Introduction and consent
London Midland is committed to protecting and respecting your privacy when you use our services.
- What personal data we collect from you when you use our website, apps, visit our stations, contact us or use our services;
- How we will collect and use that information;
- How we keep information secure; and
- How you can contact us if you wish to exercise any of your rights in relation to the information.
- By providing us with your information you consent to our use of it in the manner set out in this policy.
- Information we may collect from you
- How we use your information
- Sharing or disclosure of your information
- Types of information we collect
- Website visits and purchases
- Ticket office purchases
- Revenue Protection and Penalty Fares
- Customer Relations database
- Station Help and Assistance Information Points
- Where we store your personal information
- Information Security
- Your rights
For the purposes of the Data Protection Act 1998, the data controller is:
London and Birmingham Railway Ltd (trading as London Midland)
102 New Street,
Our nominated Data Protection Officer is:
Data Protection Officer
102 New Street,
More information about the Data Protection Act can be found on the Information Commissioners Website
We may collect and process information about you when you: travel on our services; visit our stations or car parks; use our website; buy a product from us or make a sales enquiry; contact Customer Relations or enter a competition.
We will only use the information you provide as permitted by the Data Protection Act. Depending on how you contact us, use our services, the consent you have given, or legal obligations we may have, this will include:
- To provide you with details of our services, information, newsletters, and details of promotions and offers which we feel may interest you;
- To notify you about our services and changes to these;
- To make and receive any payments necessary between us;
- To carry out our obligations arising from any contracts entered into between you and us;
- For customer service, administration and customer research,
- For your safety and security.
- For fraud and crime prevention.
- To inform you if you have won a competition you have entered.
We will only share or disclose your information as set out in this Policy or where permitted by the Data Protection Act and will obtain your consent where we are required to do so. We will only use third parties to process information where we are satisfied that they comply with these standards. We may share or disclose information for the following reasons:
We will share the information with our service providers where it is necessary for us to do so in order to fulfil a contract between us or to respond to requests for marketing and/or information from you;
- To respond to your complaints or administer requests you have made, either to us or another regulatory body such as the Department for Transport; Passenger Focus, or other train operating companies;
- To process payment card transactions;
- To comply with requests from the police or other law enforcement agencies for the purposes of crime prevention or detection. These are dealt with on a case-by-case basis, under an overall Information Sharing Protocol, to ensure that any disclosure is lawful;
- To comply with other legal obligations for example, relating to crime and taxation purposes or regulatory activity;
- To protect our legitimate business interests, for example, for fraud prevention or revenue protection; and
- Where required as a result of the sale, merger, or acquisition of business assets.
- If you have agreed to receive information for competition, promotion, survey or research purposes, we may share your contact details with a limited number of parties, but only for the reasons you have agreed to in the terms and conditions of the purpose.
- Where you have consented, to share with other members of the Go-Ahead Group PLC (registered in England, company number 02100855) (“Go Ahead”), of which we are a member, in order to respond to queries, complaints or a request for information from you, or where Go-Ahead has any services, promotions and offers which we feel may interest you. Details of other members of Go-Ahead can be found here
- In respect of information provided to us for marketing purposes only, to the Department for Transport and/or any successor operator of the rail franchise in order that they may contact you for marketing purposes in the event that we cease to operate this rail franchise.
- You can find out more below about the information we collect and how we use, share or disclose it.
Camera systems we operate
Our CCTV is used to capture, record and monitor images of what takes place at our stations and car parks and on our trains, in real time. In limited circumstances we use body worn cameras which make audio visual recordings.
Depending on the type of camera, images are recorded on video tape (analogue) or as digital information. Cameras can be fixed or set to scan an area. In some circumstances they can be operated remotely by controllers.
Why we operate CCTV cameras
We operate CCTV for the following purposes:
- Health and safety of employees, passengers and other members of the public;
- Crowd management; and
- Prevention and detection of crime and anti-social behaviour.
We operate cameras at the stations and car parks we manage and on some of the trains that we run. Network Rail and other Train Operating Companies operate the cameras at some stations that our services stop at. These are shown below:
London Euston, Birmingham New Street, Liverpool Lime Street
Stoke-on-Trent, Runcorn, Coventry, Wolverhampton, Stafford, Birmingham International, Crewe, Rugby
Leamington Spa, Warwick, Warwick Parkway, Birmingham Moor Street, Solihull, Dorridge
East Midland Trains
First Great Western
Bushey, Wembley Central
Harrow and Wealdstone
Length of time CCTV footage is kept
CCTV footage at stations and on train is generally held for a maximum of 31 days from the time of recording.
