Southeastern is committed to protecting and respecting your privacy when you use our services
Valid from 17th October 2021
SE Trains Limited (SET) is committed to protecting and respecting your privacy when you use our services.
- What Personal Data we collect from you when you interact with us, such as when you use our website, apps, visit our stations, contact us or use our services, or Wi-Fi;
- How we collect and use your Personal Data;
- How we keep your Personal Data secure; and
- How you can contact us if you wish to exercise any of your rights in relation to your Personal Data or wish make a complaint or inquiry in respect of our processing of your Personal Data
We are deemed to be a controller, under the Data Protection Laws, in respect of the Personal Data we process. Our details are:
SE Trains Ltd,
Second Floor, 4 More London Riverside, London SE1 2AU
Registered in England company no. 03266762
ICO fee payer number: ZB233679
We may collect and process your Personal Data when you buy tickets; travel on our trains; visit our stations or car parks; use our website, apps or Wi-fi service, respond to a survey or provide feedback; buy a product from us; make a sales enquiry; contact our Customer Relations, enter a competition or sign up to receive updates or marketing.
We collect information such as your contact details, ticket purchases, stations visited (for example for charging the correct fares on smart cards), payment and refund details. We may require additional details for some services, such as your age for age restricted tickets, or health and/or data about your accessibility needs in order to assist you with your travel and/or assist us in planning.. This Personal Data is generally provided by you.
Sometimes we obtain details from third parties, for example if we have taken over a franchise or a complaint is passed to us from another train operator.
Where you use our Key Smartcard, the data we hold includes, title (Mr/Mrs/Ms/Miss etc), first name, and surname, address, telephone number, email address, date of birth. When using the Key our system also records the location, date and time a Key Smartcard was used, as well as details of any tickets held on the card.
We will only use any Personal Data you provide us where permitted by the Data Protection Laws. This depends on how you contact us, use our services, any consents you have provided us , our legitimate interests, or legal obligations we may have.
Relevant Laws and Our Legitimate Interests
We may use your Personal Data in the following ways:
- To provide you with the service - things like carrying out our obligations arising from any contracts such as selling tickets, and making and taking payments. We mostly rely on the legal ground of contractual performance to process your data.
- To provide you with details of our services and information about travelling at your request, or in respect of any tickets you have purchased.
- To respond to any queries or complaint you may have;.
- To provide you with details of promotions and offers which we feel may interest you where you have given us consent for us to send them to you. You have an right to withdraw your consent to receive marketing emails or SMS from us at any time. We may use information like the tickets you buy and stations you use to make communications to you more relevant.
- To run our services and improve them - things like monitoring passenger numbers and popular stations, improving technology to help plan journeys, running our services safely and being a good employer.
- To comply with our legal obligations to customers, other passengers and employees as well as legal obligations imposed on us by , Public Sector Contracts, the Department for Transport and Regulators.
- To run interoperable services, which allows you to use a ticket on a train and the tube or use a rail Discount card. In the Rail Industry this is overseen by the Rail Delivery Group.
- To ensure the safety and security of you, other passengers, employees and other individuals..
- To prevent fraud and crime.
- To run competitions and other promotions.
We will only share or disclose your Personal Data as set out in this Policy or in accordance with the Data Protection Laws. We will only use third parties to process your Personal Data where we are satisfied that they are fully compliant with the standards mandated by the Data Protection Laws, and other information security obligations we are required to comply with, so that they are able to keep your Personal Data secure. We may use, share or disclose your Personal Data for the following reasons:
- We use processors to provide or assist with some of our services. Where we do so, they are subject to strict contractual terms requiring them to keep your Personal Data secure.
- To run interoperable services- this includes use of some shared systems and processors, by the rail industry generally and overseen by the Rail Delivery Group.
