Tickets
Youtube Facebook Instagram Tiktok
  • Join Santa on a magical vintage Steam Train ride! Gifts, treats, and festive fun for every child on the Santa Express!
Book Now!
View our Timetables & Running Order

Privacy Policy

Great Central Railways takes your privacy and Data seriously

Our Privacy Promise

We take your privacy and data security seriously. This Privacy Notice explains how Great Central Railway PLC (“we”, “our”, “us”) collects and processes your personal data when you use our website, interact with us, or use our services — whether you’re booking a ticket, signing up to our newsletter, volunteering, or donating.

Who We Are

Data Controller: Great Central Railway PLC (Company No. 01257394), registered in England and Wales.
Registered Office: Great Central Road, Loughborough, Leicestershire, LE11 1RW
Email: data.protection@gcrailway.co.uk

We have appointed a Data Protection Officer (DPO) who oversees questions about this notice. You may contact the DPO using the details above.

If you are unhappy with how we handle your data, you also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.

The Data We Collect

We may collect and process the following types of personal data:

Category Examples
Identity Data Name, title, date of birth
Contact Data Address, email, phone number
Payment Data Card or bank details (handled securely by our payment providers)
Transaction Data Tickets, merchandise, donations, or services purchased
Marketing & Comms Data Preferences for receiving updates and offers
Technical Data IP address, browser type, device data, cookies
Usage Data How you use our website, services, and facilities
Volunteer or Staff Data (if applicable) Medical info, training records, HR-related information

We also collect and use aggregated data for statistical purposes (e.g. total number of visitors), which does not identify individuals.

We do not knowingly collect data from children under 16 without parental consent.

We do not collect special category data unless it is necessary (e.g. to support disability access requests or operational safety for staff/volunteers).

How We Collect Your Data

We collect personal data via:

  • Direct interactions: e.g. buying tickets, signing up for newsletters, donating, joining as a member or volunteer.
  • Automated technologies: e.g. cookies, analytics tools, log files.
  • Third parties: e.g. payment processors, membership partners, analytics providers.

How We Use Your Data

We use your personal data where we have a lawful basis to do so:

Purpose Lawful Basis
To process your ticket, booking or donation Contract
To manage memberships and volunteer relationships Contract / Legitimate interest
To communicate service updates and send marketing (if opted in) Consent / Legitimate interest
To comply with legal or regulatory obligations Legal obligation
To administer and improve our website and services Legitimate interest

We never sell your personal data.

Marketing and Preferences

We only send marketing communications if you have opted in or if we have a legitimate interest and you’re a recent customer. You can unsubscribe at any time using the link in emails or by contacting us.

Sharing Your Data

We may share your data with:

  • Essential service providers: e.g. payment processors, IT hosts
  • Friends of the Great Central Main Line (FoGCML): for managing your membership
  • David Clarke Railway Trust: where donations are processed
  • Regulators and legal authorities: if required to do so by law

All partners are required to respect the security of your data and use it only for agreed purposes.

Data Security

We implement appropriate security measures to protect your personal data from being lost, accessed, or used in an unauthorised way.

We have procedures in place to deal with suspected data breaches and will notify you and regulators if legally required.

Data Retention

We only keep your personal data for as long as necessary. This varies depending on the nature of the data, but is guided by legal, operational, and tax obligations.

In some cases, we may anonymise your data for research or statistical purposes — this data is no longer linked to you.

Your Rights

You have rights under data protection law, including:

  • Access: See what data we hold about you
  • Correction: Ask us to fix inaccurate data
  • Erasure: Request deletion (subject to legal requirements)
  • Objection: Stop us using your data for direct marketing or legitimate interests
  • Restriction: Ask us to suspend data processing
  • Portability: Have your data transferred to you or a third party
  • Withdraw consent: Where consent is used, you can withdraw it at any time

To exercise any of these rights, please contact our DPO. We aim to respond within one month.

Cookies & Analytics

We use cookies and similar tools to understand how people use our website and to improve the experience. You can control your cookie preferences at any time via your browser settings or our cookie banner.

Third-Party Links

Our site may contain links to third-party websites, plug-ins or apps. We are not responsible for their content or privacy practices. We recommend reading their privacy policies before providing personal data.

Updates to This Notice

We may update this Privacy Notice from time to time. Significant changes will be communicated via our website or by email where appropriate.

Last updated: 19 July 2025
Previous versions: Available on request