Last updated: 1st February 2021
We always recommend that our customers read this privacy policy in full. It explains who we are, how and why we collect personal data from you, how and why it will be processed by us and our commitment to protecting your data.
But just in case you're on the move or do not have time to read it in full we have summarised the key points for you in our 'speed read' section below.
First Travel Solutions Limited Ltd (FTS, we, our or us) is a company registered in England and Wales under company number 01966624 whose registered office is at Unit 5 Petre Court, Petre Road, Clayton Business Park, Clayton Le Moors, Accrington, BB5 5HY.
We are registered as a data controller with the Information Commissioner's Office and our registration number is Z283227X.
This privacy policy applies to the personal data we collect about you through our website www.firsttravelsolutions.com (Website), by post, by telephone through our third party partners for whom we provide services for and when you otherwise communicate with us.
This privacy policy may change from time to time and, if it does, the up-to-date version will always be available on our Website. We will also tell you about any important changes to our privacy policy.
This section informs you of what information we collect about you and why. Personal data means any information about an individual from which that individual can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data is not considered personal data in law as this data does not directly or indirectly reveal your identity. An example of Aggregated Data would be where we use your Usage Data to calculate the percentage of users accessing a specific Website feature. If the Aggregated Data is combined with other personal data to directly or indirectly identify you, we will treat this combined data as personal data and in accordance with this privacy policy.
Special Category Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not seek to collect or otherwise process your Special Category Data, except where:
Where you request services (such as a meal preference), which might imply or suggest your religion, health or other information, we do not consider this information to be confirmatory since you may select a meal preference for a variety of reasons and therefore we do not consider your selection to be Special Category Data.
We use different methods to collect data from and about you including through:
Direct interactions:
We collect personal data about you if you fill in forms on the Website or correspond with us by telephone, email or otherwise. This includes information you provide when you:
We may process personal data that you manifestly choose to make public, including via social media (e.g. we may collect information from your social media profile(s), to the extent that you choose to make your profile visible).
Automated technologies or interactions:
If you use our Website, we automatically collect the following information:
Where we collect information about you in the ways described above, we do so on the basis that it is in our legitimate interests to collect and process this data. In most situations this will be anonymised but we collect and process this data to ensure that our site is functioning properly and that our customer experience is to the standard that you and we expect.
Where we collect information about you in the ways described above, we do so on the basis that it is in our legitimate interests to collect and process this data. In most situations this will be anonymised but we collect and process this data to ensure that our site is functioning properly and that our customer experience is to the standard that you and we expect.
The Website may, from time to time, contain links to and from the websites of advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We also use cookies on our Website. Please see this section for more information.
No automated decision-making or profiling will take place using your personal data.
Information we receive from other sources:
We may receive information about you if you use any other website we operate or the other services we provide. We are also working closely with third parties, (including, for example, business partners, sub-contractors in technical and payment services, advertising networks, analytics providers, search information providers, credit reference agencies ) and may receive information about you from them, in particular where you purchase any of FirstGroup plc's bus or train operating companies' products or services through such third parties. In addition, we may receive information about you from third parties who provide it to us (e.g. your employer, your school or education provider, our customers and law enforcement authorities).
When we receive information from other sources, we rely on them having the appropriate provisions in place telling you how they collect data and who they may share it with. We carefully check our sources to ensure that we only receive your information when it is lawful for us to do so.
CCTV:
We employ CCTV cameras to capture, record and monitor what takes place at our offices and on our premises in order to help provide a safe environment for both our employees and customers and prevent, deter and detect crime.
For further information on CCTV and retention periods, please contact us using the details provided in this section below.
This section explains how we will use personal data you provide to us in order to carry out the activities relevant to the provision of our services to you.
We must have a legal basis for processing your personal data. We consider that we have a legal basis where:
Where we process your personal data on the basis of our legitimate interests, these are our (or our third party's) interests in providing our services to you in an efficient and secure manner.
We have set out below a list of all the ways we may use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
In some cases we may use more than one legal basis for processing your personal data; this will depend on the specific purpose for which we are using your personal data. Please contact us if you have any queries about the specific legal basis that we rely on for processing your personal data.
What we use your personal data for (purpose)Type of dataLegal basis for processing (including basis of legitimate interest)
To register you as a new customer(a) Identity
(b)ContactPerformance of a contract with you
To carry out our obligations arising from aby contracts entered into between you and us including:
a) Managing payments, paying refunds or compensations;
b) Collecting and recovering money owed to us;
c) Running fraud checks if we have reasonable suspicions;
d) Provide you with the information, products and services that you request, including but not limited to contacting you about your journey.(a) Identity
(b) Contact
(c) Financial
(d) Transactional
(e) Health
(f) Communications(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us, to pay refunds or compensation owed to you and to prevent us facilitating fraud)
To respond to your enquiries or to process your requests in relation to your information(a) Identity
(b) ContactPerformance of a contract with you
To manage our relationship with you which will include:
a) notifying you about changes to our Website, services, terms or privacy policy; and
b) asking you to leave a review or take a survey(a) Identity
(b) Contact
(c) Financial
(d) Transactional
(e) Profile
(f) Communications(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to recover debts due to us, to pay refunds or compensation owed to you)
To enable you to partake in a prize draw, competition or complete a survey(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Communications(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our Website and to develop and grow our business)
To administer and protect our business and the Website (including training our employees, troubleshooting, data analysis, testing, system maintenance, security audits, support, reporting and hosting of data).(a) Identity
(b) Contact
(c) Profile(a) Necessary for our legitimate interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To conduct health and safety assessments and record keeping; and compliance with related legal obligations.(a) Identity
(b) Contact
(c) Profile
(d) HealthNecessary for our legitimate interest (in ensuring that we provide a safe and secure environment at our premises)
To deliver, measure and understand the effectiveness of the website content we serve to you(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Communications
(f) TechnicalNecessary for our legitimate interest (to study how you use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve the Website and experiences(a) Technical
(b) UsageNecessary for our legitimate interests (to define types of customers, to keep the Website updated and relevant and to develop our business)
To establish, exercise and defend our legal rights(a) Identity
(b) Contact
(c) Financial
(d) Transactional
(e) Technical
(f) Profile
(g) Usage
(h) Health
(i) Communications(a) Necessary for compliance with a legal obligation
(b) Necessary for our legitimate interest (for the purpose of establishing, exercising or defending our legal rights)
This section is to explain how we will ensure that you only receive communications that you wish to receive.
Marketing communications
We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest'. A ‘legitimate interest' is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.
The personal data we have for you is made up of what you tell us, and the data we collect about you when you use our services, or data provided to us from third parties we work with. We study this to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
We want to ensure that you are informed and aware of the best products, services, promotions and events that we can offer you. By consenting to receive additional communications (by mail, telephone, SMS, text/picture/video message, app push notifications or email) from us and any named third parties that feature at the point of obtaining consent in respect of such information, we will process your personal data in accordance with this privacy policy.
If you have provided your consent to receive marketing communications from us and you change your mind, you can change your preferences and unsubscribe at any time by unsubscribing from the relevant communication channel, changing your preferences in the preference centre or by contacting us. If you choose not to receive this information we will be unable to keep you informed of new products, services and promotions that may interest you.
Whatever you choose, you'll still receive booking confirmations and other important information, for example service updates.
Service communications
As detailed in the table at section 5, we may send you communications such as those which relate to any service updates or provide customer satisfaction surveys. We consider that we can lawfully send these communications to you as we have a legitimate interest to do so, namely to effectively provide you with the best service we can and to grow our business.
This section is to explain who, within FTS, will have access to your data. Your personal data will only be seen or used by our employees who have a legitimate business need to access your personal data for the purposes set out in this privacy policy.
