Privacy policy

Last updated: 18 April 2019

At a glance this is what you need to know

We always recommend that our customers read this privacy policy in full. It explains who we are, how and why we collect personal data from you, how and why it will be processed by us and our commitment to protecting your data.

But just in case you’re on the move or do not have time to read it in full we have summarised the key points for you in our 'speed read' section below.

Great Western Railway (GWR, we, our or us) is a trading name of First Greater Western Limited. We are registered as a data controller with the Information Commissioner's Office and our registration number is Z9382315.

  • We have appointed a Data Protection Officer. They are responsible for our approach to data protection and protecting your privacy. You can contact them at DPO@firstgroup.com.
  • We process (i.e. handle) your personal data to provide our services to you. Under data protection laws, we are only permitted to process your personal data where we have a legal basis for doing so. We will only ever process your personal data in compliance with applicable law.
  • We may share your personal data with our third party suppliers, including payment processors and data analysts, to enable the efficient and secure provision of services to you. Except as explained in this privacy policy, we will not share your data with third parties without your consent unless required to do so by law.
  • We will keep your personal data for as long as we need it. How long we need your personal data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described below) or so that we can comply with the law. We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
  • We may transfer your personal data to a recipient located outside of the European Economic Area (EEA). If we do this, we will ensure that the transfer mechanism provides an adequate level of protection, which has been recognised by the European Commission.
  • You have important rights under laws aimed at protecting your personal data. This policy sets out your rights and how you can exercise them. For more information, read section 12. You also have the right to make a complaint to the Information Commissioner's Office if you are unhappy with how we have handled your personal data. For more information read section 13.

Contents

1. About Great Western Railway

This section sets out who we are. It provides some useful information about us including our company number, registered address and data controller registration number (provided by the information commissioner’s office).

2. About this privacy policy

This section tells you when this privacy policy applies (e.g. When you use our website or communicate with us). It also lets you know how and when we will communicate updates of this privacy policy to you.

3. What personal data do we collect about you?

This section informs you of exactly what personal data we collect about you and why. This includes information that is provided to us directly by you as well as information that we gather from your visits to our website and information that we receive from other sources.

4. How is your personal data collected?

This section explains to you the different ways in which we will collect the personal data that you provide to us.

5. Purposes for which we will use your personal data

This section explains the purposes for which we will use your personal data we hold. We also set out what we consider to be the legal basis for processing your personal data for each purpose, this is to ensure that you have all the information that we are required to provide you by law.

6. Communications

This section explains how we will ensure that you only receive communications that you wish to receive. We will ensure that you have total control over the information that you receive.

7. Who will have access to your personal data?

This section explains which of our employees will have access to your personal data. It also explains the reason for our employees accessing your personal data.

8. Who else might we share your personal data with?

This section informs you of who we share your personal data with. It also explains the reason for sharing; this is largely so that we can provide our services to you.

9. How do we protect your personal data?

This section explains how we keep your personal data safe and where it will be held. It also explains how we may process your personal data outside of the European Economic Area, but that we will only do so using recognised mechanisms which offer an adequate level of protection.

10. How long do we keep your personal data?

This section explains the length of time that we will retain your personal data. It also explains why we would hold your personal data for such time periods.

11. What are your rights?

This section explains that you have rights in relation to your personal data. It also explains what these rights are and how you can go about exercising them.

12.Cookies

This section explains that our website uses cookies and where you can find further information about the cookies used.

13. Who can you ask for more information?

This section provides you with contact information should you have any questions or concerns about the way we handle your personal data. It also explains how you can contact the data protection regulator should you be unsatisfied with our response to your data protection issues.




Cookie policy

Last updated: 22 November 2019

This policy explains how our website, mobile app and Wi-Fi portal use cookies.

What is a cookie?

Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website.

Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user's device.

Cookies in themselves do not identify you, just the computer or device you are using. Cookies do lots of different jobs, like making it easier for you to log onto, and use, our site during future visits, letting you navigate between pages efficiently, remembering your preferences, and generally improving your experience. They also allow us to monitor traffic on our site and can also help to ensure that advertising you see online is more relevant to you and your interests.

Cookies themselves only record which areas of our site have been visited by your computer or device and for how long. Allowing us to create a cookie does not give us access to the rest of your computer, and does not allow us to see any personally identifiable data about you.

Types of Cookies

We've arranged the cookies we use into four groups:

a) Analytics/performance cookies: Every time someone visits our site, software that we have selected and which is provided by one or more other organisations generates an 'anonymous analytics cookie' which tell us whether or not you have visited our site before. Your browser will tell us if you have these cookies and, if you don't, we generate new ones. This allows us to track how many users we have, and how often they visit our site. We use these cookies to gather statistics such as the number of visits to any page on our site.

b) Functionality cookies: These cookies enable us to remember choices you make and provide enhanced, more personal features. For example, remembering your email address and preferences on our website, so you don't have to choose them each time you visit.

c) Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or make a purchase.

d) Targeting cookies: We use these anonymous cookies to determine the content of advertisements that we show on other websites. When you visit other sites on the web, such as news or information sites, this cookie lets our re-targeting providers know when to serve advertisements and what content to show you. These cookies also allow us to know whether or not you've seen an advertisement, and how long it has been since you've seen it.

Cookies we use

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Category - First-party performance cookies 

Host name Filename
.myaccount.gwr.com
_utmb
 _utma
 _utmz
 _utmc
 
.gwr.com  _gid
 _utmb
 _utmt
 _utma
 _gat
 _gat_UA-3373558-4
 _gat_UA-3373558-7
 _ga
 _utmz
 _utmc
 
www.gwr.com  sc.UserId
 SC_ANALYTICS_GLOBAL_COOKIE
 sc.ASP.NET_SESSIONID
 sc.Status

Category - Third-party performance cookies

Host domain Filename
ws.sessioncam.com
sc.ASP.NET_SESSIONID
Category - Third-party strictly necessary cookies

Host domain Filename
www.gwr.com
ASP.NET_SessionId
.gwr.com _gid_dc_gtm_UA-3373558-7
 _dc_gtm_UA-3373558-4
Category - Third-party strictly necessary cookies

Host name Filename

None
Category - First-party targeting cookies

Host name Filename
.gwr.com
_qca
_gcl_au
_fbp
.gwr.com NewVariableMixingDeckVersion
access_token
 
.www.gwr.com
access_token
www.gwr.com
arrivalStation
sc_expview
tests
randomnumberpersistant
k2c_history
arrivalStation
k2c_Firstgroup_cids
bookingprocess
arrivalStation
mixingDeck
arrivalStation
arrivalStation
basket_details
fcuEnabled
savedToggleStatus
arrivalStation
qttFirstStage 
k2c_gwr
Category - Third-party targeting cookies

Host name Filename
.adnxs.com
anj
uuid2
 
.adsrvr.org
TDID
TDCPM
 
.bing.com
MUID
.doubleclick.net
IDE
id
 
.exelator.com
ud
EE
 
.facebook.com
datr
fr
lu
.google.com
APISID
 SSID
 SID
 SAPISID
 HSID
.mookie1.com
id
 mdata
 
.quantserve.com
mc
.tripadvisor.co.uk
TATravelInfo
 ServerPool
 TAUD
 TASession
 TAUnique
 TACds
 
.twitter.com
auth_token
twll
secure_session
guest_id
_utma
remember_checked
remember_checked_on
.www.tripadvisor.co.uk
SRT
TART
TADCID
TASSK
PMC
.www.tripadvisor.com
TADCID
.youtube.com
SID
HSID
PREF
APISID
SSID
LOGIN_IFO
SAPISID 
bat.bing.com
MUIDB
www.tripadvisor.co.uk
TART
SRT
TASSK
TADCID
PMC
www.tripadvisor.com
TADCID
.sojern.com
cid
.travelsmarter.net
st_browser_id
.www.jscache.com
TADCID
p.travelsmarter.net
sa_dmp_to_sync
chn_uuid
sa_aud_cmp
sa_dmp_synced
sojern.com
cid
www.jscache.com
TADCID
 www.klick2contact.com
PHPSESSID
 k2c_Launch