Show search form
Close search

App Privacy Notice

This privacy notice explains how Nomad Digital Limited collects, processes and stores your personal data through your use of the Nomad Navigator mobile application (“App”). This privacy notice is to be read alongside the App’s Terms of Use.

The App is not intended for children; we do not knowingly collect personal data relating to children.

WHO WE ARE

We are Nomad Digital Limited, a private limited company registered in England and Wales with company number 04536010 (“we”, “us” or “our”). Our registered office is at The Place, 8th Floor, High Holborn, London, England WC1V 7AA and our principal place of business is at 5th Floor, One Trinity, Broad Chare, Newcastle upon Tyne NE1 2HF.

Nomad Digital Limited is registered with the Information Commissioner’s Office (“ICO”) under registration number Z2285351.

DATA PROTECTION OFFICER

We have appointed a Data Protection Officer, who is responsible for overseeing our ongoing commitment to data protection and privacy. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below.

HOW TO CONTACT US

Email address: dpo@nomadrail.com

Postal address: FAO Data Protection Officer, Nomad Digital, 5th Floor, One Trinity, Broad Chare, Newcastle upon Tyne, United Kingdom NE1 2HF

Telephone number: +44 (0) 3300889320

YOUR RIGHT TO COMPLAIN

You have the right, at any time, to make a complaint to the ICO or your local supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or your local supervisory authority, so we kindly request that you Contact Us in the first instance.

You can contact the ICO on 0303 123 1113 or by visiting to www.ico.org.uk/concerns.

If you are based in the EU, you have the right to lodge your complaint with the supervisory authority in your country of residence.

PERSONAL DATA THAT WE COLLECT ABOUT YOU

Personal data means any information about an individual from which that person can be identified. It does not include data where a person’s identity has been removed.

In relation to the App, we may collect, use and store different kinds of personal data about you, which we have grouped together as follows:

  • Identity Data, including your name;
  • Contact Data, including your corporate email address;
  • Usage Data, including times and dates when you used the App;
  • Device Data, including information about your mobile or other device;
  • Content Data, including which trains you accessed when using the App; and
  • Location Data, including where you accessed the App.

In isolation, some of the above information may not constitute personal data, however – when combined with other information – it may become information from which you can be identified. Therefore, the above information has been included within this privacy notice.

Please note that we do not collect any special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

HOW IS YOUR PERSONAL DATA COLLECTED?

We will collect your personal data in the following ways:

  • Information that you give us – This is information (including Identity and Contact Data) that you consent to giving us when you register to use – and use – the App.
  • Information that we collect about you and your device – Each time you visit and use the App, we will automatically collect certain personal data, such as Device, Content and Usage Data. We collect this personal data using application interaction logging and other similar technologies.
  • Location Data – We also use GPS technology to determine your current location. Some of our location-enabled services require your personal data for the feature to work. If you wish to use said feature, you will be asked to consent to your personal data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings or by withdrawing your consent in accordance with this privacy policy, however this may affect your ability to use the App.

If you do not agree with how we will process your personal data (as detailed in this privacy notice), then we ask you not to provide your personal data to us.

When we collect your personal data, we will make it clear which personal data is mandatory in order to use the App and which personal data can be given to us voluntarily.

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:

  • Where you have provided your consent; or
  • Where it is necessary for our (or a third party’s) legitimate interests, e.g. where we have business or commercial reasons to use your personal data, unless such interests are overridden by your interests or fundamental rights and freedoms.

The below table demonstrates the purposes for which we may use your personal data, including the type of personal data and the lawful basis:

THIRD PARTIES

Unless we are legally required to do so, we do not share your personal data with any third parties outside your employer, as our corporate customer, and our group of companies. For your information, our group of companies consist of Nomad Digital Limited, Nomad Holdings Limited, Nomad Digital GmbH, Nomad Digital Pty Limited, Nomad Digital BV, Nomad Digital Inc, Nomad Digital ApS, Nomad Digital France, Nomad Digital Italia S.r.l. and Nomad Digital Belgium (each being a “Group Company” and together the “Group”). If you require any additional information regarding any Group Company, please do not hesitate to Contact Us.

