PRIVACY POLICY

We, Eurostar International Limited, use your personal data to provide our travel services to you. We have described how we collect, store and use your data in this Privacy Policy. We take seriously our responsibilities to look after your data and we are committed to protecting your privacy. There are steps you can take to control what we do with your data and we have explained those steps in this Privacy Policy.

When we talk about data and personal data in this Privacy Policy, we mean personal data which identify you or which could be used to identify you such as your name and contact details, your travel arrangements and booking reference. It may also include information about how you use our websites and mobile applications.

What you need to know

1. Who is responsible for your data

Eurostar International Limited is responsible for your data. Our registered address is Times House, Bravingtons Walk, London N1 9AW. We are registered as a company in England and Wales under company number 2462001. We are the data controller of the data which we collect from you, and as such we control the ways your personal data are collected and the purposes for which your personal data are used.

2. Personal data we collect about you

Depending on how you use our services and our websites, we might collect the following kinds of information about you:

Your name and contact details

(email address, telephone number, address)

When you create an account with us

When you book to travel with us

When you enter a competition

When you fill in forms on our website

Information about your travel with us When you book to travel with us or manage your booking
Information about other services you have bought from us

When you book car insurance or tickets for an attraction for example

Information about your membership of Club Eurostar

When you join Club Eurostar and earn and spend points

Information about your purchases of our partners’ products and services which are related to your travel with us

When you purchase those products and services
Information about other passengers travelling with you, including the age range of any children travelling with you When you book to travel with other passengers

More sensitive information about you and about your health

(see information below about ‘Sensitive personal data’)

When you book to travel in a wheelchair seat

If you ask for special assistance at the station

If you are involved in any accident on board or in the station

If you book a certain meal type such as a kosher meal or a gluten-free meal

Communication we have with you

(emails, letters, telephone calls, messages to our online chat service, messages sent to us through our social media platforms, feedback)

When you get in touch with us

When you respond to our requests for feedback

Information about your activities in our stations

We use CCTV in our stations

Information about you, your device, your location and how you use our website, mobile application, on-board wifi and entertainment systems, information about your interests and preferences

See more information below under the heading ‘How we use your data to personalise the service we offer you’

When you use our digital systems and services

When you accept our cookies placed on your device

When you update your account information

When you open our marketing emails

When you click on our banner adverts

When you fill in forms on our website

When you get in touch with us

When you respond to our requests for feedback

When you opt in to receiving messages from us

Payment card details

Your card details are stored and protected in accordance with best industry practice
When facilitating payment by card

Sensitive personal data

Certain kinds of personal data, such as data about your racial or ethnic origin, your physical or mental health, your religious beliefs or alleged commission or conviction of criminal offences, are special categories of personal data which by law require additional protection. We try to limit the circumstances in which we collect sensitive personal data of this kind, but we do collect and process it when for example:

  • You have booked a wheelchair seat to travel with us
  • You have requested special assistance at the station
  • You have been involved in an accident onboard or at the station
  • You have requested a special meal type which implies or suggests your religion (e.g. a kosher meal) or a health issue (e.g. a gluten-free meal).

By providing any sensitive personal data, you explicitly agree that we may collect it and use it to provide services to you.

3. How we use your personal data

We can only use your personal data if we have a proper reason for doing so. According to the law, we can only use your data for one or more of these reasons:

  • To fulfil a contract we have with you, or
  • If we have a legal duty to use your data for a particular reason, or
  • When you consent to it, or
  • When it is in our legitimate interests.

Legitimate interests are our business or commercial reasons for using your data, but even so, we will not unfairly put our legitimate interests above what is best for you.

In the table below, we have set out the different ways in which we use your personal data and the reasons we rely on for using that data. If we rely on our legitimate interests for using your personal data, we will explain that to you.

Countries take a different approach to the use by companies of legitimate interests as a reason for processing personal data. We are aware of those different approaches in the countries in which we operate and we take that into account and respect those differences when we process your personal data.

What we use your personal data for Legal grounds for using it Our legitimate interests
  • To provide services to you
  • Communicating with you and to send you information about your booking 
  
  • Fulfilling contracts
  • Our legitimate interests
  • With your consent
  • Keeping our records up to date, working out which of our products and services may interest you
  • Developing products and services and what we charge for them
  • Identifying or defining types of customers for new products of services
  • Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties
  • To communicate with you and manage our relationship with you
  • To personalise and improve your customer experience
  • To understand your preferences and purchasing behaviour
  • To inform you about our news and offers that we think you might be interested in

(See more detail below under the heading ‘How we use your data to personalise the service we offer you’)

  • Fulfilling contracts
  • Our legitimate interests
  • With your consent
  • Keeping our records up to date, working out which of our products and services may interest you
  • Developing products and services and what we charge for them
  • Identifying or defining types of customers for new products of services
  • Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties
  • To meet our health and safety responsibilities
  • To meet our responsibilities regarding immigration, customs control, policing and security
  • To support the relevant public bodies and authorities responsible for immigration, customs control, policing and security
  • Fulfilling contracts
  • Our legitimate interests
  • Our legal duty
  • Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties
  • Identifying ways to improve the way we deliver services to our customers
  • To detect, investigate and seek to prevent fraud and financial crime
  • To manage risk for us and our customers
  • To obey laws and regulations which apply to us and the way we deliver our services
  • To respond to complaints and to seek to resolve them
  • Fulfilling contracts
  • Our legitimate interests
  • Our legal duty
  • With your consent
  • Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties
  • Identifying ways to improve the way we deliver services to our customers
  • To run our business in an efficient and proper way
  • To fulfil our administrative purposes including accounting, billing and audit
  • To improve our services
  • To manage how we work with other companies that provide goods and services to us and our customers
  • To protect our business interests
  • Fulfilling contracts
  • Our legitimate interests
  • Our legal duty
  • Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties
  • Identifying ways to improve the way we deliver services to our customers
  • To develop and manage our brand, products and services
  • To test new products and services
  • Fulfilling contracts
  • Our legitimate interests
  • Our legal duty
  • Being efficient about how we fulfil our contracts, provide our services and fulfil our legal duties
  • Identifying ways to improve the way we deliver products and services to our customers

4. How we use your data to personalise the service we offer you

We use the data we collect about you from different sources and touch points to try to understand more about you and your preferences, so that we can personalise the service we offer to you. We use information collected from the bookings you have made and from cookies. Cookies are small pieces of information stored on your device by the web browser of your device. We use cookies placed on your devices to collect data about your use of our websites and on-board entertainment system. Sometimes we can use the personal data you provide to us to identify you when you visit our website using different devices. We also use data from third parties (see ‘Sharing your data’ below). We use the information from these different sources in the following ways:

  • to help us communicate with you. We use information about where you are, for example, to provide content in the most appropriate language
  • to identify you when you access our websites from different devices
  • to identify your likes and dislike. We look at which of our website pages you visit most or which destinations you visit most frequently to understand what you are most interested in
  • to understand more about your preferences and your purchasing habits - our data analytics tools and segmentation tools allow us to match data we collect from cookies with data we have about bookings you have made for travel on Eurostar (both directly and through third parties).Sometimes we include data and/or systems provided by third parties as part of this process. We know that similar customers are interested in similar products and services, so we group similar customers together in ‘segments’. We use segment information to improve our communications with you and recommend to you those services we think will be most interesting to you, including new products and services offered by our partners. We also use it to make sure that we show you adverts which we think will be of most interest to you when you visit through our online advertising space
  • to help you complete a booking. If you are in the process of making a booking but you leave the booking path before your booking is finalised, we may with your consent contact you to help you to finalise your booking.

For more information about cookies and how you can manage cookies and remove them, please refer to our Cookies Policy, or update your preferences through our Privacy Manager.

5. Marketing: How to manage the marketing messages you receive

We may send you marketing communications by email if you have indicated that you are happy to receive such emails [or if you have made a booking with us and you have not told us that you no longer wish to receive marketing emails]. Our marketing communications include information about our new and existing services, special offers we think you might like and other travel services and products which we think might be useful to you when planning your travel.

If you have previously opted-in to receiving emails from us, use the preference centre to tell us specifically what you are interested in hearing about, or to opt out of receiving marketing emails from us at all. You can update your preferences at any time. You can also opt out of receiving marketing emails by clicking on the unsubscribe link which we include in all our marketing emails.

Please note that if you tell us that you do not wish to receive marketing emails, you will still receive service emails which are necessary for example to confirm your booking or to update you on the status of your travel service. We will use the contact details you give us when you are collecting your tickets (either your mobile telephone number, your email address or both) to let you know if your train is cancelled or delayed. This is so that we can perform the contract we have with you. If you are a member of Club Eurostar you can opt out of receiving emails about even your membership.

Please note that if you ask us to stop sending marketing emails, we will keep a note of your personal information and your request so that we can make sure you are excluded from the emails when they are sent out.

6. How long we keep your data

We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law.

We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.

7. How we protect your data

We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.

We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which our booking information is held.

We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.

