Privacy Policy
Last updated: 22 June 2026
1. Who we are
Concert Travel Solutions is the data controller for the personal information described in this policy.
Email: info@concerttravelsolutions.com
Website: concerttravelsolutions.com
2. Information we collect
Depending on how you use our services, we may collect:
- customer and passenger names, email addresses and phone numbers;
- booking, order, route, pickup point, ticket and payment-status information;
- adult or child ticket classification where a child price is offered;
- waiting-list requests, seat requirements and payment-link status;
- account details and communications with us;
- testimonial submissions, ratings and any information you choose to include;
- technical information such as IP address, browser, device, cookies, security logs and website usage information.
We do not receive or store your full payment-card number. Card payments are processed by our payment provider.
3. Information about other passengers
A person making a booking may provide information about other passengers. The person making the booking must be authorised to provide those details and should make this Privacy Policy available to each passenger.
We use passenger details to issue tickets, organise pickups, communicate service information and prepare operational manifests. We do not require a passenger’s date of birth. Where an adult or child classification is collected, it is used only for ticket pricing and booking administration.
4. How we use personal information
We use personal information to:
- take and administer bookings and payments;
- issue and verify passenger tickets;
- organise routes, pickup points, buses, shuttles and passenger manifests;
- send trip updates, pickup instructions and important service messages;
- operate waiting lists and send time-limited seat offers or payment links;
- handle changes, cancellations, refunds, enquiries and complaints;
- maintain accounting, tax and transaction records;
- protect our website, customers and services against misuse, fraud and security threats;
- improve our website and services; and
- publish testimonials where the contributor has chosen to submit one for publication.
5. Our lawful bases
We rely on the following lawful bases under UK data-protection law:
- Contract: to take steps requested before a booking and to provide the booked transport service.
- Legal obligation: to keep records and comply with tax, accounting, regulatory and legal requirements.
- Legitimate interests: to operate routes and waiting lists, answer enquiries, maintain appropriate operational records, prevent fraud, secure our systems and improve our services. We consider and balance these interests against individual rights.
- Consent: where required for optional non-essential cookies, marketing, or publication of material such as a testimonial. Consent can be withdrawn at any time.
6. Information required to provide the service
Customer and passenger contact details, route, pickup and ticket information are required to administer a booking safely and provide the transport service. If required information is not supplied, we may be unable to accept or fulfil the booking.
7. Who we share information with
We share only the information reasonably required for the relevant purpose. Recipients may include:
- our authorised staff and operational administrators;
- coach operators, drivers and other transport providers operating the booked service;
- payment providers, including Stripe, and banks involved in processing a payment or refund;
- website hosting, email-delivery, IT support, security, backup, analytics and cookie-management providers;
- professional advisers, insurers, law-enforcement bodies, courts or regulators where reasonably necessary or legally required.
Passenger manifests supplied to operators and drivers contain only the details needed to operate the trip, manage pickups and account for passengers.
8. WhatsApp groups and channels
Some trips may include an optional link to a WhatsApp group or channel. Joining is not required to travel. If you choose to use the link, WhatsApp and its owner Meta process information under their own terms and privacy policy. Depending on the type of WhatsApp service used, your profile information or phone number may be visible to WhatsApp, administrators or other participants.
9. International transfers
Some service providers may process information outside the United Kingdom. Where this happens, we require an appropriate legal transfer mechanism, such as UK adequacy regulations, the UK International Data Transfer Agreement or an approved UK addendum to standard contractual clauses, as applicable.
10. How long we keep information
- Orders, invoices, payments and accounting records: normally six years after the relevant transaction or financial period, where required for legal, tax and accounting purposes.
- Operational passenger manifests and working trip lists: normally deleted or anonymised within 12 months after the trip, unless required for an unresolved incident, complaint, claim or legal obligation. Core order records may be retained for the longer accounting period above.
- Unsuccessful waiting-list entries: normally deleted within 30 days after the trip. Entries that result in an order follow the order-retention period.
- General enquiries: normally retained for up to 24 months after the enquiry is resolved.
- Testimonials: retained while published or until they are withdrawn or no longer required.
- Security and technical logs: normally retained for up to 12 months, or longer where needed to investigate a security incident.
Information in backups is removed through the normal backup-rotation cycle. We may retain information longer where reasonably necessary for a legal claim, safeguarding issue, investigation or statutory obligation.
11. Cookies and analytics
We use essential cookies for functions such as baskets, checkout, security and account access. With your permission, we may also use non-essential analytics or other cookies. Details and choices are available in our Cookie Policy and cookie-settings tool.
12. Security
We use reasonable technical and organisational measures to protect personal information. These include access controls, software and security monitoring, encrypted website connections and restricted access to operational information. No online system can be guaranteed completely secure.
13. Your rights
Depending on the circumstances and lawful basis, you may have the right to:
- access personal information we hold about you;
- correct inaccurate or incomplete information;
- request deletion of information;
- restrict how information is used;
- object to processing based on legitimate interests or to direct marketing;
- receive certain information in a portable format; and
- withdraw consent at any time where processing is based on consent.
These rights are not absolute and may be limited by legal or contractual obligations. To exercise a right, email info@concerttravelsolutions.com. We may need to verify your identity.
14. Complaints
Please contact us first so we can try to resolve any concern. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK data-protection regulator, through ico.org.uk/make-a-complaint.
15. Automated processing
Our booking system automatically checks seat availability and may stop a booking where insufficient capacity remains. We do not use personal information to make solely automated decisions that produce legal or similarly significant effects, and we do not use passenger information for profiling.
16. Changes to this policy
We may update this policy when our services, suppliers or legal obligations change. The current version and its update date will be published on this page.