This Privacy Policy was last changed on 26 September 2019.


At Keolis, we are committed to handling your personal information responsibly and respect your right to privacy.


This privacy policy (“Policy“) describes how we use your personal information, which we collect through our website (“Website”) or otherwise as noted in this Policy.

In particular, this Policy sets out what information we collect, how we collect it, how we use it, why we use it, who we share it with and the rights to which you may be entitled.


We have tried to keep this document as clear and concise as possible. If you have any questions or anything in this Policy is unclear, please get in touch at the following email address: or using the contact details at the end of this Policy.


  1. Who we are

We are Keolis (UK) Limited (“we“, “us” or “our“)(a company registered in England with registered number 03292357) with its registered office at Evergreen Building North, 160 Euston Road, London, NW1 2DX and respect your privacy.


We are a controller for the purposes of applicable data protection laws. This means in relation to the personal information we collect we will determine why and how it is used.


  1. Your information

What we collect and how we use it:


You may choose to provide personal information (such as your name, address, telephone number and email address) when you communicate with us whether in person, through our website or via email, over the phone or via any other medium. Here are the ways you may provide the information and the types of information you may submit. We also tell you how we may use the information. The list below explains those uses for which we have a legitimate business interest.


When you contact us
If you communicate with us through the email address or phone number provided on our Website, you may provide information such as your name, email address and telephone number so we can respond to your questions and comments.




Our premises have CCTV cameras installed for security and monitoring of our premises and personnel and for health and safety purposes. The CCTV is run independently by a third party,  Trojan Security. We are not responsible for the way in which the images or recordings of you are used. We encourage you to read the privacy notice so you understand how any personal information recorded about you is used.  


Personal Information We Collect by Automated Means

We collect certain information by automated means when you visit our Website, such as how many users visit our Website and the pages accessed. By collecting this information, we learn how to best tailor the Website to our visitors. We collect this information through various means such as “cookies,” “web beacons” and IP addresses. Please see our Cookie Notice for further information.

Our Website may use analytics to create statistical reports. These reports would tell us, for example, how many users visited our Website, what pages have been browsed, and from what geographic regions users visited the Website. The information collected through the use of analytics may include, for example, your IP address, the website from which you visited us, the type of device you used and your search query that led you to the Website.

We do not use any of this information to directly identify visitors and we do not share it with third parties. We process personal information for these purposes because we have a legitimate interest in understanding how our Website is used. Our Website is not designed to respond to “do not track” signals received from browsers.


Special information

Certain types of information are more sensitive than others. “Special information” about you includes information about health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion. In addition to the personal information set out above, we may collect and receive such special information about you if you provide it to us or make us aware of it in the course of communications with us. We will use such special information for the purposes of responding to and resolving any issues or concerns. We will only use such special information where you have consented to our processing of your information for these reasons.


Other uses of personal information

We may use the personal information you provide on the Website for our internal purposes. These purposes include administration of the Website, market research, and data analytics.

We also may use the personal information we collect to protect us against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, and our policies and terms. We use personal information for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by a law that applies to us.

Your personal information may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claims. We will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.


  1. How long we keep it:

We will keep your personal information for as long as necessary to fulfil our obligations and in accordance with our legal and regulatory requirements.


We calculate retention periods for your personal information taking into account the below considerations:


  • the length of time necessary to fulfill the purposes we collected it for;
  • the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations;
  • any limitation periods within which claims might be made;
  • any retention periods prescribed by law or recommended by regulators, professional bodies or associations; and
  • the existence of any relevant proceedings.
  1. Information we share

We may share your personal information with other members of our group of companies for the purposes described in this Policy. They are bound to keep your information in accordance with this Policy and are not authorised to use your personal information for any other purpose.

Additionally, we may share your information with service providers we have retained to perform services on our behalf as set out in the table below. These service providers are not authorised by us to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements.


