Skip to main content
Customer Information -
Timetables are changing 15 December
More Information
Customer Information -
Short notice cancellations
Check before you travel
Buy tickets
Looking for something?

Northern is committed to protecting your privacy. This privacy policy explains what personal data we collect about you, how and why we use it, and how we protect your privacy. To make it easy to use this privacy policy we have outlined the key sections in the table below which you can use to navigate the policy.

 

1. Who is responsible for your data2. What personal data do we collect?3. Cookies
4. How we use your personal data and the legal basis for such processing?5. Who do we share your information with?6. Data retention
7. Information security8. Transferring information internationally9. Updates to this Privacy Policy
10. Your data protection rights11. Questions about this Privacy Policy 

Date published: 27 October 2020

Date last updated: 21 September 2023

 

Northern Trains Ltd (“Northern”) are committed to protecting and respecting your privacy.

This notice (together with our Website Terms and Conditions and Booking Service Terms and ConditionsCustomer Promise and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by Northern or our processing partners. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it, and how to exercise your rights in relation to it.

“Personal data” is any information that relates to an identifiable natural person. Your name, address and contact details are all examples of your personal data.

The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use and transmission. We have appointed a data protection officer.  If you have a question about how your personal data is used or if you wish to exercise your rights under data protection laws, please contact us or our data protection officer as set out at Section 11. 

1. Who is responsible for your data?

Northern Trains  Ltd (“Northern”) , George Stephenson House, Toft Green, York, YO1 6JT is a “controller” of your personal data. This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with data protection laws.

We are listed on the Information Commissioner’s Office (“ICO”) register of fee payers.

 

2. What personal data do we collect?

Information provided by you

You may give us information about you by filling in forms on www.northernrailway.co.uk or www.buytickets.northernrailway.co.uk, or contacting the Customer Experience Centre (CEC). This includes information you may provide, but is not limited to the following activities;

  • Filling in a form on our Website or app, or contacting us via phone, email or another method
  • Subscribing to our services
  • Opening or clicking any emails or push notifications we send you
  • Registering and consenting to receive marketing information
  • Registering to buy ticket(s) or open a Northern account
  • Downloading our app
  • Registering to use Wi-Fi
  • Browsing our Website or app, or using our Wi-Fi
  • Purchasing ticket(s)
  • Entering a competition
  • Providing answers to a promotion or survey
  • Reporting a fault or problem with our station(s) or train(s)
  • Reporting a fault or problem with our Website
  • Making a complaint or enquiry

The information you may give us may include, but it is not limited to the following:

  • First name and last name
  • Date of birth
  • Address details including postcode
  • Email address
  • Phone number – mobile, home or work
  • Disability details (relating to the Passenger Assist service) (see ‘Sensitive personal data’ below for more details)
  • Payment card information
  • Bank details for compensation claims
  • Transaction meta data (e.g. journey details)
  • Relevant rail discount or loyalty cards
  • Limited amount of personal data of any other passengers you are booking tickets for
  • Personal descriptions and photographs
  • CCTV information (see below for more details about this)
  • We don’t collect age information (except in the case of alcohol-related competitions, promotions or sales), but it is possible that this would be provided to us by law enforcement agencies/rail station operators, or in the course of ticket examinations carried out by authorised staff where a breach of Railway laws has occurred.
  • How you interact with our communications, such as: which emails you opened or clicked a link within, and how long the email was opened for; where you are when you interact with our messages; and what type of device, model and operating system you’re using.

Information you may provide via our website(s)

  • Geographical location – you will be asked if you wish to provide your location
  • IP or MAC address or details regarding use of your mobile device or PC

Analytics

We may collect and process  information about your use of the Website or Booking Service, such as some of the pages you visit and some of the searches you perform.  When we collect this information it will be your personal data because it all links to your IP address.  We will ask you for consent to set the analytics cookies relevant to this.  Then after that we will use a pseudonym and continue to process it for our legitimate interest of us better understanding our website users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like) and this enables us to build and maintain our website service better for the benefit of all users.  Such information is used by us to help us improve the contents of the Website or Booking Service and to compile, for internal market research purposes, aggregate statistics about individuals using it. Please see Section 3, 'Cookies' for more information on our use of cookies. We may also share anonymous information about your use of the Booking Service with third parties for analytical purposes.

