Privacy policy

Great Western Railway ("GWR", "we" or "us") is committed to protecting and respecting your privacy.

We set out here the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it. By visiting www.GWR.com ("our site") you are accepting and consenting to the practices described in this policy.

Any information provided to or gathered from our site in the course of providing services to you is controlled by First Greater Western Limited trading as Great Western Railway. We are registered as a data controller in the United Kingdom with the Information Commissioner’s Office under registration number Z9382315.

Key terms
- our Privacy policy and Cookie policies set out how and why we collect personal data from you and how and why it will be processed by us
- except with your permission or as set out in the Privacy policy we will not sell, trade or rent your personal information to unaffiliated third parties and will not otherwise distribute your personal information without your consent unless required to do so by law or regulation
- we use anonymous, unique identifier cookies to track how successful our advertising is
- we will usually inform you before collecting the data if we intend to use or share it for marketing purposes. You have the right to ask us not to process your personal data for these purposes. You can exercise this right by checking certain boxes on the forms we use to collect your data
- Customer Support can be contacted on 0345 7000 125

Information we collect from you
- We may collect and process the following information about you. Where we ask you to provide us with any additional information, it will only be mandatory where we need it in order to provide you with the services you have requested – other information will be optional.
- Our policy is not to require you to share sensitive personal data with us, but we may ask you to do so from time to time on a voluntary basis. If you choose to do so, this means you have given (and we accept) your explicit consent for us to use that information for the reasons described in this policy, or as explained at the time you provide the information. Sensitive personal data is data relating to race or ethnic origin, political opinion, religious or other similar beliefs, trade union membership, physical or mental health, sexual life, the commission or alleged commission of an offence or proceedings relating to any offence or alleged offence.

Cookies
- Our site uses cookies. Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user's device. Cookies in themselves do not identify you, just the computer or device you are using. Cookies do lots of different jobs, like making it easier for you to log on to and use our site during future visits, letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience. They also allow us to monitor traffic on our site and can also help to ensure that adverts you see online are more relevant to you and your interests.
- Cookies themselves only record which areas of our site have been visited by your computer or device and for how long. Allowing us to create a cookie does not give us access to the rest of your computer.
- Below are the cookies we use and why:
  - DoubleClickID : This is an anonymous, unique identifier used to track how successful our advertising is. The cookie allows the devices IP address to be sent to a website, but it doesn’t store the IP address or any other personal data. This is a third party cookie.
  - WT_FPC : The purpose of this cookie is to identify the visitor and the session to allow us to track usage of our site so we can improve them. Data contained in the cookie includes a visitor ID which is anonymous, the time of start and end of the visit. This is a first party cookie.
  - SC_ANALYTICS_GLOBAL_COOKIE : This cookie is used to identify how visitors use our site. We use the information to compile reports and to help improve the site. The data is collected in an anonymous form.
- With most Internet browsers, you can erase or block cookies or ask to receive a warning before a cookie is stored. The “Help” function within your browser should tell you how. Alternatively, you may wish to visit www.youronlinechoices.eu which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.
- Please be aware that restricting cookies may have a negative impact on the functionality of our site.

Uses made of the information
- We use the information held about you in the following ways:
  - Information you give to us. We will try to let you know at the time of collection how this information will be used. We will use this information to:
    - Carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us including billing you and contacting you about your orders.
    - Respond to your inquiries or to process your requests in relation to your information.
    - Let you know about important changes or developments to the site or our services.
    - Provide and personalise our services generally.
    - Administer records of our subscription services.
    - Carry out market research campaigns.
    - Provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
    - Provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you.
    - Contact you by post, telephone, fax, SMS or by email (where you have consented to us doing so) to let you know about other products and services that we offer and feel may be of interest, are offered by other companies within the FirstGroup plc group of companies or are offered jointly with or on behalf of other organisations. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data.
    - Ensure that content from our site is presented in the most effective manner for you and for your computer, making the site easier for you to use and providing you with access to all parts of the site.
  - Information we collect about you. We will use this information to:
    - Administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
    - Improve our site to ensure that content is presented in the most effective manner for you and for your computer.
    - Allow you to participate in interactive features of our service, when you choose to do so.
    - Keep our site safe and secure.
    - Measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
    - Make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
  - Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Disclosure of your information
- We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Except with your permission or as provided herein, we will not sell, trade or rent personal information about you to unaffiliated third parties. Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
- The information you provide to us will be held on our server in the United Kingdom and may be accessed by or given to our staff.
- We may share your information with selected third parties including:
  - Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
  - Analytics and search engine providers that assist us in the improvement and optimisation of our site.
  - Other rail industry bodies including the Office of Rail and Road, other Rail Operators, Network Rail, Transport Focus and LondonTravelWatch, in order to comply with our regulatory obligations and to help resolve complaints or other issues.
  - Agents we engage to perform functions on our behalf including fulfilling order deliveries, sending customer communications, analysing data, providing marketing assistance, processing payments and providing customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes.
- We may disclose your personal information to third parties:
  - In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  - If GWR or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  - If GWR enters into a joint venture with another business entity.
  - Where we operate a rail franchise we do so under arrangements with the Secretary of State for Transport and the franchise operations may pass to a successor operator. We may disclose your data to the relevant franchising authority or any successor operator and any successor operator may process your data in the same manner as we would be permitted.
  - We may allow carefully selected third parties, including other companies in our group, to contact you occasionally about products and services which may be of interest to you (where you have consented to us doing so). They may contact you by post, telephone or fax, as well as by email. If you change your mind about being contacted by these companies in the future, please let us or them know.
  - Where we retain third parties to carry out promotions and other activities for which you have registered or in which you have otherwise asked to participate.
  - If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, or in order to enforce or apply our terms and conditions and other agreements or to protect the rights, property, or safety or GWR, our customers, our staff or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this policy.
- We may also pass aggregate information on the usage of our site (e.g. we might disclose the median ages of visitors to our site, or the numbers of visitors to our site that come from different geographic areas) to third parties but this will not include information that can be used to identify you personally.
- All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You should not share this information with anyone.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk.

Your rights
- If you are aged 16 or under, please get your parent or guardian's permission before you provide any personal information to us. Users without this consent are not allowed to provide us with personal information.
- Our site may contain links to other websites that are outside our control and are not covered by this Privacy policy. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their Privacy policy, which may differ from ours.
- We will retain your information for a reasonable period or as long as the law or regulation requires. In accordance with the UK's Data Protection Act 1998, we employ strict physical, electronic and administrative security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both on-line and off-line.
- The contents of this site are designed to comply with the general obligations of the European Directives on Data Protection and ePrivacy. We cannot be responsible for non-compliance with any local advertising or other laws in relation to this site or its contents.
- You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us by email on [email protected].
- Under the Data Protection Act 1998 you are entitled to see the personal information we hold about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Changes to our Privacy policy
- Any changes we make to this Privacy policy in the future will be posted on this page. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Privacy policy.

If you have any comments, queries or requests relating to our use of your personal information or any questions about this Privacy policy you can get in touch using the details provided on our Contact Us page.