Introduction
At Northstar Constellation Limited, we are dedicated to safeguarding your privacy when you use our services.
This Privacy Policy outlines:
- The personal data we collect from you when you use our services, website, or contact us
- How we collect and use this data
- The measures we take to keep your data secure
- How you can contact us to exercise your rights or file a complaint
We have a separate privacy policy for children under the age of 16, which you can view here.
Contents
The data controller is: Northstar Constellation Limited (registered in England & Wales 14349090).
Registered address: Rwco Valley House, Kingsway South, Gateshead, United Kingdom, NE11 0JW.
Our Data Protection Manager is:
Daniel Graham, Managing Director
- A: Portland House, Belmont Business Park, Durham, United Kingdom, DH1 1TW
- E: dan@northstarbus.co.uk
Information we may collect from you
We may collect and process data about you when you:
- Purchase tickets
- Use our services or website
- Buy products from us
- Contact us
- Enter a competition
- Sign up for updates or marketing
The information we collect includes contact details, ticket purchases, bus stops visited, payment, and refund details. Some services may require additional details such as photographs for ID or age verification for age-restricted tickets. This data is generally provided by you.
How we use your information
We use your information as permitted by Data Protection Law. Based on your interactions with us, the consent you provide, our legitimate interests, or legal obligations, we may use your information to:
- Provide services, such as fulfilling contractual obligations, selling tickets, and processing payments
- Inform you about our services and travel information
- Notify you of promotions and offers, with your consent
- Improve our services for passengers and the wider community
- Ensure safety and security
- Prevent fraud and crime
- Enhance your website experience, as detailed in our cookie policy
- Run competitions
Sharing or disclosure of your information
We only share your information in accordance with this Policy and Data Protection Law, obtaining your consent when required. We ensure third parties comply with data security standards. We may share information for:
- Assisting with services through data processors under strict contractual terms
- Operating interoperable services
- Responding to complaints or requests
- Processing payment transactions
- Complying with law enforcement requests
- Fulfilling other legal obligations
- Protecting our legitimate business interests
- If you consent to receiving information for competitions, promotions, or research, sharing your contact details with limited parties
We follow strict protocols for one-off data sharing requests, such as those from insurance companies.
Types of Information we collect
CCTV
- We use CCTV to capture, record, and monitor sound and images at our bus depots and on our buses. This is for:
- Health and safety
- Crowd management
- Crime prevention
- Improving customer service
- CCTV footage is generally retained for 7-21 days. You can request copies of footage by making a subject access request. We may disclose footage to law enforcement under specific conditions.
Website visits and purchases
Before providing us with your details, please read the following important information regarding:
- Collection of visitor information;
- Hyperlinks;
- Cookies
Collection of visitor information
- We collect data about website visitors, such as the services accessed and frequently visited areas. This helps us improve our services. We gather personal information during registration, competitions, and ticket purchases, and use this data to personalize your experience and inform you of relevant products and services. You can opt-in or opt-out of receiving marketing communications.
Cookies
- We use cookies to remember your browsing habits. You can configure your browser to manage cookies. For more details, see our cookie policy. We protect your data with SSL encryption during online transactions, but we cannot guarantee complete security of your data.
Your Rights
Object to Direct Marketing
- You can ask us not to process your data for marketing by:
-
- Not ticking the marketing box
- Changing your contact preferences in your account
- Clicking the unsubscribe link in marketing emails
- Contacting us directly
Accessing your personal data
- You can request a copy of your personal data by contacting Customer Services. We may need to verify your identity before providing this data. Requests are typically fulfilled within 30 days.
Rectification/Restriction
- If your data is inaccurate or incomplete, you can ask us to correct it. You may also request a halt to data processing while disputes are resolved. We will respond within 30 days.
Deletion
- You can request the deletion of your data in certain circumstances. We will respond within 30 days, explaining what data we have deleted or why we retain some data.
Withdrawal of Consent
- You can withdraw your consent for data processing at any time. This does not affect prior processing. For direct marketing, update your preferences or contact us.
Objection
- You can object to further processing of your data for specific purposes, such as direct marketing. We will respond within 30 days.
Portability
- You can request that your data be provided in a structured, machine-readable format, if applicable. We will respond within 30 days.
Profiling and Automated Decision Making
- We may target marketing and service communications based on your ticket purchases and travel destinations.
How we handle rights requests
- We aim to respond to requests within 30 days. In complex cases, we may extend this period. We will inform you if any fees apply due to the nature of the request.
Complaints
- If we do not respond to your request within 30 days or you are dissatisfied with our response, you can lodge a complaint with the Information Commissioner’s Office or pursue legal action. Please contact our Data Protection Manager for complaints.
Data Retention
- We retain personal data for around 6 months after the legal limitation period or as required by industry standards. Identifiable marketing data is kept for approximately 3 years.
Changes to this Privacy Policy
- We may update this Privacy Policy occasionally.
