RAILREPAY PRIVACY POLICY

INTRODUCTION

For the purpose of this Privacy Policy “you” or “your” means any end user accessing our App or our Website (as defined below), “we” or “us”, “our” means RailRepay, the trading name of Repay Solutions Limited with registered office at 71 Newman Street, London, United Kingdom, W1T 3EQ and registration number 10357895.

This Privacy Policy together with the RailRepay end user’s terms and conditions available at railrepay.wpengine.com/terms-and-conditions (the “Terms”) and RailRepay website terms available at railrepay.wpengine.com/website-terms-of-use (the “Website Terms”) and any other documents referred to in it sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  This Privacy Policy also sets out how you can instruct us if you prefer to limit the use of that personal data and the procedures that we have in place to safeguard your privacy.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 1998 (the “Act”), we are the data controller.   By using the RailRepay application (the “App”) or accessing our Website at railrepay.wpengine.com (the “Website”) any other related apps or websites or submitting information to us (through or in connection with the App) you signify your consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy.  If you do not agree with this Privacy Policy, you must not use the App, access the Website or submit information to us through or in connection with the App, the Website or otherwise.

1  Information we may collect from you

1.1        Information you give us (submitted information):

1.1.1       This includes information that you provide by filling in forms and submitting information such as compensation claims against rail operators (“Claims“), by e-mail or through the App or the Website. This includes information provided to us when you register to use the App, download or register the App, on submitting a Claim, subscribing to any one of our services, through surveys, or by requesting further services. We may also ask you for information when you enter any promotion sponsored by us.

1.1.2       The information you give us may include your name, address, e-mail address, age, personal description and photograph, username, password and other registration information, financial information, phone number, train ticket and information associated with a Claim, the device’s phone number and the device unique identifier.

1.1.3       Records of communications between you and us relating to services provided by us to you. If you contact us, whether through the App, the Website or otherwise we may keep a record of that correspondence.  For example, if you submit a query, a complaint, report a problem with our service, Website or App, or otherwise liaise with our customer service, technical support or any other department in our company we may keep a record.

1.1.4       We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

2        Information we collect about you and your device

2.1       Each time you visit our Website or use our App we may automatically collect the following information:

2.1.1       Technical information, including the type of mobile device you use, a unique device identifier (for example, your device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), your mobile operating system and time zone setting (“Device Information”);

2.1.2       Information stored on your mobile device, including contact information, login information (your e-mail address, forename and surname), photos, videos or other digital content (captured for Claims using exif image data), check-ins (collecting location information, including exif image data, of where an image was taken – if you have the GPS switched on), geofencing (collecting the list of stations that you are at with a timestamp) (“Content Information”);

2.1.3       Details of your use of our App or your visits to our Website including, but not limited to traffic data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise (“Log Information”).

2.1.4       Your contact details such us your e-mail address, forename and surname (“Contact Details Information“).

2.1.5       You bank account number, your bank name on the bank account, bank sort code, your paypal account or similar details from other payment providers to be able to transfer to you any applicable refunds arising from your Claims or to perform other services under our contract with you (“Financial Information“).

2.1.6       Location information. We use GPS technology, or a similar technology, to determine your current or past location (e.g. to enable the rail operators to process and verify your Claim). We also use Geofencing – collecting the list of train stations that you are at with a timestamp. Check-ins (collecting location information – if you have the GPS switched on – of where an image was taken – exif image data) (the “Location Information“). Some of our location-enabled Services require your personal data for the feature to work. If you wish to use these particular features, you will be asked to consent to your data being used and processed for this purpose. You can withdraw your consent at any time by sending us an e-mail to datacontroller@railrepay.com or by accessing the “Settings” section in our App and changing your permission settings (the FAQ section in our App explains how to do this).

2.1.7       Information we receive from other sources (“Third Party Information”). We are working closely with third parties (including, for example, the rail operators, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

2.1.8       Unique application numbers. When you install or uninstall an App containing a unique application number or when such App searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us (“Unique App Numbers”).

2.2       We may check some of the information that you provide against third party databases to confirm that it is accurate.

2.3       We will use third party payment agents to manage card payments. In doing so, you will be asked by the payment agent for your card details and billing address. This information is held by the third party payment agent, and you will be asked to agree to their terms and conditions, including their privacy policy, in completing the payment steps.

