This Privacy Policy explains how Nova Group Sp. z o.o., operating TrainCompass, collects, uses, stores, and shares personal data when you use our website, create an account, search routes, make a booking, contact support, or otherwise interact with our services.
The controller of your personal data is:
Nova Group Sp. z o.o.
Tax ID (NIP): PL7011215529
Żurawia 6/12 Lok. 745
00-503 Warszawa
Poland
Email: letsride@traincompass.com
If we have appointed a data protection officer or other dedicated privacy contact, their details are: [insert if applicable].
This Privacy Policy applies to personal data processed in connection with:
This Policy does not replace any operator-specific privacy information that may apply to the underlying rail service where relevant.
Depending on how you use TrainCompass, we may collect the following categories of personal data:
We do not intentionally collect full payment card numbers, CVV codes, passwords, or one-time codes through support channels.
We may receive personal data from:
We process personal data only where we have a valid legal basis under applicable data protection law. The appropriate legal basis depends on the purpose of processing. A valid legal basis is required under GDPR, and the legal basis chosen affects which rights apply in a given situation.
We process personal data to operate the website, enable account access, maintain sessions, and provide core user functionality.
Legal basis: performance of a contract or taking steps at your request before entering into a contract; in some cases, our legitimate interests in operating and securing the website.
We process personal data to receive booking requests, process transactions, issue or facilitate tickets, send booking confirmations, and deliver QR-coded tickets by email.
Legal basis: performance of a contract or steps taken at your request before entering into a contract.
We process personal data to respond to support requests, help with delivery issues, changes, disruptions, complaints, and post-booking assistance.
Legal basis: performance of a contract, compliance with legal obligations where applicable, and our legitimate interests in handling support and improving service quality.
We process data needed to confirm transactions, detect abuse, prevent fraud, and protect the integrity of our services.
Legal basis: performance of a contract, compliance with legal obligations, and our legitimate interests in fraud prevention and platform security.
We may process personal data to comply with tax, accounting, consumer protection, complaint-handling, and other legal requirements.
Legal basis: compliance with a legal obligation.
We may process usage logs, support logs, technical diagnostics, and aggregated interaction data to improve the website, troubleshoot issues, maintain system security, and develop features.
Legal basis: our legitimate interests in operating, improving, and securing our services.
If we send marketing communications or use non-essential marketing cookies, we will do so on the legal basis required by applicable law, which may include consent where needed.
Legal basis: consent where required, or legitimate interests where lawfully applicable.
Providing some personal data is necessary for us to provide bookings or support.
For example:
Where data is optional, we will generally indicate this.
We may share personal data with the following categories of recipients, only where necessary:
Where third parties process personal data on our behalf, we require them to act under appropriate contractual and legal safeguards.
Some of our service providers or technical infrastructure may process personal data outside the European Economic Area (EEA).
Where personal data is transferred outside the EEA, we will ensure that an appropriate transfer mechanism is in place, such as:
If you would like more information about the safeguards used for international transfers, you may contact us at letsride@traincompass.com.
We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.
Retention periods may vary depending on the category of data and the purpose of processing. In general:
We retain account-related data for as long as the account remains active and for a reasonable period afterward where needed for security, legal, or dispute-handling purposes.
We retain booking, order, and transaction-related data for as long as necessary to perform the contract, provide support, handle claims or complaints, and comply with legal obligations such as tax and accounting retention requirements.
We may retain support emails, chat messages, voice transcripts, and complaint-related records for as long as necessary to resolve the matter, improve support quality, defend against claims, or comply with legal obligations.
Technical logs, error logs, and security-related records may be retained for a limited period necessary for troubleshooting, service protection, abuse prevention, and evidentiary purposes.
Where data is processed for analytics or marketing purposes, retention will depend on the tool used, the legal basis, and the settings implemented. Further information may also be available in the Cookies Policy.
Once personal data is no longer needed, we will delete it, anonymize it, or otherwise securely dispose of it, unless further retention is required by law.
Under the GDPR and applicable law, you may have the following rights, subject to the conditions and limitations set by law:
To exercise your rights, contact us at letsride@traincompass.com.
We may need to verify your identity before responding to a request, especially where the request concerns account, booking, or transaction data.
Where processing is based on our legitimate interests, you may object on grounds relating to your particular situation.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to such processing.
Where processing is based on consent, withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority.
In Poland, the supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych – UODO).
You may also contact us first at letsride@traincompass.com, and we will do our best to address your concerns.
TrainCompass may use cookies and similar technologies to:
For more information, please see our Cookies Policy, including details on cookie categories, retention, and how to manage cookie preferences.
If you contact us through support channels such as email, chat, forms, or voice tools, we may process the information you provide, including:
Please do not send sensitive payment details such as full card numbers, CVV codes, passwords, or one-time codes through support channels.
Where voice support is used, the interaction may involve transcript processing and related technical event logs for service delivery, quality assurance, debugging, or security purposes.
If audio recording is ever enabled separately, we will clearly communicate the applicable conditions and legal basis.
Payments are typically processed by third-party payment service providers. We do not intentionally collect or store full payment card details in our support systems.
We may process limited payment-related metadata necessary for:
This may include transaction references, payment status, timestamps, and in limited cases the last 4 digits of a card where needed for tracing or support.
TrainCompass is not intended for independent use by children without the involvement of a parent or guardian where such involvement is required under applicable law.
We do not knowingly collect personal data directly from children in a manner that violates applicable law. If you believe that personal data has been provided unlawfully by a child, please contact us at letsride@traincompass.com.
We take appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction.
These measures may include, where appropriate:
No internet-based system can be guaranteed to be completely secure, but we aim to apply security measures proportionate to the risks involved.
TrainCompass may integrate with or link to third-party services, including rail operators, payment providers, communication tools, or other platforms.
Where you interact directly with a third-party service, that third party may process your data under its own privacy practices and terms. We encourage you to review their policies where relevant.
TrainCompass may use automated processes to support fraud detection, routing logic, technical diagnostics, service optimization, or booking workflows.
However, we do not intend to rely on solely automated decision-making that produces legal effects concerning you or similarly significantly affects you unless the legal conditions for doing so are met and the required safeguards are provided.
We may update this Privacy Policy from time to time, including due to:
The updated version will be published on the website with an updated effective date and last updated date.
If you have questions about this Privacy Policy or how we process personal data, contact:
Nova Group Sp. z o.o.
Żurawia 6/12 Lok. 745
00-503 Warszawa
Poland
Email: letsride@traincompass.com
If you have questions about this Privacy Policy or how we process personal data, contact us.
Live Chat Support
Start a chat and we will help with date changes, ticket delivery, fees, disruptions, and privacy questions.