Privacy Policy

This Privacy Policy explains how the information you give us as part of the job application process (whether it’s directly applying for a job on our website, or through a recruitment agency or online job portal)  is collected and processed by the core Trainline group of companies, Limited and Trainline S.A.S (together the “Trainline Group of Companies”) (we’ll also refer to the two companies together as “we”, “us” or “Trainline” to be clear) as joint Data Controllers. It also covers how you can exercise your rights.


You give us your personal data, for different reasons at different stages of the application process. To make thing simple, we’ve split the key processing areas into sections below.


We process personal data that relates to you so that we can –

  • Confirm your identity and your right to work
  • Understand your work history
  • Make sure you’ve got the necessary skills to successfully perform the role we’ve advertised.

We need the above info to be able to enter into a contract for employment.

We only ask for details on your health and any disabilities you may have to help us give you any reasonable adjustments and to comply with the relevant Equality and Health and Safety Laws. It’s voluntary info that you don’t have to give if you’d rather not – we only collect this data with your explicit consent.

If you’re applying for a job in our London or Edinburgh office (that’s for employment with Limited), we may also need to check your criminal record and do some financial background checks, where applicable and necessary for the role you’re applying for. This may involve details relating to active criminal offences and information about your credit score. We work with third-party service providers (listed below) to check this info, and they process your data as Data Controllers in line with their own privacy policies.


We process this info, where necessary, to help us decide if you’re suitable for employment as part of our obligations as an employer. We only work with trusted third parties who carry out these checks, only when it’s necessary and relevant to your role. If you’re not happy to give us this info, we may not be able to proceed with your offer of employment.


If we’ve given you a provisional offer, we’ll need to check your references to validate your last three years of employment. That means, you’ll need to give us the contact details for referees so we can confirm your work history and skill set. Where applicable, we’ll wait ‘til you’ve confirmed you’ve handed in your resignation to your current employer.  It’s in our legitimate interest to verify your experience. If you choose not to give us this info, we won’t be able to continue with your application.


If you’re successful in your application (Congrats!) your personal info will be held in your employee file, in line with the privacy policy set out in our Staff Handbook. We’ll give you access to the Staff Handbook if you’re given an offer for your role. If your application is unsuccessful, we may hold your info in our talent pool, in line with our legitimate interest of contacting you in case a future vacancy comes up you may be suitable for, or to add into any further applications you make for new positions with us.

We’ll hold your data for a maximum of two years from the date your application was submitted. If you’d rather we didn’t keep you on file to let you know about future posts, please just let us know and we’ll delete it.  We may retain pseudonymous and where possible, anonymised statistical information to help inform our recruitment activities.


We may share your info within the Trainline Group of Companies and with third-party service providers, for the purpose of collecting, processing and validating your info to support your application. These third parties will only have access to the relevant details they need and won’t use your info for any other reason. Of course, they’ll also be required to follow data protection laws, including taking adequate steps to secure and protect your personal info. If any of these third-party service providers are based outside the EEA (European Economic Area), we’ll make sure that suitable safeguards are in place.


We take the security of your personal data very seriously.

We use a whole bunch of clever security measures (physical, electronic and administrative) to protect the info that we collect about you from anyone who shouldn’t have it. The measures we put in place protect you from any unlawful processing of your data, as well as accidental loss, destruction and damage.


Here’s where we cover the lowdown on what you need to know. We’ll happily take requests from you if you want to exercise your individual rights over your personal data. These rights are –

  • To be told about how your data is processed
  • To access your data
  • To stop or limit certain processes
  • To correct incorrect info
  • To ask us to delete certain info
  • To port data (porting is just a fancy way to say “transferring data to another data controller in an easy-to-read manner”)
  • To object to how we’re handling your personal data
  • To withdraw your consent at any time (in cases where we rely on your consent).

Because we know how important your personal data is to you, we do everything we can to respond to you in a timely fashion. Legally though, we have up to one calendar month from the date we get your request to reply to you (this deadline may be extended for complex or large requests), as long as –

  • You’ve given us any info we need to confirm your identity and given us clarity about the relevant personal data you’re requesting.
  • We’ve not already responded to an identical or similar request within a very short timeframe.

Please bear in mind that if/when we get a request from you, we’ll need to balance your rights with the rules we have around processing your personal data. For legal reasons, we need to stick to the rules. If we can’t deal with your request, either in full or in part, we’ll explain our reasons clearly.


Please contact us by emailing us at or writing to us at

Data Protection Officer Limited
PO Box 600 6162
EH11 3YT


Please note, we may require proof of ID before we can deal with your request.

If you’re applying for a job in our Paris office, your data will be looked after by Trainline S.A.S and any complaints need to go to Commission Nationale de L'informatique et des Libertés (

If you’re applying for a job in any other location, then your data will be looked after by and any complaints should be directed to the Information Commissioners Office (



v1.1 31 August 2018