Information we collect about you

With regard to each of your visits to either www.northernrailway.co.uk or www.buytickets.northernrailway.co.uk or if you register to use our Wi-Fi services we may automatically collect the following information;

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number

Information we receive from other sources

Publicly available sources: We also collect your personal data from other organisations and sources, including publicly available sources, for example when you contact us through a social media company such as Facebook, Twitter, LinkedIn or Instagram. Before providing personal data to us via these channels, you should check these companies’ privacy policies and settings to understand how they use your personal data.

Law enforcement agencies/rail station operators: We may also obtain or collect your personal data from law enforcement agencies (including the police and the British Transport Police) and from rail station operators if you are involved in any incidents when you are on our trains or otherwise at the train stations from where we operate our rail passenger services.

Collection from Arriva Rail North Limited: We (Northern) have taken over the rail franchise from Arriva Rail North Limited (as mentioned in either emails or letters to you (as relevant) and in all cases this information is on the Northern website). This means that we will have lawfully obtained your personal data from Arriva Rail North Limited if you were an active customer, hold an open season ticket and/or if you have provided consent to receive marketing communications from Northern Trains Limited. If you have open or active enquiries or complaints (not necessarily as a passenger) in relation to Arriva Rail North Limited, we will have received your personal data in order that we can manage these matters on behalf of Arriva Rail North Limited.

Collection via CCTV (and/or body-worn cameras). When your image is captured on CCTV (or body-worn camera) on our trains or in rail stations we will be able to view that image. More details below on this.

We may sometimes use other sources of information about our customers and prospective customers where you've given your permission for your data to be shared. We do this to help us understand more about our customers, to ensure that our messages are relevant, and to make sure that the marketing information we send you, with your consent, is also relevant. We take great care in sourcing this information, but if you prefer us not to use your data in this way, please let us know by contacting us as set out a Section 11.

We carry out general profiling such as segmentation for the purpose of providing you with a more relevant experience and for the purposes of our legitimate interests as a commercial organisation. Segmentation is never used in any way that produces a legal or similarly significant effect, is never based on sensitive personal data, and we make efforts to ensure any profiling is non-discriminatory.

Sensitive personal data

We will not intentionally or systematically seek to collect, store or otherwise use information about you classed as ‘special categories of data' or 'sensitive data' (for example, information relating to any trade union membership, ethnic origin or health) except as detailed below.

If you need help with things like getting on and off a train, you may choose to give us confidential information about medical conditions and the type of assistance you require.  All UK train companies use a system called Passenger Assist to book help on stations and on trains for all services. This makes sure that if you book help in advance, our staff on stations and on the trains know that you're travelling, where you are seated on the train, any connections you have to make, and the help you need.  You have the option to save those assistance details to your account, and can edit or remove them at any time.

If you commit or are suspected of committing or are the victim of a fraud or other crime or other serious incident on our trains or in railway stations or in relation to your delay repay claim or ticket purchase we will process information about that too in relation to you.

CCTV information

We employ CCTV on our trains and in our stations in order to:

  • prevent, deter and detect crime
  • apprehend and prosecute offenders, and provide evidence to take action in the courts
  • help provide a safer environment for our staff
  • protect public safety
  • monitor operational and safety-related incidents
  • assist with the verification of claims.

You have the right to make a request for access to CCTV images of yourself and to ask for a copy of them – as well as other rights as set out at Section 11. 

We reserve the right to withhold information where permissible by the applicable data protection laws, and we will only retain CCTV images for a reasonable period (this means 28 days or less) or for longer as is required by law or to protect our own legitimate interests. For more details please see below. In certain circumstances, we may need to disclose CCTV images to law enforcement agencies. When this is done, there is a statutory requirement for the organisation that has received the images to adhere to the relevant data protection laws.

