Buy tickets in advance and save up to 78% off Express Saver fares...
Book using the new Heathrow Express mobile app for a faster, easier and more convenient experience.
Updated November 2022
This privacy notice tells you what to expect when Heathrow Express Ltd (a subsidiary of Heathrow Airport Ltd) collects personal information from you via our websites, our mobile app, ticket transactions, station surveillance cameras, customer relations team, and on-board Wi-Fi service. Heathrow Express is committed to protecting your personal information when you use Heathrow Express services. Whenever you provide such information we are legally obliged to use your information in line with all applicable laws concerning the protection of personal data including the General Data Protection Regulation (GDPR).
Heathrow Express collects information about how you use the Heathrow Express service via our website, and the device(s) you use to access the Heathrow Express services. This includes collecting unique online identifiers such as IP addresses, which are numbers that uniquely identify a specific computer or other network device on the internet.
For more information see our cookies policy.
Express collects data from several sources:
We ask for the following details:
*Whilst we request your payment details in order to buy one of our tickets we DO NOT store these details on our systems as all payments and transactions are completed by our 3rd Payment Service Provider called Secure Trading on their PCI compliant systems.
We will use your personal data for a number of purposes including the following:
Use of data
|To provide a train service, and to provide you with information about them and to deal with your requests and enquiries related to the train service.||Contract|
Where you buy a ticket from us the lawful justification for collecting and using your personal data is that it is necessary for the performance of the Heathrow Express train services which you contractually enter into. When purchasing a ticket for travel, failure to provide mandatory data fields denoted by a ‘*’ will mean that we will not be able to complete your order and deliver the Heathrow Express service to you. We will be unable to form a contract with you and provide service information that may impact on your Heathrow Express travel including but not limited to: delays, adverse weather conditions, engineering works, timetable changes, tickets and ticketing systems, refunds, manage your requests and enquires through customer relations, to book and make payments for tickets, create and confirm customer or business or corporate accounts.
|To provide you with a Website, App, Customer Relations team and onboard Wi-Fi services||Legitimate Interest|
Where you register on our website, app, call customer relations, or use our onboard Wi-Fi, you supply your data to us and we retain this through legitimate interest and will contact you under this basis. An explanation of this is explained further down this document.
|To send you marketing communications about Heathrow products and services as well as information, including products and services offered by our trusted third parties||Legitimate Interest|
You supply us your details for marketing purposes,. These marketing communications are about product and services, news and offers delivered by Heathrow Express Ltd or by the Heathrow Airport Group of companies. You can easily unsubscribe at any point. Methods of direct communication may include email, SMS, call, push notification or post.
We may match the data we collect with other data that we hold about you where you have provided a Heathrow Rewards number when purchasing products and services from our retail partners. We may also analyse marketing communications for campaign and engagement effectiveness
|Consent and legitimate interest|
Where we have your consent or legitimate business interest for your personal data to be used for this specific purpose. We may match the data we collect with other data that we hold about you if you have used Heathrow products and services or where you have provided a Heathrow Rewards number when purchasing products and services from our retail partners. We may also analyse marketing communications for campaign and engagement effectiveness. We do this to build up a picture of your personal preferences and understand how you use Heathrow and our retail partners products and services.
|For applying for roles within Heathrow Express||Legitimate Interest|
When you apply for a role within Heathrow Express we will store your details in order to process and track your application. We will also store your details and share with you new and exciting vacant roles.
Please see separate heading below on how/why we use our Surveillance Camera Systems.
In order to deliver Heathrow Express services to you we share your data with our 3rd party partners as detailed below:
Where your information is provided to third parties they will only use your information for those purposes listed within this document. In some minimal instances, this may require your information to be transferred overseas, but we will make sure your information remains protected and secure and in line with your rights.
We will not transfer or disclose your personal information, other than: as identified in this Privacy Notice, to our trusted third party suppliers, to the police, tribunals, courts, regulators, or other authorities to assist them with their investigations or requests or for us to report security incidents or suspected or actual unlawful acts and/or as may be otherwise required by law.
All the companies we use to provide a great service to you are governed by our data retention policies as detailed in this information.
We will share your information with Heathrow Airport Ltd (also known as HAL), our parent company, so that they have a better understanding of all your interactions with Heathrow and so can deliver more holistic and tailored customer engagements and understand how you use Heathrow products and services. This enables us to deliver a richer customer experience and ensures we only send relevant communications to you (where allowed).
For more information please, visit Heathrow Airport Limited Privacy Notice.
Acxiom supports Heathrow Express in adding extra lifestyle and demographic insight information which we then use to make our marketing to you more relevant, (subject to your communication preferences and our internal policies and procedures). Acxiom acts as our data processor of the data we send them. We require them to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We shall ensure a written agreement is in place with them and regularly monitor their activities to ensure they are complying with our policies and procedures.
Adobe Systems Software Ireland Limited provide the method for delivering tickets to you either by email or mobile. We require them to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We shall ensure a written agreement is in place with them and regularly monitor their activities to ensure they are complying with our policies and procedures.
Secure Trading are responsible for delivering our payment services in a secure PCI certified environment. We require them to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We shall ensure a written agreement is in place with them and regularly monitor their activities to ensure they are complying with our policies and procedures.
For more information on Secure Trading and the support it provides, please visit Secure Trading Privacy Notice.
Salesforce provide customer support functionality on our behalf. We require them to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We shall ensure a written agreement is in place with them and regularly monitor their activities to ensure they are complying with our policies and procedures.
For more information on Salesforce and the support it provides, please see Salesforce Privacy Statement.
