The protection of your privacy is an essential priority and we use your data to provide you with the products that you purchase on our sites. If this were not the case, it would be a pity that you couldn't travel… :)
In this regard, here are the eight principles that Rail Europe and all of its employees implement:
- never collect or use data without a precise and legitimate purpose;
only collect data in one of the following contexts:
- data necessary for the performance of contracts and for services that are requested,
- express and specific consent from you,
- duly-justified legitimate interest of the company;
- collect and use only data that is strictly necessary for processing;
- keep data only for a limited duration that is coherent with the services provided;
- constantly ensure the quality and security of data;
- only make transfers of data when this is necessary and in accordance with legal and security rules;
- constantly provide you with clear and transparent information;
- ensure respect for your rights and the conditions for exercising them.
The main data controller on the Rail Europe sites is the company Rail Europe (RCS Nanterre 401 714 993), located at 2 place de la Défense, CNIT 1, BP 440, 92053 Paris La Défense, France. Its legal representative is Mr Dâu-Khôi NGUYEN, as CEO ('Président').
What is your data used for?
Rail Europe only collects and uses data concerning you for purposes that are precise and limited to what is necessary for you, namely:
processing your orders:
- enabling carriers and travel partners to provide you with services ordered,
- ensuring payment for the products that you have purchased,
- providing assistance to users of Rail Europe sites by email, or chat, when they request assistance for an order, for connecting to the sites or accessing their customer accounts,
- monitoring and providing after sales service for products ordered (information, cancellations, reimbursements, exchange, complaints),
- helping making orders: if you do not complete an order made on the Rail Europe site, Rail Europe may send you an email offering its help;
managing your customer account: at Rail Europe, the customer account is not mandatory. However, it is very useful because it is an account that is entirely dedicated to you and makes it easy for you to:
- easily give orders (automatic entry of your data: identification and travel preferences),
- access your order data;
communicate with you: for Rail Europe, maintaining contact with you is essential, but we only do it in a carefully controlled manner and we only send you electronic communications, via email, SMS or mobile notification, for the following reasons:
- monitoring orders: sending confirmations of orders and any other messages related to the service that you have ordered,
- the management of your customer account: confirmation of creation or closure, modification of passwords,
making commercial offers: only in one of the following two cases:
- if you are registered for the "Newsletter" service from Rail Europe,
- if you have ordered products on the Rail Europe site or the Rail Europe mobile application.
In all cases, you may unsubscribe from our commercial newsletter service by clicking on the "unsubscribe" link at the bottom of the newsletters,
- rewarding of your loyalty: Rail Europe may occasionally present offers to reward your loyalty;
offering you personalised products and services: at Rail Europe, we are intent on constantly offering you products that are most likely to be suitable for you. At Rail Europe, we offer you personalised content:
- in the commercial communications that we send to you,
- when you browse the Rail Europe sites,
- through certain services using geolocation (only on the Rail Europe mobile application),
- via targeted and personalised advertising banners on other sites;
fighting fraud: the security and proper functioning of our sites is a major issue. The data is analysed automatically by our subcontractor to determine a level of fraud risk associated with each order.
The analysis criteria include the browsing behaviour, the data related to the terminal used and the bank details.
According to the results of this risk analysis, and after a check by our anti-fraud teams, Rail Europe may do one of the following:
- validate your order;
- request additional substantiating documentation;
- refuse the order;
- cancel the order and reimburse the funds.
In case of any confirmed problem with an order, or in the case of an outstanding debt, your data will be written to an alert file belonging to Rail Europe, which may, for future orders, make additional checks.
You can, at any time, make a complaint or request information by contacting Rail Europe customer service.
- offer you games/contests: in this context, Rail Europe and/or its partners will use the data that you have agreed to communicate strictly for the purposes of implementing the game and communication. As part of games and contests, after you have registered and given your advance authorisation, you may be offered commercial offerings from time to time by third-party partners of Rail Europe.
What is our data management policy?
What data do we collect?
At Rail Europe, we scrupulously follow the principle of "minimisation", meaning that we collect only the data that is strictly necessary to the purposes defined above, namely:
- identification data (name, email address, IP address): This data is essential for any orders, registration for a customer account or forthe security of the sites and transactions of Rail Europe;
- banking data: This data is essential for any orders or reimbursements;
- data related to your searches and your order (product purchased, destination, date, price, etc.): This data is essential to provide the ordered service and after-sales service;
- data related to your habits and centres of interest (favourite destinations, choice of additional services, etc.): This data is useful for making personalised offers;
- contact data (telephone no, email address, postal address): This data is useful to contact you if required (problem related to your order or a purchased product, travel information) or to send you your train tickets, either to your home or electronically;
- technical data: during browsing, Rail Europe collects information such as the version of your browser, operating system used or the model of terminal used. This data is necessary for optimal display and functioning of Rail Europe sites and applications;
- browsing data (searches, number of visits, date of last visit, etc.): This data is useful for making commercial offers.
