This privacy notice was last updated: October 2023
This privacy notice tells you what to expect when Heathrow Express Operating Company Ltd (“Heathrow Express”) a subsidiary of Heathrow Airport Ltd, collects personal information from you via:
Heathrow Express is committed to protecting your personal information when you use Heathrow Express services. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal data including the UK General Data Protection Regulation (“UK GDPR”). Your information will be kept in a secure environment and access to it will be restricted according to the “need to know” principle.
Heathrow Express collects the following information about you:
Heathrow Express collects information about how you use the website and app. This includes the device(s) you use to access as well as collecting unique online identifiers such as IP addresses, which are numbers that uniquely identify a specific computer or other network device on the internet. For more information on what cookies, we use and how to manage cookies see our cookies policy.
We will use your personal data for a number of purposes including the following:
Use of data
|To provide you with the Heathrow Express Service||Contract|
Where you buy a ticket from us via our website or mobile application, the lawful justification for collecting and using your personal data is that it is necessary for the performance of the Heathrow Express train services which you contractually enter into.
|To follow up on your enquiry or request via our Customer Service Team and to keep a record of any actions and engagement of our responses.||Legitimate Interest|
We have a legitimate interest for processing your personal data in order to respond to any customer service enquiries.
|To provide you with onboard Wi-Fi services||Contract|
If you sign up to our Wi-Fi services, we will collect your information as part of the onboard Wi-Fi terms and conditions.
To send you marketing communications about Heathrow Express products including the latest Heathrow Express promotions, news, offers, competitions, updates, and abandoned basket reminders.
|Consent and/or legitimate interest||When you purchase a Heathrow Express product or sign up to our marketing communications. We will inform you about the latest updates including exclusive promotions, news, offers, competitions and abandoned basket reminders where we have
your consent or a legitimate business interest.|
Where we have your consent or a legitimate business interest, we may also match the data we collect with other data that we hold about you if you have used Heathrow product or service or where you have provided a Heathrow Rewards number when purchasing products and services from our retail partners.
We may also analyse marketing communications for campaign and engagement effectiveness. We do this to build up a picture of your personal preferences and understand how you use Heathrow Express and our retail partners products and services. This enables us to send you relevant and personalised content and ensures we only send relevant communications to you, making your journey smoother and more enjoyable.
You are always in control of how we use your personal data. If you do not want to receive marketing communications from us, you can change your marketing preferences at any time by contacting email@example.com, or by clicking 'Unsubscribe' on the footer of a marketing email or by logging in to your account and updating your preferences.
|Capturing your images via CCTV||Legitimate Interest|
The lawful justification for collecting and using CCTV footage is legitimate interest. CCTV is used in stations at Heathrow operating the Heathrow Express service. We capture and monitor images of events that take place within the vicinity of the stations across all terminals. We do this for multiple reasons which are detailed in our CCTV privacy notice here. Other third parties such as Great Western Railway (GWR) may install their own CCTV in the train carriages; in this case they are data controllers in their own right. For more information visit the GWR website.
|To provide you with the Heathrow Express App||Contract/Legitimate interest||We rely on legitimate interest where necessary and where you have booked a Heathrow Express Ticket via the app we rely on contract to process your booking.|
You are always in control of how we use your personal data and can opt out of marketing communications during and after the booking process. You can change your marketing preferences at any time or unsubscribe from Heathrow Express marketing communications
by visiting 'My Account' or by clicking 'Unsubscribe' on the footer of a Heathrow Express marketing email.
Your information may be stored, handled, managed and/or used by the following recipients in order to deliver the Heathrow Express Service:
Your information will always be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.
We will not transfer or disclose your personal information, other than as identified in this privacy notice or otherwise except to our trusted third-party suppliers, to the police, tribunals, courts, regulators, or other authorities to assist them with
their investigations or requests or for us to report security incidents or suspected or actual unlawful acts and/or as may be otherwise required by law.
All information identified in this privacy notice is processed in the UK and EEA. Other than, where you have purchased a ticket your email address will be transferred to the United States to send you booking confirmations. There are appropriate mechanisms
in place to ensure the security of your data during any transfers. We always ensure that your information remains protected and secure when being transferred.
Where you have purchased a ticket, contacted our customer service team or signed up to our marketing communications, your data will be retained for a period of three years from the date of your last interaction after which your personal data will be anonymised.
Where you have used our on-board Wi-Fi, your information will be retained for a period of 15 days from the date of your last Wi-Fi login at which point all of your personal details are removed from our systems.
CCTV data is stored on a secure system for a period of up to 31 days before being deleted. Imagery required for investigative or evidential purposes may be retained beyond 31 days and is securely disposed of upon completion/conclusion of the purpose for which it has been retained.
Under the UK General Data Protection Regulation, you have the right to:
To exercise your rights, please contact the Heathrow data protection officer using the following contact details:
Data Protection Officer
Heathrow Express Operating Company Limited
The Compass Centre
Should you find our response unsatisfactory, you have the right to lodge a complaint with the supervisory authority – the Information Commissioner's Office ("ICO"). You can find more information on
the ICO website at https://ico.org.uk/concerns/ regarding the complaints process.
From time to time, we may process personal data from EU residents. Whenever applicable, we have appointed an EU Representative to ensure that we continuously process your personal data in compliance with applicable
laws and without undermining your statutory rights. You can contact our EU Representative at HeathrowEURepresentative@eversheds-sutherland.com and write EU Representative as subject matter. You may also contact our EU Representative per post mail at:
Eversheds Sutherland Netherlands B.V.
Attn. EU Representative Heathrow Airport
Fascinatio Boulevard 212
3065 WB Rotterdam
Some of the cookies we use are necessary for some of our sites to work whilst other cookies are used to provide tailored advertising by trusted third parties. To find out more about cookies visit www.aboutcookies.org.
Heathrow Express uses the following types of cookies on our websites:
Strictly necessary - These cookies are essential for our websites to work and without these cookies, some services you have asked for cannot be provided.
Performance - These cookies are used to collect anonymous information about how you use our websites. This information is used to help us continually improve our websites and understand how effective our adverts are. You can opt-out of these cookies by following the instructions below.
Functionality - These cookies are used to provide services or remember settings to enhance your visit for example text size or other preferences. You can opt-out of these cookies by following the instructions below.
Targeting and Advertising - These cookies are used by trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of the advertising campaign. You can opt-out of these cookies by following the instructions below.
Personalisation - These cookies help us to show you the most relevant content
based on your interaction with our website. You can opt-out of these cookies by following the instructions below.
You can set your browser to restrict, block or delete cookies from Heathrow and our third-party advertisers, or any other website. Each browser is different, so check the 'Help' menu of your particular browser to learn how to change
your cookie preferences. If you choose to disable all cookies, we cannot guarantee the performance of our websites and some features may not work as expected. For more information on what cookies we use and how to manage cookies see our cookies policy.
Links to other websites - This privacy notice does not cover the links within this site to third-party websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice - We will keep this privacy notice under regular review, and we will place any updates here. At the start of this privacy notice, we will tell you when it was last updated.