• Our new ticketing site is now live! Using either this or the original site (both powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!

Legality of Train Operators fishing travel history with other retailers

signed

signed

Established Member
Joined
13 May 2024
Messages
1,453
Location
Paris, France
talldave said:
This may be a subject for a separate thread but I've looked at Trainline's T's & C's and I can't see where it's customers agree to having their business transactions with Trainline being passed to TOCs and other random companies. Is this legal?
Click to expand...
I am not a lawyer, but I would assume yes, it would be legal under GDPR as it is for detection of crime

UK GDPR writes :
Article 23

The Secretary of State may restrict the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:

d) prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
Click to expand...

And it also part of Trainline Privacy Policy

We work with travel operators who also need your data to create your tickets and provide services in relation to your journey as well as to deal with after-sales matters. Some travel operators may run your data through their own payment and eticket systems in order to issue your tickets or notify you of any travel disruption. We may also share your personal data with travel operators to prevent and detect fraud against either you, Trainline or the travel operator. We only share what is necessary to meet this purpose, and we make it clear to them they must keep your personal data safe.
Click to expand...
 
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

furlong

furlong

Established Member
Joined
28 Mar 2013
Messages
4,411
Location
Reading
Last time it was discussed here, I thought the conclusion was that the detection of crime GDPR exception was not applicable, and so any such sharing had to be covered by the agreement people made when handing over their data (aka the privacy policy).
 
I

island

Veteran Member
Joined
30 Dec 2010
Messages
17,360
Location
0036
furlong said:
Last time it was discussed here, I thought the conclusion was that the detection of crime GDPR exception was not applicable, and so any such sharing had to be covered by the agreement people made when handing over their data (aka the privacy policy).
Click to expand...
I agree with your recollection.

Trainline's privacy policy adequately covers the matter. I cannot say for other retailers.
 
You must log in or register to reply here.

Top