How do we collect the data?
At Rail Europe, the sources of data are:
- when you complete forms on the Rail Europe sites and application,
- when you browse Rail Europe sites and application (pages consulted, duration of consultation of pages),
For each of them, you are informed of the data that is necessary and that which is optional, by asterisks on the entry forms.
the technical information:
- your IP address, the telecoms operator and the macroscopic location of the IP address,
- the information provided by the browser on the operating system and the browser used,
- cookies: see the chapter on cookies
How long is the data retained?
The data is only kept for periods that are strictly necessary:
- to the implementation of orders;
- to legal and regulatory constraints, notably in matters of dispute management;
- to the provision of personalised services.
The general data retention policy used by Rail Europe is as follows:
- identification data: five years from the last visit to the site or connection to the service;
- order data: five years from the date of the order;
- bank details: maximum thirteen months in order to manage the after-sales service (reimbursements);
- prospect data: one year after the date of the last activity on Rail Europe sites or the last opening of a newsletter;
- connection logs: one year from each connection;
- cookies: thirteen months maximum from them being saved on your computer or terminal.
What resources are used to ensure the security of the data?
Rail Europe is particularly vigilant concerning the security of your data and devotes significant human and technical resources to protect it. A strict security policy is in place to define the processes, working methods and rules for technical protection to be used. The security measures used include, but are not limited to:
- automated systems for protection against cyber-attacks are active;
- computer code on the Rail Europe sites is subjected to security reviews;
- automated tools periodically carry out security tests on the Rail Europe sites;
- the security of Rail Europe sites is audited by companies that are experts in the subject;
- personal data of customers is subject to strict access control;
- experts in cyber security can intervene at any time to handle security incidents.
Is my data transferred to third parties?
The policy of Rail Europe is very clear on this subject: Rail Europe does not transfer any data to third-party companies for any reason other than one of the following:
supply of services ordered: in order to be able to provide you with the transport or ancillary services offered, the data is transmitted to the companies concerned, namely:
- carriers: rail carriers and their subsidiaries for associated service,
- partners: tourism product sold by partners, directly or under white label;
subcontracting: Rail Europe uses contractors to operate its sites and provide you with the services and products proposed, and notably:
- its IT subcontractors,
- for the customer relationship: call centres, communication tools,
- for payment: suppliers of partners offering products on the Rail Europe site,
- for marketing services: marketing follow-up, dispatch of newsletters,
- for the fight against fraud: specialist service provider;
For all of these transfers of data, Rail Europe takes strict care to:
- only work with trusted companies;
- secure its relationships with these companies.
Transfers in foreign countries
Rail Europe transfers data in foreign countries for the following cases:
- order processing: Rail Europe data centers are located in Eire,
- customer relationships: your data may be transferred to one of several call centers, that are located in France, India, USA and Australia.
- fraud prevention: subcontractor of Rail Europe, uses the data in the United States, in Australia, and in Eire.
What are my rights?
You have the following rights concerning your data and the right to make sure that Rail Europe is compliant with its commitments.
- Right of access: You may contact us to find out what data Rail Europe has concerning you;
- Right to correction and deletion: You may correct data concerning you and request that it be deleted;
- Right of objection: You may object to Rail Europe performing various processes;
- Right to portability: You may request that Rail Europe sends you the data concerning you (identification and order data exclusively) in an electronic format (CSV file).
It is nevertheless reiterated that the exercise of these rights is not absolute and may be limited for reasons of legitimate interest (customer dispute) or for legal reasons.
How can I exercise my rights?
Right of access, correction, deletion and portability
If you have a customer account, you can undertake these operations directly, by connecting to your customer account.
If not, you may send your requests to Rail Europe customer service using the following electronic form or by letter to the following address: Rail Europe, Customer service, at 2 place de la Défense, CNIT 1, BP 440, 92053 Paris La Défense, France.
Right of objection
You may exercise your right of objection as follows:
- for commercial newsletters: by clicking the "unsubscribe" link mentioned in the newsletters that are sent to you: Rail Europe then undertakes not to send you any more commercial newsletters;
- for all other requests: by sending your requests to Rail Europe customer service using our electronic form or by letter to the following address: Service Clients Rail Europe, Customer service, at 2 place de la Défense, CNIT 1, BP 440, 92053 Paris La Défense, France.
For all of these requests, and for security reasons, you will be asked to identify yourself and communicate a copy of your identity document to Rail Europe customer service.
How does it work for social networks?
The Rail Europe sites use plug-ins for social networks, notably Facebook, Twitter and Instagram. If you interact with these plug-ins (clicking the "Like" or "Share" buttons), the information related to your browsing and to the operations carried out on the Rail Europe sites will be sent to the company operating the social network in question.
Also, if you do not want a social network to which you belong to link information collected when browsing on the Rail Europe sites, you must disconnect from the social network in question before visiting the Rail Europe sites.
In all cases, the use of these plug-ins or the data collected when browsing with the social network activated is exclusively governed by the general conditions of the social networks concerned. We therefore invite you to read the personal data protection policies of these social networks to learn precisely what information is collected and how it is used.
What is the policy of Rail Europe concerning cookies?
What is a cookie?
Cookies are files that are placed in the browser on your computer or terminal when you browse the Rail Europe site. These files are subsequently automatically sent by the browser to the servers of Rail Europe during your browsing, in order:
- to enable browsing on the Rail Europe sites (management of shopping baskets, customer account connection sessions, proof of authentication for the "remember me" function, servers used, etc.) or to adapt to your terminal (language used, display resolution, operating system of the site);
- to monitor customer browsing on the Rail Europe sites and to measure audiences to optimise and improve the sites;
- to personalise the click path and the offers;
- to manage advertising on the Rail Europe sites and other sites;
Who are the cookies placed by?
These files are placed:
- either by Rail Europe,
or by third parties: When you browse the Rail Europe sites, cookies are issued by third-party companies (companies providing user help, advertising service providers, communications agency, audience measurement companies, etc.), subject to choices that you have made previously with their services, or at any time under the conditions described below.
These cookies are mainly intended to provide you with advertising content likely to correspond to your centres of interest according to the data collected during your browsing on the Rail Europe site.
These cookies may also enable:
- counting the number of displays of advertising content disseminated via the advertising spaces on the Rail Europe sites, identifying advertisements displayed and the number of users who clicked on each advertisement, in order to calculate amounts due and prepare statistics;
- recognise your computer or terminal during your browsing on any other site in order to adapt the advertisements that are disseminated there;
The issue and the use of these third-party cookies are subject to the confidentiality and data-protection policies of these third-party companies. However, we inform you, when we actually know, of the purpose of these cookies.
Also, if your computer or terminal is used by several persons, or if it has several browsers, it is not possible for Rail Europe to be sure that the services and advertisements correspond to your use of Rail Europe sites and not that of another user. This choice of sharing and configuration is your free choice and responsibility.
Detailed description of the cookies of Rail Europe
Cookies for technical uses:
- browsing sessions (connection to customer account, technical browsing session, servers used);
- simplification of the visit, with adaptation of display criteria to your computer or terminal (language used, display resolution, operating system, browser used, accessibility parameter);
- detection of a previous visit;
- registration of customer preferences;
- automatic re-connection to the customer account (when activated).
These cookies are necessary to the correct functioning of Rail Europe and to your browsing.
Cookies used for monitoring:
- audience measurement: statistical data on traffic and the use of the Rail Europe sites (sections and content targeted, click path) in order to measure and study the functioning and efficiency of Rail Europe sites, and thus improve the benefit and ergonomics of the services of Rail Europe;
- comparative tests of several versions of the site.
These cookies enable the continuous improvement of the sites and services of Rail Europe (benefits, ergonomics, etc).
Cookies for personalisation purposes:
- personalisation, in real-time, of browsing on Rail Europe sites and proposal of relevant and personalised offers;
- improvement of the ergonomics;
- identification of browsing problems in order to offer the assistance of a call-centre agent.
These cookies enable you to be offered products and services that are personalised and in accordance with your requirements and centres of interest.
Cookies for advertising use:
- counting and personalisation of content and advertisements proposed when you visit the Rail Europe sites;
- connections to social network services, sharing information on social networks.
These cookies enable the most relevant offers to be provided to you.
How are they put in place?
When browsing the Rail Europe sites:
- you are informed of the existence of cookies via the navigation banner that appears when you first visit or in case you delete the cookies placed by Rail Europe;
How do I express my choices concerning cookies?
You can configure your browsing with your browser: you can authorise or refuse the saving of cookies on your computer or terminal with the appropriate parameters of your browsing software.
These parameters are specific to each browser and are accessible via your browser's help menu: