Privacy Centre

This privacy notice applies to you if you are or were a customer, visitor, passenger and/or visitor to our website (https://www.dublinexpress.ie/) or App.

In addition, we may process and store your personal data if you have made a booking through a third-party agent.

This Privacy Notice, together with our Cookie Notice, explains:

• what personal data we collect about you;
• what we do with your personal data;
• your rights in respect of your personal data; and
• what to do if you have any questions or complaints about our use of your personal data.

We take your privacy very seriously and are committed to abiding by the Data Protection Law which protects your privacy.

This Privacy Notice may change from time to time and the most up-to-date version will always be available on our website. It is your responsibility to read this Privacy Notice and check our website for the current version.

If you have purchased a ticket on site or through the Dublin Express website or App then the data controller of your personal data would include financial institutions and payment service providers.

The necessary payment data collected and transmitted via a payment service provider for the secure processing of the payment initiated by you.

Payment card data will be held in line with our retention period (of six years) and we cannot delete this data through a Right to Erasure request, as we have a legal obligation to hold this data in line with our regulatory obligations.

Dublin Express and National Express Transport Services Ireland Limited uses partner operators (as outlined in our Conditions of Carriage) to deliver our transport services. NXI are not the data controller for CCTV footage that is captured onboard these services. The data controller information is provided on these services.

We collect the following types of personal data about you:

• your full name and title;
• your home address, including postcode and country of residence;
• your contact information, including telephone number and email address;
• your vehicle registration number;
• password for an account;
• if you purchase a ticket for an international route, your nationality, date of birth, gender, passport or other identification document;
• if you register to use our website or apps, your email address and password;
• your transaction or payment information - however please note that full debit card and credit card information is not processed by us as it is passed through to a PCI-DSS compliant third party payment provider in accordance with good industry practice;
• if you use a smartcard for your travel, information about your journeys;
• if you are disabled or have special needs, information about your mobility requirements to enable us to make reasonable adjustments;
• if you transact or set up an account with us, your preferences for marketing, market research and travel reminders;
• your image, where we operate CCTV/DriveCam as a Data Controller, in line with our obligations and for our own purposes;
• your image, where it is captured by CCTV or other visual recording equipment on our owned or occupied sites, such as, coach and bus stations and/or on the passenger carrying vehicles used to provide our passenger travel services;
• your voice, where we operate CCTV/DriveCam as a Data Controller, in line with our obligations and for our own purposes and/or where captured in recorded telephone conversations with you; and
• any other personal data that you provide to us when you communicate with us.

In addition, each time you visit our website or use our apps we may automatically collect the following information:

• technical data, including:
• IP address;
• browser type and version;
• time zone setting and location; and
• operating system and platform.
  
  
• transaction data, including:
• the full Uniform Resource Locators (URLs) clickstream to, through and from our website or apps (including date and time);
• tickets and/or journeys you viewed or searched for; and
• time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.

Please see our Cookie Notice for more information about how we use cookies.

We collect your personal data in a variety of ways, including:

• by you:
  • creating an account with us;
  • searching for products and/or services and/or purchasing products and/or services from our website or apps;
  • submitting your personal data on our website or apps, for example, via the ‘Contact Us’ page;
  • providing your personal data to us when communicating with us in any manner, for example, when you:
    • speak to one of our representatives in person at a travel shop or onboard one of our passenger carrying vehicles; and
    • contact us by letter, email, text message, telephone call or on social media (whether this be through private direct messaging, tagging us in a post, referring to our brand)
      
      • Please do not share personal data in the course of your social media posts in connection with our business (please use private messaging)
    • we may use integrated partners to assist us, for example the management of our social media channels;
  • participating in post journey, market research and other surveys that we organise or conduct; and
  • submitting information when registering or using our on-board Wi-Fi.
    
    
• by us:
  • making visual and/or audio recordings at our owned or occupied sites, including at our coach and bus stations and on the DriveCam onboard Dublin Express branded passenger carrying vehicles;
  • recording telephone conversations with our customer contact centre representatives; and
  • gathering statistical information around email opening and clicks.

We may also receive your personal data if you use any of the websites operated by other Mobico Group companies or from third parties, such as companies that market and sell our products and/or services on our behalf or from any person who has bought our products and services for you or contacted us on your behalf.

We use your personal data for the following purposes and described below the legal basis on which we process your personal data:

For further information on our marketing activities, please refer to our Marketing Privacy Notice.

Where we process your personal data on the basis of your consent, you may withdraw that consent at any time with future effect.

Where you have consented to the use of cookies when visiting our website, you may withdraw that consent at any time by changing your cookie settings as explained in our Cookie Notice.

We have no legal obligation to collect personal data about you, but we need to collect some personal data in order to provide you with our products and services, collect payment for such products and services and deal with any questions or complaints you have about them.

You have no legal obligation to provide your personal data to us, but we may not be able to provide you with our products and services or deal with your questions or complaints if you do not provide us with your personal data.

We may share your personal data with the following categories as an example, we keep a detailed list of recipients:

• our processors, who assist us in delivering our products and services;
• other Mobico Group companies;
• our suppliers, sub-contractors, business partners and our brand ambassadors who help us to provide our products and services to you;
• other business partners in connection with the provision of their products and services to you;
• our legal and professional advisors;
• government bodies and regulatory authorities, including the An Garda Síochána and other crime prevention and detection agencies, the Irish Naturalisation and Immigration Service and other immigration authorities and the Irish Data Protection Commission;
• the courts and other dispute resolution arbitrators and mediators, other parties to legal proceedings and passenger transport watchdogs;
• analytics and search engine providers that assist us in the improvement and optimisation of our website; and
• other companies that take on any part of our business as a result of a restructure, merger or transfer of that part of our business.

Where we share your personal data with business partners for the purpose of them providing products and services to you this will be because it is essential to do this to fulfil a contract with you.

In addition, if you follow a link to any of the websites of advertisers and affiliates on our websites, these third party websites may have their own Privacy Notices or policies. We do not accept any responsibility or liability for these notices or policies or the third parties’ handling of your personal data. Please check the relevant third party’s Privacy Notice before you submit any personal data to them.

There may be occasions where it is necessary for us to transfer your personal data to a country outside of the European Economic Area (“EEA”). The transfer will take place only if the territory provides adequate protection for the privacy rights of individuals. The European Commission certifies that some third countries have data protection that is comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be downloaded from: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

Where we transfer your personal data to other Mobico Group companies and/or third parties who process your personal data on our behalf in countries outside the EEA we will have , we entered into appropriate contracts and transfer agreement with those Mobico Group companies and/or third parties based on the standard contractual clauses approved by the European Commission, a copy of which can be found here. Also where applicable the UK Information Commissioner Office, International Data Protection Transfer Agreement and/or Data Protection Addendum and Risk Assessments. 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements in respect of our relationship with you.

Where we process your personal data to fulfil:

• a legal obligation, we will process such personal data for so long as necessary to fulfil that obligation; or
• a contract with you, we will process such personal data until we fulfil that contract and for so long thereafter as may be necessary to keep a record of that contract, which will typically be for 6 years, and to deal with any complaints or claims relating to that contract, which will be until the final resolution of such complaints or claims (having regard to the nature of any potential claims and the limitation of liability periods that apply to them). We will hold data for a shorter period of time such as call recordings, (12 months).

Where we process your personal data based on:

• our legitimate interest, we will process such personal data for so long as necessary to achieve that legitimate interest, which will typically be for 6 years after we collect your personal data or the last time we use your personal data (or longer in relation to any legal claims that might arise having regard to the nature of any potential claims and the limitation of liability periods that apply to them); or
• your consent, we will process such personal data until you withdraw that consent. It will take a short time to process any withdrawal of your consent.

We may also retain your personal data for longer if we cannot delete it for legal, regulatory or technical reasons.

You have a number of rights in relation to your personal data. These include the right, subject to exceptions, to:

• to be informed;
• access your personal data;
• request the rectification or erasure of your personal data;
• request restrictions on the processing of your personal data;
• For data portability;
• automated decision making including profiling; and
• object to our processing of your personal data.

Please contact the Data Protection Officer (DPO) Ireland if you wish to exercise any of these rights.

You also have the right in some circumstances to receive a copy of your personal data in a portable format. This right is limited to personal data that you have provided to us and is processed on the basis of your consent or your contract with NXI. It does not cover personal data that we process on other grounds.

Please contact the Data Protection Officer (DPO) Ireland to request a portable copy of the data that you have provided and is processed on these bases.

We have created a functionality within our App that allows a user to be in the driving seat of their personal data. You can make the decision to remove the account and delete profile data (name, username and password). We will continue to hold personal data attributed to transactional records e.g. data provided to travel onboard our services (to include full name and email address).

We and Distribution will continue to hold ticketing data related to your purchases in line with regulatory obligations for the duration of our independent retention period. You will need to refer to the Privacy Notice for Distribution with regard to payment card data as they are an independent data controller.

If you have contacted our customer contact centre, this is a data deletion request that will not be initiated through an in App deletion request.

To delete your account, follow these simple steps (ensure that you are signed in):

1. Go to the App Settings
2. Select sign in and security
3. Choose delete account
4. Select delete account
5. Completed and we will follow up with an email to confirm deletion

If you have any questions or complaints about how we process your personal data, or otherwise about the matters set out in this Privacy Notice, please contact the National Express Data Protection Officer (Ireland) at:

• Address: Data Protection Officer (Ireland), National Express, National Express House, Birmingham Coach Station, Mill Lane, Digbeth, West Midlands, England, B5 6DD

or

• Email address: data.protection@nationalexpress.com

Please state that your query relates to Dublin Express and/or that you require the DPO (Ireland) so we can route it correctly.

You also have the right to complain at any time to the Irish Data Protection Commission about how we use your personal data and can contact them on their helpline: +353 761 104 800 or website at www.dataprotection.ie.