loading

Privacy and Cookies Notice

This version posted on 31/05/2023

Introduction

Trenitalia c2c Limited (trading as c2c) is a train operator that runs services between London Fenchurch Street, in the heart of the City of London, and Basildon, Shoeburyness, and Grays and is headquartered in the City of London.

We know you take your right to privacy seriously. We take your right to privacy seriously, too. We want you to have clear, accessible and easy-to-understand guidance about what information we collect about you, where it comes from and how we use it.

This privacy notice applies to the use of personal information and other information by c2c. We are committed to applying appropriate security measures to keep your information secure and safe and to only use the information you provide and any other information we may hold about you, for the purposes set out below.

We always recommend that our customers read this privacy and cookie notice in full. It explains who we are, how and why we collect your personal data, how and why it will be processed by us and our commitment to protecting your data. But if you do not have time to read it in full, we have summarised the key points for you below:

Contents

  1. About c2c
  2. About this privacy notice
  3. What personal data do we collect from you?
  4. How is your personal data collected?
  5. Purposes for which we will use your personal data
  6. Communications with you
  7. Who will have access to your personal data?
  8. Who else might we share your personal data with?
  9. How do we protect your personal data?
  10. How long do we keep your personal data?
  11. What are your rights?
  12. About cookies
  13. Who to contact and ask for more information
  14. Cookie notice

Summary

  • c2c, we, our or us is a trading name of Trenitalia c2c Limited. We are registered as a data controller with the Information Commissioner’s Office and our registration number is ZA084649.
  • We have appointed a Data Protection Officer. They are responsible for our approach to data protection and protecting your privacy. If you have any questions about this notice, including any requests to exercise your legal rights, you can contact c2c via email at dpo@c2crail.net or via our Data Protection web portal here. Postal enquiries can be made to the Data Protection Officer, Trenitalia, 7th Floor, Centennium House, 100 Lower Thames Street, London, EC3R 6DL.
  • We process (i.e., handle) your personal data to provide our services to you. Under data protection laws, we are only permitted to process your personal data where we have a legal basis for doing so. We will only ever process your personal data in compliance with applicable law.
  • We may share your personal data with our third-party suppliers, including payment processors and data analysts, to enable the efficient and secure provision of services to you. Except as explained in this privacy and cookie notice, we will not share your data with third parties without your consent unless required to do so by law.
  • We will keep your personal data for as long as we need it. How long we need your personal data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described below) or so that we can comply with the law. We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
  • We may transfer your personal data to a recipient located outside of the United Kingdom (UK). If we do this, we will ensure that the transfer mechanism provides an adequate level of protection, which has been recognised by the United Kingdom.
  • You have important rights under laws aimed at protecting your personal data. This notice sets out your rights and how you can exercise them. For more information, click here. Note that you also have the right to make a complaint to the Information Commissioner’s Office if you are unhappy with how we have handled your personal data. For more information, click here.

1. About c2c

Trenitalia c2c Limited (trading as c2c) is a company registered in England and Wales under company number 07897267 whose registered office is 7th Floor, Centennium House, 100 Lower Thames Street, London, EC3R 6DL.

We are registered as a data controller with the Information Commissioner’s Office and our registration number is ZA084649.

2. About this privacy notice

This privacy notice applies to the personal data we collect about you through our website https://www.c2c-online.co.uk/, tickets.c2c-online.co.uk, social media, by post, by telephone, in person for example in stations and on board our trains, through our mobile apps and when you otherwise communicate with us.

This privacy notice may change from time to time and, if it does, the up-to-date version will always be available on our website. We will also tell you about any important changes to our privacy notice.

3. What personal data do we collect from you?

This section informs you of what personal information we collect about you and why. Personal data means any information about a living person for which that person can be identified.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows for ease of reference:

  1. Identity data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes first name, surname, username, preferred name or similar identifiers, marital status, title, date of birth, gender, vehicle registration number and CCTV footage

  2. Contact data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes home address, billing address, delivery address, postcode, email address, telephone numbers

  3. Financial data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes bank or building society account details and payment card details

  4. Transaction Data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes details of your Smartcard and journeys, details about payments to and from you and other details of products and services you have purchased from us

  5. Technical Data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes internet protocol (IP address), your login data, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform and other technology devices you use to access our website, apps and services

  6. Profile Data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes your username, password, purchases or orders made by you, any interests communicated to us to enable the personalisation of services, travel preferences, feedback and survey responses

  7. Usage Data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes information about how you use the Website, apps and our products and services

  8. Health Data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes information relating to your mobility and disability status to enable us to provide assisted travel and ensure that you receive the correct pricing and any information detailed within any accident reports that relates to personal injury or receipt of medical attention

  9. Marketing and Communications Data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes your preferences in receiving marketing from us and our third parties and your communication preferences

  10. Aggregated Data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    such as statistical or demographic data is also collected, used and shared with third parties. However, Aggregated Data is not considered as personal data in UK law as this data does not directly or indirectly reveal your identity

  11. Special Category Data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not seek to collect or otherwise process your Special Category Data except where:

    • We have obtained your explicit consent prior to processing your Special Category Data (e.g., you consent to us processing your Health Data to provide travel assistance services to you)
    • The processing is necessary for compliance with a legal obligation
    • The processing is necessary for the detention or prevention of crime (including the prevention of fraud) to the extent permitted by applicable law
    • You have manifestly made those Special Category Data public
    • The processing is necessary for the establishment, exercise or defence of legal rights and claims
    • Processing is necessary for reasons of substantial public interest and occurs based on an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard your fundamental rights and interests.

4. How is your personal data collected?

We use different methods to collect data from and about you including through:

  1. Direct interaction with you products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    We collect personal data about you if you fill in forms on the Website or at our Stations or correspond with us by telephone, email or otherwise. This includes information you provide when you:

    • Register to our website or app; update or add personal data to your account, including your c2c Smartcard
    • Buy train tickets or other products and services at our stations, on our trains and our public website
    • Use our WiFi at our stations or on our trains
    • Enter a competition, promotion or survey
    • Report a problem with our website or services or give us feedback.

    We may also ask you to share your personal data with us if it is necessary for us to provide our services to you, for example, we may ask if you require assisted travel.
    We may process personal data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profiles to the extent that you choose to make your profile visible).

  2. Automated technologies or interactions products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    If you use our website or apps, we automatically collect the following information:

    • Web usage information, (e.g., IP address), your login information, browser type and version, time zone setting, operating system and platform; and
    • Information about your visit, including the full Uniform Resource Locator’s (URL’s) clickstream to, through and from our website (including date and time), time on page, page response times, download errors, length of visits to certain pages, page interaction information such as scrolling, clicks and mouse-overs.

    Where we collect information about you in the ways described above, we do so on the basis that it is in our legitimate interests to collect and process this data. In most situations this will be anonymised, but we collect and process this data to ensure that our website is functioning properly, and our customer experience is to the standard that you and we would expect.

    The website may from time to time contain links to and from the websites of advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy and cookie notice and that we do not accept any responsibility or liability for these notices. Please check these notices before you submit any personal data to these websites.

    We also use Cookies on our Website and app, please refer to our Cookie Notice for more information.

    We use automated decision making to calculate the validity and value of delay repay claims made through our website. When you receive notification of the outcome of your claim, you can appeal the decision. All appeals will follow an automated process and will either be deemed successful and payment will be made in due course or will be forwarded to a member of the delay repay team for a manual review, If you remain dissatisfied, you can appeal the outcome of your claim via the Customer Relations team.

  3. Information we receive from other sources products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    Where you purchase any of our products or services through such third parties, we may receive information about you if you use any other website we operate or the other services that we provide. We are also working closely with third parties, including for example business partners, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies and may receive information about you from them. In addition, we may receive information about you from third parties who provide it to us e.g., your employer, our customers and law enforcement agencies.

    hen we receive information from other sources, we rely on them having the appropriate provisions in place advising you how they collected data and who they may have shared it with. We carefully check our sources to ensure that we only receive your information when it is lawful for us to do so.

  4. CCTV, Body-Worn Video (BWV), Automatic Number-plate Recognition (ANPR) products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    We employ CCTV, on-demand audio recording, BWV and ANPR cameras to capture, record and monitor what takes place at our offices, stations, car parks, maintenance depots and on our trains in order to help provide a safe and secure environment for both our employees and customers. This helps to reduce the number of assaults on our employees and prevent, deter and detect crime.

    BWV will only be activated when necessary. Prior to the record mode being activated, our employees will give notice that the camera is being activated and that it will make both a video and audio recording.

    For further information on CCTV and retention periods please see our contact details here.

5. Purposes for which we will use your personal data

This section explains how we will use personal data you provide to us in order to carry out the activities relevant to the provision of our services we offer to you.

We must have a legal basis for processing your personal data. We consider that we have a legal basis where:

  • You have given us consent to do so for the specific purposes which we have told you about. For example, we will need your consent to process any health information you have provided to us such as information relating to your mobility or disability
  • It is necessary for us to do so to enable us to provide you with the services that you have requested from us. For example, contacting you about your journey
  • It is necessary in order to fulfil our legitimate interests or those of a third party and your interest and fundamental rights do not override those interests; or
  • The law otherwise permits or requires it.

Where we process your personal data based on legitimate interests, these are our, or our third parties’, interests in providing our services to you in an efficient and secure manner.

We have set out below a list of all the ways we may use your personal data and which of the legal basis we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

In some cases, we may use more than one legal basis for processing your personal data, this will depend on the specific purpose for which we are using your personal data.

For further information and queries about the specific legal basis that we rely on for processing your personal data please see our contact details here.

What we use your personal data for (purpose) Type of data Legal basis for processing (including basis of legitimate interest)
To register as a new customer
  • Identity
  • Contract
  • Performance of a contract with you
To carry out our obligations arising from any contracts entered between you and us including:
  • Managing payments, paying refunds or compensation, fees and charges
  • Collecting and recovering money owed to us
  • Running fraud checks if we have reasonable suspicions
  • Provide you with the information, products and services that you have requested from us including but not limited to contacting you about your journey
  • Identity
  • Contract
  • Financial
  • Transactional
  • Health
  • Marketing and communications
  • Performance of a contract with you
  • Necessary for our legitimate interests to recover debts due to us, to pay refunds or compensation owed to you and to prevent us facilitating fraud
To respond to your enquiries or to process your requests in relation to your information
  • Identity
  • Contact
  • Performance of a contract with you
To maintain a suppression list should you opt-out of receiving communications
  • Identity
  • Necessary for our legitimate interests to ensure that we are not at risk of breaching data protection laws by communicating with you where you have asked us not to
To manage our relationship with you which will include:
  • Notifying you about changes to our website, services, terms and conditions or privacy notice
  • Asking you to leave a review, take a survey or participate in market research
  • Facilitating “in the moment” customer services
  • Identity
  • Contract
  • Profile
  • Marketing and communications
  • Performance of a contract with you
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests to develop our products and services and grow our business
To help provide a safe environment for our employees and customers; to reduce the number of assaults on our employees during revenue enforcement duties and to improve the quality of evidence available for submission to law enforcement agencies and courts
  • Identity
  • Necessary for our legitimate interests to protect employees and customer safety and assist with the verification of legal claims
To enable you to partake in a prize draw, competition or complete a survey
  • Identity
  • Contract
  • Profile
  • Usage
  • Marketing and communications
  • Performance of a contract with you
  • Necessary for our legitimate interest to study how customers use our products and services, to develop and grow our business
To administer and protect our business and the website including training our employees, troubleshooting data analysis, testing, system maintenance, security audits, support, reporting and hosting of data
  • Identity
  • Contact
  • Profile
  • Necessary for our legitimate interest for running our business, provision of administration an IT services, network security, to prevent fraud and in context of a business reorganisation or group restructuring exercise
  • Necessary to comply with a legal obligation
  • Performance of a contract with you
To conduct health and safety assessments and record keeping and compliance with related legal obligations
  • Identity
  • Contact
  • Profile
  • Health
  • Necessary for our legitimate interests in providing a safe and secure environment at our premises and on train
  • Necessary for compliance with a legal obligation
  • Necessary to protect the vital interests of any individual
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  • Identity
  • Contact
  • Profile
  • Usage
  • Marketing and communications
  • Technical
  • Necessary for our legitimate interest to study how you use our products and services, to develop and to grow our business and to inform our marketing strategy
To use data analytics to improve the website, products and services, marketing, customer relationships and experiences
  • Technical
  • Usage
  • Necessary for our legitimate interests to define types of customers for our products and services, to keep the website updated and relevant, to develop our business and to inform our marketing strategy
To make suggestions and recommendations to you about goods or services that we feel may be of interest to you
  • Identity
  • Contact
  • Technical
  • Usage
  • Profile
  • Marketing and communications
  • Necessary for our legitimate interest to develop our products and services and grow our business
To establish, exercise and defend our legal rights
  • Identity
  • Contact
  • Financial
  • Transactional
  • Technical
  • Profile
  • Usage
  • Health
  • Marketing and communications
  • Necessary for compliance with legal obligations
  • Necessary for our legitimate interests for the purpose of establishing, exercising or defending our legal rights

6. Communications with you

This section is to explain how we will ensure that you only receive communications that you wish to receive.

  1. Marketing messages products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    We can only use your personal information to send you marketing messages if we have either your consent or a “legitimate interest”. A “legitimate interest” is where we have a business or commercial reason to use your information. For example, contacting you with pre-departure information ahead of a journey you have booked with us. It must not unfairly go against what is right and best for you.

    The personal data we have for you is made up of what you advise us and the data we collect about you when you use our products or services, or data provided to us from third parties we work with. We study this to form a view on what we think you may want or need or what may be of interest to you. This is how we decide which products and services and offers which may be relevant for you.

    We want to ensure that you are informed and aware of the best products, services, promotions and events that we can offer you. By consenting to receiving communications by postal mail, telephone, SMS, text-picture-video message, app push notification or email from us and any named third parties that feature at the point of obtaining consent in respect of such information, we will process your personal data in accordance with this privacy and cookie notice.

    If you have provided your consent to receive marketing communications from us and you change your mind, you can change your preferences and unsubscribe at any time by unsubscribing from the relevant communication channel, changing your preferences in your web account, accessing our Preference Centre, or by contacting us at dpo@c2crail.net.

    However, if you choose not to receive this information, we will be unable to keep you informed of new products, services and promotions that may interest you.

    Whatever you choose, you will still receive booking confirmations and other information for example service updates.

  2. Service messages products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    We may send you communications such as those which relate to any service updates e.g., service disruptions or cancellations or pre-travel information, and provide customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely, to effectively provide you with the best service we can to grow our business.

7. Who will have access to your personal data?

This section is to explain who within c2c will have access to your data.

Your personal data will only be seen or used by our employees who have a legitimate business need to access your personal data for the purposes set out in the privacy and cookie notice.

We take your privacy seriously and have implemented appropriate physical, technical and organisational security measures designed to secure your personal data against accident loss, destruction, damage, unauthorised access, use, alterations or disclosure.

8. Who else might we share your personal data with?

This section will inform you of who we share your personal data with and why. As explained in the privacy and cookie notice, we will not share your personal data without your consent unless required to do so by law.

We may share your personal data with you, and where appropriate, your family or your associates or your representatives.

We may share your personal data with any member of our group companies which means our subsidiaries, our holding company Ferrovie dello Stato Italiane’ group (FS) or our parent company Trenitalia UK Limited and its subsidiaries as defined in section 1159 of the UK Companies Act 2006.

We may disclose your personal data to the British Transport Police or any other law enforcement agency or court to the extent necessary for purposes including preventing, investigating, detecting and prosecuting criminal offences, preventing threats to public security in accordance with applicable law or validating a claim.

We may share your personal data with the following third parties who assist us with administering the provision of our products and services to you:

  • Business partners, suppliers and subcontractors for the performance of any contract we have entered into with them or you
  • Analytics and search engine providers that assist us in the improvement and optimisation of our website and mobile app
  • Other rail industry bodies including the Department of Transport Office of Rail and Road, other Train Operating Companies, Transport Focus, Rail Delivery Group, Railway Ombudsman (or any successors thereof) in order to comply with our regulatory obligations and to help resolve complaints or other issues
  • Third party agents we engage with to perform functions on our behalf including fulfilling order deliveries, repaying compensation claims for delays, sending customer communications, analysing data, providing marketing assistance, processing payments, issuing and obtaining payment for penalty fares or fines, researching customer satisfaction and providing customer service. They have access to personal data needed to perform their roles and functions but will not use it for other purposes.

We may pass aggregated data on the usage of our website and app e.g., we may disclose mean ages or visitors to our website, or the number of visitors to our website that come from different geographic areas to third parties, but this will not include information that can be used to identify you personally.

If a business transfer or change of business ownership takes place or is envisaged or if our rail franchise is awarded to another company in the future, we may transfer your personal data to the Secretary of State for Transport and/or the new owner (or a prospective new owner) or the new franchisee. If this happens, you will be informed of this transfer.

9. How do we protect your personal data?

This section explains how we keep your personal data safe and where it will be held.

We take your privacy seriously and are committed to maintaining the privacy and security of the personal data you provide to us, and the choices you have regarding our collection and use of your personal data.

Once we have received your personal data, we follow strict security procedures as to how your personal data is stored and used, and who sees it, to help stop any unauthorised access.
Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You should not share this information with anyone. c2c or its employees will never ask you to provide your password over the phone or text – if you are requested to provide this, please contact us at dpo@c2crail.net.

The information that we collect from you may have been transferred to, and stored at, a destination outside the United Kingdom (UK). When we transfer and store your personal data outside of the UK, we will ensure that it is adequately protected by using appropriate safeguards as further detailed below.

Where your personal data is transferred from the UK to a recipient outside the UK in a country not recognised by the United Kingdom as providing an adequate level of protection for personal data, such transfer shall be covered by a framework recognised by the relevant UK authorities or courts as providing an adequate level of protection for personal data including but not limited to: “Standard Contractual Clauses (the agreement in the form annexed to the European Commission’s decision of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which can be found here.)”

Unfortunately, the transmission of your personal data via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us over the internet and you acknowledge that any transmission is at your own risk.

10. How long do we keep your personal data?

This section explains the length of time that we will retain your personal data.

We will keep your personal data for no longer than is necessary for the purposes for which it was obtained. The criteria for determining the duration for which we will retain your personal data are as follows:

  1. We will retain your personal data in a form that permits identification only for as long as:
    1. We maintain an ongoing relationship with you; or
    2. Your personal data is necessary in connection with the lawful purposes set out in this notice for which we have a valid legal basis

plus

  1. The duration of:
    1. any applicable limitation period under applicable law i.e., any period during which any person could bring a legal claim against us in connection with your personal data, or to which your personal data may be relevant); or
    2. an additional reasonable period following the end of such applicable limitation period

and

  1. In addition, if any relevant legal claims are brought, we may continue to process your personal data for such additional periods as are necessary in connection with that claim.

During the periods in paragraphs 2.a and 2.b above, we will restrict our processing of your personal data to the storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim or obligation under applicable law.

After this period your personal data will be anonymised so that you are no longer identified or identifiable from such information, or securely deleted/destroyed.

Any third parties that we engage will keep your data stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any third-party providers, we will make sure that they securely delete or return your personal data to us.

The retention periods for CCTV and BWV vary depending on the location and system in use. Such periods tend not to exceed 30 days and will always be reasonable or as long as is required by law. For further information on CCTV and retention periods please click here for our contact details.

We may retain personal data about you for statistical purposes (for example, to help us better advertise our services). Where data is retained for statistical purposes, it will always be anonymised, meaning that you will not be identifiable from that data.

11. What are your rights?

This section explains that under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your personal data. Further detailed information is available from the Information Commissioner’s Office which we have linked in the relevant section below:

  1. Your right of access, to a copy of the personal data we hold about you products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. For more details about right of access, click here.

  2. Your right to rectification, of inaccurate personal data we hold about you products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. For more details about your right to rectification, click here.

  3. Your right to erasure, be forgotten products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    You have the right to ask us to erase your personal information in certain circumstances. For more details about your right to erasure, click here.

  4. Your right to restriction of processing, our use of your personal data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    You have the right to ask us to restrict the processing of your information in certain circumstances. For more details about your right to restriction of processing, click here.

  5. Your right to object to processing, to our use of your personal data products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests. For more information on your right to object to processing, click here.

  6. Your right to data portability, transfer your personal data to you or a third party if technically feasible products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated. For more details about your right to data portability, click here.

We respond to all requests within one calendar month. However, occasionally it may take us longer if your request is particularly complex or you have made several requests or you have not supplied the information we need to respond to you. In this case, we will notify you and keep you updated.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances and we will explain to you the reasons for our refusal.

For further information on your rights and how to use them, or if you would like to make any of the requests set out above, you can contact c2c via email at dpo@c2crail.net or via our web portal. Postal enquiries can be made to the Data Protection Officer, Trenitalia, 7th Floor, Centennium House, 100 Lower Thames Street, London, EC3R 6DL.

12. Cookies

The Website uses cookies. Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. For more information, please see our Cookie Notice.

13. Who to contact and ask for more information

If you have any questions or concerns about how we handle your personal data, you can contact our Data Protection Officer (DPO) using any of the following methods:

  • Website Portal: DPO Web Portal
  • Email: dpo@c2crail.net
  • Phone: 0330 109 8130
  • Post: Data Protection Officer, Trenitalia, 7th Floor, Centennium House, 100 Lower Thames Street, London, EC3R 6DL

If you are unsatisfied with our response to any data protection issues you raise with us or our DPO, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal data and privacy.

Cookie notice

Last updated 13/09/2022

Introduction

Our websites use cookies and similar technologies such as pixels and beacons to collect information. This includes information about your browsing and purchasing behaviour when you access our website. It also includes information about pages viewed, products purchased, the customer journey around our website and whether marketing communications are open.

1. What are cookies?

Like most websites, https://www.c2c-online.co.uk/ and http://tickets.c2c-online.co.uk use cookies to collect information. Cookies are small data files which are placed on your computer or other devices such as smartphones or tablets as you browse the website.

They are used to “remember” when your computer or device accesses our websites. Cookies are essential for the effective operation of our website and help you purchase tickets with us online.

They are also used to tailor the products and services offered and advertised to you both on our website and elsewhere.

2. Types of cookies

We have arranged the Cookies we use into five groups:

  1. Necessary cookies products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    Help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies

  2. Preference Cookies products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    Enables a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in

  3. Statistics Cookies products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    Help website owners to understand how visitors interact with websites by collecting and reporting information anonymously

  4. Marketing Cookies products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    Gather information about your browser habits. They remember that you have visited our website and share this information with publishers and third party advertisers for reporting purposes and ad personalisation

  5. Unclassified Cookies products-faq-angle-arrow.svg products-faq-angle-arrow-purple.svg

    Are cookies that have not been classified into cookie categories according to their type and purpose. The classification of those cookies is taking place with the providers of the cookies

3. How do we use cookies?

We use cookies to provide the content, products and services you have asked for. Some of these cookies are necessary to help your devices download or stream information, so you can move around the website and use its features. Without these cookies, content, products or services you have asked for cannot be provided.

Here are some examples of necessary cookies:

  • Position information on a smartphone screen, tablet or other screen so you can see the website and use its functionality
  • Keeping you logged in during your visit or enabling you to purchase products and services
  • When you add something to our online shopping basket, cookies make sure it’s still there when you get to the checkout page

We use cookies to improve your browsing experience. These cookies allow our application or website to remember choices you make, and they provide improved features. For example:

  • Remembering if you have filled in a survey, so you are not asked to again
  • Remembering if you have been to the application or website before
  • Restricting the number of times you are shown a particular advertisement (frequency capping)
  • Showing you information that’s relevant to content, products or services that you receive

We use cookies for Statistics. We keep track of, for example, what information and links are popular and which ones don’t get used as much. This helps us keep our information relevant and up to date. It’s also useful to be able to identify trends of how people find their way through our information as well as when and where an error message may originate from.
Statistic cookies are used to gather this information. The information collected is grouped with the information from everyone else’s cookies. We can then see the overall patterns of usage rather than any one person’s activity. These “statistic” cookies are used to improve how an application, a website and its pages work.
The c2c website uses Google Analytics, a web analytics service provided by Alphabet Inc/Google LLC. Google Analytics sets a cookie in order to evaluate your use of the website and compile reports for us on activity on the website.
Google stores the information collected by the cookie on servers outside the EU. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using the c2c website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Our applications, web locations, website and communications you get from us can contain small invisible images known as “web beacons” or “pixels”. These are used to manage the interaction between you and the online information or email and allow us to assess the effectiveness of the communication.
We also use affiliate cookies. Some of our web-based information will contain promotional links to other companies’ sites, for example delay repay. If you follow one of these links and then register with or buy something from that other site, a cookie is used to tell the other site that you came from on our sites. That other site then may pay us a small amount for the successful referral. The Internet Advertising Bureau provides a helpful guide on how affiliate marketing works.

4. Cookies we use

You can find more information about the individual cookies we use and the purposes for which we use them in our Cookie Declaration. If you choose not to accept any Preferences, Statistics or Marketing cookies or your browser is not compatible with our cookie preference tool we will only use Necessary cookies.

5. How do I change my cookie settings?

When visiting our website for the first time on a device you will see a cookies banner explaining that we use cookies, why we use them and providing a link to this document.

This banner gives you a settings option for our website. If you click on this, you can turn certain cookies on and off.

You can access these settings and change your choices at any time in the future by clicking on the Cookie Preferences link at the bottom of our website pages.

Please be aware that if you turn cookies off certain features of our website may not work.

Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

To find information relating to other browsers, visit the browser developer’s website.

To opt out of being tracked by Google Analytics across all websites please visit https://tools.google.com/dlpage/gaoptout