Privacy and Cookie Statement
We deem careful handling of personal data very important, and we are committed to making our practices regarding collection and processing of personal data fair and transparent.
Under the General Data Processing Regulation (GDPR) and Dutch Data Privacy legislation personal data is considered any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
This policy describes our practices regarding:
a) Data Collection
b) Data Use
c) Data Location and Retention
d) Data Sharing
e) Cookies and Tracking Technologies
g) Data Security
h) Data Subject Rights
i) Additional Information
a) Data Collection
We collect and control various types of personal data of our Customers and visitors to our Sites. Such data is collected and generated through your interaction with us or our Services and can be directly from you or through our Partners.
We collect the following categories of personal data (to the extent that it relates to an identified or identifiable individual):
Data automatically collected or generated
Data provided directly by you
When you contact us, sign up for an account, or purchase a train pass or book reservations via our website, we will ask you to provide some personal data to us to create an account to fulfil your request and or/order. This would typically include your first and last name, email address, gender, address details, nationality, preferred language, date of birth, passport number (for international travellers), account login detail (username and password), as well as any other data you choose to provide when you use our Services, contact us, or when you connect other accounts such as Facebook or other social media accounts. If you choose to connect other accounts, you share data such as your name, email address, image, location, and other details available on your public profile.
You may also choose to send us support requests, or provide us with feedback, reviews or responses to our surveys and/or promotions, including submitting online forms or on social media channels, by posting on any of our online public forums or communities, by sending an email to any of our designated addresses, or any other form of communication. Such data may include details on an issue you are experiencing, contact information and other documentation, screen recordings, screen shots etc.
If you provide Personal Data of another person for the purposes of purchasing a pass with multiple travellers, you shall ensure that (i) this person has been duly informed that Eurail has the right to process such Personal Data as set out in this Privacy Statement, and has been provided with the present Privacy Statement, (ii) such Personal Data is collected and supplied in accordance with applicable legislation and without infringing such person's or any third party’s rights and (iii) you have obtained his or her prior consent where needed.
Data from our Partners
Our partners who sell our rail passes such as rail carriers and distributors (detailed further in section d) will provide us with your personal data for us to create an account and process your request for using our Service.
Data received from other third parties
We may receive data which relates to you from other sources such as if you participate in promotions or events that we sponsor or participate in, we may receive your personal data from its organisers.
Data obtained through analytics tools
We use analytics tools such as Google Analytics, Hotjar and Pisano to collect data about the us of our Sites and/or Service such as which pages are visited, when they are visited, which ad or email or webpage brought you to our website, how they interact with and use our Service and Site pages and various features etc. This is strictly collected based on consent by opting in for our marketing cookies in the Cookie banner on our site. Refer for more information to section e.
b) Data Use
We process your personal data in accordance with the requirements for the processing of personal data laid down in relevant privacy legislation.
We use personal data as necessary for the performance of our Service as stated in our Conditions of Use, to comply with our legal and contractual obligations, and to support our legitimate interests in maintaining and improving our Sites and Service.
Specifically, we process your personal data for the following purposes:
- To facilitate and provide our Services;
- To authenticate the identity of our Customers and allow them to access our Service;
- To provide our visitors and customers with assistance and customer support;
- To improve customer experience and continue improving our products and overall performance of our Service by gaining better understanding of how visitors and customers use and interact with our Sites;
- To facilitate and optimise our marketing campaigns, ad management and sales operations, as well to manage and deliver advertisements for our products and services more effectively including on other websites such as Facebook, Instagram, and Google. This includes interests-based advertising based on Site activity, preferences and other data available to us through third parties or Partners;
- To facilitate, sponsor and offer certain promotional events or contests;
- To publish your feedback and reviews on our Sites, public forums and/or blogs;
- To support and improve our data security measures, including the purposes of preventing and mitigating risks of fraud, error or other illegal or prohibited activity;
- To explore and pursue growth opportunities through partnerships with carriers, distributors, institutions and other business partners and providers related to our Service (detailed also in Section d)
- To create aggregated statistical data, inferred non-personal data or data rendered non-personal through anonymization which we or our Partners may use to provide and improve our Service or for other business purposes; and
- To comply with applicable laws and regulations.
Additionally, consent can be provided during the account creation whereby we can contact you to keep you up to date about our commercial developments and personalized offers, via our newsletter. Refer to section f. Communications, Promotional Communications, for more information.
c) Data Location and Retention
We store your data in multiple locations and for as long as necessary in accordance with our reasonable business needs as necessary for the performance of our Service or for exercising our legitimate interest, as well as in accordance with our legal obligation.
Eurail B.V. is headquartered in the Netherlands which is included in the European Union and therefore required to offer an adequate level of protection for personal data of EU member state residents. Data is stored and transferred within the EEA for these purposes. If data is transferred to non-EEA countries such as the United Kingdom, standard contractual clauses apply as approved by the European Commission.
We may retain your personal data for as long as it is reasonably needed in order to maintain our relationship with you and provide you with our Service; to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes such as laws applicable to log-keeping, records and bookkeeping, and to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use. This is done in accordance with our data retention policy and at our reasonable discretion.
d) Data Sharing
We share your data with our Partners, Service providers or other relevant third parties in accordance with legal requirements.
We can provide your personal data to third parties for the following reasons:
- We have engaged them for supporting us to provide our Service
- This is required for performance of an agreement we concluded with you;
- We have legitimate interests to do so;
- We are legally obliged to do so (for example if the police or official authority provides an official written request for information on suspicion of a criminal offense)
The following third parties can process your personal data:
- Our IT suppliers;
- Postal and courier services;
- Payment service providers;
- Railway providers (click to see an overview)
- Governmental institutions (i.e. tax authorities and police)
- Our cookie suppliers (please see section e. below).
This statement does not apply to third-party websites that are linked to our website. We cannot guarantee that such third parties handle your personal data carefully and securely. We recommend that you read the privacy statements of their websites before you make use of the websites.
e) Cookies and Tracking Technologies
Cookies are small information files that can be automatically stored on or read out from the device (including a PC, tablet or smartphone) of the website visitor, while visiting a website. This is done through the web browser on the device. The information that can be transmitted by a cookie, over the use of our website, can be transferred to the own secured servers of Eurail or to the servers of a third party.
These cookies are technical and/or functional and helps us to secure and manage the performance and functionality of our Service and Sites;
These cookies is to generate overall statistics and gain insight into the use of our Service and Sites by you every time your visit us, in order to optimise our website and services. Your browser will tell us if you have these Cookies and whether you allow new Cookies to be placed, we will then generate and place new ones to allow us to analyse your use of our Service;
Marketing and Advertising Cookies
Google Analytics is used for analytical and tracking cookies for the purpose of creating statistics regarding traffic and uses of the various components of our Sites, to create studies to improve our Services and Site. If users do not wish for Google Analytics to collect or use their information, they can opt out here: Google Opt-Out.
Third-party Integration Cookies
“Do Not Track” requests
Some web browsers can send a “Do Not Track” request to websites telling them not to follow its online movements, because of differences in how web browsers interpret this feature, there is a lack of standardization and its not always clear whether visitors and Customers intent for these signals to be transmitted or whether they are aware of them at all. Therefore, as many other reputable websites and online platforms, we do not change our practices in response to a “Do Not Track” request from your browser or mobile application. However, your browser allows you to control cookies, including whether to accept them and how to remove them. You can also set most browsers to notify you if you receive a cookie, or to block or remove cookies altogether, this is detailed for you below.
Disabling of cookies
You can prevent the placement of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling some functionality and certain features of this website. Therefore, it is recommended not to disable cookies.
Removal of cookies
Most cookies have an expiration date. This means, that they will automatically expire after a certain period and no longer register any data concerning your visit of the website. Another option is to remove the cookies manually before the expiration data. To do this, consult the instruction manual of your browser.
We engage in service and promotional communication through e-mail, phone, SMS and mobile app notifications.
We may contact you with important information regarding our Service. For example, we may send you notifications (through any means available to us) of changes or updates to our Service, issues, changes, password reset notices etc. You can control your communications and notifications settings in your profile settings. However, please note that you will not be able to opt-out of certain service communications which are required for the performance of the contract we have with you, legally required or to your use of our Sites.
We may also notify you about new features, additional offerings, event and special opportunities or any other information we think you will find valuable. We provide you with opt-in options, and if you consent thereto, we may provide such notices through any of the contact means available to us as provided by you. We may also, if you have consented thereto, use your email address to show advertisements from Eurail on the social media channels where you are active, such as Facebook, YouTube, Pinterest and Instagram. If you do not wish to receive such promotional communications, change your communications preferences in your profile on the website, or each communication by e-mail will include an option to unsubscribe.
g) Data Security
We implement and monitor security measures in place to protect your personal data.
We will never request you to provide your personal information over the phone or via social media and we will only contact you via the registered email address on your account. If you are unsure, please contact us via our Customer service contact form.
We secure your data using industry standards and best practices for physical, procedural and technical measures including:
- Logical access control with complex passwords and identity authentication systems;
- Employee awareness and training;
- Data encryption;
- Automatic logging of actions relating to personal data;
- Least privilege access restrictions;
- User access and rights monitoring.
Please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any personal data stored with us or with any third parties as detailed in section d.
h) Data Subject Rights
As an individual you have rights concerning your personal data. For all such personal data that we process as a Data Controller and detailed in section a, you may exercise your rights by contacting us.
If you have provided personal data via any of our Sites, you can send us a request for insight, inspection, rectification, restriction, modification, data portability or deletion of your personal data. You can send this request to email@example.com or via our Customer Service contact form.
To prevent abuse, we ask that your request be sent from the same email address to which your account with us is registered so that we may validate your identity. We may ask you to provide further proof of your identity if necessary to correctly identify you in our systems.
Such additional data of requests and/or identify validation will be retained by us for legal purposes i.e., as proof of the identity of the person who submitted the request.
Delete my account
For requests on deletion of your account or personal data, we remove your personal data and your account from our systems in accordance with privacy regulations. This means you will no longer have access to your account history and travel details, and you will need to create a new account for any new travel products that you wish to purchase in the future.
- We remove your data from our systems within 30 days from the date which your request is received, if you receive any emails or content during this period this is due to the complexity of removing your data within the 30 days and we kindly ask your patience during this time.
- If there are legal grounds preventing us from processing your request, we will notify you in a response email as soon as possible where your request cannot be processed.
- We will provide you with confirmation once your account deletion has been processed, after which you will no longer have access to your account, and you will receive no further communication.
i) Additional Information
Security of minors
Persons under the age of 18 may use our website only under the supervision of their parents or legal representatives. We do not knowingly collect personal data from children. If we learn that a minor is using our Service without representation, we will attempt to block such use and make our best efforts to promptly delete any personal data stored with us with regard to the child.
National supervisory authority
If you are a GDPR-protected individual, if you have any complaints about the processing of your personal data, based on privacy legislation, you have the right to lodge a complaint with the national supervisory authority responsible for the protection of personal data against our processing of your personal data. For the Netherlands, this is the “Autoriteit Persoonsgegevens”, which you can contact here.
Eurail B.V. has a DPO appointed for monitoring and advising on ongoing privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities. If you have any questions about your privacy or about this privacy and cookie statement, you can send an email to firstname.lastname@example.org.
For questions on your account, purchases, our services or technical issues, please contact customer service via the contact form.
Changes to this privacy and cookie statement
We reserve the right to update this statement as required. Changes will be published on our website and previous versions will continue to be available on request. We recommend that you check this statement regularly, so that you are informed of any changes.
Changes published in version 2.1:
Section a. Data collection
i. Updates in wording to provide clarity on what is collected and how you can expect to be contacted for security purposes
Section e. Cookies and tracking technologies
i. We have included a link to Google Opt out for easy access should you wish to revoke your consent to Google Analytics
Section h. Data subjects rights
i. We have provided more detailed information on our deletion process
Section i. Additional information
i. We have updated the contact details for our customer service team.
Change of currency
You cannot change the currency once you have a Pass in your cart. Remove the Pass, and then change the currency on the website header.