GDPR Privacy Policy

Our Commitment to Data Protection & Individual Rights

1. Introduction

All Aboard Transport ("we," "our," or "us") is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy and rights of individuals regarding their personal data. This GDPR Privacy Policy outlines how we process personal data and the rights of individuals whose data we process.

2. Data Controller

All Aboard Transport is the data controller responsible for the processing of personal data. You can contact our data protection team via [email protected] for any questions or concerns regarding your personal data.

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: When you provide explicit consent for processing your data, such as subscribing to our newsletter.
  • Contractual Necessity: When processing is necessary for the performance of a contract with you.
  • Legal Obligation: When processing is required to comply with legal obligations.
  • Legitimate Interests: When processing is based on our legitimate interests and doesn't override your rights and interests.

4. Data Collection

We collect and process various types of personal data, including but not limited to:

  • Contact information (name, email address, phone number).
  • Information you provide voluntarily through forms on our website.
  • Usage data collected through cookies and similar technologies.
  • Information about your computer and your visits to this website including your IP address, geographical location, browser type/version, and operating system.

5. Purpose of Processing

We process personal data for the following purposes:

  • Providing information, services, or products you request.
  • Communicating with you regarding your bookings.
  • Sending marketing communications when you have provided consent.
  • Complying with legal obligations.
  • Protecting our legitimate interests, such as ensuring the security of our website.

6. Data Retention

We will retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Once the data is no longer necessary, we will securely delete or anonymise it.

7. Data Subject Rights

As a data subject, you have the following rights under GDPR:

Right to access

Request information about the personal data we hold about you.

Right to rectification

Request that we correct inaccurate or incomplete personal data.

Right to erasure

Request the deletion of your personal data ("Right to be forgotten").

Right to restrict

Request that we limit the processing of your data under certain conditions.

Right to portability

Request a copy of your data in a structured, machine-readable format.

Right to object

Object to the processing of your data for certain specific purposes.

Automated Decision-Making

Right not to be subject to decisions based solely on automated processing, including profiling.

8. Data Security

We implement security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. However, no data transmission over the internet or electronic storage is entirely secure, so we cannot guarantee absolute security.

9. Data Breach

In the event of a data breach that may result in a risk to your rights and freedoms, we will notify the appropriate data protection authorities and you, the data subject, as required by law.

10. Changes to this Policy

We reserve the right to update this GDPR Privacy Policy as necessary. Any changes will be posted on this page, and the policy's effective date will be updated accordingly.

GDPR Inquiries

Direct your data protection requests or exercise your rights through our dedicated team.

Data Controller

All Aboard Transport

Office

+44 208 099 5737

24/7 Operations

+44 20 7060 7382

By using our website, you acknowledge that you have read and understood our GDPR commitment.