- To respond to your complaints or administer requests you have made, either to us or another regulatory body such as the Department for Transport; Passenger Focus; the Rail Ombudsman, or other train operating companies;
- To comply with requests from the police or other law enforcement agencies for the purposes of crime prevention or detection. These are dealt with on a case-by-case basis, to ensure that any disclosure is lawful;
- To comply with other legal obligations, including for example, ensuring the safety of our passengers and employees, ensuring that we do not discriminate against any individuals when providing our services, for fraud or crime prevention purposes or in respect of other regulatory obligations imposed on us;
- To protect our legitimate business interests, for example, for fraud prevention or revenue protection;
- Where required as a result of the sale, merger, or acquisition or transfer of business assets. As the Railway Industry is run on a system of agreements with the DfT for the provision of passenger railway services , we are required to transfer our customer data to any successor train operator, or the Secretary of State, this is so that they can take over and continue the running of the railway service. In respect of any Personal Data provided to us for marketing purposes only, this may be shared with the Department for Transport and/or any successor train operator of Southeastern rail franchise in order that they may contact you for marketing purposes in the event that we cease to operate the Southeastern franchise, where you have consented to receive such communications
- If you have agreed to receive information for competition, promotion, survey or research purposes, we may share your contact details with a limited number of parties, but only for the reasons you have agreed to in the terms and conditions of the for competition, promotion, survey or research; We have a policy in place for one off sharing of data, such as a request from an insurance company.
- If you are under 18, we may share your Personal Data with your parents or the persons with parental responsibility. We may also share your Personal Data with your school if you seek to claim a student pass to confirm your eligibility or where you enter into a competition run by us in conjunction with your school.
You can find out more below about the Personal Data we collect and how we use, share or disclose it.
4.1 Collection from London & South Eastern Railway Limited
We (SE Trains Limited) have taken over the Southeastern rail franchise from London & South Eastern Railway Limited (LSER). This means that your Personal Data will have been lawfully provided to us by LSER if you were a their customer and/or if you have provided consent to receive marketing communications from them.
4.2 Website visits and purchases
This section shows the Personal Data we collect when you use our website. Before providing us with your details, please read the following important information regarding:
- Collection of visitor information
- Financial Information
Collection of visitor information
The details you provide about yourself and any other information which identifies you (‘Personal Data”) is held by us for operational purposes, for example customer registration or processing payments. We may also use your Personal Data to personalise your experience on this website (the "Site") by informing you of new products or services that we may think are of interest to you.
We gather general information about users, for example, what services users access the most and which areas of the Site are most frequently visited. Such information is used in the aggregate to help us to understand how the Site is used. We gather this information so that we can continue to improve and develop our services to benefit of our users. We may make this aggregated information available to users of the site and also to auditors. These statistics are anonymous and contain no Personal Data and cannot be used to gather such information.
When you register with us to set up a travel alert, enter a competition, or buy a ticket, we ask for your Personal Data such as your name, contact details, and other details. Once you register with us and accept our Terms & Conditions, you are not anonymous to us. We may use any Personal Data that you provide to alert you to our own products and services. We may contact you regarding Site changes or changes to the products or services that you use.
If you buy a ticket online with us, we will record your personal details and send you a confirmation email. Your Personal Data will be used principally to communicate with you with reference to your request.
You may opt-in to receive newsletters, exclusive discounts, special offers and other marketing emails from us. You may unsubscribe at any time by logging in to your account and updating your preferences. Please note changes to your subscription preferences can take up to 14 days to take effect.
Alternatively, you can write to our Customer Relations Team at:
Southeastern Customer Services
PO Box 8625
For your convenience, our website and apps may contain links to sites owned and operated by third parties. They have their own privacy policies, and we urge you to review them before browsing those sites. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.
In order to increase security, we ask you to input a password when you register as a user of the site. Please keep this password secret. We cannot accept liability for any damages arising from your failure to keep your password secret.
We encrypt your financial information using SSL (Secure Sockets Layer) technology so that no one else can access your credit card details as they travel through the Internet. SSL is certified by Verisign and is recognised as a secure way to pay on-line. As you may be aware, no data transmission over the Internet can be entirely secure. We will always use reasonable endeavours to protect any Personal Data you provide to us, but we cannot guarantee the security of any Personal Data you provide us, prior to our receipt, and accordingly, any transfer of your Personal Data to us (e.g. email) is done at your own risk. If you have any questions about paying for your ticket through the Site, please contact Customer Relations.
4.3 Customer Relations Data
We collect your Personal Data, including your comments when you contact us by letter, email, web form or phone or social media.