Third party recipientPurpose of disclosure
IT service providers including IT platform providers and website analytics service providers·       In order to perform our obligations with you and to understand how you use our services and to improve our business including to:

  1. support our IT systems and infrastructure;
  2. provide maintenance services for our IT systems and infrastructure;
  3. provide data hosting and other data processing services; and
  4. provide analytics services relating to your use of our website to identify any technical or user interface issues and/or improvements in connection with the website.


Our third party partners whom we may jointly provide certain services. You may request further information about our third party partners by emailing us as·       In order to respond to and resolve any issues or concerns raised by you which relate to our third party partners.



We may also transfer your personal information to third parties as a result of, or in connection with a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganisation, or liquidation. Should such a sale or transfer occur, we will use reasonable efforts to try to require that the transferee use personal information you have provided through this website in a manner that is consistent with this Policy.

In addition, we may disclose information about you (i) if we are required to do so by law or pursuant to legal process, (ii) in response to a request from law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.

  1. International Transfers of personal information

We will ensure that if we do transfer your personal information to jurisdictions outside the EEA, such transfers will be made in accordance with data protection laws and subject to appropriate safeguards to protect your personal information. You can request further information about the safeguards we have implemented in respect of any international transfers by emailing us at


  1. Your rights

You may have – in accordance with applicable data protection laws – the following rights when it comes to our handling of your personal information:

  • Right of access–the right to request a copy of the personal information we have about you and to request supporting information explaining how the personal information is used.
  • Right of rectification–the right to request that we rectify inaccurate personal information about you.
  • Right of erasure–the right to request that we erase personal information about you.
  • Right to restrict processing– in some situations, the right to request that we do not use the personal information you have provided (e.g. if you believe it to be inaccurate).
  • Right to data portability–the right to receive certain of your personal information in a structured, commonly used and machine-readable format and to transmit such information to another controller.
  • Right to withdraw consent – where we process your personal information based on consent (including direct marketing consents), the right to withdraw consent at any time. However, this will not affect the lawfulness of the processing based on consent before its withdrawal. Furthermore, even in case of a withdrawal we may continue to use your personal information as permitted or required by law.
  • Right to object: In addition, where we are processing your personal information based on a legitimate interest (including direct marketing) you may challenge this.  However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims.

In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.


In order to exercise your rights please email us at: or using the contact details at the end of this Policy.


  1. Security

We have implemented reasonable technical and organisational measures designed to secure your personal information from accidental loss and unauthorised access, use, alteration or disclosure.  However, the internet is an open system and we cannot and do not guarantee or warrant the security of any information that you transmit on or through our Website.


  1. How to contact us

If you would like more information about the ways in which we use your personal information, this Policy or our practices please contact us using the details below.


Email address:

Address: C/O The Company Secretary Evergreen Building North, 160 Euston Road, London, NW1 2DX


If you are not satisfied with our response or have other concerns about the way in which we process your personal information or comply with our legal obligations in respect of the use of your personal information you are also free to lodge a complaint with the Informational Commissioner’s Office online: or by phone: 0303 123 1113.


  1. Links to Other Sites

Occasionally we provide links to other websites for your convenience and information. These websites operate independently from our Website and are not under our control. These sites may have their own privacy notices or terms of use, which we strongly suggest you review if you visit any linked websites. We are not responsible for the content of these sites, any products or services that may be offered through these sites, or any other use of the linked sites.

  1. Changes to the policy

We may update this Policy from time to time in response to  changing  legal,  technical  or  business  developments.  When  we  update  this Policy,  we  will  take  appropriate  measures  to  inform  you,  consistent with the significance of the changes we make. We will obtain your consent to any material changes if and where this is required by applicable data protection laws, acts or regulations.


You can see when this privacy policy was last updated by checking the “last updated” date displayed at the top of this Policy.


If you would like to access previous versions of this policy please get in touch at the following email address: or using the contact details above.




We use cookies that identify your browser or device. They collect and store information when you visit our website about how you use it.


For more information about cookies, the types of cookies we use and how we use them please see our Cookie Notice.