos, videos or other digital content (captured for Claims using exif image data), check-ins (collecting location information, including exif image data, of where an image was taken – if you have the GPS switched on), geofencing (collecting the list of stations that you are at with a timestamp) (“Content Information”);
2.1.3 Details of your use of our App or your visits to our Website including, but not limited to traffic data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise (“Log Information”).
2.1.4 Your contact details such us your e-mail address, forename and surname (“Contact Details Information“).
2.1.5 You bank account number, your bank name on the bank account, bank sort code, your paypal account or similar details from other payment providers to be able to transfer to you any applicable refunds arising from your Claims or to perform other services under our contract with you (“Financial Information“).
2.1.6 Location information. We use GPS technology, or a similar technology, to determine your current or past location (e.g. to enable the rail operators to process and verify your Claim). We also use Geofencing – collecting the list of train stations that you are at with a timestamp. Check-ins (collecting location information – if you have the GPS switched on – of where an image was taken – exif image data) (the “Location Information“). Some of our location-enabled Services require your personal data for the feature to work. If you wish to use these particular features, you will be asked to consent to your data being used and processed for this purpose. You can withdraw your consent at any time by sending us an e-mail to email@example.com or by accessing the “Settings” section in our App and changing your permission settings (the FAQ section in our App explains how to do this).
2.1.7 Information we receive from other sources (“Third Party Information”). We are working closely with third parties (including, for example, the rail operators, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
2.1.8 Unique application numbers. When you install or uninstall an App containing a unique application number or when such App searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us (“Unique App Numbers”).
2.2 We may check some of the information that you provide against third party databases to confirm that it is accurate.
2.4 We have no access to your credit or debit card details, but we may have access to your billing address and payment history in order to assist with customer service enquiries. Under no circumstances are these details disclosed to any third parties other than those who need to know this information for the performance of the services requested by you.
3.1 We may process this information for the purpose of:
3.1.1 Administering registration records (including reminders, e.g. to update your payment details);
3.1.2 Providing and personalising our products or services;
3.1.3 Providing you access to all parts or features of our services, the App or the Website;
3.1.4 Dealing with your enquiries and requests, including contacting you where necessary;
3.1.5 Carrying out our obligations arising from any contracts entered into between you and us;
3.1.6 Processing your compensation payments granted by rail operators;
3.1.7 Contacting you for your views on our services and notifying you occasionally about important changes or developments to our services, the App or the Website;
3.1.8 Notifying you about changes to our services;
3.1.9 Carrying out market research campaigns;
3.1.10 Improving and developing our services, the App or the Website;
3.1.11 Ensuring that content from our App or our Website is presented in the most effective manner for you and for your computer or mobile device; and
3.1.12 Debt recovery or debt tracing, crime, fraud and money laundering compliance.
3.2 We may also use your personal information, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by e-mail or text or push notification through our App.
3.3 If you are an existing customer, and you have not opted out of this, we will only contact you by electronic means (e-mail, SMS or inmail) with information about goods and services similar to those which were the subject of a previous sale to you. You will be entitled to opt out from this by contacting us or by clicking “unsubscribe” in the electronic communication you receive.
3.4 If you are a new customer, and where we permit selected third parties to use your information, we (or they) will contact you by electronic means only if you have consented to this.
3.5 If you do not want us to use your information in this way, or to pass your details on to third parties for marketing or advertising purposes, please tick the relevant box (or boxes) situated on the form on which we collect your data (e.g. the registration form) or use our App or Website features to withdraw your consent.
3.6 We may also gather information and statistics for the purposes of monitoring the usage of the App or the Website and our services and may provide such anonymised information to third parties such as the rail operators (for example, we may inform a rail operator that 500 passengers claimed compensation for delays on a train line on a given month). These statistics will not include information that can be used to identify you.
