Privacy Policy

Last updated: May 2026

iReturnTicket Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you use our website and services.

1. Data Controller

iReturnTicket Ltd, a company established under the laws of England and Wales, is the data controller responsible for your personal data. You can contact us at [email protected]; our registered postal address is available on request.

2. Information We Collect

When you use our service, we collect:

  • Full passenger name(s)
  • Email address
  • Phone number (optional)
  • Travel route and dates
  • Payment confirmation reference (we do not store card details)
  • IP address, browser type, and device information

3. How We Use Your Information

We use the information we collect to:

  • Generate and deliver your reservation document
  • Process payments securely through certified processors
  • Provide customer support and respond to enquiries
  • Ensure platform security and prevent fraud
  • Improve our service and platform performance

We do not sell or rent your personal data to third parties.

4. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract: to fulfil the service you have purchased
  • Legitimate interests: to improve our platform and prevent fraud
  • Legal obligation: to comply with applicable laws

5. Data Sharing

We share data only with:

  • Payment processors — to process your transaction securely
  • Travel infrastructure partners — to generate your reservation document
  • Hosting and email delivery providers — to operate our platform

All third-party providers are bound by data protection agreements. We do not sell your data.

6. Data Retention

  • Order data: retained for 3 years for legal and accounting purposes
  • Technical data: retained for 12 months
  • Support communications: retained for 2 years

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Request data portability
  • Request restriction of processing
  • Object to processing
  • Withdraw your consent at any time, where processing is based on consent
  • Lodge a complaint with a data protection supervisory authority

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. Under UK data protection law you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

8. Cookies

We use essential cookies to operate our service and, with your consent, Google Analytics cookies to understand how our platform is used. Analytics cookies are loaded only after you accept them in our cookie banner, and you can change your choice at any time. See our Cookie Policy for full details.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (SSL/TLS), secure payment processing, and access controls.

10. International Transfers

Your data may be processed outside the United Kingdom. Where this occurs, we rely on appropriate safeguards recognised under UK data protection law — such as UK adequacy regulations or the International Data Transfer Agreement (IDTA) — so that your data receives an equivalent level of protection.

11. Changes to This Policy

We may update this Privacy Policy periodically. The current version is always available on our website. Material changes will be communicated where required by law.

12. Contact

For any privacy-related questions or to exercise your rights, contact us at [email protected].