Eurostar privacy notice

“Eurostar” (“we”) consisting of Eurostar International Limited (EIL) and THI Factory (THIF) as Joint Controllers use your personal data to provide, maintain and continuously improve the travel services offered to you. We respect your privacy and are committed to handling your personal data in strict compliance with our Data Protection regulatory obligations. In this Privacy Notice, we specifically detail how we collect, handle, store or otherwise process your personal data (data) you submit to us. Please take the time to familiarise yourself with it.

1.  Identity of the Data Controllers and Who is Responsible for your Data

EIL and THIF act as joint controllers. This means that both companies jointly determine the purposes and means of processing your personal data. Please see below for the identity of both data controllers:

Eurostar International Limited
6th Floor, Kings Place, 90 York Way
London N1 9AG, United Kingdom
Registered company number: 2462001

THI Factory
4 Place Marcel Broodthaers
1060 Brussels, Belgium
Registered VAT number BE 0541.696.005

 

2.  Sharing Data within Eurostar

EIL and THIF are now part of the same group of companies, Eurostar. Within the group, our processing activities are supported by centralised databases and systems which may be hosted or managed by one Eurostar company on behalf of another Eurostar company. Additionally, and for efficiency purposes, certain operation and commercial functions may be performed by one Eurostar company on behalf of the other.

 

3.  What is Personal Data?

Your personal data (hereinafter “your data”) is data which allows your identification as a natural person either directly, or through a combination of different information sources indirectly. Here are the types of direct and indirect data we may process:

  • Personal details, including: first name, surname, home address, telephone number, email address, etc.;
  • Professional information;

4.  How we use your personal data

Outlined in the section below, how we use the personal data we may collect, process, store or otherwise handle (depending on how you use our website):

Why do we use your data

We can only use your personal data if we have a proper reason for doing so. This is commonly referred to as the “lawful basis”.

In general, we use your data:

  • when we have your consent

In this case, we process your data only for the purposes to which you have agreed as specified on the consent form you have completed.

You can opt-in to receive correspondence from Eurostar by signing up to our newsletter.

At any time after you have registered you may opt-out or change your preferences by clicking the easy “update your profile” or “unsubscribe” option on any email sent by Eurostar

Alternatively, if you wish to amend personal data that you have submitted online, you can email us at eursostarforagents@eurostar.com or write to Eurostar International Ltd, Eurostar4agents, 6th Floor, Kings Place, 90 York Way

London N1 9AG, United Kingdom.

  • to comply with all legal and regulatory obligations to which we are subject, including:
    • prevention and detection of terrorist offences and other serious forms of crime;
    • implementation of legislation (such as the GDPR);
    • tax and accounting obligations of Eurostar;
    • transportation safety obligations;
    • obligations relating to the fight against health crises.
  • for purposes that are in our legitimate interest, in which case we seek to preserve a proportionate balance between our legitimate interest and respect for your privacy. In this context, your data can be processed in order to: 
    • Protect Eurostar property;
    • Prevent abuse and fraud ;
    • Disclose any abuse that may or may seriously prejudice the financial status, results and/or reputation of Eurostar;
    • Control the regularity of our operations;
    • Maintain safety on board and near our trains;
    • Sanction certain irregularities (such as no valid ticket) through payment of a fine;
    • Manage and improve our relationship with you;
    • Continuously improve our website and our products/services (in particular by conducting satisfaction surveys and analysing data collected via cookies);
    • Conduct market research on our products/services or to develop new products/services;
    • Analyse data, establish sales and sales activity reports, frequency of visits and establish marketing profiles;
    • Adjust our products and services that are available to you and adapt them to your needs, in particular by offering tailored services that could interest you ;
    • carrying out analyses in the context of mergers or takeovers of Eurostar activities ;
    • Exercise, defend and preserve our rights, for example during litigation, as well as to compile the proof of a possible violation of our rights;

Cookies

Eurostar places a cookie on your computer when you first enter the website to identify your country and (if applicable) language preferences. A cookie is a piece of data stored on your hard drive containing information about you, which enables us to display content relevant to your market.. Only non-personal information is stored in your cookie. If you disable the cookies, you will still be able to use the website.

We use “cookies” to identify you when you visit the website and to build up a demographic profile.

See our cookie policy

 

5.  How long we keep your data:

We only keep data for as long as we have a valid reason to do so. The exact period of time is determined by what we are using it for. This can range from the provision of services to you, for our own legitimate interests (described above) or so that we are able to comply with any legal obligations we are subject to. Legal requirements to retaining data are set by each jurisdiction we operate in and will depend on local and municipal laws.

 

6.  Sharing your data with third-parties

We share some of your data with, or obtain data from the following categories of third-parties:

Other transport companies

We sell through fares, which are train tickets for travel on both our train service and a train service provided by another third-party non-Eurostar train company. Similarly, third-party train companies and distributors which you have bought a ticket directly from would share your data with us.

Suppliers who provide services to us

We will share your data with different suppliers who provide services to us. For example, we share your data with the company which provides our on-board catering services in order to facilitate any meal preference requests. We may share your data with suppliers who we are engaged with for market research purposes and feedback on the services we provide to you. We ensure any suppliers engaged which process your data do so with the utmost respect and compliance with data protection laws

In any circumstances, Eurostar does not and will never sell your data to anyone.

 

7.  Sending data outside the European Economic Area

Data transfers to the United Kingdom

EIL headquarters are located in the United Kingdom. According to European Parliament resolution of 21 May 2021 on the adequate protection of personal data by the United Kingdom (2021/2594(RSP)), the United Kingdom provides an adequate level of data protection and no further requirements are needed to transfer data to the UK. Should there be a change regarding this adequacy decision, Eurostar will take all necessary measures to make sure the data transfers to the UK are compliant with the applicable legislations. 

Data transfers to other countries outside the EEA

We will only send data outside the European Economic Area (‘EEA’) to work with our suppliers and advertisers who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that is afforded an adequate level of data protection. We will use one of the below safeguards to ensure such protection:

  • Transfer the data to a non-EEA country which has privacy laws at least as protective as those within the EEA (known as EU adequacy decision); or
  • Enter into a written agreement with the recipient of the data binding the recipient to protect data to the same standards as required within the EEA.

8.  Your rights as a data subject

Both the EU and the UK GDPRs as well as other data protection laws empower you and give you control over the data you share with various organisations.

  • Your full name
  • The email address associated with your request
  • A rough timeframe of what period you are requesting your data from

Your rights include, the Right to be Informed, The Right of Access, The Right to Rectification, The Right to Erasure, 

The Right to Restrict Processing, The Right to Data Portability And The Right to Object

Withdrawing Consent

When we process your data on the lawful basis of consent you are entitled to withdraw this at any time. Withdrawal of consent does not affect the legality of the processing of your data during the time when your consent was still active and valid. There may be circumstances whereby we are still entitled to process your data for overriding legal or regulatory purposes.

For direct marketing, which is processed on consent, the right to withdraw your consent is absolute and requires no further qualifications.

Enforcing your GDPR rights

Please put your request in writing to:

Eurostar International Ltd, Eurostar4agents, Times House, Bravingtons Walk, London N1 9AW or by e-mail to eurostarforagents@eurostar.com.

Alterations to this privacy policy

If Eurostar decides to change this privacy policy, the changes will be posted on this page.

Complaints

If you have any concerns or complains about Eurostar’s processing of your data you are able to contact our Group DPO directly at privacy@eurostar.com. Alternatively, you may write to them at:

Data Protection Officer
Eurostar International Limited
Kings Place
90 York Way
London, N1 9AG, United Kingdom

Or 

Data Protection Officer

THI Factory
4 Place Marcel Broodthaers
1060 Brussels, Belgium

You have the right to lodge a complaint with the national data protection supervisory authority responsible for the protection of personal data in the country where you live or work, or in a country which you think a breach of data protection laws has taken place.