Data Protection Policy

Our Commitment to Data Protection

At AmmTrain, we take your privacy and data security seriously. This comprehensive Data Protection Policy outlines how we collect, use, disclose, and safeguard your personal information when you use our independent train reservation services across the United States.

As an independent third-party train booking service, we are committed to maintaining the trust and confidence of our customers. We implement robust security measures and follow industry best practices to protect your personal data throughout your journey with us.

This policy complies with applicable data protection laws and regulations, including but not limited to the California Consumer Privacy Act (CCPA), and demonstrates our commitment to transparency in how we handle your personal information.

Our Data Protection Principles

We adhere to the following core principles in our data protection practices:

Information We Collect

To provide our independent train reservation services, we collect various types of information:

Personal Information

When you make a booking or create an account, we collect:

• Contact Details: Name, email address, telephone number, and mailing address
• Booking Information: Travel dates, routes, passenger details, seating preferences
• Payment Information: Credit/debit card details (processed securely by our payment providers)
• Identification: Information required for special fares (student, senior, military status)

Automatically Collected Information

When you visit our website, we automatically collect:

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent on site, click patterns, search queries
• Location Data: Generalized location information to provide relevant train services

Information from Third Parties

We may receive information from:

• Train service providers to confirm bookings and manage reservations
• Payment processors to verify transaction details
• Marketing partners (with your consent) to provide personalized offers

How We Use Your Information

We use your personal data for the following purposes:

Service Provision

• Processing and managing your train reservations and bookings
• Communicating booking confirmations, changes, and updates
• Providing customer support and resolving inquiries
• Managing your account and preferences

Legal and Compliance

• Meeting legal and regulatory requirements
• Preventing fraud and unauthorized transactions
• Maintaining records for tax and accounting purposes
• Enforcing our terms and conditions

Marketing and Communications

• Sending promotional offers and travel deals (with your consent)
• Personalizing your experience based on travel preferences
• Conducting customer satisfaction surveys
• Notifying you about service updates and new features

Service Improvement

• Analyzing website usage to enhance user experience
• Developing new services and features
• Monitoring and improving website performance
• Conducting market research and analysis

Information Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

Service Providers

We share necessary information with trusted third parties who assist us in operating our website and providing services:

• Train Service Providers: To process and manage your reservations
• Payment Processors: To securely handle payment transactions
• Customer Support: To provide 24/7 assistance with your bookings
• IT Service Providers: For website hosting, maintenance, and security

Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Protect our rights, property, or safety, and that of our users
• Investigate potential fraud or security breaches
• Enforce our terms of service and other agreements

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the new entity, subject to the same data protection commitments.

Data Security Measures

We implement comprehensive security measures to protect your personal data:

Technical Safeguards

• Encryption: SSL/TLS encryption for all data transmissions
• Secure Storage: Data stored in secure, access-controlled environments
• Payment Security: PCI DSS compliant payment processing
• Network Protection: Firewalls, intrusion detection, and prevention systems
• Regular Backups: Secure backup procedures to prevent data loss

Organizational Measures

• Staff Training: Comprehensive data protection training for all employees
• Access Controls: Role-based access to personal data on a need-to-know basis
• Security Policies: Clear data protection policies and procedures
• Incident Response: Established protocols for data breach response

Continuous Improvement

We regularly review and update our security measures to address emerging threats and maintain compliance with industry standards. Our security practices are audited periodically to ensure effectiveness.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Retention Periods

• Booking Information: 7 years from the date of travel for tax and legal compliance
• Customer Accounts: While your account remains active, plus 3 years after last activity
• Marketing Data: Until consent is withdrawn or 3 years after last interaction
• Customer Service Records: 5 years from resolution of inquiry
• Payment Records: 7 years for financial and tax compliance

Data Disposal

When personal data is no longer needed, we securely delete or anonymize it using methods that prevent recovery or reconstruction. Electronic data is permanently erased, and physical records are securely shredded.

Your Data Protection Rights

You have several rights regarding your personal data. To exercise any of these rights, please contact our Data Protection Officer.

Access and Information

You have the right to:

• Request access to the personal data we hold about you
• Receive information about how we process your data
• Obtain a copy of your personal data in a structured, machine-readable format

Correction and Deletion

You have the right to:

• Request correction of inaccurate or incomplete personal data
• Request deletion of your personal data when it's no longer necessary
• Withdraw consent for data processing where consent is the legal basis

Restriction and Objection

You have the right to:

• Request restriction of processing in certain circumstances
• Object to processing of your personal data for direct marketing
• Object to automated decision-making, including profiling

Complaints

If you believe we have not complied with data protection laws, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

International Data Transfers

As an independent train booking service operating in the United States, we primarily process data within the U.S. However, in some circumstances, your data may be transferred to and processed in other countries.

Cross-Border Data Transfers

When we transfer personal data outside the United States, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by relevant authorities
• Standard contractual clauses approved by regulatory bodies
• Binding corporate rules for intra-group transfers
• Certification under approved certification mechanisms

Third-Party Transfers

When we share data with international train service providers or other third parties, we ensure they provide adequate protection for your personal data through contractual obligations and security measures.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience, analyze site traffic, and personalize content.

Types of Cookies We Use

• Essential Cookies: Necessary for website functionality and security
• Performance Cookies: Help us understand how visitors interact with our website
• Functionality Cookies: Remember your preferences and settings
• Targeting Cookies: Used to deliver relevant advertisements

Cookie Management

You can control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may impact website functionality.

For detailed information about the cookies we use and how to manage them, please refer to our separate Cookie Policy.

Policy Updates

We may update this Data Protection Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make changes, we will revise the "Last Updated" date at the bottom of this policy.

Notification of Changes

For significant changes to how we process your personal data, we will:

• Provide prominent notice on our website before the changes take effect
• Notify registered users via email when appropriate
• Where required by law, seek your consent for substantial changes

We encourage you to periodically review this policy to stay informed about how we protect your personal data.

Contact Information

If you have any questions, concerns, or requests regarding this Data Protection Policy or our privacy practices, please contact us:

Data Protection Officer

Email: dpo@ammtrain.com

Phone: 1-888-507-5786 (ask for Data Protection Officer)

Mail: Data Protection Officer, AmmTrain, 123 Train Avenue, New York, NY 10001

Response Time

We strive to respond to all legitimate requests within 30 days. Occasionally, it may take longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.