3.7 You may ask us to provide you with information about our services or services offered jointly with or on behalf of other organisations by sending us an e-mail to firstname.lastname@example.org or writing to us at the following postal address: Regents House, 40 Islington High Street, London, N1 8EQ.
3.8 If you choose to post messages on any online forum or other message platforms that we may make available for this purpose on the App or the Website, we may collect that information you provide to us, on or via those forums and platforms. We may retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems, as permitted by law.
3.10 We may contract out part of our services plus other ancillary services such as hosting, credit checking, billing, and verification of sales. We may disclose your personal information to other organisations but only so that they can provide you with the services that we have contracted out.
4.2 Where relevant, with respect to online payments, all your payment details will be passed from your browser for processing using encryption. All information you provide to us is stored on our secured servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology or other suitable encryption technology.
4.3 Where you have been allocated a user admin area (an “Account“), this area is protected by your user name and password, which you should never divulge to anyone else. You are responsible for keeping this password confidential. We ask you not to share a password with anyone.
4.4 Please be aware that communications over the Internet, such as e-mails/webmails are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the World Wide Web/Internet.
4.5 We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
4.6 We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
4.7 All of our employees and data processors that have access to, and are associated with, the processing of your personal information are obliged to respect the confidentiality of our users’ information.
4.8 We ensure that your information will not be disclosed to government institutions or authorities except if required by law or when requested to by regulatory bodies or law enforcement organisations.
4.9 Certain of our Services include social networking, chat room or forum features. When using these features please ensure that you do not submit any personal data that you do not want to be seen, collected or used by other users.
5.1.1 Our employees;
5.1.2 Our affiliates;
5.1.3 Any member of our group companies and their employees, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
5.1.4 Successors in title to our business;
5.1.5 A prospective seller or buyer in the event that we sell or buy any business or assets, in which case we will disclose your personal data to such business or assets;
5.1.6 A buyer, if RailRepay or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
5.1.7 Third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to IT support services) to us;
5.1.8 Government bodies and law enforcement agencies and in response to other legal and regulatory requests, if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
5.1.9 Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes or processes;
5.1.10 To any third party where such disclosure is required in order to enforce or apply our Terms, Website Terms and/or other agreements; or to protect the rights, property, or safety of our company, our customers, or others;
5.1.11 Protect the rights, property or safety of RailRepay, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction;
5.1.12 Subject to the limitations in paragraphs 3.2 to 3.7 above, to carefully selected third parties that may contact you about products and services which may be of interest to you; and
5.1.13 The Rail Operator to which you submit any Claim, your location Information and any other information required to enable them to process and verify your Claim.
6.1 You can write to us at any time to obtain a copy of your information and to have any inaccuracies corrected. Where appropriate, you may object to our processing your personal data under certain circumstances or write to us to have your personal information erased, restricted, rectified, amended or completed.
6.2 If you wish to do this, please write to: email@example.com. Please quote your name and address in any such correspondence. Please also provide brief details of the information of which you would like a copy or which you would like to be corrected, if possible (this helps us to more readily locate your data).
6.3 We will require proof of your identity before providing you with details of any personal information we may hold about you. We may charge a reasonable fee to cover the administrative costs involved in providing you with a copy of your information.
9.2 In the event the purposes for which we process personal information changes, then we will contact you as soon as practicable and seek your consent, where such notification relates to a new additional purpose for processing which is not compatible or similar to the originally specified purposes.
10.1 We are not responsible for the privacy policies and practices of other apps or websites even if you accessed the third party app using links from our App, our Website or by means of our services.
10.2 We recommend that you check the policy of each app you visit and contact the owner or operator of such app if you have concerns or questions.
12.1 For complaints or for requesting further information from us on data protection and privacy or any requests concerning your personal information please write to railrepay, Regents House, 40 Islington High Street, London, N1 8EQ or e-mail us at firstname.lastname@example.org.
12.2 You can also contact the Information Commissioner’s Office if you have a complaint regarding your personal data that we cannot resolve. Their website address is: