01904 521 936
Tour Search



Privacy Policy

At Great Rail Journeys, we will always respect your privacy, and we are committed to protecting your personal data. This policy explains what we do with the personal data we receive from you when you visit our website, download our app or call us. It also explains your privacy rights and how the law protects you.

This version of the privacy policy was last updated on 1st July 2024 and replaces all previous versions. We may update the policy at any time and if the changes are significant, we will highlight this on the website. In some circumstances, send an email to notify customers of changes to the privacy policy.

To make it easier for you to find the information you need, we've broken it down into sections.

Who’s responsible for processing my personal information?

Great Rail Journeys Limited (Company No 03208093) is the Data Controller responsible for the personal data we collect, process and store.

What is Personal Data?

Personal data, or personal information, means any information that can personally identify you, such as your name or address.

What personal information do you collect about me

We only collect the essential information we need to deliver our products and services.

  • When you register for any of our services, request information, buy our products online or by telephone, we may collect your name, address, email address, date of birth, gender, telephone number, passport number, payment method and details of holidays and services you have purchased from us.
  • We may also collect other special categories of personal information, such as your health and dietary requirements. We will only do this when it is strictly necessary to deliver the holiday you have purchased - and only with your consent.
  • When you browse our website, we gather information about the pages you visit. This includes technical information like your IP address, browser type and cookie information (unless you've disabled cookies on your device). For more information about how we collect this see our Cookie Notice.

It is important that the personal data we hold about you is accurate. Please keep us informed of any changes, for example a new address or email address.

How do you collect my personal information?

It's collected directly from data you provide when you:

  • make a booking for travel arrangements;
  • use the "my booking" portal on our website;
  • subscribe to our newsletter or other publications;
  • request to receive marketing from us;
  • enter a competition, promotion or survey;
  • give us feedback.

We may also collect your data:

  • when you visit our website, or have conversations with us on the phone, by email or by other messaging services;
  • from third parties, such as suppliers of travel services, travel agents, analytics providers and data alliances.

What are your legal bases for processing my personal information?

We have a few different legal bases to process your personal information for example:

  • Performance of a contract with you. To process and deliver your booking, including managing your payment, or to register you as a new customer or enquirer (contract).
  • Legitimate interest. To tailor our products, services and special offers to those we think you'll like and send you information about them. We make sure that we consider and balance any potential impact on you and your rights before we process your personal data.
  • Consent. We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example subscribing to an email newsletter.

Where do you store and process my personal information?

It's stored and processed on secure servers.

When it's processed outside of the United Kingdom or the European Economic Area (EEA), agreements, measures and safeguards make sure it's secure and meets the standards set out in the UK General Data Protection Regulation. You can rest assured that your information will only be used in line with this Privacy Policy.

Why do you need my personal information?

We need it for a number of reasons and we rely on the legal bases above to do so. For example when you book a holiday we need your personal data to:

  • register you as a new customer;
  • process and deliver your booking including managing your payment;
  • get in touch with you, for example with updates and further information.

We also need it for other reasons such as to:

  • send you brochures, newsletters and special offers and to offer recommendations to you about goods or services that may be of interest to you;
  • allow you to take part in a prize draw, competition or complete a survey;
  • deliver relevant website content and advertisements to you;
  • improve our products/services, marketing, customer relationships and experiences;
  • fulfil our obligations with the third party suppliers we use to provide your booking;
  • comply with our legal or regulatory obligations.

How long do you keep my personal information for?

We have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers for legal and tax purposes. In some circumstances you can ask us to delete your data. See section "Can I see what personal information you hold about me" below for further information.

We will only keep additional personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for any personal data, we consider:

  • the amount, nature, and sensitivity of that data,
  • the potential risk of harm from unauthorised use or disclosure of your personal data,
  • the purposes for which we process your personal data,
  • and whether we can achieve those purposes through other means, and the applicable legal requirements.

Can I see what personal information you hold about me?

Yes, you have the right to see your personal information and this is known as the 'right of access' (commonly known as a "data subject access request"). You can ask us by phone, email or by writing to us.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.

We try to respond to all requests within one month. Occasionally it may take us longer if your request is particularly complex but we will always keep you updated throughout the process.

What other data protection rights do I have?

