Reroo App Privacy Policy

This is the Privacy Policy for www.reroo.co.uk and the Reroo iOS & Android mobile phone application (all referred to as the “App” or “Services” for this privacy policy). By using the app, you consent to the collection and use of information in accordance to this privacy policy. We reserve the right to change this privacy policy from time to time.
This privacy policy was last updated on 23rd July 2018.

Information we collect on you

Personal data you provide us in using our services:
Personal data type Why we use it Legal basis Who we share it with
Payment info – Payment card details and the address your card’s registered to. To make your booking and take payment for your tickets. We need this info to offer these services to you, it’s part of our contract with you. Some of the travel operators we work with may run your data through their own payment and e-ticket systems, to issue your tickets.
Age details – Date of birth or age bracket. Operators have different ticket costs, based on your age. So, we use this info to make sure you buy the right ticket. We need this info to offer these services to you, it’s part of our contract with you. Some of the travel operators we work with may run your data through their own payment and e-ticket systems, to issue your tickets.
Contact details – Name, email address, phone number. To make sure you get your tickets. The train and coach operators you’re travelling with may need this info to let you travel with them too. To contact you with essential info i.e. confirmations, refund info etc. Keeping your account up to date.

We may send you marketing if you’ve told us you want to receive it, when you register an account with us. We may send you push notifications about your booked journeys and offers we have. You can turn on (enable) or turn off (disable) push notifications in the settings on your iPhone or Android device.

We may send you marketing emails, letting you know about our news and offers when you book a ticket with us –unless you’ve asked us not to that is (spam’s not our thing). We may carry out surveys and market research activities (to improve our booking service for you), send notifications in your account, and involve you in our competitions and promotions.
We need this info to offer these services to you, it’s part of our contract with you.

Your consent – if you haven’t bought anything from us we’ll explicitly ask you if you want to hear from us- we’re nice like that. Your consent through your device settings. We want to send you relevant and up-to-date travel info and offers when you’re using our app and website.

Legitimate interests. Put simply, that’s the necessary use of your data (balanced with your rights) in order for us to provide services to you. We want to send you these types of marketing messages to give you the best travel deals. We’ll only send you relevant messages and you can choose not to hear from us at any time. We want your input in our market research, so we can keep improving our products and services.
Relevant rail, coach and bus operators, who need it to create your tickets. These operators may get in touch with you to let you know about essential service messaging, for example, if your train’s cancelled.

We don’t routinely share this type of data. We use carefully selected third parties to help us carry out this task, on our behalf.
Railcard or loyalty card details – Relevant card details. To give you a discount on your tickets (where applicable) or add points to the loyalty scheme you’re signed up to. We need this info to offer these services to you, it’s part of our contract with you. Relevant rail operators and loyalty card providers.
Comment details – Name, email address and unique identifiers as required, and any comments you choose to give us. If you choose to give us feedback through our website or app we’ll use your comments, combined with others, at an overview level, to improve our products and services. Your consent. It’s your choice to give us this info and you also decide how much detail you want to share. We do not routinely share this type of data. We use carefully selected third parties to carry out this task, on our behalf.
Contacts from you and questions you’ve asked us – Name, email address and any generated contacts, including calls. When you email us, or use our chat option to get in touch with us, we use this info to help us with things like arranging refunds for you, or helping you pick the right ticket. If you call us we may record your phone call to help our Customer Service and Operations teams fix any issues you’ve raised, as well as for training and quality purposes. Your consent. You choose how and when you want to contact us. We don’t routinely share this type of data. We use carefully selected third parties to carry out this task, on our behalf.
Social network login – Name and email address. To make things easier for you, we give you the option to log into your Reroo account by using your Facebook account. Your consent. Facebook. If you choose to use your Facebook account to log in with us, you’ll be subject to Facebook’s privacy policies too.

Personal data we automatically collect:

Personal data type Why we use it Legal basis Who we share it with
Location info – GPS info and device number. We use your GPS to make your travels easier, by showing you things like your nearest station and when the next train is. Web browsers on all devices, and apps on phones and tablets, can accurately pinpoint your location using GPS and assisted GPS. For analytics and reporting, as well as security and protection from fraudsters. Your consent. You’ll be asked when you use a GPS-enabled web browser or device whether you want to share this info with us. You can change this in your device or browser settings any time you like. We don’t routinely share this type of data.Relevant rail operators and loyalty card providers.
Device info – Your IP address and device number, to give us your rough location (e.g. your city and country). To prevent any fraudulent activity To show you ads that are relevant to you and to measure your reaction to our marketing that you interact with. To use your web sessions and web beacons to understand how you use our website and apps at a non-identifiable level. We collect this data to help us improve our services for you. To protect our website from attacks from viruses and other harmful things on the internet. Legitimate interests. To show you relevant information. We use location to understand roughly how many customers we have in various cities. We also need to make sure that we’re protecting you, as well as our website, from viruses and fraudsters. We don’t routinely share this type of data.
Analytics info – We use info about the searches and booking you make - basically how you use and navigate through our website and app. To understand how you use our website and app, to help us improve it and make it relevant to your interests. We may combine data about your use of our services, so we can use it to understand our customers’ behaviour patterns. For example, how many customers buy tickets from London to Manchester each day. Legitimate interests. This is the necessary use of your data (balanced with your rights) in order for us to provide and optimise services to you. We don’t routinely share this type of data but we use carefully selected third parties to help us carry out this task.
Social login – IP address and other potentially identifying data. By logging into your Social media accounts like Facebook, you drop cookies. These cookies can collect info about your IP address and the pages you visit. Your consent. You choose if you want to register with us using Facebook. Facebook. If you choose to use your Facebook account to log in with us, you’ll be subject to Facebook’s privacy policies too.

Keeping your data

While you’re using our services, your personal data will be safe with us, but we’ll never keep it for longer than we need to. When we don’t need your personal data to offer our full services to you, we’ll make sure it’s either completely deleted or anonymised.

International data transfer

Data we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”). By submitting your Personal Data, you agree to this transfer, storing or processing. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. European Union Model Clauses Reroo adopts European Union Model Clauses to meet the adequacy and security requirements for your Personal Data where it is transferred outside the EEA. E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. Reroo ensures that any third-party service providers we appoint are certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring Personal Data from the European Union and Switzerland to the United States. To learn more about the Privacy Shield Program, please see http://www.privacyshield.gov/welcome.

Your rights

The data protection laws give you the right to access information held about you and can be exercised in accordance with the data protection laws. If you want to exercise your individual rights over your personal data, these rights are:

Please submit any questions, concerns, or comments you have about this privacy policy or any requests concerning your personal data by email to hello@reroo.co.uk with the subject of the email being “PRIVACY POLICY” followed with your reason of enquiry. If you’re not happy about the way your personal data’s been handled, you have the right to contact the Information Commissioner’s Office (www.ico.org.uk/concerns).

Thank you for reading!