ITAL Group Limited is committed to compliance with all relevant UK and EU laws in respect of personal data, and to protecting the “rights and freedoms” of individuals whose information ITAL Group Limited collects in accordance with the General Data Protection Regulation (GDPR).

The General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of living individuals, and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.

This section of the website explains what information we collect about our customers and the procedures we have in place to safeguard their privacy.

Who are we?

We are ITAL Group Limited; we provide support services to the transport industry, and in particular the railway industry.

ITAL Group Limited consists of two operating divisions: Independent Revenue Protection and Support (IRCAS), and the Appeals Service (AS).

Data Processors and Data Controllers

We are data processors, and in some cases the data Controllers, as defined under the GDPR. We are only allowed to process your personal data in accordance with the GDPR and for the purposes notified to the Information Commissioner. You can find more information at the Information Commissioner's website at www.ico.org.uk. The transport operating company that took your details are also the Data Controllers.

What personal information do we collect?

We collect the information that you give to a transport operating company when issued with a Penalty Fare or Unpaid Fare Notice, when you complete one of our forms, provide information via the website or answer our questions over the phone. We may collect information when you use our services e.g. make payments online. In addition, we may also obtain information about you from other lawful sources e.g. ITAL Group partners.

The legal basis for processing your data

At least one of the conditions set out in Article 6 (1) of the GDPR must be met in the case of processing your personal data. The conditions we satisfy are Legal Obligation, Public Interest and Legitimate Interest.

Do we collect sensitive personal data?

On occasion, we may need to collect what is called sensitive personal data. When required by law we will obtain your explicit consent to do this at the time when we collect the information.

What do we use the personal data for?

The personal information that we collect is used for the following purposes,

  • to provide you with the service requested
  • for the ongoing administration of the service
  • to allow us to improve the products and services we offer to our customers, the transport providers
  • for research and statistical analysis
  • for the prevention and detection of crime and fare evasion and other travel irregularity
  • to enable us to comply with our legal and regulatory obligations and those of our customers

To ensure that we follow your instructions correctly and to improve our customer service, we may monitor and/or record any communication between you and us. By using this website and its services you consent to the collection and use of the information you provide for the purposes set out above.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Rights

Under GDPR you are entitled to see the personal information we hold about you and you may ask to make any necessary changes to ensure that it is accurate and kept up to date. To make such a request either contact the train operating company or IRCAS in writing at PO Box 212, Petersfield GU32 9QB or customer.services@ital-uk.com. Please clearly mark the envelope, or subject heading in the email, Subject Access Request.

Do we use your information for marketing purposes?

No.

How we will contact you

This may be by post, e-mail, telephone or text messaging to SMS enabled devices depending on the information you have provided to us. If you are under the age of 18 contact will be sent to your Parent/Guardian.

How long do we keep your personal data?

We will retain your information for as long as necessary to fulfil the purpose(s) above, and in accordance with the law.

In general, this will be:

  • Seven years for data relating to Penalty Fare Notices, Unpaid Fare Notices, reports for possible prosecution, and MG11s
  • One year for data relating to name and address checking enquiries by our customers' inspectors
  • One year for successful appeals against Penalty Fare Notices or Unpaid Fare Notices

If you require your data to be deleted please contact us in writing with your request, after the appropriate period of time shown above.

When do we disclose your information to third parties, and why?

We will only disclose your information to other parties in the following limited circumstances:

  • where we are legally obliged to do so, e.g. to law enforcement and regulatory authorities
  • where there is a duty to disclose in the public interest
  • where disclosure is necessary to protect our interest or that of our customers e.g. to prevent or detect crime and fare evasion or other travel irregularity
  • where you give us permission to do so

Changes to this Privacy Policy

Any changes we make to this Privacy Policy in the future will be posted on this page. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Privacy Policy.

Data Protection Officer

ITAL Group Limited are required to appoint a Data Protection Officer (DPO) under GDPR. If you have any comments, queries or requests relating to our use of your personal information or any questions about this Privacy Policy you can get in touch with our DPO, Nicola Welling, at the address below or by email to dpo@ital-uk.com

ITAL Group Limited
PO BOX 212
Petersfield
GU32 9BQ

Cookies

To ensure that our website is as useful as possible we sometimes need to use cookies to help us gather information about how our website visitors use this site.

What are cookies?

A cookie (web cookie, or browser cookie) is a small file which is stored on your computer when you visit a website. These files are used by the website for a number of things but mainly to track or trace where you have been on the website and what you are searching for.

Cookies are also used to enable you to submit payments and appeals online. With cookies disabled you would otherwise need to do this by contacting our support teams by phone or letter.

For a more details, you can read about cookies on Wikipedia.

How does ITAL Group use cookies?

We actively use cookies to record how our visitors use and browse around our website. This helps us determine popular and unpopular pages and lets us know where we need to improve and what services we may need to promote or update.

In order to achieve this we use the popular Google Analytics system.

ITAL Group also use cookies to track information supplied when making a payment or an appeal - this is so that data can be aggregated over several pages before being submitted to our database. This also enables you to go back and change data on a previous page. We do not store your financial details and use a dedicated and accredited payment provider to take payments.

How to Disable Cookies

This website works best with cookies enabled, however if you wish to disable cookies, you can do this in your browser. Here are instructions on disabling cookies. This links to an instructional document maintained by a website which has no connection to AS.