Personal details we hold
We may hold your name, address, email address, phone number, social media name, ticket details, our correspondence with you, the compensation claims you have made and payment made by us, proof of journey or other supporting information you may provide.
To ensure that we carry have an accurate record of dealings between us (and for training purposes) we may, in certain circumstances, record or monitor telephone calls, however you will always be told when this happens.
How we use your Personal Data
Your Personal Data is used for administration of correspondence or processing claims you have made, such as delay repay as well as for fraud prevention purposes. We also use it to respond to complaints.
Sharing data with third parties
We are required to provide details of your complaint to another Train Operating Company if it relates to their services instead of ours. We may share your correspondence with Transport Focus (formerly Passenger Focus) or London Travel Watch or the Rail Ombudsman, if you have asked them to act on your behalf under a complaint handling procedure.
We may also share your Personal Data with other Train Operating Companies for the purpose of fraud prevention. We will only do this where there is a formal data sharing agreement is in place, or where an ad hoc request is received this will be dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Laws. We may also share your Personal Data with law enforcement bodies on an ad-hoc basis where necessary for the prevention of fraud or crime.
4.4 Ticket Office Purchases Personal details we hold
When you buy a season ticket valid for one month or more, we keep a record of this on a database. We keep the following details:
- Name, address and photo card number;
- Phone number and email if you provide them;
- The origin, destination and start and end date of season tickets you have purchased, along with any duplicate, replacement or refund of these; and
- The method of payment used, but not any payment card details.
How we use your Personal Data
We use this Personal Data for contractual obligations, Customer Relations and administration, customer research, marketing and fraud prevention.
We will only send you information about offers and promotions if you chose to receive it and you can change your marketing preferences at any time. We will not share your Personal Data to any other organisation other than any Successor operator or Secretary of State for Transport) for marketing purposes without your prior consent.
Sharing data with third parties
If you have agreed to receive information for survey or research purposes, we may share your contact details with a limited number of parties, but only for the reasons you have agreed to. We may also share data in order to provide joint services or tickets.
4.5 Revenue Protection and Penalty Fares
Personal details we hold
We may collect a range of personal details during the course of revenue protection activity. This may include name, address, data of birth, proof of ID such as, journey details, payment details, physical descriptions and other information you provide to support an appeal.
How we use your Personal Data
We may use any Personal Data you provide, where necessary for the administration of the Penalty Fares scheme, revenue protection, collection of unpaid fares, fraud prevention and the prosecution of travel offences.
Sharing data with third parties
We may share your correspondence with:
- British Transport Police under a data sharing agreement to prevent and detect crime.
- Penalty Services Limited if you appeal a Penalty Notice issued to you.
- Transport Focus, London Travelwatch or the Rail Ombudsman if you have asked them to act on your behalf under a complaint handling procedure. Requests from ombudsmen are dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Laws.
- We may also share Personal Data with other Train Operating Companies for the purpose of fraud prevention, to operate joint services or under National Rail Conditions. We will only do this where there is a formal data sharing agreement is in place, or where an ad hoc request is received this will be dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Laws.
4.6 Customer Help and Information Points
On our stations, we maintain Customer Help and Information Points and calls are linked directly to our Control Centre or to National Rail Enquiries. Calls are recorded and monitored, but no advance notice is given as this could result in a delay in providing assistance.
Camera systems we operate
Our CCTV is used to capture, record and monitor images of what takes place at our stations and car parks and on our trains, in real time. In limited circumstances, we use body worn cameras which make audio visual recordings.
Depending on the type of camera, images are recorded on video tape (analogue) or as digital information. Cameras can be fixed or set to scan an area. In some circumstances, they can be operated remotely by controllers.
Why we operate CCTV cameras
We operate CCTV for the following purposes:
- Health and safety of employees, passengers and other members of the public;
- Crowd management; and
- Prevention and detection of crime and anti-social behaviour.
We operate cameras at the stations and car parks we manage and on some of the trains that we run.
Network Rail operates CCTV cameras at Blackfriars, Ebbsfleet International, Cannon Street, Charing Cross, London Bridge, St Pancras, Stratford International, Victoria, Waterloo East. Network Rail is the controller of any CCTV footage recorded at those stations, and they will be processing that footage in accordance with their privacy notice. We will not normally have access to their CCTV footage, so if you need to see images of yourself recorded by a CCTV camera at one of these stations, you will need to contact Network Rail.