We take your privacy seriously and have implemented appropriate physical, technical and organisational security measures designed to secure your personal data against accidental loss, destruction or damage and unauthorised access, use, alteration or disclosure. This section explains how we keep your personal data safe and where it will be held.
This section will inform you of who we share your personal data with and why. Except as explained in this privacy policy, we will not share your personal data without your consent unless required to do so by law. We may share your personal data with any member of our group which means our subsidiaries, our ultimate holding company (FirstGroup plc) and its subsidiaries as defined in section 1159 of the UK Companies Act 2006.
We may share your personal data with the following third-parties who assist us with administering the provision of our services to you:
We may also pass Aggregated Data on the usage of our site (e.g. we might disclose the median ages of visitors to our site, or the numbers of visitors to our site that come from different geographic areas) to third parties but this will not include information that can be used to identify you personally.
If a business transfer or change of business ownership takes place or is envisaged we may transfer your personal data to the new owner (or a prospective new owner). If this happens, you will be informed of this transfer.
This section explains how we keep your personal data safe and where it will be held.
We take your privacy seriously and are committed to maintaining the privacy and security of your personal data, and the choices you have regarding our collection and use of your personal data.
Once we have received your personal data, we follow strict security procedures as to how your personal data is stored and used, and who sees it, to help stop any unauthorised access.
The information that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom (UK). When we transfer and store your personal data outside of the UK we will ensure that it is adequately protected by using appropriate safeguards as further detailed below.
Staff operating outside the UK who work for us, or one of our suppliers, may process the information. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services.
Where your personal data is transferred from the UK to a recipient outside the UK in a country not recognised by the United Kingdom as providing an adequate level of protection for personal data, such transfer shall be covered by a framework recognised by the relevant authorities or courts as providing an adequate level of protection for personal data including but not limited to Standard Contractual Clauses (the agreement in the form annexed to the European Commission's decision of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which can be found here).
Unfortunately, the transmission of your personal data via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us over the internet and you acknowledge that any transmission is at your own risk.
This section explains the length of time that we will retain your personal data.
We will keep your personal data for no longer than is necessary for the purposes for which it was obtained. The criteria for determining the duration for which we will retain your personal data are as follows:
(1) we will retain your personal data in a form that permits identification only for as long as:
plus
(2) the duration of:
and
(3) in addition, if any relevant legal claims are brought, we may continue to process your personal data for such additional periods as are necessary in connection with that claim.
During the periods in paragraphs (2)a and (2)b above, we will restrict our processing of your personal data to the storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim or obligation under applicable law.
After this period your personal data will be anonymised so that you are no longer identified or identifiable from such information, or securely deleted/destroyed.
Any third parties that we engage will keep your data stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any third party providers, we will make sure that they securely delete or return your personal data to us.
This section explains that you have a number of rights in relation to your personal data. There are circumstances in which your rights may not apply. You have the right to request that we:
For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us using the details provided in this section. We will respond to all such requests within the time period required by law. Occasionally it may take us longer than a month if your request is particularly complex, you have made a number of requests or you have not supplied the information we need to respond to you. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
The Website uses cookies. Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. For more information please see our Cookies policy.
If you have any questions or concerns about how we handle your personal data, you can contact us using any one (or more) of the following:
Post: Data Compliance Officer, First Travel Solutions, Unit 5 Petre Court, Petre Road, Clayton Business Park, Clayton Le Moors, Accrington, BB5 5HY
Email: travel.solutions@firstgroup.com
Telephone: 0345 528 0270
We have appointed a Data Protection Officer. They are responsible for our approach to data protection and protecting your privacy. You can contact them at DPO@firstgroup.com.
If you are unsatisfied with our response to any data protection issues you raise with us or our DPO, you have the right to make a complaint to the Information Commissioner's Office (ICO). The ICO is the authority in the UK which is tasked with the protection of personal data and privacy.
Updated: 1st February 2021