Service update routes: GH1 GH2

Privacy Policy

Gatwick Hoppa LTD respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect personal data when you use our website, contact us, buy tickets, use the Gatwick Hoppa App, travel on our services, or otherwise interact with us.

1. About this policy

For the purposes of data protection law, Gatwick Hoppa LTD is the data controller responsible for your personal data.

This policy explains the personal data we collect, how we collect it, how we use it, who we may share it with, how long we keep it, the security measures we use, and the rights you have in relation to your information.

We may update this policy from time to time to reflect changes in the law, our services, our systems or our business operations. The latest version published on our website will apply.

2. The information we collect

  • your name;

  • your email address;

  • your telephone number;

  • your postal address, where provided;

  • details of your enquiry, complaint, lost property report or other correspondence;

  • ticketing, journey or transaction information where relevant to your purchase or enquiry;

  • information submitted through our website contact forms;

  • technical information about how you use our website, such as IP address, browser type, device information and cookie data;

  • information connected with app use, ticket validation or support requests where applicable; and

  • any other personal data you choose to provide to us.

We only collect personal data that is reasonably necessary for the relevant purpose.

3. How we collect personal data

We may collect personal data directly from you or from other sources connected with the services we provide.

  • directly from you when you contact us by email, phone, website form or post;

  • when you submit a lost property enquiry, complaint, comment or service enquiry through our website;

  • when you buy tickets or use our app or other digital services;

  • when you browse or interact with our website;

  • from third-party service providers involved in ticketing, payments, website hosting, IT support or similar services;

  • from hotels, partners, agents or other third parties where they contact us in connection with a booking, enquiry or service issue involving you; and

  • from public authorities, regulators, insurers or legal advisers where required.

4. How we use your personal data

We may use your personal data to:

  • provide transport services, tickets, app services and related customer support;

  • process and respond to enquiries, complaints, compliments and lost property reports;

  • administer payments, refunds and transaction records;

  • manage customer communications and service-related updates;

  • operate, maintain and improve our website, app and services;

  • monitor usage, diagnose technical issues and protect our systems;

  • maintain business records and internal administration;

  • comply with legal, regulatory and contractual obligations; and

  • establish, exercise or defend legal claims.

We will only use your personal data where we have a lawful basis to do so.

5. Lawful bases for processing

Depending on the circumstances, we rely on one or more of the following lawful bases:

  • contract, where processing is necessary to provide services to you, including ticketing, transport and customer support;

  • legal obligation, where we need to process data to comply with legal or regulatory requirements;

  • legitimate interests, where processing is reasonably necessary for running and improving our business, managing enquiries, preventing misuse, keeping records, handling complaints and protecting our systems and services, provided your rights do not override those interests;

  • consent, where we ask for your consent, for example in relation to certain cookies or marketing activity; and

  • vital interests, where processing is necessary to protect someone’s vital interests in an emergency.

6. Who we may share your data with

We may share your personal data, where appropriate, with:

  • payment processors and ticketing providers;

  • IT, software, hosting and website support providers;

  • app, communications and customer support providers;

  • professional advisers such as lawyers, accountants, auditors and insurers;

  • regulators, law enforcement agencies, courts or other public authorities where required or permitted by law;

  • contractors or service providers who help us run our business; and

  • any party involved in a business restructure, sale, merger or transfer, where lawful and appropriate.

We require third parties processing personal data on our behalf to do so securely and only for authorised purposes.

7. International transfers

Most of our processing is expected to take place within the United Kingdom. However, some service providers may store or process data outside the UK.

Where personal data is transferred outside the UK, we will take reasonable steps to ensure appropriate safeguards are in place, as required by data protection law.

8. How long we keep your data

We will not keep personal data for longer than is necessary for the purposes for which it was collected.

Retention periods may vary depending on the type of data and the reason we hold it. As a general guide:

  • customer enquiries, general contact form submissions and routine correspondence are usually kept for up to 12 months after the matter is closed;

  • complaints, claims and lost property records may be kept for up to 24 months, or longer where reasonably necessary;

  • ticketing, payment, refund and accounting records may be kept for up to 6 years after the end of the relevant financial year or transaction;

  • marketing preferences are kept until you withdraw consent or object, and for a reasonable period afterwards to maintain suppression records;

  • website technical logs and analytics data are retained in line with operational need and the settings of the relevant systems; and

  • where data is needed for legal proceedings, investigations, insurance matters or regulatory reasons, it may be retained for longer.

Where no fixed retention period applies, we will retain data by reference to the nature of the information, the purpose for which it was collected, legal obligations, and whether it may be needed to deal with disputes or claims.

9. Keeping your data secure

We take appropriate technical and organisational measures to protect personal data against unauthorised access, misuse, loss, disclosure, alteration or destruction.

These measures may include access controls, secure systems, limited staff access, password protection, software security tools and procedures for handling data securely.

No internet or storage system is completely secure, but we work to keep your information as safe as reasonably possible.

10. Your rights

Under UK data protection law, you may have the right to:

  • request access to the personal data we hold about you;

  • request correction of inaccurate or incomplete data;

  • request erasure of your personal data in certain circumstances;

  • request restriction of processing in certain circumstances;

  • object to processing based on legitimate interests;

  • request transfer of your personal data, where applicable;

  • withdraw consent at any time where we rely on consent; and

  • complain to the Information Commissioner’s Office if you believe your data has been handled unlawfully.

If you would like to exercise any of these rights, please contact us using the details in this policy.

11. Cookies and similar technologies

Our website may use cookies and similar technologies to make the site work properly, remember preferences, understand how visitors use the site, and help improve performance and user experience.

Cookies may include:

  • strictly necessary cookies, which are required for core website functions;

  • analytics cookies, which help us understand usage and improve the website; and

  • functionality or similar technologies, where used to support features or remember settings.

Where required by law, we will ask for your consent before placing non-essential cookies on your device. You can manage cookie choices through our cookie banner or your browser settings.

12. Marketing communications

If we send marketing communications by email, text or other electronic means, we will do so in accordance with applicable law.

Where consent is required, we will ask for it. Where we rely on another lawful route permitted by law, you will still be given a clear way to opt out. You can ask us to stop sending marketing communications at any time.

13. Third-party websites and services

Our website, app or communications may contain links to third-party websites, apps or services. If you follow a link to an external site or service, that third party will have its own privacy practices and policies.

We are not responsible for the privacy practices or content of third-party websites or services.

14. Children’s data

Our services may be used by families and children travelling with adults. We do not knowingly collect more children’s personal data than is reasonably necessary.

Where children’s data is processed, we aim to do so fairly and in clear language appropriate to the audience.

15. Changes to this policy

We may amend this Privacy Policy from time to time. The latest version will be published on www.gatwickhoppa.co.uk and will take effect from the date it is posted.

16. Contact us

If you have any questions about this Privacy Policy or about how we handle personal data, please contact: