Privacy Policy

This page provides a description of the procedures for managing the website of Eurail Group G.I.E. (Eurail), with regard to processing of personal data of the Eurail Media Portal. The policy is provided only for the aforesaid website and is not to be considered valid for other websites that the user may access through link, for which Eurail Group is not responsible.



Upon registration and access of this website, personal data is collected and may be processed. Trough the aforementioned actions the user, referred to as the data subject, agrees to the collection and processing of private data, strictly for the purpose described in this privacy policy. In accordance with European and Dutch Data Privacy laws Eurail Group is considered as Data Controller, whereas processing of personal data is carried out by employees of Eurail, as well as trusted third party, subject to a Data Processing Agreement. For the purposes described herein data Processors are both Eurail and GmbH.



Processing associated with the web services offered by this site is carried out at the head office of Eurail and is performed only by employees and collaborators of Eurail appointed persons in charge of processing, or by persons in charge of occasional maintenance operations. The personal data provided by users requesting dispatch of information and related material is used for the sole purpose of carrying out the service requested and is not disclosed to third parties, unless disclosure is required by a legal obligation imposed on the Controller or the Processor by a relevant authority or court. Personal data is not stored for period longer than necessary for the fulfillment of the purpose for which it is collected and processed.




In the course of their normal use, computer systems and software procedures used to enable functioning of the website acquire personal data of which transmission is implicit when internet communication protocols are used. This is information that is not collected to be associated with identified data subjects but, by its very nature could, through processing and association with data held by third parties, allow identification of the users.

This data category includes IP addresses or domain names of the computers used by the Users who connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

This data is used only for gathering statistical information on use of the website and for checking that it is in good working order and is deleted immediately after processing. The data could be used to establish liability in the event of hypothetical computer crimes to the detriment of the website.



Optional, explicit or voluntary dispatch of emails to the addresses indicated on this website leads to subsequent acquisition of the sender’s address, necessary to reply to the requests, as well as of other personal data included in the message.  Specific summary information is stated on the pages of the website to be used for specific on-demand services.


No personal data concerning users is deliberately acquired by the website. Cookies are not used to transmit personal information, nor are any form of persistent cookies or of user tracing systems. Use of session cookies (which are not persistently stored on the user’s computer and disappear when the browser is closed) is strictly limited to transmission of session identifiers (made up of casual numbers generated by the server) required to allow safe and efficient exploration of the website.



Except as specified for connection data, the user is free to provide personal data to request dispatch of informative material or for other communications. Failure to disclose this data may mean that it is impossible to obtain the requested information.



Personal data is processed with automated equipment, for the time strictly required to achieve the purposes for which it was collected. Specific security measures are observed to prevent loss of data, unlawful and improper use and unauthorized access.



The subjects to whom the personal data refers are entitled to obtain at any time confirmation as to whether or not such data is stored and to know the content and source, check its accuracy or request its integration or update, or correction and are entitled to request deletion, transformation into anonymous form or blocking of data processed in breach of the law, or to object in any case, for legitimate reasons, to its processing. Requests must be addressed to the Data Controller at the following address:


Eurail Group G.I.E.
Lange Viestraat 331
3511BK Utrecht
The Netherlands