8. Sharing your data

We share some of your personal data with, or obtain personal data from, the following categories of third parties:

  • Government authorities such as border control authorities and law enforcement authorities: We sometimes have to provide your personal data to government authorities to ensure that you can travel to your destination or to meet our legal and regulatory obligations.
  • Safety standards organisations: We share personal data about accidents on our services and stations with the Rail Safety and Standards Board (‘RSSB’), whose aim is to improve safety throughout the rail industry. The RSSB processes this data in accordance with the RSSB privacy policy which is available at https://www.rssb.co.uk/privacy-notice.motn
  • Other transport companies: We sell through fares which are train tickets for travel on both a Eurostar train service and a train service provided by a third party train company. For example, if we sold you a ticket to travel from London to Cologne, you would travel on a Eurostar service to Brussels and then take a Thalys train for the rest of your journey. We would have to send details of your booking to Thalys so that you could travel from Brussels to Cologne. Similarly, Thalys would share your data with us if they sold the same ticket to you.
  • Tour operators or companies through which you booked your Eurostar tickets: Tickets for travel on our services are sold through many different channels. They have to share your booking information with us so that we can allow you to travel. We may also use the booking information they provide to build up what we know about you and your preferences, as described above under the heading ‘How we use your data to personalise the service we offer you’.
  • Suppliers who provide services to us: We will share your data with the company which provides our on-board catering services, for example, if you have requested a certain type of meal. We may share your data with the companies who we use to approach you for market research and feedback on our services. We will make sure that our suppliers respect your personal data and comply with data protection laws.
  • Data analytics companies and advertisers: Depending on the cookies settings you have selected through our Privacy Interface tool, we may use your data in our data management platform. This platform helps us to understand more about you and your interests. We may use such data to make the connection between you and the devices you use to ensure relevance across these devices. We may add to your data other  information which we have received from third party advertisers. From time  to time, we may share a limited and pseudonymised (or partially anonymised) version of your data with other advertisers, or add to your data other information which we have received from third party advertisers. We may use such data to make the connection between you and the devices you use. For more information about this process, please see our Cookies Policy.
  • Your credit and debit card information: In order to process payments and prevent and detect fraud, we process payment card data through our payment card and fraud management services providers.

9. Sending data outside of the European Economic Area

We will only send data outside of the European Economic Area (‘EEA’) to work with our agents and advisers who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA. We will use one of the following safeguards to ensure that it is protected:

  • Transfer the data to a non-EEA country which has privacy laws at least as protective as those within the EEA
  • Put in place a contract with the recipient of the data which means the recipient must protect the data to the same standards as required within the EEA, or
  • Transfer it to organisations which are part of the Privacy Shield. The Privacy Shield is a framework which sets out the standards for data to be sent between the United States and European countries. The Privacy Shield ensures that data is protected to the same standards as used within the EEA.

10. Your rights

You are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict or object to the processing of your data. You can use our Preference Centre and Privacy Interface tool, as described above. You can also log in to your Eurostar account to update the details held there.

If you gave us your consent to use your data, e.g. so that we can send you marketing emails, you can withdraw your consent. Information about how to stop receiving marketing communications is set out above under the heading ‘Marketing: How to manage the marketing messages you receive’. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your data before you withdrew your consent.

You can object to our use of your data where we rely on our legitimate interests to do so. We explained the legitimate interests we rely in the table above under the heading ‘How we use your personal data’.

To raise any objections or to exercise any of your rights, you can send an email to us at data.protection@eurostar.com or you can write to us at Data Protection, Eurostar International Limited, Times House, Bravingtons Walk, London N1 9AW.

When you get in touch, we will come back to you as soon as possible and where possible within one month. If your request is more complicated, it may take a little longer to come back to you but we will come back to you within two months of your request. There is no charge for most requests, but if you ask us to provide a significant about of data for example we may ask you to pay a reasonable admin fee. We may also ask you to verify your identity before we provide any information to you.

If Eurostar decides to change this privacy policy, the changes will be posted on this page.

11. Complaints

If you have any complaints concerning Eurostar’s processing of your personal data please email us at data.protection@eurostar.com or write to us at Data Protection, Eurostar International Limited, Times House, Bravingtons Walk, London N1 9AW.

Please note that you have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think a breach of data protection laws might have taken place.

Customers in the UK can contact the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk.

Customers in France can contact the Commission Nationale de l'Informatique et des Libertés by telephone on +33 (0)1.53.73.22.22 or by writing to the Commission at 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France.

Customers in Belgium can contact the Commission de la protection de la vie privée by telephone on +32 (0)2 274 48 00 or by using the online contact form available through the Commission’s website at www.privacycommission.be.

Customers in the Netherlands can contact the Autoriteit Persoonsgegevens by telephone on (+31) - (0)70 - 888 85 00 or by writing to the Autoriteit Persoonsgegevens at Postbus 93374, 2509 AJ DEN HAAG.

12. Contact Us

You can write to us at Data Protection, Eurostar International Limited, Times House, Bravingtons Walk, London N1 9AW or you can send an email to us at data.protection@eurostar.com.