How to access your CCTV personal data
You can request copies of images or footage of yourself by making a subject access request. The Subject Access Request section on this site explains the information you will need to provide and the charge we make.
Disclosing personal data to the police
At our discretion, we may disclose personal data in response to valid requests from the police and other statutory law enforcement agencies.
Before we authorise any disclosure, the police have to demonstrate that the personal data is necessary to assist them in the prevention or detection of a specific crime, or in the apprehension or prosecution of an offender.
Requests from the police are dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Act.
Sharing CCTV footage with other third parties
Some of our CCTV infrastructure is shared with the British Transport Police under a data sharing agreement.
In certain agreed circumstances, they may take control of a limited number of cameras and use them for activities such as the prevention and detection of crime and anti-social behaviour, policing major events and crowd control. London Midland is not responsible for the CCTV when it is in the control of a third party.
We may also disclose personal data to third parties, if required to by law. The Data Protection Act allows us to do this where the request is supported by:
- evidence of the relevant legislation; or
- a court order.
We have a data sharing agreement in place with Arena Coventry Limited which allows them live access to our CCTV systems at Ricoh Station. This is for the purpose of crowd management and per this agreement we act as joint data controllers for this data.
CCTV on replacement buses
London Midland uses a number of companies to provide replacement buses during disruption or planned engineering. Any CCTV on these buses is the responsibility of the company that runs that particular service.
If you require access to images of yourself recorded by a CCTV camera inside a replacement bus, you should contact the company that operates the service. You can find this information from signage displayed inside each vehicle.
External guidelines and best practice
London Midland operates its CCTV systems in compliance with the CCTV Code of Practice issued by the Information Commissioner’s Office in 2014. The Code describes best practice standards which should be followed by organisations operating devices which view or record images of individuals. It also covers other information derived from those images that relates to individuals (for example vehicle registration marks).
This section shows the information we collect when you use our website. Before providing us with your details, please read the following important information regarding:
- Collection of visitor information;
- Cookies; and
- Session Cookies.
By using the London Midland website and its services, you consent to the collection and use of the information for the purposes set out below.
Collection of visitor information
We will only use the information that we collect about you lawfully, in accordance with the Data Protection Act 1998.
The details you provide about yourself and any other information which identifies you (‘Personal Information’) is held by London Midland on this website (the "Site") for operational purposes, for example member registration or processing payments. We may also use your Personal Information to personalise your experience on the Site by informing you of new products or services that we may think are of interest to you.
London Midland gathers general information about users, for example, what services users access the most and which areas of the London Midland site are most frequently visited. Such data is used in the aggregate to help us to understand how the London Midland site is used. We gather this information so that we can continue to improve and develop our services to benefit of our users. We may make this aggregated information available to users of the London Midland site and also to auditors. These statistics are anonymous and contain no personal information and cannot be used to gather such information.
When you register with London Midland, set up a travel alert, enter a competition, or buy a ticket, we ask for personal information such as your name, contact details, and other details. Once you register with London Midland and accept our Terms & Conditions, you are not anonymous to us. We may use information that you provide to alert you to our own products and services. We may contact you regarding site changes or changes to the London Midland products or services that you use.
If you buy a ticket online with London Midland, we will record your personal details and send you a confirmation email. Your personal data will be used principally to communicate with you with reference to your request.
You may opt-in to receive newsletters, exclusive discounts, special offers and other marketing emails from London Midland. You may unsubscribe at any time by logging in to your account and updating your preferences. Please note changes to your subscription preferences can take up to 14 days to take effect.
Alternatively write to Customer Relations Team, London Midland, PO Box 4323, Birmingham, B2 4JB, or telephone us on 0344 811 0133 (or 0121 634 2040 from a mobile).
A cookie is a small piece of information that is sent to your browser when you access a website.
There are two kinds of cookies. A session cookie is a line of text that is stored temporarily in your computer's memory. Session cookies used by the London Midland website are destroyed no more than one hour after you close your browser.
A persistent cookie is a more permanent line of text that gets saved by your browser to a file on your hard drive.
On those pages where the London Midland website uses "session cookies" to facilitate your use of this site, we do not collect personal information about you and the cookie will be destroyed no more than one hour after you close your browser. This kind of cookie helps you use the London Midland website interactively.
With most Internet browsers you can configure your browser so that it refuses new cookies, prompts you to accept cookies or disables cookies altogether. Exactly how this is done is dependent on the browser you use.
Access to our database containing personal information on registered users of the site is restricted. In order to increase security we ask you to input a password when you register as a user of the site. Please keep this password secret. In addition, we encrypt your financial information using SSL (Secure Sockets Layer) technology so that no one else can access your credit card details as they travel through the Internet. SSL is certified by Verisign and is recognised as a secure way to pay on-line. As you may be aware, no data transmission over the Internet can be entirely secure. As a result, while we will always use reasonable endeavours to protect the personal information you provide to us, we cannot guarantee the security of your information and the use of our facilities (e.g. e-mail) is at your own risk. If you have any questions about paying for your ticket through the Site, please contact Customer Relations.
Personal details we hold
When you buy a season ticket valid for one month or more, we keep a record of this on a database. We keep the following details:
- Name, address and photo card number;
- Phone number and email if you provide them;
- The origin, destination and start and end date of season tickets you have purchased, along with any duplicate, replacement or refund of these; and
- The method of payment used, but not any payment card details.
How we use your personal data
We use this information for Customer Relations and administration, customer research and fraud prevention.
We will only send you information about offers and promotions if you chose to receive it and you can change your marketing preferences at any time. We will not pass your personal information to any other organisation for marketing purposes without your prior consent.
Sharing data with third parties
If you have agreed to receive information for survey or research purposes, we may share your contact details with a limited number of parties, but only for the reasons you have agreed to.
Personal details we hold
We may collect a range of personal detail during the course of revenue protection activity. This may include name, address, proof of ID, journey details, payment details, personal descriptions and other information you provide to support an appeal. This data is processed electronically by the Revenue Protection Support Services (RPSS).
How we use your personal data
We only use this information for the administration of the Penalty Fares scheme, collection of unpaid fares, fraud prevention and the prosecution of travel offences.
Sharing data with third parties
We may share your correspondence with:
- British Transport Police under a data sharing agreement to prevent and detect crime.
- The Independent Penalty Fares Appeal Service (IPFAS) if you appeal a Penalty Notice issued to you.
- Passenger Focus if you have asked them to act on your behalf under a complaints handling procedure. Requests from ombudsmen are dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Act.
- We may also share information with other Train Operating Companies for the purpose of fraud prevention. We will only do this where there is a formal data sharing agreement is in place, or where an ad hoc request is received this will be dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Act.
We collect your information and comments when you contact us by letter, email, web form or phone.
Personal details we hold
We may hold your name, address, email address, phone number, our correspondence with you, the compensation claims you have made and payment made by us, proof of journey or other supporting information you may provide.
To ensure that we carry have an accurate record of dealings between us (and for training purposes) we may, in certain circumstances, record or monitor telephone calls, however you will always be told when this happens.
How we use your personal data
This information is used for administration of correspondence or processing claims you have made as well as for fraud prevention purposes.
Sharing data with third parties
We may share your correspondence with Passenger Focus, if you have asked them to act on your behalf under a complaints handling procedure.
Requests from ombudsmen are dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Act.
We may also share information with other Train Operating Companies for the purpose of fraud prevention. We will only do this where there is a formal data sharing agreement is in place, or where an ad hoc request is received this will be dealt with on a case-by-case basis to ensure that any such disclosure is lawful in accordance with the Data Protection Act.
On our stations we maintain Customer Help and Assistance Points. Depending on the service requested these are linked directly to our Control Centre or to National Rail Enquiries.
Calls for Information or Assistance made to National Rail Enquiries are recorded and monitored, but no advance notice is given as this could result in a delay in the providing assistance.
The information that we collect from you will only be stored in the European Economic Area (“EEA”) or, where it is necessary to disclose it to our processors located outside the EEA , other jurisdictions which are acceptable according to guidance provided by the Information Commissioner and/or where appropriate legal and security safeguards are in place.
We use a range of technical and organisational measures to safeguard access to and use of, your personal information. These include structured access controls to systems, network protection, intrusion detection, physical access controls and staff training.
To prevent marketing to you, you have the right to ask us not to process your personal information for marketing purposes. We will usually inform you before collecting your information if we intend to use or disclose it for such purposes. If you do not want us to use your information for marketing purposes either:
- Indicate this by using the tick box when you sign up or;
- if you have an account with us, by logging in and changing your contact preferences; or
- To prevent all contact by us you can opt out at any time by contacting us vis our Customer Relations Team, email@example.com or London Midland, PO Box 4323, Birmingham, B2 4JB, or telephone us on 0344 811 0133 (or 0121 634 2040 from a mobile).
You are entitled to request a copy of the information we hold about you. For details of how to make a subject access request please click on this link
We may occasionally update this statement. Your continued use of the site will mean that you accept those revisions.