2.4       We have no access to your credit or debit card details, but we may have access to your billing address and payment history in order to assist with customer service enquiries. Under no circumstances are these details disclosed to any third parties other than those who need to know this information for the performance of the services requested by you.

3       How We May Use The Information Collected From You

3.1       We may process this information for the purpose of:

3.1.1       Administering registration records (including reminders, e.g. to update your payment details);

3.1.2       Providing and personalising our products or services;

3.1.3       Providing you access to all parts or features of our services, the App or the Website;

3.1.4       Dealing with your enquiries and requests, including contacting you where necessary;

3.1.5       Carrying out our obligations arising from any contracts entered into between you and us;

3.1.6       Processing your compensation payments granted by rail operators;

3.1.7       Contacting you for your views on our services and notifying you occasionally about important changes or developments to our services, the App or the Website;

3.1.8       Notifying you about changes to our services;

3.1.9       Carrying out market research campaigns;

3.1.10       Improving and developing our services, the App or the Website;

3.1.11       Ensuring that content from our App or our Website is presented in the most effective manner for you and for your computer or mobile device; and

3.1.12       Debt recovery or debt tracing, crime, fraud and money laundering compliance.

3.2       We may also use your personal information, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by e-mail or text or push notification through our App.

3.3       If you are an existing customer, and you have not opted out of this, we will only contact you by electronic means (e-mail, SMS or inmail) with information about goods and services similar to those which were the subject of a previous sale to you. You will be entitled to opt out from this by contacting us or by clicking “unsubscribe” in the electronic communication you receive.

3.4       If you are a new customer, and where we permit selected third parties to use your information, we (or they) will contact you by electronic means only if you have consented to this.

3.5       If you do not want us to use your information in this way, or to pass your details on to third parties for marketing or advertising purposes, please tick the relevant box (or boxes) situated on the form on which we collect your data (e.g. the registration form) or use our App or Website features to withdraw your consent.

3.6       We may also gather information and statistics for the purposes of monitoring the usage of the App or the Website and our services and may provide such anonymised information to third parties such as the rail operators (for example, we may inform a rail operator that 500 passengers claimed compensation for delays on a train line on a given month). These statistics will not include information that can be used to identify you.

3.7       You may ask us to provide you with information about our services or services offered jointly with or on behalf of other organisations by sending us an e-mail to datacontroller@railrepay.com or writing to us at the following postal address: Regents House, 40 Islington High Street, London, N1 8EQ.

3.8       If you choose to post messages on any online forum or other message platforms that we may make available for this purpose on the App or the Website, we may collect that information you provide to us, on or via those forums and platforms. We may retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems, as permitted by law.

3.9       If you stop using our services, the App or our Website or your permission to use the App, the Website or our services is terminated, we may continue to use and disclose your personal information in accordance with this Privacy Policy (as amended from time to time) and as permitted by law. However, if you wish us to stop e-mailing you with information in connection with the App, the Website or our services, please send your request in accordance with paragraph 12 below.

3.10       We may contract out part of our services plus other ancillary services such as hosting, credit checking, billing, and verification of sales. We may disclose your personal information to other organisations but only so that they can provide you with the services that we have contracted out.

4       Information Security

4.1       The Internet is not a secure medium.  However, we have put in place various security procedures with regards to the App and the Website and your electronic communications with us, as set out in this Privacy Policy.

4.2       Where relevant, with respect to online payments, all your payment details will be passed from your browser for processing using encryption. All information you provide to us is stored on our secured servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology or other suitable encryption technology.

4.3       Where you have been allocated a user admin area (an “Account“), this area is protected by your user name and password, which you should never divulge to anyone else. You are responsible for keeping this password confidential. We ask you not to share a password with anyone.

4.4       Please be aware that communications over the Internet, such as e-mails/webmails are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the World Wide Web/Internet.

4.5       We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

4.6       We believe that we have appropriate policies, rules and technical measures to protect the personal data that we have under our control (having regard to the type and amount of that data) from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.

4.7       All of our employees and data processors that have access to, and are associated with, the processing of your personal information are obliged to respect the confidentiality of our users’ information.

4.8       We ensure that your information will not be disclosed to government institutions or authorities except if required by law or when requested to by regulatory bodies or law enforcement organisations.

4.9       Certain of our Services include social networking, chat room or forum features. When using these features please ensure that you do not submit any personal data that you do not want to be seen, collected or used by other users.

5       To Whom Will Your Information Be Disclosed?

5.1       Your information may, for the purposes set out in this Privacy Policy, be disclosed for processing to:

5.1.1       Our employees;

5.1.2       Our affiliates;

5.1.3       Any member of our group companies and their employees, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.

5.1.4       Successors in title to our business;

5.1.5       A prospective seller or buyer in the event that we sell or buy any business or assets, in which case we will disclose your personal data to such business or assets;

5.1.6       A buyer, if RailRepay or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;

5.1.7       Third party consultants, contractors or other service providers who may access your personal information when providing services (including but not limited to IT support services) to us;

5.1.8       Government bodies and law enforcement agencies and in response to other legal and regulatory requests, if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;

5.1.9       Auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes or processes;

5.1.10       To any third party where such disclosure is required in order to enforce or apply our Terms, Website Terms and/or other agreements; or to protect the rights, property, or safety of our company, our customers, or others;

5.1.11       Protect the rights, property or safety of RailRepay, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction;

5.1.12       Subject to the limitations in paragraphs 3.2 to 3.7 above, to carefully selected third parties that may contact you about products and services which may be of interest to you; and

5.1.13       The Rail Operator to which you submit any Claim, your location Information and any other information required to enable them to process and verify your Claim.

6       Your Rights In Relation To Your Information

6.1       You can write to us at any time to obtain a copy of your information and to have any inaccuracies corrected. Where appropriate, you may object to our processing your personal data under certain circumstances or write to us to have your personal information erased, restricted, rectified, amended or completed.

6.2       If you wish to do this, please write to: datacontroller@railrepay.com. Please quote your name and address in any such correspondence. Please also provide brief details of the information of which you would like a copy or which you would like to be corrected, if possible (this helps us to more readily locate your data).

6.3       We will require proof of your identity before providing you with details of any personal information we may hold about you. We may charge a reasonable fee to cover the administrative costs involved in providing you with a copy of your information.

7       Cookies

7.1       We use cookies to distinguish you from other users of the App, or Website. This helps us to provide you with a good experience when you use the App or browse our Website and also allows us to improve the App and our Website. For detailed information on these cookies, the way we use them and the purposes for which we use them, please see our cookie policy railrepay.wpengine.com/cookie-policy.

8       Where We Store And Process Your Information

8.1       The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“).  It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or affiliates. Such staff maybe engaged in, among other things, the processing of your Claim, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.  We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

9       Your Consent And Changes To This Privacy Policy

9.1       By submitting any personal information (including, without limitation, your payment details) to us or by downloading and using our App you consent to the use of information as set out in this Privacy Policy. We reserve the right to amend or modify this Privacy Policy and if we do so we will post the changes on the App and/or our Website.  It is your responsibility to check the Privacy Policy every time you submit information to us or submit a Claim.  Use of the App or Website will signify that you agree to any such changes.

9.2       In the event the purposes for which we process personal information changes, then we will contact you as soon as practicable and seek your consent, where such notification relates to a new additional purpose for processing which is not compatible or similar to the originally specified purposes.

10       Use Of Your Personal Information Submitted To Other Apps

10.1       We are not responsible for the privacy policies and practices of other apps or websites even if you accessed the third party app using links from our App, our Website or by means of our services.

10.2       We recommend that you check the policy of each app you visit and contact the owner or operator of such app if you have concerns or questions.

11       Data Retention

11.1       We will keep your data for as long as: (i) you have consented to it; or (ii) it is necessary for us to provide you with our services or to comply with our obligations under applicable law, this Privacy Policy, our Terms or the Website Terms.

12       Further Information

12.1       For complaints or for requesting further information from us on data protection and privacy or any requests concerning your personal information please write to railrepay, Regents House, 40 Islington High Street, London, N1 8EQ or e-mail us at datacontroller@railrepay.com.

12.2       You can also contact the Information Commissioner’s Office if you have a complaint regarding your personal data that we cannot resolve. Their website address is:

https://ico.org.uk/for-the-public