Length of time CCTV footage is kept
- CCTV footage at stations is generally held for a maximum of 28 days from the time of the recording.
- CCTV footage on trains can vary depending on the type of train and the line of route. CCTV on our high speed trains is held for up to 5 days, and on our other trains is held between 5 days and a maximum of 28 days from the time of recording.
We may retain footage for longer if the footage is required for an investigation or any subsequent court proceedings. In these situations, the footage will be retained for a period of up to 6 years from the conclusion of the investigation or court proceedings.
Disclosing Personal Data to the police
At our discretion, we may disclose Personal Data in response to valid requests from the police and other statutory law enforcement agencies.
Before we authorise any disclosure, we will require the Police or other law enforcement body to either:
- set out any legal power they have to compel us to disclose the requested information; or
- demonstrate that the disclosure is necessary i.e. that any refusal to provide them with the requested Personal Data would prejudice them in the course of their statutory law enforcement duties, i.e. the prevention or detection of a specific crime, or the apprehension or prosecution of an offender(s).
Requests from the police are dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Laws.
We may also share your Personal Data with the police or other emergency services where it is a matter of life or death, and where you are unable to either give your consent to, or object to such disclosure.
Sharing CCTV footage with other third parties
Some of our CCTV infrastructure is shared with the British Transport Police under a data sharing agreement.
In certain agreed circumstances, they may take control of a limited number of cameras and use them for activities such as the prevention and detection of crime and anti-social behaviour, policing major events and crowd control. We are not responsible for the CCTV when it is in the control of a third party.
We may also disclose Personal Data to third parties, if required to by law or it is necessary for a legitimate purpose such as defending or bringing legal action.We are legally permitted, under the Data Protection Laws to do this where the request is supported by:
- Evidence of the relevant legislation;
- A court order; or
- Satisfactory evidence and assurances of a legitimate interest.
Legitimate interest may include a request to assist in defending or making a legal claim, for example from insurers following a vehicle collision in a car park. When we are not required to provide CCTV, we will take into account the circumstances and any potential harm to individuals, we will also charge an administration fee and seek indemnity for any use beyond which it is requested.
CCTV on replacement buses
We use a number of companies to provide replacement buses during disruption or planned engineering. Any CCTV on these buses is the responsibility of the company that runs that particular service.
If you require access to images of yourself recorded by a CCTV camera inside a replacement bus, you should contact the company that operates the service. You can find this information from signage displayed inside each vehicle.
External guidelines and best practice
We operate our CCTV systems in compliance with the CCTV Code of Practice issued by the Information Commissioner’s Office in 2014. The Code describes best practice standards which should be followed by organisations operating devices which view or record images of individuals. It also covers other information derived from those images that relates to individuals (for example vehicle registration marks).
Any Personal Data that we process will only be stored in the United Kingdom or in a country deemed by the United Kingdom to have adequate Data Protection Laws.
However, if we, or a processor, wishes to process any Personal Data on our behalf in a country not deemed to have adequate Data Protection Laws, we will ensure that the recipients in that country will be required to implement such measures as are required by the UK’s Data Protection Laws to ensure that such processing in that country is lawful.
For further information about any such transfers to such countries, and/or the mechanisms used to ensure that such processing activities are lawful please contact our Data Protection Officer.
You are legally entitled to make requests to exercise your following rights over your Personal Data, as set out below.
We aim to respond to your request without undue delay and, normally within one month of receipt of either your request, or where we require it, satisfactory proof of identity. Where your request is complex, we are entitled to extend the deadline by a further 2 months. If this is the case, we will let you know within one month and the reasons why we are extending the deadline.
If we require additional information to allow us to comply with your request, we will contact you, but the deadline for responding to your request will be extended until we receive that information.
Some of the following rights may not apply where your Personal Data is being processed for certain purposes. If this is the case, we will set out the reasons why your request does not apply to this information.
To make a such a request, please contact our Data Protection Officer at firstname.lastname@example.org.
It is possible that you may receive a pre-scheduled communication whilst your request is being processed as this can take several days.
Request access to your Personal Data
You are entitled to request a copy of the Personal Data we hold about you.
