Privacy Policy
Last updated: May 2026
iReturnTicket Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you use our website and services.
1. Data Controller
iReturnTicket Ltd, a company established under the laws of England and Wales, is the data controller responsible for your personal data. You can contact us at [email protected]; our registered postal address is available on request.
2. Information We Collect
When you use our service, we collect:
- Full passenger name(s)
- Email address
- Phone number (optional)
- Travel route and dates
- Payment confirmation reference (we do not store card details)
- IP address, browser type, and device information
3. How We Use Your Information
We use the information we collect to:
- Generate and deliver your reservation document
- Process payments securely through certified processors
- Provide customer support and respond to enquiries
- Ensure platform security and prevent fraud
- Improve our service and platform performance
We do not sell or rent your personal data to third parties.
4. Legal Basis for Processing
We process your data on the following legal bases:
- Contract: to fulfil the service you have purchased
- Legitimate interests: to improve our platform and prevent fraud
- Legal obligation: to comply with applicable laws
5. Data Sharing
We share data only with:
- Payment processors — to process your transaction securely
- Travel infrastructure partners — to generate your reservation document
- Hosting and email delivery providers — to operate our platform
All third-party providers are bound by data protection agreements. We do not sell your data.
6. Data Retention
- Order data: retained for 3 years for legal and accounting purposes
- Technical data: retained for 12 months
- Support communications: retained for 2 years
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your personal data
- Request data portability
- Request restriction of processing
- Object to processing
- Withdraw your consent at any time, where processing is based on consent
- Lodge a complaint with a data protection supervisory authority
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Under UK data protection law you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
8. Cookies
We use essential cookies to operate our service and, with your consent, Google Analytics cookies to understand how our platform is used. Analytics cookies are loaded only after you accept them in our cookie banner, and you can change your choice at any time. See our Cookie Policy for full details.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (SSL/TLS), secure payment processing, and access controls.
10. International Transfers
Your data may be processed outside the United Kingdom. Where this occurs, we rely on appropriate safeguards recognised under UK data protection law — such as UK adequacy regulations or the International Data Transfer Agreement (IDTA) — so that your data receives an equivalent level of protection.
11. Changes to This Policy
We may update this Privacy Policy periodically. The current version is always available on our website. Material changes will be communicated where required by law.
12. Contact
For any privacy-related questions or to exercise your rights, contact us at [email protected].