 

3. Cookies

Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our sites. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

 

4. How we use your personal data and the legal basis for such processing?

The collection of some of the personal data described in Section 2, “What personal data do we collect?” is mandatory if you wish to be a passenger and, if such personal data is not provided, we will not be able to provide the information, products and services to you. Where the collection of any personal data is not mandatory, we will inform you of this prior to collection, as well as the consequences of failing to provide the relevant personal data.

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally process your personal information only:

  • Where we have your consent to do so.
  • Where the processing is necessary to perform our contract with you.
  • Where the processing is necessary for the exercise of our public task. As a public sector operator, our public task derives from section 30 of the Railways Act 1993 which requires us to provide, or secure the provision of, services for the carriage of passengers by railway where a franchise agreement in respect of the services is terminated or otherwise comes to an end but no further franchise agreement has been entered into in respect of the services.    
  • Where the processing is necessary for the purposes of our legitimate interests or those of a third party and are not overridden you by your data protection interests or fundamental rights and freedoms – please note that we can rely on this processing ground when we are processing personal data for a legitimate reason other than performing our tasks as a public authority– this is why for example we mention in section 2 our legitimate interests of using information collected by cookies to enable our website to provide a better service to its users.
  • Where we have a legal obligation to process your personal information.
  • Where it is necessary in order to protect your vital interests or those of another natural person: If it is necessary for us to use and share your sensitive information with law enforcement agencies, next of kin who can be identified or medical professionals in order to protect your vital interests (for instance in an emergency situation where you are taken ill on a train or in a station or when a major incident has occurred), we will do so.
  • Reasons of substantial public interest: If it is necessary for us to use and share your sensitive personal data with law enforcement agencies, next of kin who can be identified or medical professionals, for substantial public interest reasons, we will do so; likewise in order for us to adhere to and deal with the system called Passenger Assist to book help on stations and on trains for all services; likewise in order for us to know information about fraud or other crimes or other serious incidents on our trains or in railway stations or in relation to your delay repay claim or ticket purchase.

Information provided by you. We use your personal information as follows:

 

Purpose of processingLegal basis for processing
Account registration – Website

Performance of a contract

The exercise of our public task

Account registration – Booking Service

Performance of a contract

The exercise of our public task

Registration for WiFi and email confirmationPerformance of a contract
Email confirmation of Booking Service registration

Performance of a contract

The exercise of our public task

Email confirmation about your tickets for train services purchased

Performance of a contract

The exercise of our public task

Provision of your tickets to use our services, handling the administration of your payment

Performance of a contract

The exercise of our public task

Fraud checks related to Ticket purchase – automatedLegal obligation and legitimate interest (we have a legitimate interest to protect ourselves and others from fraud) (see also ‘Sensitive personal data’ below)
For our general record-keeping and passenger relationship management

Performance of a contract

The exercise of our public task

Completion of survey related to flat fare offersLegitimate interest (we have a legitimate interest to make sure passengers are happy with the service)
Completion of forms for special offers or discounts; such as collecting tokens from partner newspapers for our daily or weekend hop on hop off flat fare offers. Details need to be completed in order to redeem the offerPerformance of a contract in relation to the special offer or discount
Completion of forms for season tickets through the Northern Employee or Northern Educational season ticket schemes

Performance of a contract

The exercise of our public task

Information you provide to Northern by filling in forms on our site or that you email usPerformance of a contract where the information relates to the purchase of a ticket (or enquiries about a booking), or legitimate interest (we have a legitimate interest to make sure passengers are happy with the service)
Suggestions, complaints and appeals (including but not limited to unresolved complaints which we have inherited from the previous operator Arriva Rail North Limited and in-progress customer enquiries)Performance of a contract where the information relates to the purchase of a ticket (or enquiries about a booking), or legitimate interest (we have a legitimate interest to make sure passengers are happy with the service)
Claims for compensation and refunds

