Privacy Policy


Legal entity processing data: Ferries Trains Planes Ltd. (t/a Raileasy), registered at 10 Station Parade, Wanstead E11 1QF (referred to as ‘us’ in this document)

As a responsible company, the stewardship of your personal data provided to us is a top priority. As such, we feel it’s important that we detail what data of yours we handle, why we need it and – most importantly – how we keep it safe.

What data is collected, and why?

In order to fulfil your booking with a Raileasy-powered brand, we may need to collect the following PII (Personal Identifiable Information) from you:

Data Type

What data do we collect?

Why we need it

Basis for processing the data

Who handles this

·         Full name

·         Full physical address

·         Telephone number


·         Assist with payment processing

·         Pass through to our fulfilment provider for Ticket on Departure (ToD) fulfilment

·         Assist with support requests

·         Us

·         Third-party fulfilment providers

·         Third-party support providers

Third-party payment provider 

·         Email address

·         User account management

·         To send service emails to you, such as booking confirmations, e-tickets and disruption emails

·         Newsletter-based marketing, if opted in.

·         Assist with support requests

·         Us

·         Third-party newsletter provider

·         Third-party support providers

·         Payment card information

·         Assist with payment processing

·         Third-party payment provider (We do not handle or hold the raw card details ourselves, in accordance with PCI-DSS guidelines)

·         Technical data related to your visit such as IP address, browser version and device details

·         This allows us to assist with stopping bot traffic, debugging any technical issues and for statistical analysis.  

·         Us

·         Our analytics provider

·         Our CAPTCHA service provider


Where is my data handled and stored?

Your personal data is controlled by a UK-based company, so comes under UK GDPR laws and ICO guidelines. However, ourselves and partner organisations whom we pass your data through to may use trusted cloud storage providers with global locations (such as Google’s Cloud Platform and Amazon’s Web Services). All PII is stored within the UK/EEA.

What data security measures are in place?

Our cloud provider, Google, and ourselves use a range of both physical and digital protections to keep your personal data safe. In addition, we regularly run both semi-automated and manual checks on our digital infrastructure and periodic security reviews of third parties that process user data.

A note if you use third-party authentication providers such as Apple or Google

If you choose to use one of our third-party providers such as Apple or Google for signing in to your account with us, we only take a limited amount of personal data. Any data you provide to these platforms directly remains under their own data protection principles, and is subject to their own Privacy Policy as well as our own.

How do I remove my data from your systems?

At any time, you can ask us to remove or anonymise (as appropriate) any personal identifying information that we hold within our systems – please contact us if you’d like to do this. We will aim to do this in a timely manner, but within one calendar month at the latest.

Who do I ask if I’ve got questions or concerns on how my data is handled?

Raileasy’s Data Controller is:

Joe Sikking (

We take the security of your personal data seriously, so if you think there’s been a breach in trust in this for any reason, please contact our Data Controller using the details above in the first instance.

If, after contacting us, we’re unable to resolve your concerns to your satisfaction, you also have the right to make a complaint to the ICO.

You also have the right to a copy of all personally identifying data on yourself held by us in the form of a Subject Access Request (SAR) - if you would like us to do this, please contact us.