Privacy Policy

How we collect, use, and protect your personal information

Last Updated: 24 August 2025

This Privacy Policy explains how George and Trains ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

George and Trains is a railway enthusiast website and merchandise business based in the United Kingdom. We provide content about heritage railways, trainspotting tips, and sell railway-related merchandise.

Data Controller: George and Trains

Contact: For any privacy-related queries, please contact us via our website contact form or email.

2. Information We Collect

Information You Provide to Us

  • Contact Information: Name, email address, postal address, phone number
  • Order Information: Billing and shipping addresses, payment details (processed securely through third-party providers)
  • Account Information: Username, password, preferences if you create an account
  • Communications: Messages you send us through contact forms, emails, or social media
  • Reviews and Comments: Any content you submit on our website

Information We Collect Automatically

  • Website Usage: Pages visited, time spent, links clicked
  • Device Information: Browser type, operating system, IP address
  • Cookies and Similar Technologies: See our Cookie Policy below
  • Analytics Data: Via Google Analytics and Google Tag Manager

3. How We Use Your Information

We use your personal information for the following purposes:

  • Order Processing: To process and fulfill your merchandise orders
  • Customer Service: To respond to your inquiries and provide support
  • Website Improvement: To analyze usage and improve our website and services
  • Marketing: To send you promotional emails (with your consent)
  • Legal Compliance: To comply with legal obligations and protect our rights
  • Fraud Prevention: To detect and prevent fraudulent activities

Legal Basis for Processing

Under UK GDPR, we process your personal data based on:

  • Contract: Processing necessary to fulfill our contractual obligations (e.g., order fulfillment)
  • Legitimate Interest: For website analytics, fraud prevention, and business operations
  • Consent: For marketing communications (you can withdraw consent at any time)
  • Legal Obligation: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service Providers: Payment processors, shipping companies, web hosting providers
  • Analytics Providers: Google Analytics (see Google's Privacy Policy)
  • Legal Requirements: When required by law or to protect our legal rights
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

International Transfers: Some of our service providers may be located outside the UK/EEA. We ensure appropriate safeguards are in place for such transfers in accordance with UK GDPR requirements.

5. Data Retention

We retain your personal information only for as long as necessary:

  • Order Information: 7 years for tax and accounting purposes
  • Marketing Emails: Until you unsubscribe or withdraw consent
  • Website Analytics: 26 months (Google Analytics default)
  • Customer Service Records: 3 years from last contact
  • Account Information: Until account deletion or 3 years of inactivity

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you

Right to Rectification

Correct any inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data in certain circumstances

Right to Restrict Processing

Limit how we use your personal data in certain situations

Right to Data Portability

Receive your personal data in a portable format

Right to Object

Object to processing based on legitimate interests or for marketing

Exercising Your Rights: To exercise any of these rights, please contact us using the details provided above. We will respond within one month of receiving your request.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Necessary for website functionality (e.g., shopping cart)
  • Analytics Cookies: Google Analytics to understand website usage
  • Marketing Cookies: Google Tag Manager for marketing analytics
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL encryption for data transmission
  • Secure hosting with reputable providers
  • Regular security updates and monitoring
  • Limited access to personal data on a need-to-know basis
  • Secure payment processing through PCI-compliant providers

9. Third-Party Services

Our website may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to these external services. We recommend reviewing their privacy policies.

Key Third-Party Services:

  • Google Analytics: Website analytics and performance monitoring
  • Payment Processors: Secure payment processing for orders
  • Shipping Partners: Order fulfillment and delivery services
  • Email Service Providers: For sending transactional and marketing emails

10. Children's Privacy

Our website is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. Your continued use of our website after such changes constitutes acceptance of the updated policy.

12. Contact Us and Complaints

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us through our website contact form.

Right to Complain: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your personal data has been processed unlawfully. You can contact the ICO at ico.org.uk or by calling 0303 123 1113.