Performance of a contract

The exercise of our public task

Franchise change information, for example if the Northern Franchise passes to another legal entity or operating companyThe exercise of our public task
To share your personal data with third parties (such as our service providers who assist us administer or process ticket purchase or refund or delay repay claim transactions on our behalf)

Performance of a contract

The exercise of our public task

To keep records required by law or to evidence our compliance with laws, including tax laws, consumer protection laws and data protection laws

Legal obligation

The exercise of our public task

Travel Assistance (Passenger Assist) -  Journey Call

Legal obligation (see ‘Sensitive personal data’ below as relevant to health details relating to Travel Assist)

The exercise of our public task

We employ CCTV (including body-worn cameras) on our trains and in our stations in order to:

  • prevent, deter and detect crime
  • apprehend and prosecute offenders, and provide evidence to take action in the courts
  • help provide a safer environment for our staff
  • protect public safety
  • monitor operational and safety-related incidents
  • assist with the verification of claims
Legitimate interest (It is in our interest to deal with all these matters and it is in the legitimate interest of law enforcement agencies to have CCTV in some cases where they do not have a court order or statutory compulsion) and Legal obligation for the prevention and detection of crime where relevant.  See also ‘Sensitive personal data’ table below. 
Email and completion of rail travel surveysThe exercise of our public task
Annual reminder of upcoming season ticket expiry for both employee season and Educational season ticket scheme holdersLegitimate interest (as an existing season ticket holder on either scheme, we have a legitimate interest to remind you about ticket expiry)
Recording customer phone calls and retaining the recordings for a period of three months -  Travel Assistance provided by Journey CallThe exercise of our public task
Emails about service changes, such as timetable changes, engineering works or strike informationThe exercise of our public task
Employee season and Educational season ticket schemes e-newsletter, updates and informationLegitimate interest (as an existing season ticket holder on either scheme, we have a legitimate interest to ensure we keep you up to date with relevant information)
Messages to Northern via social mediaLegitimate interest (to be able to review and respond to the message you have sent us via social media)
Customer experience feedback and surveys legitimate interest (we have a legitimate interest to make sure passengers are happy with the service)
Consent to receive marketing emailsConsent
Competition entriesConsent
Establishing and enforcing our legal rightsLegal obligation (we have a legal obligation to keep our trains and stations operating safely and efficiently and we have a number of other legal rights)
Complying with instructions from law enforcement agencies, any court or otherwise as required by lawLegal obligation (see also ‘Sensitive personal data’ and CCTV below)
Administration of your tickets and handling queries relating to your tickets.

Performance of a contract . (where necessary for us to perform the contract)

or legitimate interest (we have a legitimate interest in responding to your queries)

Personalising your experience of our Website by using your purchases and browsing activity to make recommendations we think may be of interest to youLegitimate interest (we have a legitimate interest to make sure passengers are happy with the service) or consent (where an automated decision is made in relation to the recommendation)
Improving our website and the range of services we provideLegitimate interest (we have a legitimate interest to make sure passengers are happy with the service)

Sensitive personal data (this is the term we use to mean special categories and criminal convictions and offences data)

Purpose of processingLegal basis for processing
Helping you in an emergency situationIt is necessary to protect somebody’s vital interests or they are incapable of giving consent or is necessary for reasons of substantial public interest
Helping you by way of Passenger AssistYour explicit consent or is necessary for reasons of substantial public interest
Dealing with law enforcement agency requests for CCTVIt is necessary for reasons of substantial public interest
Dealing with fraud or other crime or other serious incident on our trains or in railway stations or in relation to your delay repay claim or ticket purchaseIt is necessary for the establishment, exercise or defence of legal claims or is necessary for reasons of substantial public interest


Information we collect about you. We use your personal information as follows:

Purpose of processingLegal basis for processing
IP address to infer approximate location for our booking service (we will ask for your consent/permission to use this)Our legitimate interest in making sure we can provide relevant journey information based on your current location – you will be asked to confirm via your browser if you wish this information to be known
Using your IP address for Fraud checks

Legal obligation and legitimate interest (we have a legitimate interest to protect ourselves and others from fraud) (see also ‘Sensitive personal data’ below)

The exercise of our public task

Data related to your use of the Website or Booking Service through the use of cookies

Legitimate interest in relation to cookies which are essential (i.e. strictly necessary for the Website or Booking Service to operate) or Consent in relation to performance or tracking cookies (i.e. those which are not strictly necessary for the Website or Booking Service to operate).

Please see our Cookie Policy for details on how to block or choose preference for cookies

 

Statistical and aggregated information

We may also use information in aggregate, where personally identifiable information is removed, for marketing and strategic development to improve and support our business (see also ‘Analytics’ header in section 2 above). We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us determine the appropriate target markets for our services. We do this conversion into anonymised form for our legitimate interests which we have explained here.

Information we receive from other sources.

We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under Section 11, “Questions about this Privacy Policy”

 

5. Who do we share your information with?

We may disclose your personal data to the following categories of recipient for the purposes described in this Privacy Policy.

Third parties who process your personal data on our instructions:

Service Providers

  • We use third party service providers to carry out many of the activities listed in Section 4, “How we use your personal data and the legal basis for such processing”.Our service providers act on our instructions, and we ensure that they take measures to keep your personal data safe.
  • We don’t allow our service providers to use your personal data for any purpose other than carrying out the service in question, and we only provide them with those parts of your personal data that they actually need.
  • In summary, we have set out below a list of the categories of service providers with whom we share personal data:
  •  
    • payment processor in relation to card payments for ticket purchases you make with us;
    • IT support and data hosting providers and administrators;
    • mailing houses to send you pre-booked tickets;
    • website development and hosting companies which we use to administer our website content, [include personalised messaging];
    • our WiFi supplier
    • agencies which we use to manage season tickets and loyalty programmes
    • agencies which we use to analyse traffic on our website and use of our services;
    • customer feedback and market research organisations;
    • the organisations that run our online ticket booking systems;
    • the organisations that send our booking confirmation emails, registration emails etc;
    • agencies supporting customer service activity carried out by rail staff;
    • suppliers who we use to help us with marketing;
    • an email service provider to send our emails;
    • a mailing house to send out marketing by post;
    • a telemarketing agency to contact you by phone or SMS;
    • online media owners who help us target, deliver and track our marketing campaigns using cookies. You can view our cookie policy (please see section 3); and
    • media owners who help us target, deliver and track our marketing campaigns

Other UK Rail Operators

  • We share your personal data with some operators for ticket fulfilment purposes
  • We may share your email address or phone number with some operators so that they can contact you with service messages, for example if a train is cancelled.
  • We may also need to share some of your personal data with any other transport carriers or other service providers who provide you with any part of the services that you’ve booked through us.
  • In the event of delay repay, compensation or refund request incorrectly received by Northern we will pass the full details of your claim onto the correct UK Rail provider.

The Authorities

  • In some circumstances we have a legal obligation to share parts of your personal data with police or customs authorities, regulatory authorities, government & law enforcement agencies. This may include, but is not limited to, fraud prevention and detection.
  • We may also disclose your personal data to any competent law enforcement body, regulator, government agency such as Rail North, the Department for Transport (DFT) or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation; (ii) to exercise, establish or defend or legal rights; or (iii) to protect your vital interests or those of any other person;

Other

  • We operate the Northern franchise under arrangements with the Secretary of State for Transport and the franchise operations may pass to a successor operator. We may disclose your personal data to the relevant franchising authority and/or any successor operator and any successor operator must use your personal information only for the purposes disclosed in this Privacy Policy.
  • We may disclose your data to any other person to whom you request us to make disclosure or if you consent to such disclosure.

 

6. Data Retention

We will not retain your personal data for longer than is necessary to fulfil the purposes for which we collected that personal information, unless the law permits or requires that we retain it for longer.

The table below explains in more detail how long Northern will store different types of customer information for:

 

Passenger information 

Passenger details (e.g., name, address of customer etc.)

(ii) Current passenger

(ii) Lapsed passengers

For the duration of the passenger's registration with Northern and then for the period specified for lapsed passengers.

For a period of 6 years following the end of the year in which you last purchased Northern's services.

Passenger dataFor the duration of the passenger's registration with Northern and then for a period of 6 years following the end of the year in which services were last purchased.
Passenger consents to Northern terms and conditionsFor the duration of the processing of the Personal Data and up to 6 years thereafter.
Passenger service enquiries3 years
Statistical reports/marketing data6 years
Register of complaintsReview after 10 years
Correspondence and papers including emailsReview after 6 years (or 10 years if the documents relate to a complaint or investigation)
WiFi registrationOnce you have created an account to use WiFi services, then the account information you provide will be retained for a period of one year. At the end of the one year period you will be asked to re-confirm your details when you log in to use and if necessary update your details to continue receiving WiFi services.
Registration information 
Prospective customerswww.northernrailway.buytickets.co.uk then the information regarding customers (below) will apply. We will review account information on an annual basis and we may contact you to ask if you still wish to retain your account.
Customerswww.buytickets.northernrailway.co.uk we will keep your account for up to six years following the end of the year in which you last purchased Northern’s services.
Marketing information 
Marketing permissions and preferencesIf you have given Northern permission to send email marketing messages to you then we will retain your marketing preferences until you notify us that you no longer wish to receive marketing emails by updating your marketing preferences by logging into your account and updating your preferences. We will review marketing preferences annually and may contact to you to ask if you wish to still continue receiving marketing emails.

 

7. Information Security

We apply appropriate administrative, technical and organisational security measures to protect your personal data that is under our control from unauthorised access, collection, use, disclosure, copying, modification or disposal. All information you provide to us is stored on secure servers. Northern is owned by DfT OLR Holdings Limited, which is turn is wholly owned by the Secretary of State for Transport.  We train our employees regarding our data privacy policies and procedures and permit authorised employees to access personal data on a need to know basis, as required for their role. We also take steps to ensure that any service provider that we engage to process personal data on our behalf takes appropriate technical and organisational measures to safeguard such personal data.

 

8. Transferring Information Internationally

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.

However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Policy and as required under data protection laws in the UK. These safeguards can include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information to our third party service providers and further details can be provided upon request.  Safeguards can also include requiring the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing and where the framework is the means of protection for personal data. 

 

9. Updates to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

 

10. Your Data Protection Rights

You have the following data protection rights:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting Northern as set out at section 11
  • Please note: We retain personal information from deactivated accounts to comply with law, prevent fraud, collect any fees owed, resolve disputes, assist with any investigations, enforce our terms and conditions, and take other actions otherwise permitted by law. We may also retain some pseudonymous data for analytics purposes so we can understand, for example, how many visitors we have had to the Website or Booking Service.
  • In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us as set out at section 11.
  • If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. You can update your consent preferences at any time by logging into your account. Please note it can take up to 48 hours for this information to be updated.
    We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
  • Rights in relation to some automated decision making about you including profiling (as relevant) if this has a legal or other significant effect on you as an individual. This right allows individuals in certain circumstances to access certain safeguards against the risk that a potentially damaging decision is taken without human intervention.

 

11. Questions about this Privacy Policy

If you have any question, concerns or complaints about this Privacy Policy or our handling of your personal data, you can contact us by email using [email protected] or by post to the following address:

Northern Trains Ltd

George Stephenson House, Toft Green, York, YO1 6JT



You have the right to complain to a data protection authority about our collection and use of your personal information. The data protection authority for the UK is the Information Commissioner’s Office – whose website is https://ico.org.uk/ .If you are based in the European Economic Area, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available on the EU Commission's website via the following link): http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm)

 

Northern App

Streamline your journey and get tickets straight to your phone. Making your journey contact-free.

Northern App

Streamline your journey and get tickets straight to your phone. Making your journey contact-free.