Nomad provide our customers with the onboard Wi-Fi service. We require them to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We shall ensure a written agreement is in place with them and regularly monitor their activities to ensure they are complying with our policies and procedures.
For more information on Nomad Digital and the support it provides, please visit visit Nomad Digital Privacy Notice.
Twilio provide an email solution to ensure you get your tickets efficiently. We require them to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We shall ensure a written agreement is in place with them and regularly monitor their activities to ensure they are complying with our policies and procedures.
We will retain your data for a period of three years after your last interaction with us (such as clicking on an email we send you) at which point it will be anonymised.
We will retain your data for a period of three years after your last interaction with us at which point your data will be anonymised.
We will keep a record of your request for a period of three years after which time it will be anonymised. The extra justification for this is to support you and other customers and provide the best service and experience we can.
We retain your personal information through our legitimate interest. If you object to this, you can request for your data to be erasedhere.
We will retain your purchase data (excluding payment details) for seven years. We are lawfully obliged to keep this information for accounting and reporting responsibilities. After this time, your transaction will be anonymised.
We will retain your data for a period of two years after your last interaction with us at which point your data will be anonymised.
Your information will always be retained in a secure environment and access to it will be restricted according to the 'need to know' principle. With all the above, where we have backups of this data these will be overwritten in due course.
Whilst we love providing you with regular up to date information about our news, services and competitions, we appreciate that sometimes you no longer wish to receive them. To do this please either log onto the application/website and change your communication preferences or alternatively you can change your communication preferences here.
We use legitimate interest as the lawful basis for storing your data but will always get your permission to send you marketing information and you can change this at any point.
Unless you tell us otherwise we will retain your data for a period of three years after your last interaction with us (such as clicking on an email we send you) at which point it will be anonymised.
Where you tell us that you no longer wish to receive marketing messages about Heathrow Express and other HAL Group products and services we will record your decision about your preference until you tell us otherwise and opt-in again.
Please allow 24 hours for your preference to be updated on our systems.
Legitimate interest is where we have considered what data we collect about you and we have balanced this against your individual rights and how intrusive it is on your privacy. We review this decision at regular intervals and always with our customers as our focus.
For more information, please visit the ICO website
What we collect:
We record and retain this information for the safety and security of our passengers and for improving our service to our customers. We may share this data with the Police and other law enforcement agencies.
Viewing is strictly controlled and recording equipment shall only be operated by authorised and trained users for the purpose of fulfilling its role.
What justification we use and how long so we keep it
The justification for the retention of this data is for the safety and security of our passengers and staff and for the prevention and detection of crime and aviation security.
This data is stored on a secure system for a period of 30 days before being deleted. Where data is downloaded a record is kept of this download and the purpose.
Under the General Data Protection Regulation, you have the right to:
To exercise any of these rights please contact the Heathrow Express Data Protection Office:
Data Protection Officer
Heathrow Express Operating Company Limited
The Compass Centre
Should you request erasure of your Heathrow Express records, once we have completed this we will keep a record of your request and date on file. All other personal data relating to your records will be anonymised.
A new era has begun for the UK and EU now that the Brexit transition period is over. From time to time we may process personal data from EU residents. Whenever applicable, we have appointed an EU Representative to ensure that we continuously process your personal data in compliance with applicable laws and without undermining your statutory rights.
You can contact our EU Representative
Eversheds Sutherland Netherlands B.V.
Attention: EU Representative Heathrow Airport
Fascinatio Boulevard 212
3065 WB Rotterdam
By email: email@example.com (Subject matter: 'EU Representative')
Heathrow Express tries to meet the highest standards when collecting and using your personal information. For this reason, we take any complaints we receive about this seriously. We encourage people to bring it to our attention if they think our collection or use of personal information is unfair, misleading or inappropriate.
Contact our Customer Service team here
If you find our response unsatisfactory, you have the right to lodge a complaint with the supervisory authority – the Independent Commissioner’s Office (ICO). You can find more information by visiting the ICO complaints process.
Heathrow Express use the following categories of cookies on our websites:
Strictly necessary: These cookies are essential for certain features of our websites to work for example when you make payments for train travel. These cookies do not record identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies some services you have asked for cannot be provided.
Performance: These cookies are used to collect anonymous information about how you use our websites. This information is used to help us improve our websites and understand how effective our adverts are. In some case we use trusted third parties to collect this information for us but they only use the information for the purposes explained. By using our websites, you agree that we can place these types of cookies on your device.
These cookies are used to provide services or remember settings to enhance your visit for example text size or other preferences. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites. By using our websites, you agree that we can place these types of cookies on your device.
Targeting and Advertising: These cookies are used by trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. Information contained in these cookies is anonymous and doesn't contain your personal information.
To find out more about cookies used for targeting and advertising follow:
You can also contact us by email for further information about the trusted third parties we use.
Notwithstanding any other provision, we may also engage a third-party partner for the purpose of recognizing users and delivering to them interest-based content and advertisements. We may share information about you with our partners such as your name, postal address, email, device ID, or other identifier in encrypted, hashed or de-identified form. Our partners also may collect information from you, such as your IP address and information about your browser or operating system; may combine our personal and non-personal offline information about you with information from other partners in data sharing cooperatives in which we participate; and may place or recognize a unique cookie on your browser. These cookies contain no personally identifiable information; they may contain demographic or other data in de-identified form.
If you'd prefer to restrict, block or delete cookies from Heathrow Express and our third-party advertisers, or any other website, you can use your browser to do this. Each browser is different, so check the 'Help' menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies we cannot guarantee the performance of our websites and some features may not work as expected.
At the start of this privacy notice we will tell you when it was last updated.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.