You also have the right to:

  • request correction of any inaccurate or incomplete personal data that we hold about you. We may need to verify the accuracy of the new data you provide.
  • request erasure of your personal data. You can ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), and you object to processing in a particular situation as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to continue to process your information.
  • request restriction of processing of your personal data in the following scenarios:
    1. if you want us to establish the data's accuracy;
    2. where our use of the data is unlawful but you do not want us to erase it;
    3. where you need us to hold the data even if we no longer require it, as you need it to establish, exercise or defend legal claims;
    4. you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • request the transfer of your personal data to you or to a third party. We will provide you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially consented for us to use, or where we used the information to perform a contract with you.
  • withdraw consent to process your personal data at any time However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you which we will advise you of at the time.

Can I choose how to be contacted by you?

Yes, you can choose how you'd prefer to receive marketing communications from us.

If you'd rather not receive our mailings, you can opt out at any time. Simply change your preferences over the phone.

You can also unsubscribe from our email list at any point by clicking the unsubscribe link at the bottom of your email. It can take up to a week and then you won't receive any more marketing emails.

Can I choose not to provide personal data?

We need to collect essential personal data by law when you enter into a contract with us (for example when you make a booking with us). If you don't provide that data, it may mean that we are unable to process your booking or we may have to cancel your booking. In these cases, we will treat this as a 'cancellation by you', as outlined by your relevant Booking Terms & Conditions. We will notify you if we can't process a booking or are required to cancel a booking for this reason.

Do you share my personal information with other companies?

Sometimes we might share your personal data including your name, address and email address. We only do this to offer a better customer service, gain an understanding our customer base and to keep you informed of offers and promotions that we believe you'll be interested in.

BASED ON THIS, YOUR PERSONAL INFORMATION MAY BE SHARED WITH:

  • other companies within the Great Rail Journeys Group;
  • members of the data sharing alliances that we work with, like Epsilon Abacus Alliance, who might post information about products or services you may be interested in;
  • companies who provide services to us and other retailers by posting advertising on other websites you might visit which (once you've consented to the use of cookies by that website) will be tailored to your interests and preferences;
  • companies such as airlines, hotels, destination management companies, rail operators, transport providers and ground handlers acting as processors, who provide the travel services for any booking that you make with us;
  • travel agent partners based in the UK who make bookings with us on your behalf, acting as our retail agent;
  • service providers providing IT and system administration services.

Data alliances bring together customer information on behalf of UK retailers. The retailers involved are from all sectors like clothing, collectables, food and wine, gardening, gadgets and entertainment, health and beauty, household goods, home interiors, travel and charity categories. They share information on what their customers buy. The data alliances then analyse this pooled information to help the retailers understand consumers' buying patterns. Retailers can then tailor offers, based on what their customers like to buy.

We may have gained your contact details from the data alliances that we work with if you're a customer of one of their members. This should've been explained to you before your contact details were shared.

If you'd like to view the Privacy Policy of our data alliance, please see the Epsilon Privacy Policy.

We'll never share your email address so another business can send marketing to you.

I’m not a Great Rail Journeys customer, how did you find my details?

The Great Rail Journeys family - we will share your personal information in certain circumstances with the other companies within the Great Rail Journeys family, which includes our sister brands Rail Discoveries & Vacations by Rail, so that we can provide you with a high quality, personalised and tailored service (including relevant marketing) across our Group.

The data alliances we work with, mentioned in the section Do you share my personal information with other companies? send us information. You can change how you'd like us to contact you at any time, by heading to Can I choose how to be contacted by Great Rail Journeys?

How to get in touch with us

It's easy to get in touch with us if you have any questions about this privacy policy, your personal information, or you'd like to change the way we contact you.

  • Email us at MyData@greatrail.com
  • Write to us at Great Rail Journeys Limited, 4th and 5th Floors, HQ Building, Hudson Quarter, Toft Green, York, YO1 6JT
  • Call us on 01904 521940
  • Online at greatrail.com (My Booking)

We'll always do our best to answer all your questions, but if you're not happy then you can complain to the Information Commissioner's Office (ICO). Simply write to Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, phone 0303 123 1113 or visit the ICO website at www.ico.org.uk to find out more.

Great Rail Journeys Limited is registered with the Information Commissioner's Office under registration number Z7237669.