We will only share your personal information with a Group Company where it is related to our provision of the App and necessary for our legitimate interests. With the exception of the USA, Australia and the UK (post-Brexit), all Group entities are situated in countries that have received some form of adequacy decision by the European Commission, meaning that we only share your personal information to and between countries deemed to provide an adequate level of protection. Nevertheless, any transfer of your personal information within the Group – including the USA, Australia and the UK – is governed by the Standard Contractual Clauses in their entirety and without amendment, which each Group Company has signed up to.

We may disclose your personal data if we are under a legal obligation to do so, to prevent fraud, or to protect our rights, property or the safety of our customers, suppliers or employees.

We may share your personal data in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, or if we or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets.

If your personal data is provided to any third parties, you are entitled to request details of the recipients of your personal data or the categories of recipients of your personal data.

CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we originally collected it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis upon which we propose to do so.

INTERNATIONAL TRANSFERS

As stated above, where it is related to our provision of the App and necessary for our legitimate interests, we may share your personal data within our Group. In exceptional circumstances, this may involve transferring your personal data outside the European Economic Area (“EEA”). Whenever we transfer your personal data out of the EEA, we will ensure that a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

  • Transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • One of the derogations in the GDPR applies (including if you explicitly consent to the proposed transfer); or
  • Put in place a contract with the recipient of the personal data, which means that the recipient must protect the personal data to the same standards as required within the EEA.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data being accidentally lost, used or accessed in an unauthorised way, or otherwise altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach, and we will notify you and any applicable supervisory authority of a breach where we are legally required to do so. We are obliged to notify the Information Commissioners Office without undue delay, and where feasible, no later than 72 hours of becoming aware of a personal data breach, unless we consider that the personal data breach is unlikely to result in a risk to your rights and freedoms.

DATA RETENTION

We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In the event that you do not use the App for a period of one year, or if you leave the employment of your employer (i.e. our corporate customer), then we will treat the account as expired and your personal data will be deleted.

In certain circumstances, we may anonymise your personal data so that it can no longer be associated with you, so that we can use this for business planning and other business uses that are in our legitimate interests. When we do this, we may use such anonymised information without further notice to you.

YOUR LEGAL RIGHTS

In certain circumstances, you have the following legal rights in relation to your personal data:

  • To request access to your personal data that we hold;
  • To request correction of the personal data we hold about you if it is incorrect, out of date or incomplete;
  • To request erasure of your personal data;
  • To object to processing of your personal data (please see further below);
  • To request the processing of your personal data be restricted;
  • To request the transfer of your personal data so that it can be transferred to you or a third party that you have chosen; and
  • To request we discontinue any consent-based processing of your personal data after you withdraw that consent. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain things to you and/or the App may not work as effectively.

You have the right, at any time, to object to the processing of your personal data which is necessary for the purposes of the legitimate interests pursued by us or a third party. If you object to the processing, we must no longer process that personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.

If you wish to exercise any of the above rights, please Contact Us. Please note that we may not be required to comply with your request. If this is the case, we will notify you.

RIGHT OF ACCESS

You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded or excessive (particularly where requests are repetitive). Alternatively, we may refuse to comply with your request in such circumstances.

We may need to request specific information from you in order to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request.

Please note that we try to respond to all legitimate requests within one (1) calendar month. If this is not possible because the following month is shorter and there is no corresponding calendar date, the date for response is the last day of the following month. If the corresponding date falls on a weekend or a public holiday, we have until the next working day to respond. For example, if we receive your request on Thursday 3 September 2020, we will have until Monday 5 October 2020 to respond, as 3 October 2020 falls on a Saturday. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.

If you have any questions at all in relation to this privacy notice or any other matter relating to your personal data, please feel free to Contact Us.

This privacy notice was last updated on 17 December 2020. We may change this notice by updating this page to reflect changes in the law or our data protection practices. We will also inform you of significant changes to this policy and ask for your consent should this be required by law.