You can download and send this Subject Rights Request form which will help us deal with your request more efficiently.
Please let us know if you want to receive the information electronically.
Sometimes we may hold Personal Data that is exempt from our duty to provide you with a copy, for example, where the disclosure of that information would prejudice a police investigation or if the Personal Data contains someone else’s Personal Data. Where possible, we will explain the reasons why we are unable to provide you with such information when we respond to your request.
In most cases we provide the copy of your data to you for free. If we consider that a charge is reasonable, we will contact you before proceeding with your request with the expected fee, and will not proceed with your request until this fee is paid.
Rectification / restriction
If you believe the information we hold about you is inaccurate or incomplete you can contact us and ask us to correct it. You may also request any data processing we are carrying out on your data is halted whilst a request for rectification or objection or a dispute over the lawfulness of processing is being considered. We may request evidence that the information we hold is incorrect, and/or the correct information.
Deletion – right to be forgotten
You can request deletion or removal of Personal Data in some circumstances, such as when there is no compelling reason for its continued processing.
We will confirm whether/what Personal Data we have deleted and/or explaining why we don’t agree that some data is exempt from your right to be forgotten.
Withdrawal of consent
If we relied on consent as the ground for processing your Personal Data, you can withdraw this consent at any time. It does not affect any processing carried out beforehand. You can withdraw consent by contacting Customer Relations, or our Data Protection Officer.
Where you have consented to receive direct marketing communications, you can withdraw your agreement at any time by updating your preference centre or clicking on the appropriate link in the communication or contacting us as above. We will comply with your request without undue delay and within one month.
You also have a right to request that no further processing takes place in relation to some grounds of processing, such as for direct marketing.
Object to receive direct marketing
To prevent marketing to you, you have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you before collecting your information if we intend to use or disclose it for such purposes. If you do not want us to use your information for marketing purposes either:
- Indicate this by NOT ticking the box to be sent marketing emails (or offers)
- If you have an account with us, by logging in and changing your contact preferences;
- Click the unsubscribe link on direct marketing emails or
- Or contact us
Where you have provided us with Personal Data and the reasons we are processing it are based on consent or our contract with you, and our processing of that information is automated, you have a right to ask for that information be provided to you or a third party in a structured, commonly used and machine-readable format. The right may be restricted if it is not practical for us to provide the information in this way or it adversely the rights of others.
If you have registered a Key Card then you will be able to access your journey information by logging on to your account.
Information about profiling and automated decision making
If you have signed up to receive marketing communications from us, we will use information such as the type of tickets you buy or the stations you use, to send communications which are more relevant to you. We will try and make the communications compatible with the device you are using.
We may analyse your Personal Data to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
If you are not happy with the way in which we have processed your Personal Data or have dealt with any request you have made in respect of your Personal Data, then please let us know. Our Data Protection Officer is the first point of contact for dealing with Requests and complaints relating to our processing of your Personal Data , and he is assisted by our Customer Relations department.
If you are not satisfied with our response you can complain to the ICO. Their contact details are:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Visit the Information Commissioner's website
You also have the right to seek a judicial remedy in respect of any failure of ours to comply with your request.
We generally retain Personal Data for around 6 months after the legal limitation periods in which claims can be brought (usually 6 years) or to comply with other statutory regulatory retention periods or to evidence our compliance with legal obligations imposed on us.
We may also retain Personal Data for longer if there is a specific need for it to be retained.
As we are wholly owned by the state, we are subject to the Freedom of Information Act. If you wish to access to any information (other than your Personal Data), that we hold, please contact our Data Protection Officer at email@example.com.
We will normally respond to your request within 20 working days of receipt of your request, but where some of the requested information falls under an exemption that involves a public interest test, we may extend the deadline by a further 20 working days.
For further information about the Freedom of Information Act, please see the ICO website.
If you have any questions or concerns about how we process your Personal Data, please can contact our Data Protection Officer, at firstname.lastname@example.org.
The registered office for SE Trains Ltd is Albany House, Floor 8, 94-98 Petty France, London, England, SW1H 9EA.
If you want to complain about how we use your Personal Data, you can contact the Information Commissioner’s Officer. You can find out more information about them by visiting the Information Commissioner's Office website.